Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Cryptography

Cryptography - Signature verification failed, any idea why ?

Can you help me why this code print "false" at he end. thanks.

package sign;

import java.io.DataInputStream;

import java.io.File;

import java.io.FileInputStream;

import java.security.KeyStore;

import java.security.PrivateKey;

import java.security.Provider;

import java.security.Security;

import java.security.Signature;

import java.security.cert.Certificate;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

publicclass SignTest{

privatestaticbyte[] sign(byte[] dataToSign){

File certificat =new File("d:\\txt<br clear="all" />gadmin.p12");

String password ="gadmin";

// provider cryptographic algorithm implementation

Security.addProvider(new BouncyCastleProvider());

Provider provBC = Security.getProvider("BC");

try{

KeyStore keyStore = KeyStore.getInstance("PKCS12");

keyStore.load(new FileInputStream(certificat), password

.toCharArray());

PrivateKey privatekey = (PrivateKey) keyStore.getKey(

(String) keyStore.aliases().nextElement(), password

.toCharArray());

Signature sigInst = Signature.getInstance("MD5withRSA", provBC);

sigInst.initSign(privatekey);

sigInst.update(dataToSign);

return sigInst.sign();

}catch (Exception e){

e.printStackTrace();

}

returnnull;

}

privatestaticboolean verify(byte[] sigToVerify){

File certificat =new File("d:\\txt<br clear="all" />gadmin.p12");

String password ="gadmin";

// provider cryptographic algorithm implementation

Security.addProvider(new BouncyCastleProvider());

Provider provBC = Security.getProvider("BC");

try{

KeyStore keyStore = KeyStore.getInstance("PKCS12");

keyStore.load(new FileInputStream(certificat), password

.toCharArray());

Certificate cert = keyStore.getCertificate((String) keyStore

.aliases().nextElement());

Signature sigInst = Signature.getInstance("MD5withRSA", provBC);

sigInst.initVerify(cert.getPublicKey());

sigInst.update(sigToVerify);

return sigInst.verify(sigToVerify);

}catch (Exception e){

e.printStackTrace();

}

returnfalse;

}

publicstaticvoid main(String args[]){

// load zip file to sign

File inputZipDataFile =new File("d:<br clear="all" />test.zip");

byte[] dataToSign =newbyte[(int) inputZipDataFile.length()];

DataInputStream in;

try{

in =new DataInputStream(new FileInputStream(inputZipDataFile));

in.readFully(dataToSign);

in.close();

}catch (Exception e){

// TODO Auto-generated catch block

e.printStackTrace();

}

byte[] signature = sign(dataToSign);

boolean verification = verify(signature);

System.out.println(verification);

}

}

[5813 byte] By [kokoricoa] at [2007-11-26 23:29:21]
«« Java 2D - Need urgent help ..save BMP image
»» Java Programming - Get the list of imports in a java class
# 1
The error comes fromsigInst.update(sigToVerify);To this method is the data from which I generate the signature, not the signature itself (because signature decryption and MD5 hashcode comparaison is done at one time).
kokoricoa at 2007-7-10 14:39:43 > top of Java-index,Security,Cryptography...
# 2
Are you responding to reply #10 of http://forum.java.sun.com/thread.jspa?threadID=5154579&tstart=0 ?
sabre150a at 2007-7-10 14:39:43 > top of Java-index,Security,Cryptography...
# 3
Yes. I understood my problem and solved it. Thanks anyway. I had some trouble about cryptography concept and java library and then make the parallel.Now I am investigating about how to make PKCS#7 standard file in read/write.I am investigating around bouncy castle library.
kokoricoa at 2007-7-10 14:39:43 > top of Java-index,Security,Cryptography...
Security
Cryptography

Security New Topic

Security Hot Topic

Security

All Classified