'Re: [dev-crypto] Custom Signature object - SOLVED!'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bouncycastle-crypto-dev
Subject:    Re: [dev-crypto] Custom Signature object - SOLVED!
From:       pippo baudo <dottzero () yahoo ! com>
Date:       2011-06-13 13:50:29
Message-ID: 672307.16639.qm () web130102 ! mail ! mud ! yahoo ! com
[Download RAW message or body]

The problem was inside the Signature object.

As usual, bouncycastle has been able to help me: I found the solution inside the 
library's source code.

I had to change the code as follows:

8x-----------------------------------

byte[] toSign = new DigestInfo(
      new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1), 
      DigestUtils.sha(attributeTableBytes)).getEncoded();

AsymmetricBlockCipher cipher = new PKCS1Encoding(new RSABlindedEngine());

CipherParameters    param = generatePrivateKeyParameter((RSAPrivateKey)privKey);

cipher.init(true, param);

return cipher.processBlock(hash, 0, hash.length);

8x-----------------------------------

Regards,
Massimiliano


----- Original Message ----
From: pippo baudo <dottzero@yahoo.com>
To: dev-crypto@bouncycastle.org
Sent: Mon, June 13, 2011 11:30:20 AM
Subject: [dev-crypto] Custom Signature object

Hi All.

For one project I'm following lately I'm implementing my own SignatureSpi 
implementation.
That involves the creation of three different objects:
1) MySignature extends SignatureSpi
2) MyPrivateKey implements RSAPrivateKey
3) MyProvider extends Provider

Inside MySignature I've implemented the sign() method.
As far as I know, the bytes I get to sign are an attribute table, so I've 
implemented my sign method this way:



            byte[] toSign = new DigestInfo(new 
AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1), 
DigestUtils.sha(attributeTableBytes)).getEncoded();
            Cipher cipher = Cipher.getInstance("RSA", new 
BouncyCastleProvider());
            cipher.init(Cipher.ENCRYPT_MODE, privKey, new SecureRandom());
            return cipher.doFinal(hash);


I call the signature this way:

CMSSignedDataStreamGenerator gen =  new CMSSignedDataStreamGenerator();
...
gen.addCertificatesAndCRLs(certstore);
gen.addSigner(new MyPrivateKey(), cert,
                    OIWObjectIdentifiers.idSHA1.getId(), new 
DefaultSignedAttributeTableGenerator(),
                    null, new MyProvider());
            OutputStream sigOut = new java.io.BufferedOutputStream(gen.open(new 
FileOutputStream("/tmp/test1.p7m"), true));
            sigOut.write("Hello".getBytes());
            sigOut.flush();
            sigOut.close();


However, while the produced P7M is correct, the signature verification always 
fails.
What do I do wrong?
I think the problem is inside the sign method, however, I really don't know 
what's wrong...

Thank you in advance!!

Regards,
Massimiliano

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic