I am developing an application that should verify SHA256withECDSA signatures SHA256withECDSA public keys (NIST P-256, P-256, prime256v1).
Public keys are generated by another application at some earlier point in time and are stored in my database in hexadecimal encoding. The format of the hexadecimal string here is equivalent to the hexadecimal string that OpenSSL generates when invoking openssl ec -in x.pem -noout -text in the x.pem file that was previously generated using openssl ecparam -genkey -name secp256r1 -out x.pem . Message and signature are accepted from another application. Consider the following test data:
Now it must be a valid signature.
My goal is to verify the signature on the message using the Java API and / or Bouncycastle crypto. For this, I created the isValidSignature method:
private static boolean isValidSignature(byte[] pubKey, byte[] message, byte[] signature) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, InvalidKeySpecException { Signature ecdsaVerify = Signature.getInstance("SHA256withECDSA", new BouncyCastleProvider()); ecdsaVerify.initVerify(getPublicKeyFromHex(pubKey)); ecdsaVerify.update(message); return ecdsaVerify.verify(signature); }
I tried to extract the public key:
KeyFactory.generatePublic:
private static PublicKey getPublicKeyFromHex(byte[] pubKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { KeyFactory fact = KeyFactory.getInstance("ECDSA", new BouncyCastleProvider()); return fact.generatePublic(new X509EncodedKeySpec(pubKey)); }
But this raises a java.security.spec.InvalidKeySpecException (DER length is more than 4 bytes: 26). What can I do to make it out?
java cryptography bouncycastle
mritz_p
source share