I am signing some data on a .net-based smart card and trying to verify this signature in a Java environment, but without success.
Smart Card (C #):
RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(1024);
Client (Java):
Signature sig = Signature.getInstance("SHA1withRSA"); sig.initVerify(rsaPublicKey); // initiate the signature with public key sig.update(data); // update signature with the data that was signed by the card sig.verify(signedData); // Test card signature - this always returns false
Then I tried to create a signature on the Java client (for testing) - and it turns out that the signature created on the Java client is different from that created on the smart card. I created it as follows:
Signature sig = Signature.getInstance("SHA1withRSA"); sig.initSign(rsaPrivateKey); sig.update(data); locallySigned = sig.sign();
Now I understand that a signature is something like a hash (transmitted data + the algorithm used). Is it possible that the implementations here are incompatible? Did I miss something? Thanks!
PS: Yes, I checked that both inputs and outputs are correctly transferred from / to the card, that the key parameters are set and that the input / output matches exactly.
Edit: Key generation in Java:
// Create a key-pair and install the private key on the card KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); keyGen.initialize(1024, random); KeyPair keyPair = keyGen.genKeyPair(); privateKey = (RSAPrivateKey)keyPair.getPrivate(); publicKey = (RSAPublicKey)keyPair.getPublic();
and then I install exp and mod the private key on the map.
wilth source share