The signature bytes are binary. They're not ASN1 encoded. (BTW, when you say dumpasn1 tool, I suppose you mean the derdump tool in NSS). In any case, it sounds like my signature is supposed to be encoded, in an extra step after signature is generated? That doesn't sound right. It should not matter if bytes are binary or ASN1 encoded...
To answer the questions: 1. Yes, I have also used Sun's Signature class but for verification only; Could not use it for signing because I could not get my private key in PKCS8EncodedKeySpec format, because JSS' PrivateKey class is not fully implemented. 2. Signing algos tried: SHA1withRSA and RSA -- P "Jamie Nicolson" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Patrick wrote: > > >I have used JSS' Signature call to sign but I keep getting an invalid > >signature on verification... > >I also tried using Sun's Signature class but same deal... > > > You used Sun's Signature class for signing or verification? > > >Here are the steps I take (sig is my Signature object): > > > >Signing : > >1. get private key and do a sig.initSign > >2. open data file #1 and do a sig.update > >2. sign data (do a sig.sign) > >3. save signed data bytes to a new file #2 > > > >Verification: > >1. get public key bytes and do a sig.initVerify > >2. get data bytes from file #1 and do a sig.update > >3. get signature bytes from file #2 and do a sig.verify > > > >--> Signature verification fails! > > > >Am I missing anything? > > > > This looks like the proper procedure at a high level, but I suspect the > problem is in the details. > > What signing algorithm are you using? > > Run dumpasn1 on file #2 (the one containing the signature) and make sure > it is valid ASN.1. I remember in the past you ran into problems with > newlines. The way you are writing to and reading from the file might be > the problem. Why don't you try doing the verify with the bytes you got > from the signature, without writing to and then reading from a file? > This will narrow things down. >
