On Mon, Jan 14, 2013 at 9:12 AM, jason_gates <jason.gates...@gmail.com> wrote: > Hi, > I am not an expert on cryptography, thus take this with a grain of salt :) > > I thought the purpose of a private key is for you to de-crypt messages > encrypted with your public key. If my logic is correct, then wouldn't the > remote service give you their public key to encrypt the message (sent from > you to the web service). Isn't your task to send a message, Are you sure you > are using the correct key? >
He's trying to *sign* data, so that is not the case. In the case the purpose is verify that the *sender* is who they say they are, by making sure they have access to the *private* key. > Next, the output of a cipher differs from instance to instance. Thus, the > encrypted output being different is expected? This is a signature and not a cipher. For Sha1withRSA at least the output should be the same if signing the same data with the same key. This is most probably some sort of encoding problem. To the OP: * did you normalize properly? * does the raw (byte array) signature match? * are you using the same options for Base64? There are subtle variations here (padding character, line breaks, etc.). Maybe get a well known opensource Java library and compare result. IIRC, Java SE 7 (and maybe 6) has a built-int XML signature provider, you can try using that for testing. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
