problem verifying signature from java

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

problem verifying signature from java

coco coco
I'm trying to get a client application written in C++ using OpenSSL to
verify a signature sent by a
server (in Java) and vice versa. Not sure I specified it correctly, but the
signatures generated on
both sides, from the same input data, are not the same, and therefore, can't
be verify. And this
is using the same key, of course.

Here is the code in Java for signing it:

======================================================
        String testKey =
                "-----BEGIN RSA PRIVATE KEY-----\n" +
                "MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ\n" +
                "2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF\n" +
                "oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr\n" +
                "8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc\n" +
                "a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7\n" +
                "WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA\n" +
                "6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=\n" +
                "-----END RSA PRIVATE KEY-----\n";

        String testCert =
                "-----BEGIN CERTIFICATE-----\n" +
                "MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD\n" +
                "VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv\n" +
                "bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy\n" +
                "dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X\n" +
                "DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw\n" +
                "EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l\n" +
                "dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT\n" +
                "EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp\n" +
                "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw\n" +
                "L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN\n" +
                "BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX\n" +
                "9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=\n" +
                "-----END CERTIFICATE-----\n";

       // same input string for both Java and C++
        String input = "9O2CQ14zAXEd7GzJ9XELhQH.aE6";

        public void doSign()
        {
                try
                {
                       // Note: PEMReader is from BouncyCastle
                        StringReader sReader = new StringReader(testKey);
                        PEMReader pemReader = new PEMReader(sReader);

                        KeyPair keypair = (KeyPair) pemReader.readObject();

                        PrivateKey privKey = keypair.getPrivate();
                        PublicKey pubKey = keypair.getPublic();

                        sReader = new StringReader(testCert);
                        pemReader = new PEMReader(sReader);

                        X509Certificate cert = (X509Certificate)pemReader.readObject();
                        PublicKey pubKey2 = cert.getPublicKey();

                        Signature sig = Signature.getInstance("SHA1withRSA");
                        sig.initSign(privKey);
                        sig.update(input.getBytes());

                        byte[] sigvalue = sig.sign();

                        Base64 b64 = new Base64();
                        byte[] b = b64.encode(sigvalue);
                        String s = new String(b);
                        System.out.println("'" + s + "'");

                        sig.initVerify(pubKey2);
                        sig.update(input.getBytes());
                        boolean status = sig.verify(sigvalue);

                        System.out.println(status);

                }
                catch(Exception e)
                {
                        e.printStackTrace();
                }
        }

======================================================

And the code in C for verifying:

======================================================

char * testKey =
                "-----BEGIN RSA PRIVATE KEY-----\n" \
                "MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ\n" \
                "2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF\n" \
                "oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr\n" \
                "8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc\n" \
                "a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7\n" \
                "WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA\n" \
                "6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=\n" \
                "-----END RSA PRIVATE KEY-----\n";

char * testCert =
                "-----BEGIN CERTIFICATE-----\n" \
                "MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD\n" \
                "VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv\n" \
                "bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy\n" \
                "dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X\n" \
                "DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw\n" \
                "EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l\n" \
                "dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT\n" \
                "EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp\n" \
                "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw\n" \
                "L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN\n" \
                "BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX\n" \
                "9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=\n" \
                "-----END CERTIFICATE-----\n";

void DoVerify(char *input, char *sig)
{
        BIO *bio = BIO_new_mem_buf(testCert, -1);

        X509 *x509 = NULL;
        PEM_read_bio_X509(bio, &x509, 0, NULL);

        if (x509 == NULL)
                std::cout << "PEM_read_bio_X509 failed..." << std::endl;

        EVP_PKEY * testpubkey = X509_get_pubkey(x509);

        EVP_MD_CTX vctx;
        EVP_MD_CTX_init(&vctx);
        EVP_VerifyInit_ex(&vctx, EVP_sha1(), NULL);
        EVP_VerifyUpdate(&vctx, input, strlen(input));

        char sigbuf[1024];
        memset(sigbuf, 0, 1024);
        int sigLen = ::B64ToBytes(sigbuf, sig);

        int ret = EVP_VerifyFinal(&vctx, (unsigned char *)sigbuf, sigLen,
testpubkey);
        if (ret == 1)
        {
                std::cout << "Signature is valid" << std::endl;
        }
        else if (ret == 0)
                std::cout << "Signature is invalid..." << std::endl;
        else
                std::cout << "Verification failed..." << std::endl;
}

======================================================

Funny thing is, using the same input string and same key, the signatures
generated
on both sides are different:

// from C++
char * signature =
"1otFzSd23pVwXxVH.RYUdBB7j1ty0oFnvA0hIA4w55Ufm0fajeN4fgjpEd2.KlhYrXKAmzyTzkDGhr6ynz3Yyj";

// from java
char * signature2 =
"ctz/XJwg83+oe30fm4npyyx7Qd/AMj8eSgK0ihOhRXqcAKZLaFxKarczpwvlL64tYVCsPfHfbjUK9RvMfQ4vLQ==";

Obviously, the signature generated from Java is very different from the one
generated
using OpenSSL, and OpenSSL can't verify it.

