I know that the signature structure uses some random data for calculation. My original question is why I can verify the both signatures with "System.Security.Cryptography.RSACryptoServiceProvider.VerifyHash()" but not with "Org.BouncyCastle.Security.SignerUtilities.GetSigner()" with the exacly same public key etc. What is the different between these structures?
Regards, Jonas On Fri, Nov 28, 2014 at 3:14 PM, Edward Ned Harvey (bouncycastle) < bouncycas...@nedharvey.com> wrote: > > From: Jonas Söderberg [mailto:jonsod1...@gmail.com] > > > > Calculating the hash works for both BC and .NET and returns the same > value > > but the signatures are different. > > The process of signing something includes random data (I haven't checked > if it's a nonce, or a salt, or whatever, but I know the signing method > makes calls to SecureRandom and if you sign the same thing over and over > again, you get a different result every time). So the signature will be > different every time, but the verification method understands this, and is > able to validate anyway. > > Does that answer the question for you? >
