x509certificate - Verifying Signed Hash using Digital Signature -
x509certificate - Verifying Signed Hash using Digital Signature -
i implementing interface takes 3 things input
x509 certificate
a signedhash signed certificate’s private key
the initial hash
it must perform next actions:
confirm hash signed using provided certificate. decrypt signed hash using public key of certificate provided input, , check matches provided hash.i have implemented next verifying digital signature :-
public static boolean verifysignedhash(string x509certificate, string hash, string signedhash) { boolean isverified = false; bytearrayinputstream inputstream = null; bytearrayoutputstream outputstream = null; bytearrayoutputstream byo = null; seek { outputstream = new bytearrayoutputstream(); byte[] info = base64.decodebase64(x509certificate); /* writing decoded x509 certificate bytearrayoutputstream */ outputstream.write(data); byte[] inp = outputstream.tobytearray(); inputstream = new bytearrayinputstream(inp); /* getting certificate input */ certificatefactory cf = certificatefactory.getinstance("x.509"); x509certificate certs = (x509certificate) cf .generatecertificate(inputstream); /* import encoded public key */ x509encodedkeyspec pubkeyspec = new x509encodedkeyspec(certs .getpublickey().getencoded()); /* instantiating keyfactory accesing keys object */ keyfactory keyfactory = keyfactory.getinstance("rsa"); /* * using keyfactory object generate publickey key * specification. */ publickkey = keyfactory.generatepublic(pubkeyspec); byte[] signhash = base64.decodebase64(signedhash); byo = new bytearrayoutputstream(); byo.write(signhash); byte[] signchar = byo.tobytearray(); bytearrayinputstream byi = new bytearrayinputstream(signchar); /* next, input signature bytes file specified */ byte[] sigtoverify = new byte[byi.available()]; byi.read(sigtoverify); byi.close(); /* instantiating signature */ signature signature = signature.getinstance(certs.getsigalgname()); /* initializing public key in signature */ signature.initverify(publickkey); /* supply signature object info verified */ bufferedinputstream bufin = new bufferedinputstream(byi); byte[] buffer = new byte[1024]; int len; while (bufin.available() != 0) { len = bufin.read(buffer); signature.update(buffer, 0, len); }; bufin.close(); /* verify signature */ isverified = signature.verify(sigtoverify); } grab (exception e) { system.err.println("caught exception " + e.tostring()); } homecoming isverified; } i getting result false
**am missing or piece of code right ?** i appreciate help. lot.
i've copied original code , placed comments in code
// x509certificate class name, cannot variable name public static boolean verifysignedhash(string x509certificate, string hash, string signedhash) { // java not c89 don't have declare variables in origin // of function, reduces readability of code , allows misuse boolean isverified = false; bytearrayinputstream inputstream = null; bytearrayoutputstream outputstream = null; bytearrayoutputstream byo = null; seek { outputstream = new bytearrayoutputstream(); byte[] info = base64.decodebase64(x509certificate); /* writing decoded x509 certificate bytearrayoutputstream */ outputstream.write(data); byte[] inp = outputstream.tobytearray(); // @ point inp same array data, makes no sence // , cut down performance inputstream = new bytearrayinputstream(inp); /* getting certificate input */ certificatefactory cf = certificatefactory.getinstance("x.509"); x509certificate certs = (x509certificate) cf .generatecertificate(inputstream); /* import encoded public key */ // certs.getpublickey() returns publickey immediately, why // these conversions? x509encodedkeyspec pubkeyspec = new x509encodedkeyspec(certs .getpublickey().getencoded()); /* instantiating keyfactory accesing keys object */ keyfactory keyfactory = keyfactory.getinstance("rsa"); /* * using keyfactory object generate publickey key * specification. */ publickkey = keyfactory.generatepublic(pubkeyspec); byte[] signhash = base64.decodebase64(signedhash); byo = new bytearrayoutputstream(); byo.write(signhash); byte[] signchar = byo.tobytearray(); // again, signchar same signhash, why that? bytearrayinputstream byi = new bytearrayinputstream(signchar); /* next, input signature bytes file specified */ byte[] sigtoverify = new byte[byi.available()]; byi.read(sigtoverify); byi.close(); // , sigtoverify same signchar , signhash. /* instantiating signature */ signature signature = signature.getinstance(certs.getsigalgname()); /* initializing public key in signature */ signature.initverify(publickkey); /* supply signature object info verified */ // byi closed, java.io.ioexception: stream closed bufferedinputstream bufin = new bufferedinputstream(byi); byte[] buffer = new byte[1024]; int len; while (bufin.available() != 0) { len = bufin.read(buffer); signature.update(buffer, 0, len); // way bufin contained signature, while need feed // plaintext signature.update() // assume unused parameter hash has // plaintext }; bufin.close(); /* verify signature */ isverified = signature.verify(sigtoverify); } grab (exception e) { system.err.println("caught exception " + e.tostring()); } homecoming isverified; } x509certificate digital-signature bouncycastle pki key-management
Comments
Post a Comment