Patrick wrote: >The signature bytes are binary. They're not ASN1 encoded. (BTW, when you >say dumpasn1 tool, I suppose you mean the derdump tool in NSS). In any case, >it sounds like my signature is supposed to be encoded, in an extra step >after signature is generated? That doesn't sound right. It should not matter >if bytes are binary or ASN1 encoded... > You're right, the signature is not ASN1 encoded (Incidentally, DER-encoded ASN1 data is binary; they are not mutually exclusive). I must have been thinking of PKCS #7 or something. Never mind.
>To answer the questions: > >1. Yes, I have also used Sun's Signature class but for verification only; >Could not use it for signing because I could not get my private key in >PKCS8EncodedKeySpec format, because JSS' PrivateKey class is not fully >implemented. > >2. Signing algos tried: SHA1withRSA and RSA > You didn't comment on what I think is the most fruitful line of investigation: don't use a file. Just feed the byte array you got from the signing object directly into the verifying object.
