cgray1223
asked on
base64 decoding and verifying signature against a public key
Hello,
I have a message that has a signatured generated for it and I need to validate them against the public key file (/temp/publickey.p7b). The message and signature were both first url encoded and then the signature was also BASE64-encoded. I'm using the below to url decode first, then base64 decode the signature and then verify the signature against the public key. I get an exception on PublicKey pubKey = keyFactory.generatePublic( pubKeySpec );
The signature algorithm used will be SHA-1 with RSA. SHA-1 is the message digest algorithm and RSA is the encryption algorithm.
Exception:
java.security.spec.Invalid KeySpecExc eption: java.security.InvalidKeyEx ception: IOException: algid parse error, not a sequence
at sun.security.rsa.RSAKeyFac tory.engin eGenerateP ublic(RSAK eyFactory. java:188)
at java.security.KeyFactory.g eneratePub lic(KeyFac tory.java: 304)
Caused by: java.security.InvalidKeyEx ception: IOException: algid parse error, not a sequence
at sun.security.x509.X509Key. decode(X50 9Key.java: 380)
at sun.security.x509.X509Key. decode(X50 9Key.java: 386)
at sun.security.rsa.RSAPublic KeyImpl.<i nit>(RSAPu blicKeyImp l.java:66)
at sun.security.rsa.RSAKeyFac tory.gener atePublic( RSAKeyFact ory.java:2 81)
at sun.security.rsa.RSAKeyFac tory.engin eGenerateP ublic(RSAK eyFactory. java:184)
I have a message that has a signatured generated for it and I need to validate them against the public key file (/temp/publickey.p7b). The message and signature were both first url encoded and then the signature was also BASE64-encoded. I'm using the below to url decode first, then base64 decode the signature and then verify the signature against the public key. I get an exception on PublicKey pubKey = keyFactory.generatePublic(
The signature algorithm used will be SHA-1 with RSA. SHA-1 is the message digest algorithm and RSA is the encryption algorithm.
Exception:
java.security.spec.Invalid
at sun.security.rsa.RSAKeyFac
at java.security.KeyFactory.g
Caused by: java.security.InvalidKeyEx
at sun.security.x509.X509Key.
at sun.security.x509.X509Key.
at sun.security.rsa.RSAPublic
at sun.security.rsa.RSAKeyFac
at sun.security.rsa.RSAKeyFac
public void decode(){
String message="message string";
String signature="signtaure encoded string";
try{
String messageDecoded=URLDecoder.decode(message, "UTF-8");
String signatureUrlDecoded=URLDecoder.decode(signature, "UTF-8");
byte[] decodedSignature = Base64.decodeBase64(signatureUrlDecoded.getBytes());
String decodedSignatureString = new String(decodedSignature);
FileInputStream publicKeyFile = new FileInputStream("/temp/publickey.p7b");
byte[] encKey = new byte[publicKeyFile.available()];
publicKeyFile.read(encKey);
publicKeyFile.close();
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encKey);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(pubKey);
sig.update(messageDecoded.getBytes());
boolean verifies = sig.verify(decodedSignature);
}
catch(Exception e){
e.printStackTrace();
}
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.