Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/rsa: hexadecimal string not accepted as argument to PrivateKey.Sign #38511

Closed
Altruiste1 opened this issue Apr 18, 2020 · 2 comments
Closed

crypto/rsa: hexadecimal string not accepted as argument to PrivateKey.Sign #38511

Altruiste1 opened this issue Apr 18, 2020 · 2 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unplanned

Comments

@Altruiste1
Copy link

Altruiste1 commented Apr 18, 2020
edited by dmitshur

What version of Go are you using (go version)?

$ go version
 go1.13

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
 darwin/amd64

What did you do?

When I was using rsa2 way for signature found a problem, Java support with signature string generated sha256 in this paper, and put the paper into hex byte, after rsa2 signature, but go seems barely support, only support for the direct generation rsa2 signature, when I try to do like Java, triggered panic at compile time, "crypto/rsa: input must be hashed message".

java代码

//digest through SHA256 and convert to hexadecimal
public static byte[] sha256X16(String data, String encoding) {
		byte[] bytes = sha256(data, encoding);
		StringBuilder sha256StrBuff = new StringBuilder();
		for (int i = 0; i < bytes.length; i++) {
			if (Integer.toHexString(0xFF & bytes[i]).length() == 1) {
				sha256StrBuff.append("0").append(
						Integer.toHexString(0xFF & bytes[i]));
			} else {
				sha256StrBuff.append(Integer.toHexString(0xFF & bytes[i]));
			}
		}
		try {
			return sha256StrBuff.toString().getBytes(encoding);
		} catch (UnsupportedEncodingException e) {
			LogUtil.writeErrorLog(e.getMessage(), e);
			return null;
		}
	}
// generate rsa2Sign
//// data:[]byte("285fd3e7cbb9b79881647f74205a369dc6ab68b4227e3f07bc47e352dedbd122")
		public static byte[] signBySoft256(PrivateKey privateKey, byte[] data)
			throws Exception {
		byte[] result = null;
		Signature st = Signature.getInstance(BC_PROV_ALGORITHM_SHA256RSA);
		st.initSign(privateKey);
		st.update(data);
		result = st.sign();
		Signature signature = Signature.getInstance("SHA256withRSA");
		signature.initSign(privateKey);
		signature.update(data);
		String sign=Base64.encodeBase64String(signature.sign());
		return result;
	}

//golang Code snippet

         //s := sha256.New()
	//_, err := s.Write([]byte(signData))
	//if err != nil {
	//	panic(err)
	//}
	//hashByte := s.Sum(nil)
	//var digestStr string
	//for _,v:=range hashByte{
	//	digestStr+=strconv.FormatInt(int64(v), 16)
	//}
	//signByte, err := this.PrivateKey.Sign(rand.Reader, hashByte, crypto.SHA256)
	//if err != nil {
	//	panic(err)
	//}
    signDigest:= []byte("285fd3e7cbb9b79881647f74205a369dc6ab68b4227e3f07bc47e352dedbd122")
    signByte, err := this.PrivateKey.Sign(rand.Reader, signDigest, crypto.SHA256)
    if err != nil {
        panic(err)
    }
   signedStr:=base64.StdEncoding.EncodeToString(signByte)

What did you expect to see?

After golang converts the digest to hexadecimal and signs it, it gets the same result as a Java signature

What did you see instead?

err:crypto/rsa: input must be hashed message
It appears to check the hash value and length of the digest,After commenting out the code I got a signature, but the result was not consistent with what Java got
@robpike robpike changed the title Golang does not seem to support generate sign with hexadecimal digests, but Java and PHP do crypto/rsa: hexadecimal string not accepted as argument to PrivateKey.Sign Apr 19, 2020
@andybons andybons added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Apr 20, 2020
@andybons andybons added this to the Unplanned milestone Apr 20, 2020
@andybons
Copy link
Member

@katiehockman @FiloSottile

@FiloSottile
Copy link
Contributor

The Go crypto libraries never encode or decode hex, but operate on raw bytes, as the primitives are defined. Use encoding/hex to decode your hash.

@golang golang locked and limited conversation to collaborators Apr 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
4 participants
@andybons @FiloSottile @gopherbot @Altruiste1