无法在Android上验证rsa签名

Question

I'm trying to sign an encrypted message with a private key and verify it in Java. This is my first time working with encryption and signatures so I'm not sure how it is supposed to work and I'm kind of stuck here. The verification always returns false.

Here I sign the message:

public byte[] rsaSign (byte[] data) {

byte[] cipherData = null;

try {

    RSAPrivateKeySpec keySpec = new RSAPrivateKeySpec(signModulus, signExponent);
    KeyFactory fact = KeyFactory.getInstance("RSA");
    PrivateKey privKey = fact.generatePrivate(keySpec);

    Signature s = Signature.getInstance("SHA1withRSA");
    s.initSign(privKey);

    s.update(data);

    return s.sign();
}

return cipherData;
}

And here I try to verify the signature:

public boolean rsaVerify (byte[] data, byte[] signature) {

boolean success = false;

try {

    RSAPublicKeySpec keySpec = new RSAPublicKeySpec(signModulus, signPublicExponent);
    KeyFactory fact = KeyFactory.getInstance("RSA");
    PublicKey pubKey = fact.generatePublic(keySpec);

    Signature s = Signature.getInstance("SHA1withRSA");
    s.initVerify(pubKey);

    s.update(data);

    success = s.verify(signature);

    return success;

} 

return false;
}

Can anyone see a problem? The keys are generated in C# and converted to BigIntegers in java.

Answer 1

Signature verification is failed because you are using a different public key in the verification method. Use the public key to verify the signature which is consistent with the private key that is used into rsaSign() method.

Hope this will help you. Note that, this public key is consistent with the private key which is used in Signature Generation method :

/**
     * This method will sign message with RSA 2048 key
     * @return Void
     */
    public void rsaSign (String message) throws Exception {
        //key generation
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
        SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
        keyGen.initialize(2048, random);

        KeyPair keyPair = keyGen.generateKeyPair();
        PrivateKey priv = keyPair.getPrivate();
        PublicKey pub   = keyPair.getPublic();

        System.out.println("RSAPub key Mod for Sign/Verify  : " + Helper.toHex(((RSAPublicKey)pub).getModulus().toByteArray()));
        System.out.println("RSAPub key Exp for Sign/Verify  : " + Helper.toHex(((RSAPublicKey)pub).getPublicExponent().toByteArray()));

        //sign
        Signature dsa   = Signature.getInstance(signALG);
        dsa.initSign(priv);

        dsa.update(Helper.toByte(message));
        byte[] realSig = dsa.sign();
        System.out.println("RSA Sign-Data   : " + Helper.toHex(realSig));
    }


/**
     * This method verify signature with RSA public key
     * @param message The plain message
     * @param rsaMOD RSA Public key Modulus in string
     * @param rsaEXP RSA Public key Exponent in string
     * @param rsaSignData Signature which will be verified
     * @return true if verifications success, false otherwise
     */
    public boolean rsaVerify(String message, String rsaMOD, String rsaEXP, String rsaSignData) throws Exception {
        BigInteger modBigInteger = new BigInteger(Helper.toByte(rsaMOD));
        BigInteger exBigInteger = new BigInteger(Helper.toByte(rsaEXP));

        RSAPublicKeySpec spec = new RSAPublicKeySpec(modBigInteger, exBigInteger);
        KeyFactory factory = KeyFactory.getInstance("RSA");
        PublicKey publicKey = factory.generatePublic(spec);

        Signature signature = Signature.getInstance(signALG);
        signature.initVerify(publicKey);
        signature.update(Helper.toByte(message));

        return signature.verify(Helper.toByte(rsaSignData));
    }

Answer 2

You should try and test these things locally first, with your own generated key pair. If that fails your code is wrong - it's a very simple wrapper around Java Signature so that's not at all that likely.

You already used a complete specification of the signature algorithm, so provider defaults are not an issue here.

Then check the correctness of the data on both sides by printing it out in Hex or Base64 right before signature generation/verification. If that fails you've got an I/O or encoding/decoding error. Encoding/decoding errors & string handling make up about 30% of the total of cryptography related questions!

Finally you could obtain and compare the modulus of the private and public key. If the moduli don't match then you're using a private and public key of a different key pair, and signature verification will of course always fail.