B4J Question [B4X] Wrong ECDSA signature value using Encryption library

avalle

Active Member
Licensed User
Hi, I'm trying to calculate an ECDSA signature using the Encryption library. A small sample project is attached.

Apparently I'm able to calculate the signature with the expected format, and also verification passes.
But if I try to validate the calculated signature with OpenSSL or other tools, then the verification fails.

OpenSSL:
openssl dgst -sha256 -verify pubkey.pem -signature signature.bin test.file
Can anyone help me understand what's going wrong?
 

Attachments

  • ECDSA test.zip
    1.5 KB · Views: 25

KMatle

Expert
Licensed User
First look (no time to dig deeper):

1. Try using SHA256withRSA

B4X:
   sig.Initialise("SHA256withRSA",sig.SIGNATURE_SIGN, kpg.PrivateKey)
End Sub

2. The signature often comes in hex (lower case). Please check that

3. Check the hashed values if these are equal before signing (usually you hash data before signing).
 
Upvote 0

avalle

Active Member
Licensed User
Thanks KMatle.
I'm already using RSA and it does not work either. Or better, it only works if I use "NONEwithRSA" and manual padding:
RSA:
sig.Initialise("NONEwithRSA", sig.SIGNATURE_SIGN, kpg.PrivateKey)
'SHA256withRSA and PKCS#1 v.1.5 padding
padding = Array As Byte(0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20)
sig.Update(padding)
In fact if I use "SHA256withRSA" I also get a signature value that looks good but instead it's wrong.

I have to use ECDSA as well in case the keys use ECC.

I'm inclined to think that the problem is with the Encryption library because I have two alternative tools which generate and verify valid signatures interchangeably, which is not the case with the signatures generated in B4X with the Encryption library.
 
Upvote 0

avalle

Active Member
Licensed User
Perhaps I should not use the Encryption library and use Bouncy Castle with inline Java code.
It would greatly help if someone has an equivalent code which calculates RSA and ECDSA signatures from hash + private key.
Thanks!
 
Upvote 0
Top