Solved

Java Security Signature Exception problem

Posted on 2007-12-02
8
3,113 Views
Last Modified: 2013-11-23
Hi,
I'm having some problems with a piece of code that i'm trying to write where it throws a SignatureException - invalid encoding for signature.

- I declare the Signature as a 'global' variable.

- Before signing the message, I do the following:
 sig = Signature.getInstance("DSA");
 sig.initSign(PrivateKey);      

- When I want to verify the signature, first I do this:
sig.initVerify(PublicKey);

The error is thrown right at the end when I come to the verification:
if (!sig.verify(sig))
              System.out.print("Signature NOT");
              System.out.print("Verified");

Anyone understand why I get an invalid coding message and what I should do to fix this?

Cheers,

Phil.

0
Comment
Question by:phil8258
  • 4
  • 4
8 Comments
 
LVL 92

Expert Comment

by:objects
ID: 20393296
where r you're key vars coming from?
0
 

Author Comment

by:phil8258
ID: 20393342
Some code below:
// Declared in the main class:

public static PrivateKey PrivateKey = null;

public static PublicKey PublicKey = null;	

public static Signature sig = null;
 

//A bit of code from a method that creates the keys:

KeyPair keys = keypair.generateKeyPair();

PrivateKey = keys.getPrivate();

PublicKey = keys.getPublic();
 

//A bit of code from the method that signs the message:

sig = Signature.getInstance("DSA");

sig.initSign(PrivateKey);
 

//All of the above seems to work ok. Then...
 

//A bit of code from the method that verifies the signature:

sig.initVerify(PublicKey);
 

File f = new File("Input.txt");   //Open signed file

DataInputStream f = new DataInputStream(new FileInputStream(f));
 

byte[] sigTemp = new byte[SignedFile.read()];	//Read signed file into byte array

f.read(sigTemp, 0, f.read());
 

int length = (int) f.length();

byte[] Input = new byte[length];

f.read(Input, 0, length);

f.close();
 

sig.update(Input);

       

if (!sig.verify(sig))

              System.out.print("Signature NOT");

              System.out.print("Verified");

	}

Open in new window

0
 

Author Comment

by:phil8258
ID: 20393347
Error occurs at line 33 in the above code
0
 
LVL 92

Expert Comment

by:objects
ID: 20393357
byte[] sigTemp = new byte[SignedFile.read()];   //Read signed file into byte array
f.read(sigTemp, 0, f.read());

whats that meant to be doing.
does not look like it would even compile
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:phil8258
ID: 20393390
Good question!
I removed it, and the first thing that went wrong (or right) was that line 33 could no longer refer to sig
I changed line 33 to if (!sig.verify(Input))
and exception gone :O)

Only problem now is that its always reporting Signature Not Verified...
Changing to:

        if (!signature.verify(Input)){
              System.out.println("Signature not verified");
        }
        else {
              System.out.println("Signature verified sucessfully");
        }

and it still says "Signature not Verified"
0
 
LVL 92

Expert Comment

by:objects
ID: 20393410
>         if (!signature.verify(Input)){

the verify method expects the bytes of a signature, is that what Input contains?
0
 

Author Comment

by:phil8258
ID: 20393438
Input contains:
0,ljaØÄaÉ"¼]~ÆSNxMQk[ªhzDÞ/mRyÒ¬!î=ïhÜHello World!
0
 
LVL 92

Accepted Solution

by:
objects earned 500 total points
ID: 20393482
u sure thats a signature? seems to also include data.
how was it created?

there an example here to sign and verify

http://www.java2s.com/Code/Java/Security/Testthesignature.htm
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

For customizing the look of your lightweight component and making it look lucid like it was made of glass. Or: how to make your component more Apple-ish ;) This tip assumes your component to be of rectangular shape and completely opaque. (COD…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now