c# - Can't verify signature in JAVA but success in .NET -
we have old system using .net 3.5 (run on windows server 2003 32bits) verify e-receipts our customers (all use sha1rsa algorithm agreement). store certificates in database in base64 string. old code that:
//store certificates string certificateencodebase64 = convert.tobase64string(bytearraycertificatefile); //verify signatures //hash algorithm sha-1 hashalgorithm hashalgrothm = new sha1managed(); //data byte[] data = system.text.encoding.utf8.getbytes(request.datainutf8); //signature byte[] signature = convert.frombase64string(request.signatureinbase64); //certificate x509certificate2 certificate = new x509certificate2(convert.frombase64string(certencodebase64)); //verify using algorithm rsa rsacryptoserviceprovider pubkey = (rsacryptoserviceprovider)certificate.publickey.key bool vr = pubkey.verifydata(data, hashalgrothm, signature);
nothing issues except performance not good. that's why want move new system using java 1.7 (run on windows server 2012 64 bits). our new code that:
//using same db store certificates //verify signatures using bouncy castle jce provider //hash data using sha-1 byte[] data_ = request.getdatainutf8().getbytes("utf-8"); messagedigest messagedigest_ = messagedigest.getinstance("sha-1", "bc"); byte[] hashed = messagedigest.digest(data); //signature byte [] signature = new base64decoder().decodebuffer(request.getsignatureinbase64()); //certificate certificatefactory certificatefactory = certificatefactory.getinstance("x509", "bc"); byte[] buffer = new base64decoder().decodebuffer(certencodebase64); bytearrayinputstream bytearraycertificateinputstream = new bytearrayinputstream(buffer); certificate certificate = certificatefactory.generatecertificate(bytearraycertificateinputstream); //verify using algorithm rsa signature verifyengine = signature.getinstance("rsa", "bc"); verifyengine.initverify(certificate); verifyengine.update(hashed); result = verifyengine.verify(signature);
and problem: in our test using verified data taken old system, new system verify customer's data customers return fail. 1 failed example
certificate in base64
miigvzccbd+gawibagiqvahv43oelxumktwtrmv+ljanbgkqhkig9w0baqufadbpmqswcqydvqqgewjwtjetmbega1uechmkvk5qvcbhcm91cdeembwga1uecxmvvk5qvc1dqsbucnvzdcbozxr3b3jrmsuwiwydvqqdexxwtlbuienlcnrpzmljyxrpb24gqxv0ag9yaxr5mb4xdteymdqxnja1ntg0nloxdte0mdqxnja1ntg0nlowgcexczajbgnvbaytalzomriweaydvqqidaliw6agtug7mwkxfzavbgnvbacmdkhhasbcw6agvhlgsg5nmtmwmqydvqqkdcpor8octibiw4borybutunqiepdle5hifrixq/goe5hifzj4bugvcboqu0xudbobgnvbammr05hw4joiejdge5hifrnq1agq8outkcgvejgr8agtkcgvk4glsbuulvorybuw4jniepdle5hie5hsog7hibusmoutkcgvelomiibijanbgkqhkig9w0baqefaaocaq8amiibcgkcaqeaqxx3eztjzlabh2ymig4aqoqzk5r/wivnq8hgujyg95fvr+izvbkre0rp6+yzi5yqfwhlkoxwrcfv9qwyvdael7bqjpcdneu3xih3e66o59/zx/pjscbha+c9kuu5irastluxx2iubbbzjzdw4tlzcweo7hay+wgnik1yjoy8zinnyjfb99cwpvdpal1nw+4dx8hyakbwjivlf+kwgvj/v/jxtcizo1ob48chiw88y2s3ak0k26euzxq3lfyomks0qp2fquk7x0b1uy3wymxc+qwfp6z7p+xiviyr0rv1/c8mo4azcy2xkkfkptkwyhay5nffbp8gjyv+j/kyo6udeqidaqabo4ibodccazwwcayikwybbquhaqeezdbimdigccsgaqufbzachizodhrwoi8vchvilnzuchqty2eudm4vy2vydhmvdm5wdgnhlmnlcjasbggrbgefbqcwayygahr0cdovl29jc3audm5wdc1jys52bi9yzxnwb25kzxiwhqydvr0obbyefm+jjygczfow9j23/ufgnb0bio91mawga1udeweb/wqcmaawhwydvr0jbbgwfoaubmna1ducihwnrn3pfojoclwsaq8wdgydvr0gbg8wbta0bgkrbgeeayh6ogiwjzalbggrbgefbqccaryzahr0cdovl3b1yi52bnb0lwnhlnzul3jwyta1bgsrbgeeayh6ogicajammcqgccsgaqufbwicmbgefgbeaekaraataeiamqauadaalqayahkwmqydvr0fbcowkdamocsgioygahr0cdovl2nybc52bnb0lwnhlnzul3zuchrjys5jcmwwdgydvr0paqh/baqdagtwmb8ga1udjqqymbygccsgaqufbwmcbgorbgeeayi3cgmmma0gcsqgsib3dqebbquaa4icaqbvkxvjafjkm5/4wgtw2wx+q0o2xhanv5npv+mw2dodyner4wki+7hzqz6leufz/ktnkav2gm9jt9uiqdvnh037wju5haybhxgfgfr96zy9cb9bopj5p7u+k3k/4edlmmvh4qgv/3hbkedpfvu7qtpshyv6fff7kap3mzfgqzekochab8krn8xl6vc+olzp+wxeg9wyl9x0ao+jusu5mwzpkx5tvukgcivwblvan8jvogzl+vgkja10dqzp32zk6aubmznqju8oxpbrn600lyc8lj78f2tnxtgyrbw28cx5+n5yyl7lizsjafnfkntlfx9me/a/cl8b1kwx0fyjun50tu7c2gx+vt/lnslvfh5gu/ukbiorqz5pyezsocmscrcuwuzvzzhqkgxp/fsgfrafn9cl+2gpewtzb+e2wagobo56t908ibdaqglwhx5lpnm8i/8lerxv4it37sqdse/2mtah7avmiykyu6revqc1/bnfra7/gtk5i/nga8vdxu417vgyomqu2sycepd/3khdjimiakyd6uzfgxpzjl8/uqjl70u7++v6vobjpbsouuzwh1xl9h2mbds++enuvmp+jb8r9m0u4dpfr8poexpjwddgle5aejn4trpgkeiakyx+frvlzujzuelqodfvdggt8esnstqrc+xp3/eutp56nq==
