B4J Question [B4X] Wrong ECDSA signature value using Encryption library

avalle

Active Member
Licensed User
Longtime User
Hi, I'm trying to calculate an ECDSA signature using the Encryption library. A small sample project is attached.

Apparently I'm able to calculate the signature with the expected format, and also verification passes.
But if I try to validate the calculated signature with OpenSSL or other tools, then the verification fails.

OpenSSL: 
openssl dgst -sha256 -verify pubkey.pem -signature signature.bin test.file
Can anyone help me understand what's going wrong?
 

Attachments

  • ECDSA test.zip
    1.5 KB · Views: 255
Sort by date Sort by votes

KMatle

Expert
Licensed User
Longtime User
First look (no time to dig deeper):

1. Try using SHA256withRSA

B4X: 
   sig.Initialise("SHA256withRSA",sig.SIGNATURE_SIGN, kpg.PrivateKey)
End Sub

2. The signature often comes in hex (lower case). Please check that

3. Check the hashed values if these are equal before signing (usually you hash data before signing).
 
Upvote 0

avalle

Active Member
Licensed User
Longtime User
Thanks KMatle.
I'm already using RSA and it does not work either. Or better, it only works if I use "NONEwithRSA" and manual padding:
RSA: 
sig.Initialise("NONEwithRSA", sig.SIGNATURE_SIGN, kpg.PrivateKey)
'SHA256withRSA and PKCS#1 v.1.5 padding
padding = Array As Byte(0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20)
sig.Update(padding)
In fact if I use "SHA256withRSA" I also get a signature value that looks good but instead it's wrong.

I have to use ECDSA as well in case the keys use ECC.

I'm inclined to think that the problem is with the Encryption library because I have two alternative tools which generate and verify valid signatures interchangeably, which is not the case with the signatures generated in B4X with the Encryption library.
 
Upvote 0

avalle

Active Member
Licensed User
Longtime User
Perhaps I should not use the Encryption library and use Bouncy Castle with inline Java code.
It would greatly help if someone has an equivalent code which calculates RSA and ECDSA signatures from hash + private key.
Thanks!
 
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Solved
Android Question [B4X] [B4XPages] Barcode Reader issue
2
Replies
22
Views
4K
Sergio Haurat
M
  • Solved
iOS Question [SOLVED] [B4X] Decode AES encoded STRING
Replies
11
Views
4K
aeric
W
  • Question
Android Question [B4X] B4XEncryption not working
Replies
2
Views
1K
WhiteWizard
W
  • Question
Android Question [B4X] B4XFloatTextField - hide password in code.
Replies
13
Views
3K
MrKim
N
  • Question
Android Question [B4X] B4XFloatTextField reveal password hides keyboard
Replies
1
Views
1K
Erel
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…