The key is an RSA key, for sure, but the following line:

    EVP_VerifyInit_ex(&vctx, EVP_sha1(), NULL);

Isn't this equivalent to SHA1withRSA in Java?

The signature is converted into B64 format and transmitted from the server
to the client.
The client converts it back to byte array and performs verification. That's
about it.

The signature generated in Java can be verified in Java, and the signature
generated in C++
can be verified in C++. They just don't work together.

Must have done something wrong. Any help would be very much appreciated.

coco

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee?
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: problem verifying signature from java

madhu sudhan reddy-2
Hello coco,

        I am also facing the similar problem. I am generating signature
using OpenSSL and passing in to JAVA to verify (running JAVA test
suite). Signature format is in DER encoded PKCS#7 format.

        But JAVA is not able to parse the "SignedData" content in the
PKCS#7 format. It is giving "rejects tag type -96" error while parsing.

        Any comments on this are greatly appreciated.

        If you got any clue........kindly let me know.

Thanking you....
Madhu

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of coco coco
Sent: Wednesday, June 15, 2005 5:17 PM
To: [hidden email]
Subject: problem verifying signature from java

I'm trying to get a client application written in C++ using OpenSSL to
verify a signature sent by a
server (in Java) and vice versa. Not sure I specified it correctly, but
the
signatures generated on
both sides, from the same input data, are not the same, and therefore,
can't
be verify. And this
is using the same key, of course.

Here is the code in Java for signing it:

======================================================
        String testKey =
                "-----BEGIN RSA PRIVATE KEY-----\n" +
       
"MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ\n" +
       
"2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF\n" +
       
"oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr\n" +
       
"8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc\n" +
       
"a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7\n" +
       
"WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA\n" +
                "6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=\n" +
                "-----END RSA PRIVATE KEY-----\n";

        String testCert =
                "-----BEGIN CERTIFICATE-----\n" +
       
"MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD\n" +
       
"VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv\n" +
       
"bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy\n" +
       
"dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X\n" +
       
"DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw\n" +
       
"EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l\n" +
       
"dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT\n" +
       
"EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp\n" +
       
"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw\n" +
       
"L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN\n" +
       
"BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX\n" +
                "9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=\n" +
                "-----END CERTIFICATE-----\n";

       // same input string for both Java and C++
        String input = "9O2CQ14zAXEd7GzJ9XELhQH.aE6";

        public void doSign()
        {
                try
                {
                       // Note: PEMReader is from BouncyCastle
                        StringReader sReader = new
StringReader(testKey);
                        PEMReader pemReader = new PEMReader(sReader);

                        KeyPair keypair = (KeyPair)
pemReader.readObject();

                        PrivateKey privKey = keypair.getPrivate();
                        PublicKey pubKey = keypair.getPublic();

                        sReader = new StringReader(testCert);
                        pemReader = new PEMReader(sReader);

                        X509Certificate cert =
(X509Certificate)pemReader.readObject();
                        PublicKey pubKey2 = cert.getPublicKey();

                        Signature sig =
Signature.getInstance("SHA1withRSA");
                        sig.initSign(privKey);
                        sig.update(input.getBytes());

                        byte[] sigvalue = sig.sign();

                        Base64 b64 = new Base64();
                        byte[] b = b64.encode(sigvalue);
                        String s = new String(b);
                        System.out.println("'" + s + "'");

                        sig.initVerify(pubKey2);
                        sig.update(input.getBytes());
                        boolean status = sig.verify(sigvalue);

                        System.out.println(status);

                }
                catch(Exception e)
                {
                        e.printStackTrace();
                }
        }

======================================================

And the code in C for verifying:

