2

I was hoping I might get some help here so that I might finally solve this frustrating problem.

On the java side of things they sign with the following code:

public static void main(String[] args) throws Exception { if (args.length < 2) printInfoAndExit(); String cmd = args[0]; Security.addProvider(new BouncyCastleProvider()); Signature signature = Signature.getInstance("SHA1withRSA", "BC"); if ("sign".equalsIgnoreCase(cmd)) { String pemFileName = args[1]; String dataFileName = args[2]; byte[] data = readFile(dataFileName); FileReader fr = new FileReader(new File(pemFileName)); PEMReader pemReader = new PEMReader(fr); KeyPair keyPair = (KeyPair) pemReader.readObject(); fr.close(); signature.initSign(keyPair.getPrivate()); signature.update(data); byte[] signatureBytes = signature.sign(); writeFile(signatureBytes, dataFileName + ".signed"); String encoded = Base64.encode(signatureBytes); writeFile(encoded.getBytes(), dataFileName + ".signed.base64"); } else { printInfoAndExit(); } }

When I receive the data I have their public key and try to verify with the following C# code:

public static bool Verify(String msg, String signature, String publicKey) { RsaKeyParameters remotepubkey = GetRsaPublicKey(publicKey); ISigner signer = SignerUtilities.GetSigner("SHA1withRSA"); signer.Init(false, remotepubkey); byte[] sigBytes = Convert.FromBase64String(signature); byte[] msgBytes = Encoding.Default.GetBytes(msg); signer.BlockUpdate(msgBytes, 0, msgBytes.Length); return signer.VerifySignature(sigBytes); }

This is not working!! I can however verify the data with openssl: openssl dgst -sha1 -verify public_key.pem -signature data.txt.signed data.txt

The question is, what am I missing to make this work?

NOTE: I don't have a problem with the keys, that is working correctly but somehow there is a difference between how java and .net works with RSA?

**Edit 1 : **In this particular scenario all I had to do was change the GetSigner to

ISigner signer = SignerUtilities.GetSigner("RSA");

Could someone tell me the difference between SHA1withRSA and RSA?

Improve this question

2 Answers 2

Reset to default
1

The problem was actually solved on the Java side. They had some issues with their side of things.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

What did they do to solve the issue? It would help future readers who are running into Java / C# compatibility issues.
0

You could have an encoding problem with your message data. You've converted the original file data into a unicode string, and are trying to convert it back to raw bytes. Depending on the encoding of the file, and if it's even text at all, your msgBytes could be different from the actual file contents.

Read the raw bytes from the file instead of a string. You don't show the code for actually reading the file data, but I assume you're reading it as text.

Improve this answer

1 Comment

Thank you, I noted there is a mismatch between java and .net in default encoding. However I am not reading any files. It's a string exchange where I have their public key and they have ours. I'll make sure both parties are using UTF-8 as well.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.