base64 decoding and verifying signature against a public key


I have a message that has a signatured generated for it and I need to validate them against the public key file (/temp/publickey.p7b).  The message and signature were both first url encoded and then the signature was also BASE64-encoded.  I'm using the below to url decode first, then base64 decode the signature and then verify the signature against the public key.  I get an exception on  PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
The signature algorithm used will be SHA-1 with RSA. SHA-1 is the message digest algorithm and RSA is the encryption algorithm.

Exception: IOException: algid parse error, not a sequence

Caused by: IOException: algid parse error, not a sequence

public void decode(){
        String message="message string";
        String signature="signtaure encoded string";

            String messageDecoded=URLDecoder.decode(message, "UTF-8");
            String signatureUrlDecoded=URLDecoder.decode(signature, "UTF-8");
            byte[] decodedSignature = Base64.decodeBase64(signatureUrlDecoded.getBytes());
            String decodedSignatureString = new String(decodedSignature);
            FileInputStream publicKeyFile = new FileInputStream("/temp/publickey.p7b");
			byte[] encKey = new byte[publicKeyFile.available()];;
			X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encKey);
			KeyFactory keyFactory = KeyFactory.getInstance("RSA");
			PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
			Signature sig = Signature.getInstance("SHA1withRSA");
			boolean verifies = sig.verify(decodedSignature);
         catch(Exception e){


Open in new window

Who is Participating?
btanConnect With a Mentor Exec ConsultantCommented:
you may want to check out this API that parses a PKCS#7-formatted (or p7b) certificate reply stored in a file. From the generateCertificates, you will get Certificate instance which is DER-encoded instances of X.509 certificate. you will probably have to enumerate each cert in p7b (as typically it may have a collection) and populate into "encKey" instead

See more in
All Courses

From novice to tech pro — start learning today.