验证Java Card签名

Question

I am writing a Java Card 3.0.2 application on a NXP J3D081 card. I have it both signing and verifying a signature using ALG_ECDSA_SHA_256. The keys have been written to the card by my test app. If I sign 32 bytes of data and pass the signature back to the card the Verify code successfully verifies the signature. If I sign 32 bytes in Bouncy Castle with the Private key and pass to the Verify on the Card it successfully verifies the signature. The bouncy castle Verify Code successfully verifies signatures created from the bouncy castle signing routine.

BUT if I take the returned signature from the Java Card and pass it to the C# bouncy castle code it FAILS to verify the signature. I have checked all input values and they are correct. My code is here (note I pass Public keys as 64 bytes and prepend them with 0x04)

public bool HashAndVerifyDSA(byte[] pb, byte[] inData, byte[] sig)
{
    byte[] pub = new byte[65];
    pub[0] = 0x4;
    Array.Copy(pb, 0, pub, 1, 64);
    ECCurve curve = parameters.Curve;
    ECPoint q = curve.DecodePoint(pub);
    ICipherParameters Public = new ECPublicKeyParameters(algorithm, q, parameters);
    ISigner bSigner = SignerUtilities.GetSigner("SHA-256withECDSA");

    bSigner.Init(false, Public);
    bSigner.BlockUpdate(inData, 0, inData.Length);
    return (bSigner.VerifySignature(sig));
}

I should note that the parameters specify the P-256 curve and are used successfully in the encrypted communication to the card. The Public key is successfully created.

I seem to have less hair now then I did two days ago. Any pointers would be welcome.

Answer 1

Apart from steps you have performed to debug the thing, you can check the following also: -

1. Verify the signature using some online available tool. Do not forget to use same curve parameters and public key generated from javacard.
2. Verify the same using bouncy castle java library. I perform the same steps in one of my tools and it was matched successfully.