Can't verify a DSA signature in Java that was created in Go, and vice versa
Question
I'm trying to verify a signature in Java that was created in Go, and vice versa. However, in each case I'm getting no error, but false on the verify function.
The public and private key being used are the same, as are the parameters, I have checked this by passing the Java key data to Go, and using it to sign and verify the data - this works.
I have also checked that the data being passed in (which is then MD5 hashed) is the same in both Java and Go, and that the resulting hash is the same (just in case) - they are.
I know that Java uses the ASN1 encoding for it's signature, and I found a function to rebuild this from the separate R and S values provided by Go, and I used that as a template to split the ASN1 byte[] generated by Java into R and S values for Go. In Java, if I split, and rebuild the ASN1 byte[], I can verify the signature, but no matter what I do, Go won't, and Java won't verify a signature signed by Go.
Is there a difference in the versions of the DSA algorithm they use? I see that Java uses SHA1withDSA and go mentions that it conforms to the FIPS 186-3 specitication
2 answers
solution1
0 2016-04-05 20:15:10
You shouldn't have to handle splitting the ASN1 []bytes by hand, you should be using functions from the crypto pkg.
https://golang.org/pkg/crypto/x509/#Certificate.CheckSignature looks like it takes a SignatureAlgorithm as an arg (and DSAWithSHA1 is a valid value).
solution2
-1 2016-04-05 22:42:21
Ok, DSA may be different, but for RSA at least the solution was that Java didn't want the value to be hashed first (I guess it hashes internally) while GO did, changing the functions to use RSA rather than DSA and considering the above, this worked.
Verify rsa.SignPKCS1v15 signature generated in golang in Java
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.