Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Rob Spoor
  • Devaka Cooray
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Tim Holloway
Bartenders:
  • Jj Roberts
  • Al Hobbs
  • Piet Souris

Java Crypto - Sign and Verify Failure

 
Marshal
Posts: 3713
523
Android Eclipse IDE TypeScript Redhat MicroProfile Quarkus Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am attempting to sign and then verify a message using a secp256r1 key pair, but I am getting an exception during the verify operation.  I have a feeling that it may be related to the particular curve that I am using.

Any clues where I can look to troubleshoot this problem?

 
Ron McLeod
Marshal
Posts: 3713
523
Android Eclipse IDE TypeScript Redhat MicroProfile Quarkus Java Linux
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Doh - I was trying to verify against the message itself and not the signature

The message Invalid encoding for signature should have been enough of a clue.


This: should be:
 
Saloon Keeper
Posts: 13379
295
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One other thing: There is a reason that KeyStore.load() accepts the password as a char[] and not as a String. After you've loaded the key store, you should clear the password.

You're using Quarkus right? Instead of injecting the password using @ConfigProperty, try if this works:

If this doesn't work it's no disaster, because presumably you're running this code on a protected server (where the password is available in a configuration file anyway).
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic