Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Verifying digitally signed data from a .NET application in a Java Servlet

Thread Tools

Verifying digitally signed data from a .NET application in a Java Servlet

Kerry Sanders
Posts: n/a
I am working on a project that takes signed data from an application
that can be in either Java or .NET. The data signature is verified via
a Java servlet. Verification from Java to Java works every time, but
verifying the signed data from a .NET application either gives an error
of "Invalid encoding for signature" or it just fails verification.

I have tried RSA and DSA (both with SHA1) for testing. One item of
contention is importing an X.509 certificate that was created in
Windows with the Makecert utility into my .keystore using Keytool. At
first, I was thinking that the "Invalid encoding for signature" error
was due to the way that .NET saves its public key blobs using little
endian order. However, after exporting in ASN.1 (ASCII armor) format
and then importing with Keytool, I am not sure if that is the problem.

I was hoping to find others who have worked through this issue, but I
seem to be finding nothing but dead ends when I do see posts from
people who have asked about this in the past.

Is there anyone out there who has successfully created digital
signatures of data in a .NET application and then verified that
signature in Java with JCE? I can use all the help that I can get
right now. This has really stumped me.

Reply With Quote
apadgett apadgett is offline
Junior Member
Join Date: Sep 2009
Posts: 1

I am having a similar issue, but may have a solution now. Did you get this problem solved?

It may be that the value must be digested twice using RSA1 in .Net in order for Java to verifying the signed info. We've had some success but are completing the testing now.
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
To implement amechanism for identifying the digitally signed mail is tampered or not. amitgupta4all Java 0 01-12-2010 08:05 AM
Encrypting / Digitally Signed Emails RemoteShark MCDST 5 04-08-2007 05:45 PM
Verifying signed jar files from C Paul J. Lucas Java 1 01-08-2007 02:30 AM
ipsec encryption vs SMB digitally signed communications M D MCSA 0 10-25-2006 09:54 PM
OpenURI and not verifying self-signed certificates Jon Lim Ruby 0 11-21-2005 04:18 PM