Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Digital Signature - SsfInvalidDataException

Former Member

‎09-14-2006 9:54 AM

0 Kudos

Hi!

I'm trying to create a login module which will receive some digital signed data and try's to verify it.

The data is signed on a java application, located at an external j2e server, using JCE.

 KeyStore mykeystore = KeyStore.getInstance ( "JKS" ) ; 
 mykeystore.load ( new FileInputStream ( KeystoreLocation ), KeystorePassword.toCharArray() ) ;
        
 PrivateKey privateKey = (PrivateKey) mykeystore.getKey(Alias, KeyPassword.toCharArray());
java.security.Signature sig = java.security.Signature.getInstance("MD5withRSA");
	
sig.initSign(privateKey);
sig.update(PlainText.getBytes());
byte ResultSigned[] = sig.sign();

ValueToReturn = Base64.encode(ResultSigned);	
		
return ValueToReturn;

Trying to verify the signed data i use the following code on my login module:



//signedText is a string received by request

ByteArrayInputStream in = new ByteArrayInputStream(signedText.getBytes());

data = new SsfDataPKCS7(in); 

InitialContext ctx = new InitialContext();
	 		Object o = (Object) ctx.lookup("keystore");
KeystoreManager manager = (KeystoreManager) o;
keystoreName=(String)_options.get("keystoreName");
			
keyStore = manager.getKeystore(keystoreName);
				
String alias = (String)_options.get("alias");

pab = new SsfPabKeyStore(keyStore);
signer = new SsfSigRcpList();
		
result = data.verify(pab,signer);

the verify method throws an <b>SsfInvalidDataException</b>

Any ideias on what may be wrong?

4 REPLIES 4

Former Member

‎09-14-2006 12:10 PM

0 Kudos

Hello Pedro,

to verify a signature using class SsfDataPKCS7, the signed data has to be formated according to PKCS#7. As far as I see, your variable data just contains the signature itself. To perform the operation you have to build a PKCS#7 datafield that contains the plain text and the signature formatted according to PKCS#7 standard.

Best Regards

Michale

Former Member
In response to Former Member

‎09-14-2006 12:55 PM

0 Kudos

Hello Michael,

I thought about that but my question is where do i place the plain text? using JCE i used the update method.

Here i'm confused because i can't find a similar method.

I followed the example on http://help.sap.com/saphelp_webas630/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/content.htm

but on this example the data structure is kept on the file.

How can i build the same structure having 2 strings, one with the plain text and the other containing the signature.

thanks!

Pedro Barbosa

Former Member

‎09-14-2006 2:20 PM

0 Kudos

Hello Pedro,

there is no method to fill the plain Text. The secret is to build a PKCS#7 formatted document that contains the plain text AND the signature. A PKCS#7 document is ASN.1 encoded. A descrition of PKCS#7 you may find here: ftp://ftp.rsasecurity.com/pub/pkcs/doc/pkcs-7.doc

After formatting your PKCS#7 document you can read it into your variable data. Then data contains plain text and signature.

Former Member
In response to Former Member

‎09-14-2009 7:46 AM

0 Kudos

Hello Pedro,

Did you find any method to the build a PKCS#7 formatted document. I'm stuck on a similar issue.

Thanks

Bharath