Created
March 5, 2019 08:50
-
-
Save aramezx/885cc89be75a3838c26b7b3975e4f667 to your computer and use it in GitHub Desktop.
How to use Android keystore and BouncyCastle for Sign Operation Implementation using RSA-PSS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* If you use this primitive to implement, for example, Bouncy Castle's | |
* AsymmetricBlockCipher interface, you can use any signature algorithm available in the | |
* Bouncy Castle lightweight API (we actually use Spongy Castle to stay compatible | |
* with Android 2.x without too much hastle). | |
* For example, if you want to use a more modern (and provably secure) | |
* signature algorithm than Android's default PKCS#1.5 | |
* implementation, such as RSA-PSS you can accomplish it with something | |
* like this (see sample project for AndroidRsaEngine): | |
*/ | |
AndroidRsaEngine rsa = new AndroidRsaEngine("key1", true); | |
Digest digest = new SHA512Digest(); | |
Digest mgf1digest = new SHA512Digest(); | |
PSSSigner signer = new PSSSigner(rsa, digest, mgf1digest, 512 / 8); | |
RSAKeyParameters params = new RSAKeyParameters(false, | |
pubKey.getModulus(), pubKey.getPublicExponent()); | |
signer.init(true, params); | |
signer.update(signedData, 0, signedData.length); | |
byte[] signature = signer.generateSignature(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment