stackoom
  简体   繁体   中英

Verifying in C# what was signed in Java

 原文  2016-11-18 15:11:10       java/ c#/ .net/ rsa/ sha1

Question

I am trying to port a code from C# to java. There is a part which requires a String to be signed using RSA/Sha1.

To make sure that the java code produces the same result as the C# code, I tried to sign a string from java, and use existing c# code to verify the signature. My challenge is I am unable to verify the string which was signed in Java.

Here is the code;

Java method for Signing:

public static String signPayload(byte[] stringToSign, PrivateKey privateKey){ 
    try {
        Signature rsaSignatureProvider = Signature.getInstance("SHA1withRSA");
        rsaSignatureProvider.initSign(privateKey);
        rsaSignatureProvider.update(stringToSign);
        byte[] signature = rsaSignatureProvider.sign();
        return new String(Base64.encodeBase64String(signature));
    } catch (Exception ex) {
        ex.printStackTrace();
    } 

    return null;
}

C# method for signing: 

public String signPayload(String stringToSign, AsymmetricAlgorithm privateKey)
{

    var hash = sha1.ComputeHash(Convert.FromBase64String(stringToSign));
    RSACryptoServiceProvider cryptoProv = (RSACryptoServiceProvider)privateKey;
    return Convert.ToBase64String(cryptoProv.SignHash(hash, CryptoConfig.MapNameToOID("SHA1")));
}

C# method which I am using to verify signed data:

public bool verifyHash(String signature, String stringToSign, PublicKey publicKey)
{
    bool isVerified = false;
    var responseHash = sha1.ComputeHash(Convert.FromBase64String(stringToSign));
    RSACryptoServiceProvider publicKeyCrypto = (RSACryptoServiceProvider)publicKey.Key;
    isVerified = publicKeyCrypto.VerifyHash(responseHash, CryptoConfig.MapNameToOID("SHA1"), Convert.FromBase64String(signature));
    return isVerified;
}

I am unable to see the gap between the two method for signing (Java and C#). What is that I am doing wrong in my Java code?

2 answers

solution1
 2  2016-11-19 00:04:44

I have managed to resolve my problem by changing the way I encode the signature. Below is the code;

public static String signPayload(byte[] stringToSign, PrivateKey privateKey) { 
    try {
        Signature rsaSignatureProvider = Signature.getInstance("SHA1withRSA");
        rsaSignatureProvider.initSign(privateKey);
        rsaSignatureProvider.update(stringToSign);
        byte[] signature = rsaSignatureProvider.sign();

        return java.util.Base64.getEncoder().encodeToString(signature);
    } catch (Exception ex) {
        ex.printStackTrace();
    } 
    return null;
}

solution2
 0  2021-03-08 20:20:06

I resolved my problem with encode .

C# using default UTF-16LE

The byte array used to sign or validate has to have the same encoding, in my case using "UTF-16LE" on both sides.

String transaction="Hola loco";
byte[] messageToSignOrValidate = transaction.getBytes("UTF-16LE");

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Problem verifying in C# what was signed in Java (RSA) Verifying Java signature in C# What prevents Java from verifying signed jars with multiple signature algorithms Java BadPaddingException when verifying data signed on a JavaCard Verifying certificate of signed and secured PDF in iText PDF Java Java/C# communication over TCP - Signed/unsigned bytes pro What is null in c#, java? What is >>>= from Java in C# Error on creating and verifying signed data Load C signed long in Java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM