似乎java.security.SignedObject没有正确序列化。
当我对单个进程执行以下操作时,它可以正常工作:
Signature signingEngine = Signature.getInstance("DSA", "SUN");
PublicKey pubKey; // Already initialized appropriately
PrivateKey privKey; // " " "
SignedObject so = new SignedObject(myObject, privKey, signingEngine);
so.verify(pubKey, signingEngine); // returns true
但是,当我有两个进程并尝试通过网络传递签名对象时,我遇到了问题。
发件人
Signature signingEngine = Signature.getInstance("DSA", "SUN");
PrivateKey privKey; // Already initialized appropriately
SignedObject so = new SignedObject(myObject, privKey, signingEngine);
Socket socket = new Socket("localhost", 4000);
ObjectOutputStream out = new ObjectOutputStream(socket.getOutputStream());
out.writeObject(so);
out.close();
接收者
Signature signingEngine = Signature.getInstance("DSA", "SUN");
PublicKey pubKey; // Already initialized appropriately
ServerSocket socket = new ServerSocket(4000);
ObjectInputStream in = new ObjectInputStream(socket.accept().getInputStream());
SignedObject so = (SignedObject) in.readObject();
in.close();
so.verify(pubKey, signingEngine); // returns false
请注意myObjectimplements Serializable,即使我更改myObject为 a 之类的原语byte[],我仍然遇到同样的问题。有趣的是,如果我通过套接字将签名对象发送到在同一进程中运行的不同线程,则verify成功。
我认为这可能与Signature实例有关,但verify即使我使用不同的Signature.
我怀疑密钥是否存在任何问题,因为在一个进程和发送方/接收方的情况下,我以完全相同的方式从文件中加载它们。