======================================================

char * testKey =
                "-----BEGIN RSA PRIVATE KEY-----\n" \
       
"MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ\n" \
       
"2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF\n" \
       
"oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr\n" \
       
"8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc\n" \
       
"a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7\n" \
       
"WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA\n" \
                "6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=\n" \
                "-----END RSA PRIVATE KEY-----\n";

char * testCert =
                "-----BEGIN CERTIFICATE-----\n" \
       
"MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD\n" \
       
"VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv\n" \
       
"bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy\n" \
       
"dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X\n" \
       
"DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw\n" \
       
"EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l\n" \
       
"dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT\n" \
       
"EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp\n" \
       
"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw\n" \
       
"L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN\n" \
       
"BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX\n" \
                "9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=\n" \
                "-----END CERTIFICATE-----\n";

void DoVerify(char *input, char *sig)
{
        BIO *bio = BIO_new_mem_buf(testCert, -1);

        X509 *x509 = NULL;
        PEM_read_bio_X509(bio, &x509, 0, NULL);

        if (x509 == NULL)
                std::cout << "PEM_read_bio_X509 failed..." << std::endl;

        EVP_PKEY * testpubkey = X509_get_pubkey(x509);

        EVP_MD_CTX vctx;
        EVP_MD_CTX_init(&vctx);
        EVP_VerifyInit_ex(&vctx, EVP_sha1(), NULL);
        EVP_VerifyUpdate(&vctx, input, strlen(input));

        char sigbuf[1024];
        memset(sigbuf, 0, 1024);
        int sigLen = ::B64ToBytes(sigbuf, sig);

        int ret = EVP_VerifyFinal(&vctx, (unsigned char *)sigbuf,
sigLen,
testpubkey);
        if (ret == 1)
        {
                std::cout << "Signature is valid" << std::endl;
        }
        else if (ret == 0)
                std::cout << "Signature is invalid..." << std::endl;
        else
                std::cout << "Verification failed..." << std::endl;
}

======================================================

Funny thing is, using the same input string and same key, the signatures

generated
on both sides are different:

// from C++
char * signature =
"1otFzSd23pVwXxVH.RYUdBB7j1ty0oFnvA0hIA4w55Ufm0fajeN4fgjpEd2.KlhYrXKAmzy
TzkDGhr6ynz3Yyj";

// from java
char * signature2 =
"ctz/XJwg83+oe30fm4npyyx7Qd/AMj8eSgK0ihOhRXqcAKZLaFxKarczpwvlL64tYVCsPfH
fbjUK9RvMfQ4vLQ==";

Obviously, the signature generated from Java is very different from the
one
generated
using OpenSSL, and OpenSSL can't verify it.

The key is an RSA key, for sure, but the following line:

    EVP_VerifyInit_ex(&vctx, EVP_sha1(), NULL);

Isn't this equivalent to SHA1withRSA in Java?

The signature is converted into B64 format and transmitted from the
server
to the client.
The client converts it back to byte array and performs verification.
That's
about it.

The signature generated in Java can be verified in Java, and the
signature
generated in C++
can be verified in C++. They just don't work together.

Must have done something wrong. Any help would be very much appreciated.

coco

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from
McAfee(r)
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


#####################################################################
This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information.
LG Soft India will not be responisible for any viruses or defects or
any forwarded attachements emanating either from within
LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded
recipient, please contact the sender by reply email and destroy all
copies of the original message.
#####################################################################:—§I"Ï®ˆÞrØm¶Ÿÿà (¥éì²Z+K­+©¦Ší1¨¥Šx ŠËh¥éì²[¬z»(¥éì²Z+€ ­¢f­yÒâ²Ó¨®f£¢·hšŠ)z{,–Šà
Reply | Threaded
Open this post in threaded view
|

RE: problem verifying signature from java

coco coco

> I am also facing the similar problem. I am generating signature
>using OpenSSL and passing in to JAVA to verify (running JAVA test
>suite). Signature format is in DER encoded PKCS#7 format.
>
> But JAVA is not able to parse the "SignedData" content in the
>PKCS#7 format. It is giving "rejects tag type -96" error while parsing.
>
> Any comments on this are greatly appreciated.
>
> If you got any clue........kindly let me know.
>

Sorry to disappoint you, I've been banging my head on the monitor for
2 days now, going over the code and manual/api docs/examples/google
for so many times, and I'm still having difficulties to get openssl and Java
work together. All my crypto coding experiences are on Java, and this
is the first time trying to get some very basic functionalities in C++,
and it turns out to be much much harder than I thought :(

And notice the key/cert I used in my test code are actually from the
openssl examples.

Anyone who has experience making openssl work with java, please give
a hint. That'll be very much appreciated.

coco

_________________________________________________________________
Don?t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: problem verifying signature from java

madhu sudhan reddy-2
In reply to this post by coco coco
Did you got any break through.

