I have an application that requires digital signing plain text messages on the client (Android and IOS) and the signature verification is performed on J2EE server. For example, on Android, when the application is registered with my app, it generates a keypair on device. The private key is stored on device and publicKey is sent to server for future use. The private key is protected by a secret key only known to the user. When the server sends the message for the client to sign, the private key is retrieved and the message is signed using the private key. The result signature is sent to the server, which retrieves the user's publicKey and use it to verify the signature. It works very well.
Now we have IOS customers. When the publicKey and signature are generated on IOS device, I tried to send the IOS publicKey and signature as byte[] in a hope that I can reconstruct the publicKey from byte[] at the J2EE server. It failed to rebuild the publicKey using X509PublicKeySpec. How should I handle this using the publicKey and signature from non-java source. I wonder if someone has the experience in verify digital signature using the publicKey and signature from IOS or RIM. Thank you in advance for any pointers and ideas. QD -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
