Updated digital signature algorithm to SHA256withRSA (#2)

transferwise · Mar 5, 2020 · eb328d2 · eb328d2
1 parent a2ae684
commit eb328d2
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -40,7 +40,7 @@ String signatureBase64 = DigitalSignatires.encodeToBase64(byte[] bytes);
 To allow users to sign their data via CLI there is an executable JAR:
 ```bash
 usage: java -jar digital-signatures-cli-<version>-all.jar -d <DATA> -k <PATH>
-Calculates SHA1 with RSA signature in Base64 encoding for provided data
+Calculates SHA256 with RSA signature in Base64 encoding for provided data
  -d,--data-to-sign <DATA>       String containing data to sign
  -k,--private-key-file <PATH>   Path to file containing RSA private key
 ```

diff --git a/digital-signatures-cli/src/main/java/com/transferwise/digitalsignatures/cli/Main.java b/digital-signatures-cli/src/main/java/com/transferwise/digitalsignatures/cli/Main.java
@@ -15,7 +15,7 @@
 class Main {
 
     private static final String CLI_UTILITY_NAME = "java -jar digital-signatures-cli-<version>-all.jar";
-    private static final String CLI_HELP_HEADER = "Calculates SHA1 with RSA signature in Base64 encoding (RFC 4648) for provided data";
+    private static final String CLI_HELP_HEADER = "Calculates SHA256 with RSA signature in Base64 encoding (RFC 4648) for provided data";
 
     public static void main(String[] args) {
         Option privateKeyFilePathOption = Option.builder("k")

diff --git a/digital-signatures-cli/src/test/java/com/transferwise/digitalsignatures/cli/MainTest.java b/digital-signatures-cli/src/test/java/com/transferwise/digitalsignatures/cli/MainTest.java
@@ -19,7 +19,10 @@
 public class MainTest {
 
     private static final String DATA_TO_SIGN = "65a31b86-aa2e-47fd-a7a4-3710437ba270";
-    private static final String SIGNATURE = "oMbriRqpykbUnoL2sIX5xCO/yhrpZFd4TDu2lWdbcHkfxoYHQIvjdm/Px9SBgO5Lc58qjPkmeJA4z8B8spOVaxLRienkzvqrT0I11OFH7jJkoMu2g8bxPe7hmnRDdTB8cLZyFYGmlYjsr3vxemTUWSYYXdrys5Dh3LuOzWZmuYQ3bOwsBPm2sl7K39QM2KqXWckyqg9xpguWIGWzO86aKc/OboWqompVYKztLtdzMwAT5WQ5tPH+AA/lpiV3VG8J9TKTYpUzcrsRjUIelY+jznOkrFtqyyQsZ6l/G7yFXYTaA55ARc+k7CJExiw4mFX8wgPUHrGt289170HS+UJZDw==";
+    private static final String SIGNATURE = "1JnHvXd24R99jZFl5KzJer1iMFGIdrGRmu09h7QkGzo5kgk3cLHdDesitNjK131lmpgAEwnI" +
+            "99jtyfJfiMjFZV4VqSAmr68W12r3Jc4ACE17WNa7hGgLC7Gw+m70x9UX5dgv6ws02VlIe9i44iGJ6fN57Piy5LBitxWkAjEEMNjmqO6G" +
+            "dnBlxNuSc9m+eImG91nqXa6BLNFFAPD3FzaEbqW8Ob/l8ayd9xXosTNMz0ywsV/l/zthra/7olAvRLqCrMtzI9ltC7kd40xWNesehLxf" +
+            "QIIoAUiDF9iRCzBavXR6O7jUf56QES6ScjQ43a62V0JIdbUDSdRJPr+zesPQug==";
 
     private static final long OPENSSL_TEST_TIMEOUT_MILLISECONDS = 1000;
 
@@ -56,7 +59,7 @@ public void signatureIsIdenticalToGeneratedByOpenSSL() throws InterruptedExcepti
 
         Process process;
         try {
-            String command = String.format("printf '%s' | openssl sha1 -sign %s | base64 -b 0", DATA_TO_SIGN, testPrivateKeyFilePath);
+            String command = String.format("printf '%s' | openssl sha256 -sign %s | base64 -b 0", DATA_TO_SIGN, testPrivateKeyFilePath);
             process = new ProcessBuilder("/bin/sh", "-c", command).start();
         } catch (Exception e) {
             assumeNoException(e);

diff --git a/digital-signatures/src/main/java/com/transferwise/digitalsignatures/DigitalSignatures.java b/digital-signatures/src/main/java/com/transferwise/digitalsignatures/DigitalSignatures.java
@@ -29,7 +29,7 @@ public class DigitalSignatures {
     /**
      * Default signature algorithm.
      */
-    public static final String SIGNATURE_ALGORITHM = "SHA1withRSA";
+    public static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
 
     static {
         Security.addProvider(new BouncyCastleProvider());

diff --git a/...al-signatures/src/test/java/com/transferwise/digitalsignatures/DigitalSignaturesTest.java b/...al-signatures/src/test/java/com/transferwise/digitalsignatures/DigitalSignaturesTest.java
@@ -40,7 +40,10 @@ public class DigitalSignaturesTest {
     @Test
     public void sign() throws IOException, GeneralSecurityException {
         String dataToSign = "65a31b86-aa2e-47fd-a7a4-3710437ba270";
-        String expectedSignatureBase64 = "oMbriRqpykbUnoL2sIX5xCO/yhrpZFd4TDu2lWdbcHkfxoYHQIvjdm/Px9SBgO5Lc58qjPkmeJA4z8B8spOVaxLRienkzvqrT0I11OFH7jJkoMu2g8bxPe7hmnRDdTB8cLZyFYGmlYjsr3vxemTUWSYYXdrys5Dh3LuOzWZmuYQ3bOwsBPm2sl7K39QM2KqXWckyqg9xpguWIGWzO86aKc/OboWqompVYKztLtdzMwAT5WQ5tPH+AA/lpiV3VG8J9TKTYpUzcrsRjUIelY+jznOkrFtqyyQsZ6l/G7yFXYTaA55ARc+k7CJExiw4mFX8wgPUHrGt289170HS+UJZDw==";
+        String expectedSignatureBase64 = "1JnHvXd24R99jZFl5KzJer1iMFGIdrGRmu09h7QkGzo5kgk3cLHdDesitNjK131lmpgAEwnI99j" +
+                "tyfJfiMjFZV4VqSAmr68W12r3Jc4ACE17WNa7hGgLC7Gw+m70x9UX5dgv6ws02VlIe9i44iGJ6fN57Piy5LBitxWkAjEEMNjmqO6" +
+                "GdnBlxNuSc9m+eImG91nqXa6BLNFFAPD3FzaEbqW8Ob/l8ayd9xXosTNMz0ywsV/l/zthra/7olAvRLqCrMtzI9ltC7kd40xWNes" +
+                "ehLxfQIIoAUiDF9iRCzBavXR6O7jUf56QES6ScjQ43a62V0JIdbUDSdRJPr+zesPQug==";
 
         byte[] signature = DigitalSignatures.sign(PRIVATE_KEY, dataToSign.getBytes());