Base64 does not convert "3 chars per byte".
It uses 4 characters per 3 bytes for a roughly 33% size increase. On Tuesday, January 15, 2013 8:57:23 AM UTC-6, Nikolay Elenkov wrote: > > On Tue, Jan 15, 2013 at 11:14 PM, mbarbiero > <marco.b...@gmail.com<javascript:>> > wrote: > > I read the certificate form a .pfx file and extract keys: > > > > PUBLICKEY > > cert = ks.getCertificate(alias); > > X509Certificate X509 = (X509Certificate) cert; > > publicKey = cert.getPublicKey(); > > > > PRIVATEKEY > > key = ks.getKey(alias, senha.toCharArray()); > > if (key instanceof PrivateKey) { > > privateKey = (PrivateKey) key; > > } > > > > Unless the PFX file has multiple keys and certificates in it, > that should do it. > > > I know that the publicKey is correct because they match with dotNET > file. > > In the new version of my app i verify the privateKey using the code > below. > > > > Signature signer = null; > > signer = Signature.getInstance("SHA1withRSA"); > > signer.initSign( privateKey ); > > signer.update(msg.getBytes("UTF-8")); > > byte[] theSignature = null; > > theSignature = signer.sign(); > > Log.d("theSignature ---> ", theSignature.toString()); > > > > This last line will only print the address of the byte array, > which is not particularly useful. You'd want to print the contents > by converting to hex. A quick-n-dirty way to do this is to use > > BigInteger bi = new BigInteger(theSignature); > Log.d("theSignature --> " + bi.toString(16)); > > > Signature sig = null; > > sig = Signature.getInstance("SHA1withRSA"); > > sig.initVerify(publicKey); > > sig.update(msg.getBytes("UTF-8")); > > boolean verifies = false; > > verifies = sig.verify(theSignature); > > if(verifies){ > > > The message in Log is "SIGNATURE OK", then I presume that privateKey is > OK > > too. > > That only confirms that you have a proper private/public key pair. > Should be enough if there is only one key in the PFX. > > > > > If this is right, then the error must be in format of theSignature. > Maybe > > the signature have a header or footer like public key (-----BEGIN > > CERTIFICATE-----) that interfer in the Base64.encodeToString. > > There are no headers/footer. Base64 merely converts the bytes to > a string representation (3 chars per byte). Another obvious thing to > look at would be byte order: Windows/.NET is known to use little > endian for most things, while the rest of the world (including Java) > uses big endian by default. IIRC, some Crypto API calls (which > most .NET APIs use internally) would also swap signature order. > So do check/post the raw signature value in *hex* format from > both platforms. > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en