RE: problem verifying signature from java
My case is different. Here it is failing bcz of extra SMIME capability attribute present in Signature. I removed it, it is working fine. Thank you very much for reply -Madhu -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of coco coco Sent: Thursday, June 23, 2005 10:58 AM To: openssl-users@openssl.org Subject: Re: problem verifying signature from java > >To rule out any problems with your OpenSSL code I'd suggest you check the >signatures using the dgst command and if there are problems analyze them >using >rsautl. > Thanks for the reply. I got it, by examining basically every function that touches my data. So, in the end, it was the base64 library that I linked with, it has a small bug in dealing with the '+' char in base64-encoded string. rgds _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] # This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information. LG Soft India will not be responisible for any viruses or defects or any forwarded attachements emanating either from within LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded recipient, please contact the sender by reply email and destroy all copies of the original message. #:§I"Ï®ÞrØm¶ÿà (¥éì²Z+K+©¦í1¨¥xËh¥éì²[¬z»(¥éì²Z+¢fyÒâ²Ó¨®f£¢·h)z{,à
Re: problem verifying signature from java
To rule out any problems with your OpenSSL code I'd suggest you check the signatures using the dgst command and if there are problems analyze them using rsautl. Thanks for the reply. I got it, by examining basically every function that touches my data. So, in the end, it was the base64 library that I linked with, it has a small bug in dealing with the '+' char in base64-encoded string. rgds _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: problem verifying signature from java
Did you got any break through. Sorry, didn't read this list for a while. Actually, the code I put up in my question was correct. The problem was with a Base64 lib that I linked with in C++. The implementation of the library has a small bug, which does not handle the '+' char properly. That's why it didn't verify correctly. With the base64 bug fixed, the code has no problem. coco _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: problem verifying signature from java
On Thu, Jun 16, 2005, coco coco wrote: > > Sorry to disappoint you, I've been banging my head on the monitor for > 2 days now, going over the code and manual/api docs/examples/google > for so many times, and I'm still having difficulties to get openssl and Java > work together. All my crypto coding experiences are on Java, and this > is the first time trying to get some very basic functionalities in C++, > and it turns out to be much much harder than I thought :( > > And notice the key/cert I used in my test code are actually from the > openssl examples. > > Anyone who has experience making openssl work with java, please give > a hint. That'll be very much appreciated. > To rule out any problems with your OpenSSL code I'd suggest you check the signatures using the dgst command and if there are problems analyze them using rsautl. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: problem verifying signature from java
Did you got any break through. -Madhu -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of coco coco Sent: Friday, June 17, 2005 6:49 AM To: openssl-users@openssl.org Subject: RE: problem verifying signature from java > I am also facing the similar problem. I am generating signature >using OpenSSL and passing in to JAVA to verify (running JAVA test >suite). Signature format is in DER encoded PKCS#7 format. > > But JAVA is not able to parse the "SignedData" content in the >PKCS#7 format. It is giving "rejects tag type -96" error while parsing. > > Any comments on this are greatly appreciated. > > If you got any cluekindly let me know. > Sorry to disappoint you, I've been banging my head on the monitor for 2 days now, going over the code and manual/api docs/examples/google for so many times, and I'm still having difficulties to get openssl and Java work together. All my crypto coding experiences are on Java, and this is the first time trying to get some very basic functionalities in C++, and it turns out to be much much harder than I thought :( And notice the key/cert I used in my test code are actually from the openssl examples. Anyone who has experience making openssl work with java, please give a hint. That'll be very much appreciated. coco _ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] # This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information. LG Soft India will not be responisible for any viruses or defects or any forwarded attachements emanating either from within LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded recipient, please contact the sender by reply email and destroy all copies of the original message. #
RE: problem verifying signature from java
I am also facing the similar problem. I am generating signature using OpenSSL and passing in to JAVA to verify (running JAVA test suite). Signature format is in DER encoded PKCS#7 format. But JAVA is not able to parse the "SignedData" content in the PKCS#7 format. It is giving "rejects tag type -96" error while parsing. Any comments on this are greatly appreciated. If you got any cluekindly let me know. Sorry to disappoint you, I've been banging my head on the monitor for 2 days now, going over the code and manual/api docs/examples/google for so many times, and I'm still having difficulties to get openssl and Java work together. All my crypto coding experiences are on Java, and this is the first time trying to get some very basic functionalities in C++, and it turns out to be much much harder than I thought :( And notice the key/cert I used in my test code are actually from the openssl examples. Anyone who has experience making openssl work with java, please give a hint. That'll be very much appreciated. coco _ Don?t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: problem verifying signature from java
