I am working with a server that requires part of the login URL to enable authentication. The way this circuit works (as recommended in the manuals) is that
- a public-private key pair is created using the Java JDK keytool (which creates them in the Java key store)
- creates a certificate for a key pair using the Java JDK keytool
- The certificate is installed on the server.
When registering on the client (my code)
- generates a plaintext token string.
- signs a plaintext token string with a private key using SHA1 and DSA
- contains a signed token string in the login url.
Java keytool does not provide a mechanism for exporting a private key from a keystore, but separately I have Java code for retrieving a private key from a keystore and saving it in a file based on How to list / export private keys from a keystore? .
This all works when the client uses Java to sign with code like the following.
String plaintext = "This is a sample plaintext token string";
Signature instance = Signature.getInstance("SHA1withDSA");
instance.initSign(privateKey);
instance.update((plaintext).getBytes());
byte[] signature = instance.sign();
It also works when a client uses PHP to sign with code like the following. Here the private key is retrieved from the Java keystore file in PHP.]
$privateKey = openssl_pkey_get_private("file://$keyfile", $keystorePassword);
openssl_sign($paramsEncoded, $signature, $privateKey, OPENSSL_ALGO_DSS1))
However, now I have a situation where the client wants to create a login URL using a Bash script and openssl - and this will not work. My latest version of this code is as follows, which contains the digest of the SHA1 message and then the DSA sign. But the server rejects the token.
echo $tokenString | openssl dgst -sha1 > tokendigest
openssl dgst -dss1 -passin pass:$storePassword -sign $privateKeyFile > tokensigned
( SHA1 RSA java.security.Signature vs. MessageDigest Cipher), , Java Signature , . , ( SHA1) 48 33 48 9 6 5 43 14 3 2 26 5 0 4 20. , opensll , .
- , openssl Java?