Base64 does not convert "3 chars per byte".
It uses 4 characters per 3 bytes for a roughly 33% size increase.
On Tuesday, January 15, 2013 8:57:23 AM UTC-6, Nikolay Elenkov wrote:
>
> On Tue, Jan 15, 2013 at 11:14 PM, mbarbiero
> <marco.b...@gmail.com<javascript:>>
> wrote:
> > I read the certificate form a .pfx file and extract keys:
> >
> > PUBLICKEY
> > cert = ks.getCertificate(alias);
> > X509Certificate X509 = (X509Certificate) cert;
> > publicKey = cert.getPublicKey();
> >
> > PRIVATEKEY
> > key = ks.getKey(alias, senha.toCharArray());
> > if (key instanceof PrivateKey) {
> > privateKey = (PrivateKey) key;
> > }
> >
>
> Unless the PFX file has multiple keys and certificates in it,
> that should do it.
>
> > I know that the publicKey is correct because they match with dotNET
> file.
> > In the new version of my app i verify the privateKey using the code
> below.
> >
> > Signature signer = null;
> > signer = Signature.getInstance("SHA1withRSA");
> > signer.initSign( privateKey );
> > signer.update(msg.getBytes("UTF-8"));
> > byte[] theSignature = null;
> > theSignature = signer.sign();
> > Log.d("theSignature ---> ", theSignature.toString());
> >
>
> This last line will only print the address of the byte array,
> which is not particularly useful. You'd want to print the contents
> by converting to hex. A quick-n-dirty way to do this is to use
>
> BigInteger bi = new BigInteger(theSignature);
> Log.d("theSignature --> " + bi.toString(16));
>
> > Signature sig = null;
> > sig = Signature.getInstance("SHA1withRSA");
> > sig.initVerify(publicKey);
> > sig.update(msg.getBytes("UTF-8"));
> > boolean verifies = false;
> > verifies = sig.verify(theSignature);
> > if(verifies){
>
> > The message in Log is "SIGNATURE OK", then I presume that privateKey is
> OK
> > too.
>
> That only confirms that you have a proper private/public key pair.
> Should be enough if there is only one key in the PFX.
>
> >
> > If this is right, then the error must be in format of theSignature.
> Maybe
> > the signature have a header or footer like public key (-----BEGIN
> > CERTIFICATE-----) that interfer in the Base64.encodeToString.
>
> There are no headers/footer. Base64 merely converts the bytes to
> a string representation (3 chars per byte). Another obvious thing to
> look at would be byte order: Windows/.NET is known to use little
> endian for most things, while the rest of the world (including Java)
> uses big endian by default. IIRC, some Crypto API calls (which
> most .NET APIs use internally) would also swap signature order.
> So do check/post the raw signature value in *hex* format from
> both platforms.
>
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