-Madhu

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of coco coco
Sent: Friday, June 17, 2005 6:49 AM
To: [hidden email]
Subject: RE: problem verifying signature from java


> I am also facing the similar problem. I am generating signature
>using OpenSSL and passing in to JAVA to verify (running JAVA test
>suite). Signature format is in DER encoded PKCS#7 format.
>
> But JAVA is not able to parse the "SignedData" content in the
>PKCS#7 format. It is giving "rejects tag type -96" error while parsing.
>
> Any comments on this are greatly appreciated.
>
> If you got any clue........kindly let me know.
>

Sorry to disappoint you, I've been banging my head on the monitor for
2 days now, going over the code and manual/api docs/examples/google
for so many times, and I'm still having difficulties to get openssl and
Java
work together. All my crypto coding experiences are on Java, and this
is the first time trying to get some very basic functionalities in C++,
and it turns out to be much much harder than I thought :(

And notice the key/cert I used in my test code are actually from the
openssl examples.

Anyone who has experience making openssl work with java, please give
a hint. That'll be very much appreciated.

coco

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


#####################################################################
This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information.
LG Soft India will not be responisible for any viruses or defects or
any forwarded attachements emanating either from within
LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded
recipient, please contact the sender by reply email and destroy all
copies of the original message.
#####################################################################:—§I"Ï®ˆÞrØm¶Ÿÿà (¥éì²Z+K­+©¦Ší1¨¥Šx ŠËh¥éì²[¬z»(¥éì²Z+€ ­¢f­yÒâ²Ó¨®f£¢·hšŠ)z{,–Šà
Reply | Threaded
Open this post in threaded view
|

Re: problem verifying signature from java

Dr. Stephen Henson
In reply to this post by coco coco
On Thu, Jun 16, 2005, coco coco wrote:

>
> Sorry to disappoint you, I've been banging my head on the monitor for
> 2 days now, going over the code and manual/api docs/examples/google
> for so many times, and I'm still having difficulties to get openssl and Java
> work together. All my crypto coding experiences are on Java, and this
> is the first time trying to get some very basic functionalities in C++,
> and it turns out to be much much harder than I thought :(
>
> And notice the key/cert I used in my test code are actually from the
> openssl examples.
>
> Anyone who has experience making openssl work with java, please give
> a hint. That'll be very much appreciated.
>

To rule out any problems with your OpenSSL code I'd suggest you check the
signatures using the dgst command and if there are problems analyze them using
rsautl.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: problem verifying signature from java

coco coco
In reply to this post by madhu sudhan reddy-2
>
>Did you got any break through.
>

Sorry, didn't read this list for a while. Actually, the code I put up in my
question
was correct. The problem was with a Base64 lib that I linked with in C++.
The implementation of the library has a small bug, which does not handle
the '+' char properly.

That's why it didn't verify correctly. With the base64 bug fixed, the
code has no problem.

coco

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: problem verifying signature from java

coco coco
In reply to this post by Dr. Stephen Henson
>
>To rule out any problems with your OpenSSL code I'd suggest you check the
>signatures using the dgst command and if there are problems analyze them
>using
>rsautl.
>

Thanks for the reply. I got it, by examining basically every function that
touches
my data. So, in the end, it was the base64 library that I linked with, it
has a small
bug in dealing with the '+' char in base64-encoded string.

rgds

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: problem verifying signature from java

madhu sudhan reddy-2
In reply to this post by coco coco

        My case is different. Here it is failing bcz of extra SMIME
capability attribute present in Signature.
        I removed it, it is working fine.

        Thank you very much for reply....

-Madhu


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of coco coco
Sent: Thursday, June 23, 2005 10:58 AM
To: [hidden email]
Subject: Re: problem verifying signature from java

>
>To rule out any problems with your OpenSSL code I'd suggest you check
the
>signatures using the dgst command and if there are problems analyze
them
>using
>rsautl.
>

Thanks for the reply. I got it, by examining basically every function
that
touches
my data. So, in the end, it was the base64 library that I linked with,
it
has a small
bug in dealing with the '+' char in base64-encoded string.

rgds

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how
to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


#####################################################################
This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information.
LG Soft India will not be responisible for any viruses or defects or
any forwarded attachements emanating either from within
LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded
recipient, please contact the sender by reply email and destroy all
copies of the original message.
#####################################################################:—§I"Ï®ˆÞrØm¶Ÿÿà (¥éì²Z+K­+©¦Ší1¨¥Šx ŠËh¥éì²[¬z»(¥éì²Z+€ ­¢f­yÒâ²Ó¨®f£¢·hšŠ)z{,–Šà