Hello,

So I basically loaded to 2 keys and I want to verify them after I've signed something with one of them, but I a having difficulties. I am getting verified: false at the end without any error. Can someone please point out the flaw?

package fliesigning;
import static fliesigning.FlieSigning.verifySig;
import java.io.*;
import java.nio.ByteBuffer;
import java.security.*;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.math.BigInteger;
import java.security.Provider;
import java.security.Security;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;

public class Signing {

    private static final String BEGIN_RSA_PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----\n"
            + "MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAF53wUbKmDHtvfOb8u1HPqEBFNNF\n" +
"csnOMjIcSEhAwIQMbgrOuQ+vH/YgXuuDJaURS85H8P4UTt6lYOJn+SFnXvS82E7LHJpVrWwQzbh2\n" +
"QKh13/akPe90DlNTUGEYO7rHaPLqTlld0jkLFSytwqfwqn9yrYpM1ncUOpCciK5j8t8MzO71LJoJ\n" +
"g24CFxpjIS0tBrJvKzrRNcxWSRDLmu2kNmtsh7yyJouE6XoizVmBmNVltHhFaDMmqjugMQA2CZfL\n" +
"rxiR1ep8TH8IBvPqysqZI1RIpB/e0engP4/1KLrOt+6gGS0JEDh1kG2fJObl+N4n3sCOtgaz5Uz8\n" +
"8jpwbmZ3Se8CAwEAAQKCAQAdOsSs2MbavAsIM3qo/GBehO0iqdxooMpbQvECmjZ3JTlvUqNkPPWQ\n" +
"vFdiW8PsHTvtackhdLsqnNUreKxXL5rr8vqi9qm0/0mXpGNi7gP3m/FeaVdYnfpIwgCe6lag5k6M\n" +
"yv7PG/6N8+XrWyBdwlOe96bGohvB4Jp2YFjSTM67QONQ8CdmfqokqJ8/3RyrpDvGN3iX3yzBqXGO\n" +
"jPkoJQv3I4lsYdR0nl4obHHnMSeWCQCYvJoZ7ZOliu/Dd0ksItlodG6s8r/ujkSa8VIhe0fnXTf0\n" +
"i7lqa55CAByGN4MOR0bAkJwIB7nZzQKurBPcTAYJFFvAc5hgMnWT0XW83TehAoGBALVPGnznScUw\n" +
"O50OXKI5yhxGf/XDT8g28L8Oc4bctRzI+8YfIFfLJ57uDGuojO/BpqtYmXmgORru0jYR8idEkZrx\n" +
"gf62czOiJrCWTkBCEMtrNfFHQJQCQrjfbHofp7ODnEHbHFm7zdlbfNnEBBaKXxd2rVv4UTEhgftv\n" +
"wsHcimbXAoGBAIViWrHWElMeQT0datqlThE/u51mcK4VlV7iRWXVa1/gAP85ZAu44VvvDlkpYVkF\n" +
"zSRR+lHSOzsubDMN45OBQW6UA3RPg4TCvrTOmhQUeF5XPuSdcD0R2At6pdaLwAKnOtILg13Ha6ym\n" +
"Igjv8glodvem3hWLmpHIhNBiaXtf8wqpAoGADH5a8OhvKOtd8EChGXyp9LDW+HRw9vbyN/gi9dQX\n" +
"ltgyoUBb1jDllgoJSRHgRFUvyvbb/ImR5c03JwqtiQ8siWTC9G5WGeS+jcSNt9fVmG7W1L14MbrG\n" +
"Jj8fFns/7xrOlasnlPdgA+5N+CONtI/sZY2D/KZr0drhPhZBcWJlFxkCgYAn+4SOPEo/6hjKNhA6\n" +
"vER7fSxDEVsDg+rDh3YgAWpvUdlaqBxqOyAqi600YugQZGHK2lv7vNYOdmrunuIx7BPuDqY+bjtR\n" +
"R4Mc9bVQAZbXSLXMl7j2RWwKfNhLSJbk9LX4EoVtTgLjvOUE4tAdq9fFgpqdwLwzqPTO9kECP4++\n" +
"ESTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT\n" +
"/ESTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT\n" +
"j5W72PB8BAr6xg0Oro25O4os"
         // + ...   
         // + ... skipped the rest
         // + ...   
            + "-----END RSA PRIVATE KEY-----";


     private static final String BEGIN_RSA_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n"
            + "MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEArMS9VAfBJ0QRpW95PZJH\n" +
"9XLW8uW1CBTt53NWNQWqihbQ5JrBnpm8nvGZaWop+iRMIDMYDpUFhTeMQH4LV/Oy\n" +
"oPjJSRdPqUW8lY+cuU5W6pOUl6HknqWnFtC3RluFyJmKJP1otaJznsaYPN0bBWcm\n" +
"lGhjOMCJEFz+nwF4l1W86CKl9IrLX4wEtohdNE7vjB2q3NA8m8qx5OMuZEFRvHu1\n" +
"MeTPfmoQgtLkKQQsUC40NqEPEgT7ByzeDEMmY+GTXVfstizZjo+s0iwv5AUHxn+8\n" +
"TESTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT\n" +
"MQIBAw=="
         // + ...   
         // + ... skipped the rest
         // + ...   
            + "-----END PUBLIC KEY-----";




    public static void main(String[] args) throws Exception {

        // Remove the first and last lines

        String privKeyPEM = BEGIN_RSA_PRIVATE_KEY.replace("-----BEGIN RSA PRIVATE KEY-----\n", "");
        privKeyPEM = privKeyPEM.replace("-----END RSA PRIVATE KEY-----", "");
        System.out.println(privKeyPEM);

        String publicKeyPEM = BEGIN_RSA_PUBLIC_KEY.replace("-----BEGIN PUBLIC KEY-----\n", "");
        publicKeyPEM = publicKeyPEM.replace("-----END PUBLIC KEY-----", "");
        System.out.println(publicKeyPEM);

        // Base64 decode the data
        //byte [] encoded = privKeyPEM.getBytes();
        Base64 b64 = new Base64();
        byte [] encoded = b64.decode(privKeyPEM);
        byte [] encoded_pub = b64.decode(publicKeyPEM);


        // PKCS8 decode the encoded RSA private key

        PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(encoded);
        KeyFactory kf = KeyFactory.getInstance("RSA");
        PrivateKey privKey = kf.generatePrivate(privateKeySpec);

        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(encoded_pub);
        KeyFactory pk = KeyFactory.getInstance("RSA");
        PublicKey publicKey = pk.generatePublic(publicKeySpec);

        // Display the results

        System.out.println(privKey);

        String file = "qwerty";
        byte[] fileBytes = file.getBytes();

        byte[] digitalSignature = signData(fileBytes, privKey);

        System.out.println("SIGNATURE MADE");


        boolean verified;
       verified = verifySig(fileBytes, publicKey, digitalSignature);
       System.out.println("verified: " + verified) ;    

    }

    public static byte[] signData(byte[] data, PrivateKey key) throws Exception {
            Signature signer = Signature.getInstance("SHA256withRSA");
            signer.initSign(key);
            signer.update(data);
            return (signer.sign());
  }

   public static boolean verifySig(byte[] data, PublicKey key, byte[] sig) throws Exception {
    Signature signer = Signature.getInstance("SHA256withRSA");
    signer.initVerify(key);
    signer.update(data);
    return (signer.verify(sig));
  }
}

Edited 2 Years Ago by SQLpower

This question has already been answered. Start a new discussion instead.