{"componentChunkName":"component---src-templates-post-template-jsx","path":"/works/posts/2020-11-26--001","result":{"data":{"site":{"siteMetadata":{"title":"Blog by Eunyoung","subtitle":"작업 기록 블로그","copyright":"© All rights reserved.","author":{"name":"EunYoung","twitter":"#"},"disqusShortname":"","url":"https://ssongey.github.io"}},"markdownRemark":{"id":"1b26d47c-34ce-555d-8df5-100c5dbd1764","html":"

서명로직 코드

\n\n
    // private key 로 직접 서명\n    String base64EncodedMoSub2PrivKey = \"n2iWb4B7ES9Hc7HmAHvW5RMAAGUhwAJ3hOIUuqH9r9y5l4IGzg9nQfXxocKwJDIBSC/x67JcxNA6aALuz0gd+IQby7TTTfB74sxWSNjZUV67Xup0kPOx3wOWrxmO1R2/qGUkwflm3shSbz3YoWaavzipuYKen/6pBQ5kmKzONPFh+1Nprq34hY2lccf38QRp/aGXNbXvxRZcPsYGU5HIIw==\";\n    String caServerKey = \"_u5PJineTniFyvQmHkWP6g\";\n    byte[] moSub2PrivateKeyByte = aesDecode(Base64.decode(base64EncodedMoSub2PrivKey), caServerKey);\n    PrivateKey moSub2PrivateKey = PkiFactory.privateKeyByteToClass(moSub2PrivateKeyByte);\n\n    SignatureType signature = new SignatureType();\n    signature.setSignedInfo(signedInfo);\n    JAXBElement<SignedInfoType> signedInfoJAXB = ObjectFactory.createSignedInfo(signedInfo);\n\n    SignatureValueType signatureValue = new SignatureValueType();\n    java.security.interfaces.ECPrivateKey ecPrivateKey = (java.security.interfaces.ECPrivateKey) moSub2PrivateKey;\n    signatureValue.setValue(MsgFactory.signSignedInfoElement(signedInfoJAXB, ecPrivateKey));\n    signature.setSignatureValue(signatureValue);\n\n    byte[] signatureXmlByte = MsgFactory.marshalToByteArray(signature, SignatureType.class);\n    String signatureXmlStr = new String(signatureXmlByte);
\n
  private byte[] aesDecode(byte[] data, String secretKey) {\n    final byte[] IV = Hex.decode(\"62EC67F9C3A4A407FCB2A8C49031A8B3\");\n    // TODO 16byte 넘어가는경우 자르지 말고, 16byte 길이를 유지할수 있는방법을 찾아봐야함.\n    try {\n      String password = secretKey.length() < 16 ? StringUtils.leftPad(secretKey, 16)\n        : StringUtils.substring(secretKey, 0, 16);\n      Key key = new SecretKeySpec(password.getBytes(), \"AES\");\n      Cipher c = Cipher.getInstance(\"AES/CBC/PKCS7Padding\", BouncyCastleProvider.PROVIDER_NAME);\n      c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(IV));\n      return c.doFinal(data);\n    } catch (Exception e) {\n      throw new RuntimeException(e);\n    }\n  }
\n
  public static PrivateKey privateKeyByteToClass(byte[] privKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {\n    KeyFactory kf = KeyFactory.getInstance(\"EC\", BouncyCastleProvider.PROVIDER_NAME);\n    PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(privKey));\n    return privateKey;\n  }
","fields":{"tagSlugs":["/tags/pki/","/tags/sign/"],"slug":"/works/posts/2020-11-26--001"},"frontmatter":{"title":"[PKI] issuer private key로 서명","tags":["pki","sign"],"date":"2020-11-26","description":""}}},"pageContext":{"slug":"/works/posts/2020-11-26--001"}},"staticQueryHashes":[]}