CODEWITHSUNDEEP
javaopensslsignaturesha256private-key
caleb
caleb

Reputation: 53

Why Does My Java Private Key Signature Not Match My Openssl Signature?

So the signature that I'm getting from Java doesn't match what I'm getting in openssl. Here's an example of what I'm doing:

In a terminal using openssl I'm doing this.

    echo +pkCdYME5SzI7A2PV0r8/8FqYGZyvTp+4DoGkdaMYRs= hash
    openssl dgst -sha256 -sign "private.key" -out hash.sha256 hash
    base64 < hash.sha256 > hash.bin
    cat hash.bin
    results posted below

Java Code: (hash matches the one I'm using for openssl)

    private String createSignature(String hash) throws ProductException {
      try {
        Signature privateSignature = Signature.getInstance("SHA256withRSA");
        privateSignature.initSign(getPrivateKey());
        privateSignature.update(hash.getBytes(UTF_8));
        byte[] signature = privateSignature.sign();
        String result = Base64.encodeBase64String(signature);
        System.out.println(result); //THIS RESULT SHOULD MATCH BUT DOESN'T
        return result;
      } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException e) {
        throw new ProductException(Codes.AUTHENTICATION_ERROR, e);
      }
    }   
    private PrivateKey getPrivateKey() throws ProductException {
      try {
        String key = IOUtils.toString(this.getClass().getResourceAsStream("private.key"));
        PemObject pem = new PemReader(new StringReader(key)).readPemObject();
        byte[] content = pem.getContent();
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(content);
        return keyFactory.generatePrivate(ks);
      } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
        throw new ProductException(Codes.AUTHENTICATION_ERROR, e);
      }
    }

PLEASE HELP! I've scoured the interwebs and I don't know what I'm doing wrong.

My openssl signature = O8DRek17ySzz+p2N8brH/9CdY3b+GN5bnyaTtn+ZP3SDIBvtqkk/lp+zb1BZ80a6xCIID8CTjNU+/svrV/q/rXEqEQc3jk3ZVUo0RJB52rgW26EQWyieAdqRlIbQqPhaCIrpWrs+WImGk7cPnkTEueIm+EzxG8ptjF5cAZH3lustVLt8SM9sXjQJzxzMgF2g0XN+1GQniAdWT/oNJXv0ZG7PSFACfcoSTSdN4wHkVAG4/PF/d6H+M5eTkEu6NhXfbfBBtavGmBiDgM6FPFDJ4r+2Rzvc/vpSiglUUQgxD58PTH47Y8xMc4t4/yahrchi2if2cJ7e89RBb1IHNus+eB8zPS0MHBn2OWDUM66P1KRanwzebDfg08VhRbW8zVnmNUNzXxAdCWa3kwsDe7hx+36oHfJwoyqIFwjJi8TKZm0JLKMf0SaLh/6zK0bIdgoXw23AfJni1ewmUqZbpE6Q4A0TgxaJg1aozb06l7Nb523FqV6ScRZ0wJK3s51Dduy5j1V1jt0+YYd+0zACyYfr5a+vypEygzsZ2Rzu3Q/l4VoPlZF2dr50TLnbhTvFnyK9mvc0zaTmsuHI5UJAbcpFBTXiDWb0DoWo4PkHRVFPvIMai37UxW4c5V0ybchlQHrEKYQ8NigYHGX5j8GsFhZJgg73Het1YwoWdsz1PksoYTY=

My Java Signature = 8dKc1otqL+thKQ7yTPeHX7T5fuOgv6PmHvlP5QyEHEXZILwD/234polMSs20i4na9wCuUdcSA+mHEKpY7Dkyd8VLTcZZ8RC8AlPE5bvzXc/uZhyPpBuSA7mDDOARbg3mx5usq4ythdqxj6OvdOBAJXXFB6Jc/c1XVd8IxDnRJoz5MlwxZIp94TAyW11QbMGNZuzcbsdEdsBuXU1MR4gzVfMLJjMcIM3YTtsP3bktsPAs5W2Asp9lDg5GuIOgWgXpTlj3VY6NF64SCI1tY4LhE7zq16YXQ6ykJ490YSVX5J9z+cDvZcVgfvgKCZuk4wgnXo6PbE4Wm4FDuzu35DEQi9Y5EEHzXlb5aNFQP3S6lumyfqOCmZlQcNVS53ur1fY4P8cnOuHZelyYS1Dw54q0SDCjFuANK2Ltl8rIZOZQWbg6jo45HbpaHUgt1NMkmj/UC/rLSnofa/YYbcJ2YZbqUdyX/yTBlzEuLR0/4Bgv9zvBw8HI0h3icv7/1NYaKo/eBSki6HNyDh2pDWX6IHQTFMzdFKeoXVAQLfaJREIpMPu+rDExI6Ozl0r9D61fY+XtMrptGNTFzf1h4cwUAZAC737Ahc6qsr+jQkDWDJt6oJbgziNE4C2JZriRtvRDACpryt6MGH1QnYPGYfCVs/xSxaYEtGJsjRRkG+lkpojcJ+A=

Upvotes: 0

Views: 648

Answers (1)

opportunato
opportunato

Reputation: 447

Most likely your issue comes from using echo for preparing an input to your signature function. By default, echo appends a newline to whatever its output is, and the byte representing it messes up the signature.

Try echo -n that skips the newline and see if it works.

Upvotes: 1

Related Questions