implementation 'ch.dissem.jabit:jabit-cryptography-bouncy:1.0.1' public void verifySignature() throws Exception { PemReader reader=publicKeyReader(); InputStream data = data(); // InputStream signatureData = signature(); final PemObject publicKeyPem = reader.readPemObject(); final byte[] publicKeyBytes = publicKeyPem.getContent(); final KeyFactory keyFactory = KeyFactory.getInstance("RSA"); final X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicKeyBytes); final RSAPublicKey publicKey = (RSAPublicKey) keyFactory.generatePublic(publicKeySpec); final Signature signature = Signature.getInstance("SHA256withRSA"); signature.initVerify(publicKey); final byte[] buffy = new byte[16 * 1024]; int read = -1; while ((read = data.read(buffy)) != -1) { signature.update(buffy, 0, read); } byte[] signatureBytes = new byte[publicKey.getModulus().bitLength() / 8]; // signatureData.read(signatureBytes); String tmp="mafxI8/zMvfMvQQxOvOPJz6xF 6DroYv4LzQ arc gBlqS09m5TfxHx9GnIDRgjrxBef4aQ4HIf7wvWJCrkwWmaHaSI7F6xAwN5kaTXfjygiYYEH8lLlHuLQaoouBZLWxYAzP3vnmNPVzfBNrXh6a5CTqBFbX43/9rX5cpmvx6lY4nbSCvIle2vYNgCi7HJtRqfBPxGjRZXdIdJk0lDjCSZfgfBQHLBEed8XxkUQFCkFlHN5Jx7Pp13aiJ3kY1lmoFmxVb95HDbcLZdSQDUit3T94gc7OsazdBDrvmLlxGzxUeuU7aaxa0dSCUH1yGr1DceKU5lywr1aiRsaZYxjg9ynRPzBXpf3l6TReilANFvfCGR6tpy4H77Ma/y4cSN2rO7J0Cd12v/D MV2ITFAM30kZmGbSOe91Fo77ynveZPdwWQzDrjaUHL/sZ5ijDQkz fNioLohPj7 caQVFE2moEekAUJp uDzOcJHgi4VivOJ4Riv/seutZ4eIS7vx3jUqRrAzRA6E5SSleIc9GitgC eePvcFSuI0WLpuxtHo6T6s7kOhzloXWiImP2ED1J TMgRPtY4snGtlHcILSXuxlFL8PF5mi W/gOsSMdVtOFKLNLSrb/TPK0Fze1zO1ZGkY iiplMn OkGyao3OfbEhuA3vsCVAmASKV3qk5F4="; InputStream in=new ByteArrayInputStream(Base64.decode(tmp.getBytes(),Base64.NO_WRAP)); byte[] signatureBytes2 = new byte[publicKey.getModulus().bitLength() / 8]; in.read(signatureBytes2); Log.i("b","1 " signature.verify(signatureBytes2)); // Log.i("b","2 " signature.verify(signatureBytes)); } private InputStream data() throws FileNotFoundException { return new FileInputStream("/storage/emulated/0/Download/test.zip"); } private PemReader publicKeyReader() throws FileNotFoundException { //return new PemReader(new InputStreamReader(new FileInputStream("/storage/emulated/0/Download/publickey.pem"))); try { return new PemReader(new InputStreamReader(getResources().openRawResource(R.raw.publickey))); } catch (Exception e) { e.printStackTrace(); } return null; } private InputStream signature() throws FileNotFoundException { return new FileInputStream("/storage/emulated/0/test.zip.dgst.signed"); }data()是您下载的源文件
publickKeyReader()是你的public key文件
signature() 就是你的signature文件
tmp我从服务器上得到它,然后用它base64解码,得到和谐signature文件的内容相同,所以这个signature文件可以直接从服务器上使用或替换。