09-14-2006 9:54 AM
Hi!
I'm trying to create a login module which will receive some digital signed data and try's to verify it.
The data is signed on a java application, located at an external j2e server, using JCE.
KeyStore mykeystore = KeyStore.getInstance ( "JKS" ) ;
mykeystore.load ( new FileInputStream ( KeystoreLocation ), KeystorePassword.toCharArray() ) ;
PrivateKey privateKey = (PrivateKey) mykeystore.getKey(Alias, KeyPassword.toCharArray());
java.security.Signature sig = java.security.Signature.getInstance("MD5withRSA");
sig.initSign(privateKey);
sig.update(PlainText.getBytes());
byte ResultSigned[] = sig.sign();
ValueToReturn = Base64.encode(ResultSigned);
return ValueToReturn;
Trying to verify the signed data i use the following code on my login module:
//signedText is a string received by request
ByteArrayInputStream in = new ByteArrayInputStream(signedText.getBytes());
data = new SsfDataPKCS7(in);
InitialContext ctx = new InitialContext();
Object o = (Object) ctx.lookup("keystore");
KeystoreManager manager = (KeystoreManager) o;
keystoreName=(String)_options.get("keystoreName");
keyStore = manager.getKeystore(keystoreName);
String alias = (String)_options.get("alias");
pab = new SsfPabKeyStore(keyStore);
signer = new SsfSigRcpList();
result = data.verify(pab,signer);
the verify method throws an <b>SsfInvalidDataException</b>
Any ideias on what may be wrong?
09-14-2006 12:10 PM
Hello Pedro,
to verify a signature using class SsfDataPKCS7, the signed data has to be formated according to PKCS#7. As far as I see, your variable data just contains the signature itself. To perform the operation you have to build a PKCS#7 datafield that contains the plain text and the signature formatted according to PKCS#7 standard.
Best Regards
Michale
09-14-2006 12:55 PM
Hello Michael,
I thought about that but my question is where do i place the plain text? using JCE i used the update method.
Here i'm confused because i can't find a similar method.
I followed the example on http://help.sap.com/saphelp_webas630/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/content.htm
but on this example the data structure is kept on the file.
How can i build the same structure having 2 strings, one with the plain text and the other containing the signature.
thanks!
Pedro Barbosa
09-14-2006 2:20 PM
Hello Pedro,
there is no method to fill the plain Text. The secret is to build a PKCS#7 formatted document that contains the plain text AND the signature. A PKCS#7 document is ASN.1 encoded. A descrition of PKCS#7 you may find here: ftp://ftp.rsasecurity.com/pub/pkcs/doc/pkcs-7.doc
After formatting your PKCS#7 document you can read it into your variable data. Then data contains plain text and signature.
09-14-2009 7:46 AM
Hello Pedro,
Did you find any method to the build a PKCS#7 formatted document. I'm stuck on a similar issue.
Thanks
Bharath