Hello coco, I am also facing the similar problem. I am generating signature using OpenSSL and passing in to JAVA to verify (running JAVA test suite). Signature format is in DER encoded PKCS#7 format. But JAVA is not able to parse the "SignedData" content in the PKCS#7 format. It is giving "rejects tag type -96" error while parsing. Any comments on this are greatly appreciated. If you got any cluekindly let me know. Thanking you Madhu -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of coco coco Sent: Wednesday, June 15, 2005 5:17 PM To: openssl-users@openssl.org Subject: problem verifying signature from java I'm trying to get a client application written in C++ using OpenSSL to verify a signature sent by a server (in Java) and vice versa. Not sure I specified it correctly, but the signatures generated on both sides, from the same input data, are not the same, and therefore, can't be verify. And this is using the same key, of course. Here is the code in Java for signing it: == String testKey = "-BEGIN RSA PRIVATE KEY-\n" + "MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ\n" + "2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF\n" + "oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr\n" + "8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc\n" + "a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7\n" + "WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA\n" + "6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=\n" + "-END RSA PRIVATE KEY-\n"; String testCert = "-BEGIN CERTIFICATE-\n" + "MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD\n" + "VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv\n" + "bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy\n" + "dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X\n" + "DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw\n" + "EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l\n" + "dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT\n" + "EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw\n" + "L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN\n" + "BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX\n" + "9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=\n" + "-END CERTIFICATE-\n"; // same input string for both Java and C++ String input = "9O2CQ14zAXEd7GzJ9XELhQH.aE6"; public void doSign() { try { // Note: PEMReader is from BouncyCastle StringReader sReader = new StringReader(testKey); PEMReader pemReader = new PEMReader(sReader); KeyPair keypair = (KeyPair) pemReader.readObject(); PrivateKey privKey = keypair.getPrivate(); PublicKey pubKey = keypair.getPublic(); sReader = new StringReader(testCert); pemReader = new PEMReader(sReader); X509Certificate cert = (X509Certificate)pemReader.readObject(); PublicKey pubKey2 = cert.getPublicKey(); Signature sig = Signature.getInstance("SHA1withRSA"); sig.initSign(privKey); sig.update(input.getBytes()); byte[] sigvalue = sig.sign(); Base64 b64 = new Base64(); byte[] b = b64.encode(sigvalue); String s = new String(b); System.out.println("'" + s + "'"); sig.initVerify(pubKey2); sig.update(input.getBytes()); boolean status = sig.verify(sigvalue); System.out.println(status); } catch(Exception e) { e.printStackTrace(); } } == And the
problem verifying signature from java
I'm trying to get a client application written in C++ using OpenSSL to verify a signature sent by a server (in Java) and vice versa. Not sure I specified it correctly, but the signatures generated on both sides, from the same input data, are not the same, and therefore, can't be verify. And this is using the same key, of course. Here is the code in Java for signing it: == String testKey = "-BEGIN RSA PRIVATE KEY-\n" + "MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ\n" + "2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF\n" + "oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr\n" + "8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc\n" + "a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7\n" + "WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA\n" + "6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=\n" + "-END RSA PRIVATE KEY-\n"; String testCert = "-BEGIN CERTIFICATE-\n" + "MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD\n" + "VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv\n" + "bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy\n" + "dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X\n" + "DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw\n" + "EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l\n" + "dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT\n" + "EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw\n" + "L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN\n" + "BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX\n" + "9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=\n" + "-END CERTIFICATE-\n"; // same input string for both Java and C++ String input = "9O2CQ14zAXEd7GzJ9XELhQH.aE6"; public void doSign() { try { // Note: PEMReader is from BouncyCastle StringReader sReader = new StringReader(testKey); PEMReader pemReader = new PEMReader(sReader); KeyPair keypair = (KeyPair) pemReader.readObject(); PrivateKey privKey = keypair.getPrivate(); PublicKey pubKey = keypair.getPublic(); sReader = new StringReader(testCert); pemReader = new PEMReader(sReader); X509Certificate cert = (X509Certificate)pemReader.readObject(); PublicKey pubKey2 = cert.getPublicKey(); Signature sig = Signature.getInstance("SHA1withRSA"); sig.initSign(privKey); sig.update(input.getBytes()); byte[] sigvalue = sig.sign(); Base64 b64 = new Base64(); byte[] b = b64.encode(sigvalue); String s = new String(b); System.out.println("'" + s + "'"); sig.initVerify(pubKey2); sig.update(input.getBytes()); boolean status = sig.verify(sigvalue); System.out.println(status); } catch(Exception e) { e.printStackTrace(); } } == And the code in C for verifying: == char * testKey = "-BEGIN RSA PRIVATE KEY-\n" \ "MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ\n" \ "2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF\n" \ "oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr\n" \ "8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc\n" \ "a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7\n" \ "WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA\n" \ "6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=\n" \ "-END RSA PRIVATE KEY-\n"; char * testCert = "-BEGIN CERTIFICATE-\n" \ "MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwga