Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Java Security Signature Exception problem

Posted on 2007-12-02
8
Medium Priority
?
4,057 Views
Last Modified: 2013-11-23
Hi,
I'm having some problems with a piece of code that i'm trying to write where it throws a SignatureException - invalid encoding for signature.

- I declare the Signature as a 'global' variable.

- Before signing the message, I do the following:
 sig = Signature.getInstance("DSA");
 sig.initSign(PrivateKey);      

- When I want to verify the signature, first I do this:
sig.initVerify(PublicKey);

The error is thrown right at the end when I come to the verification:
if (!sig.verify(sig))
              System.out.print("Signature NOT");
              System.out.print("Verified");

Anyone understand why I get an invalid coding message and what I should do to fix this?

Cheers,

Phil.

0
Comment
Question by:phil8258
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 92

Expert Comment

by:objects
ID: 20393296
where r you're key vars coming from?
0
 

Author Comment

by:phil8258
ID: 20393342
Some code below:
// Declared in the main class:
public static PrivateKey PrivateKey = null;
public static PublicKey PublicKey = null;	
public static Signature sig = null;
 
//A bit of code from a method that creates the keys:
KeyPair keys = keypair.generateKeyPair();
PrivateKey = keys.getPrivate();
PublicKey = keys.getPublic();
 
//A bit of code from the method that signs the message:
sig = Signature.getInstance("DSA");
sig.initSign(PrivateKey);
 
//All of the above seems to work ok. Then...
 
//A bit of code from the method that verifies the signature:
sig.initVerify(PublicKey);
 
File f = new File("Input.txt");   //Open signed file
DataInputStream f = new DataInputStream(new FileInputStream(f));
 
byte[] sigTemp = new byte[SignedFile.read()];	//Read signed file into byte array
f.read(sigTemp, 0, f.read());
 
int length = (int) f.length();
byte[] Input = new byte[length];
f.read(Input, 0, length);
f.close();
 
sig.update(Input);
       
if (!sig.verify(sig))
              System.out.print("Signature NOT");
              System.out.print("Verified");
	}

Open in new window

0
 

Author Comment

by:phil8258
ID: 20393347
Error occurs at line 33 in the above code
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 92

Expert Comment

by:objects
ID: 20393357
byte[] sigTemp = new byte[SignedFile.read()];   //Read signed file into byte array
f.read(sigTemp, 0, f.read());

whats that meant to be doing.
does not look like it would even compile
0
 

Author Comment

by:phil8258
ID: 20393390
Good question!
I removed it, and the first thing that went wrong (or right) was that line 33 could no longer refer to sig
I changed line 33 to if (!sig.verify(Input))
and exception gone :O)

Only problem now is that its always reporting Signature Not Verified...
Changing to:

        if (!signature.verify(Input)){
              System.out.println("Signature not verified");
        }
        else {
              System.out.println("Signature verified sucessfully");
        }

and it still says "Signature not Verified"
0
 
LVL 92

Expert Comment

by:objects
ID: 20393410
>         if (!signature.verify(Input)){

the verify method expects the bytes of a signature, is that what Input contains?
0
 

Author Comment

by:phil8258
ID: 20393438
Input contains:
0,ljaØÄaÉ"¼]~ÆSNxMQk[ªhzDÞ/mRyÒ¬!î=ïhÜHello World!
0
 
LVL 92

Accepted Solution

by:
objects earned 1500 total points
ID: 20393482
u sure thats a signature? seems to also include data.
how was it created?

there an example here to sign and verify

http://www.java2s.com/Code/Java/Security/Testthesignature.htm
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question