B4J Question [B4X] Wrong ECDSA signature value using Encryption library

[avalle]

Hi, I'm trying to calculate an ECDSA signature using the Encryption library. A small sample project is attached.

Apparently I'm able to calculate the signature with the expected format, and also verification passes.
But if I try to validate the calculated signature with OpenSSL or other tools, then the verification fails.

openssl dgst -sha256 -verify pubkey.pem -signature signature.bin test.file

Can anyone help me understand what's going wrong?

 

[KMatle]

First look (no time to dig deeper):

1. Try using SHA256withRSA

   sig.Initialise("SHA256withRSA",sig.SIGNATURE_SIGN, kpg.PrivateKey)
End Sub

2. The signature often comes in hex (lower case). Please check that

3. Check the hashed values if these are equal before signing (usually you hash data before signing).

 

[avalle]

Thanks KMatle.
I'm already using RSA and it does not work either. Or better, it only works if I use "NONEwithRSA" and manual padding:

sig.Initialise("NONEwithRSA", sig.SIGNATURE_SIGN, kpg.PrivateKey)
'SHA256withRSA and PKCS#1 v.1.5 padding
padding = Array As Byte(0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20)
sig.Update(padding)

In fact if I use "SHA256withRSA" I also get a signature value that looks good but instead it's wrong.

I have to use ECDSA as well in case the keys use ECC.

I'm inclined to think that the problem is with the Encryption library because I have two alternative tools which generate and verify valid signatures interchangeably, which is not the case with the signatures generated in B4X with the Encryption library.

 

[avalle]

Perhaps I should not use the Encryption library and use Bouncy Castle with inline Java code.
It would greatly help if someone has an equivalent code which calculates RSA and ECDSA signatures from hash + private key.
Thanks!