rawdata
<header><version>1.0</version><sender_code>ttsp_icb</sender_code><sender_name>he thong thanh toan song phuong cua ngan hang vietinbank</sender_name><receiver_code>ttsp_kba</receiver_code><receiver_name>he thong thanh toan song phuong cua kho bac nha nuoc</receiver_name><tran_code>103</tran_code><msg_id>ttsp_icb103004203763</msg_id><msg_refid /><send_date>04-03-2014 09:03:15</send_date><original_code>ttsp_icb</original_code><original_name>he thong thanh toan song phuong cua ngan hang vietinbank</original_name><original_date>04-03-2014 09:03:15</original_date><error_code /><error_desc /><spare1 /><spare2 /><spare3 /></header><body><mt_id>1420110300335833</mt_id><send_bank>89201001</send_bank><receive_bank>89701002</receive_bank><created_date>04-03-2014 09:26:24</created_date><creator>dd740063</creator><manager>dd740096</manager><verified_date>04-03-2014 09:29:41</verified_date><f20>1474010300001334</f20><f23b>cred</f23b><f26t>c</f26t><f32as1>04-03-2014</f32as1><f32as2>vnd</f32as2><f32as3>324000000.00</f32as3><f33bs1>vnd</f33bs1><f33bs2>324000000.00</f33bs2><f36 /><f50p1>vnd101101001</f50p1><f50ap2 /><f50kp2>huynh thi kim thoa</f50kp2><f51ap1s1 /><f51ap1s2 /><f51ap2 /><f52p1s1 /><f52p1s2 /><f52ap2>89201001</f52ap2><f52dp2>89201001</f52dp2><f53p1s1 /><f53p1s2 /><f53ap2 /><f53bp2 /><f53dp2 /><f54p1s1 /><f54p1s2 /><f54ap2 /><f54bp2 /><f54dp2 /><f55p1s1 /><f55p1s2 /><f55ap2 /><f55bp2 /><f55dp2 /><f56p1s1 /><f56p1s2 /><f56ap2 /><f56cp2 /><f56dp2 /><f57p1s1>c</f57p1s1><f57p1s2 /><f57ap2>89701002</f57ap2><f57bp2 /><f57cp2 /><f57dp2>kbnn phu tan - giang</f57dp2><f59p1>372301048091</f59p1><f59ap2 /><f59p2>ubnd xa binh thanh dong#####</f59p2><f70 /><f71a>sha</f71a><f71gs1 /><f71gs2 /><f72>ubnd xa binh thanh dong nop tien xe chuyen benh</f72><f77b /><f77ts1 /><f77ts2 /><f77ts3 /><f77ts4 /><f77ts5 /><f77ts6 /><f77ts7 /><f77ts8 /><f77ts9 /><f77ts10 /><f77ts11 /><f77ts12 /><f77ts13 /><f77ts14 /><f77ts15 /><f77ts16 /><f77ts17 /><f77ts18 /><f77ts20 /><f77ts19 /></body>
hash data in base64 using sha-1
klpuojrk329lb++8cfktfadh+3c=
signature in base64
kwmvpkpq8pg3fuij9pnd/me3orlplkbdnlwch5rztmhiz0bjtn8cjjhifrn1w1qkih0lsl24zde5nbyw/vo+eg3tsjzc+d/h7wkm6ad9lht5y0cxyrikwshjrbcjkoxco/ee3kzaazongevwt1blkl3zern11rayzjfezrge7wbilvp/51cy5zbu/mljts3waiepqycjoovno59iculwclhcpr+gvzcwh65oxbeli+xrbrn1pfew5j48r6ftwmdtrzd+ojejmlhmihuberrno+xg7q5ovwy1ag2gfcocyiou2jyd5dd9zdulema54uz7cy3ubcixg5/n+7gtlfgeha==
for investigate further, debug class digestsignaturespi bouncy castle use verify @ line
try { sig = cipher.processblock(sigbytes, 0, sigbytes.length); expected = derencode(hash); } catch (exception e) { return false; }
sig is
[48, 33, 48, 9, 6, 5, 43, 14, 3, 2, 26, 5, 0, 4, 20, 40, -70, 110, -94, 52, 100, -33, 111, 101, 111, -17, -68, 8, 82, -109, 20, 0, -31, -5, 119]
while expected is
[40, -70, 110, -94, 52, 100, -33, 111, 101, 111, -17, -68, 8, 82, -109, 20, 0, -31, -5, 119]
this debug show sig include expected bit (last 20 bytes).
i don't know wrong. please help!!! thank you.
i don't think you're using correct signature algorithm. documentation suggests should using sha1withrsa
signature algorithm. further indicated signature vs. expected. "expected" value give raw sha-1 hash, whereas signature you're providing pkcs#1 v1.5 digestinfo (see rfc2313, section 10.1.2).
Comments
Post a Comment