AppletTalk.com Java discussions newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  signing and verifying message          AppletTalk.com Forum Index -> Security and Java View previous topic :: View next topic   Author Message serafinek Guest Posted: Mon Oct 17, 2005 10:45 pm    Post subject: signing and verifying message Hello I am trying to sign and verify simple text message. The problem is, that it even most simple code doesn't work: KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA"); gen.initialize(512); KeyPair pair = gen.generateKeyPair(); PrivateKey priv = pair.getPrivate(); PublicKey pub = pair.getPublic(); String hash= "alamakota"; Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(priv); signature.update(hash.getBytes()); byte[] raw = signature.sign(); Signature signature2 = Signature.getInstance("SHA1withRSA"); signature2.initVerify(pub); if (signature2.verify(raw)) konsola.append("nThe signature is good."); else konsola.append("nThe signature is bad."); and of course i can see "signature is bad". What am i missing or don't understand? -- serafinek Back to top Tommy Grändefors Guest Posted: Tue Oct 18, 2005 6:40 pm    Post subject: Re: signing and verifying message Hi, You have forgotten to feed your signature2 object with the data that was signed i.e. you must use 'signature2.update(hash.getBytes())' before you call 'signature2.verify(raw)': Signature signature2 = Signature.getInstance("SHA1withRSA"); signature2.initVerify(pub); signature2.update(hash.getBytes()); if (signature2.verify(raw)) konsola.append("nThe signature is good."); else konsola.append("nThe signature is bad."); Regards, Tommy Grändefors www.pheox.com serafinek wrote: Quote: Hello I am trying to sign and verify simple text message. The problem is, that it even most simple code doesn't work: KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA"); gen.initialize(512); KeyPair pair = gen.generateKeyPair(); PrivateKey priv = pair.getPrivate(); PublicKey pub = pair.getPublic(); String hash= "alamakota"; Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(priv); signature.update(hash.getBytes()); byte[] raw = signature.sign(); Signature signature2 = Signature.getInstance("SHA1withRSA"); signature2.initVerify(pub); if (signature2.verify(raw)) konsola.append("nThe signature is good."); else konsola.append("nThe signature is bad."); and of course i can see "signature is bad". What am i missing or don't understand? -- serafinek Back to top serafinek Guest Posted: Tue Oct 18, 2005 9:03 pm    Post subject: Re: signing and verifying message Hi Thanks, now it's work :) Quote: Hi, You have forgotten to feed your signature2 object with the data that was signed i.e. you must use 'signature2.update(hash.getBytes())' before you call 'signature2.verify(raw)': Signature signature2 = Signature.getInstance("SHA1withRSA"); signature2.initVerify(pub); signature2.update(hash.getBytes()); if (signature2.verify(raw)) konsola.append("nThe signature is good."); else konsola.append("nThe signature is bad."); Regards, Tommy Grändefors www.pheox.com Back to top Muhammad Ijaz Khan Guest Posted: Thu Jan 05, 2006 2:22 pm    Post subject: Re: signing and verifying message this problem is exactly opposite than mine :S and I know I have some problem in my code but its too simple and still I cant locate it. can anybody see and tell me the issue? (very) below is my code Regards, Ijaz serafinek wrote: Quote: Hi Thanks, now it's work :) Hi, You have forgotten to feed your signature2 object with the data that was signed i.e. you must use 'signature2.update(hash.getBytes())' before you call 'signature2.verify(raw)': Signature signature2 = Signature.getInstance("SHA1withRSA"); signature2.initVerify(pub); signature2.update(hash.getBytes()); if (signature2.verify(raw)) konsola.append("nThe signature is good."); else konsola.append("nThe signature is bad."); Regards, Tommy Grändefors www.pheox.com ======================================================================================= package com.security.pki; import java.security.InvalidKeyException; import java.security.spec.*; import java.security.PublicKey; import java.security.SignatureException; import java.security.NoSuchAlgorithmException; import java.security.Signature; import java.io.File; import java.io.InputStream; import java.io.IOException; import java.io.FileInputStream; /** * <p>Title: </p> * * <p>Description: </p> * * <p>Copyright: Copyright (c) 2006</p> * * <p>Company: </p> * * @author not attributable * @version 1.0 */ public class OneMoreTest { public OneMoreTest() { } public static void main(String[] args) { PublicKey publicKey = null; try { byte[] signbuff = null; byte[] publicKeyBytes = null; byte[] msg = null; try { java.security.KeyFactory keyFactory = java.security.KeyFactory.getInstance("RSA"); File file = new File("public.key"); publicKeyBytes = getBytesFromFile(file); EncodedKeySpec publicKeySpec = new X509EncodedKeySpec( publicKeyBytes); publicKey = keyFactory.generatePublic(publicKeySpec); file = new File("signature.sig"); signbuff = getBytesFromFile(file); file = new File("message.msg"); msg = getBytesFromFile(file); } catch (IOException e) { e.printStackTrace(); } catch (InvalidKeySpecException ex) { ex.printStackTrace(); } catch (NoSuchAlgorithmException ex) { ex.printStackTrace(); } Signature signature = Signature.getInstance("SHA256WITHRSA"); signature.initVerify(publicKey); // IF UNCOMMENT BELOW LINE VERIFY METHOD RETURNS FALSE //signature.update(msg, 0, msg.length); boolean val = signature.verify(signbuff); System.out.println(val); } catch (SignatureException e) { e.printStackTrace(); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } } public static byte[] getBytesFromFile(File file) throws IOException { InputStream is = new FileInputStream(file); // Get the size of the file long length = file.length(); // You cannot create an array using a long type. // It needs to be an int type. // Before converting to an int type, check // to ensure that file is not larger than Integer.MAX_VALUE. if (length > Integer.MAX_VALUE) { // File is too large } // Create the byte array to hold the data byte[] bytes = new byte[(int)length]; // Read in the bytes int offset = 0; int numRead = 0; while (offset < bytes.length && (numRead=is.read(bytes, offset, bytes.length-offset)) >= 0) { offset += numRead; } // Ensure all the bytes have been read in if (offset < bytes.length) { throw new IOException("Could not completely read file "+file.getName()); } // Close the input stream and return bytes is.close(); return bytes; } } ===================================================================== Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         AppletTalk.com Forum Index -> Security and Java All times are GMT Page 1 of 1   Jump to: Select a forum Java Newsgroups----------------Java DiscussionsWeb-based java games comp.lang.java 3D Graphics API's for Java Java: Support and criticism Java System Announcements comp.lang.java.api JavaBeans Java and CORBA Java and Databases comp.lang.java.developer Java GUI Toolkits Java Help comp.lang.java.javascript JVM, native methods and hardware comp.lang.java.misc Java Language Programming Security and Java comp.lang.java.setup Java Software Tools comp.lang.java.tech ibm.software.java.linux  Non-English Java Newsgroups----------------Java Language (German)Language Java (Français)Java (Italian)  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.