Archived Forum Post

Index of archived forum posts

Question:

RSAwithSHA1 Signature

Jan 07 '13 at 22:29

Dear

For my last step in XMLDSIG trilogy I need sign sha-1 hash code using RSA.

I try many codes Chlkat, but, on all cases, the Signature Value isn't equal to value obtained in others apps.

The hashcode (plain text) and the certificate are correct. Any Idea???

public String sign(String txt) {
        String retorno = "";
        CkPrivateKey pkey;
        pkey = cert.ExportPrivateKey();
        if (pkey == null) {
            retorno += cert.lastErrorText() + "\n";
            return (retorno);
        }

        String pkeyXml;
        // Get the private key in XML format:
        pkeyXml = pkey.getXml();
        pkeyXml = pkey.getRsaPem();

        CkRsa rsa = new CkRsa();

        // Any string argument automatically begins the 30-day trial.

        Boolean success = rsa.UnlockComponent("30-day trial");
        if (success != true) {
            retorno += "RSA component unlock failed" + "\n";
            return (retorno);
        }

        // Import the private key into the RSA component:
        success = rsa.ImportPrivateKey(pkeyXml);
        if (success != true) {
            retorno += rsa.lastErrorText() + "\n";
            return (retorno);
        }

        // This example will sign a string, and receive the signature
        // in a hex-encoded string. Therefore, set the encoding mode
        // to "hex":
        rsa.put_EncodingMode("base64");
        // rsa.put_EncodingMode("hex");

        // If some other non-Chilkat application or web service is going to be
        // verifying
        // the signature, it is important to match the byte-ordering.
        // The LittleEndian property may be set to true
        // for little-endian byte ordering,
        // or false for big-endian byte ordering.
        // Microsoft apps typically use little-endian, while
        // OpenSSL and other services (such as Amazon CloudFront)
        // use big-endian.
        rsa.put_LittleEndian(false);

        String strData;
        strData = txt;

        // Sign the string using the sha-1 hash algorithm.
        // Other valid choices are "md2" and "md5".
        String SignatureValue="";
        //SignatureValue  += "\n\nsignStringENC -> ";
        //SignatureValue += rsa.signStringENC(strData, "sha-1");
        //SignatureValue  += "\n\nsignStringENC -> ";
        //SignatureValue += rsa.signStringENC(strData, "sha-1");
        //SignatureValue  += "\n\nsignHashENC -> ";
        //SignatureValue += rsa.signHashENC("28p9P8ov68imSmbU7uYrHEhOAuw=","base64");
        //SignatureValue  += "\n\nencryptStringENC, true -> ";
        //SignatureValue += rsa.encryptStringENC(strData,true);
        //SignatureValue  += "\n\nencryptStringENC, false -> ";
        //SignatureValue += rsa.encryptStringENC("28p9P8ov68imSmbU7uYrHEhOAuw=",false);

        //String msg = rsa.encryptStringENC("28p9P8ov68imSmbU7uYrHEhOAuw=",true);
        //SignatureValue  += "\n\nEncript, True -> " + msg;
        //msg = rsa.decryptStringENC(msg,false);
        //SignatureValue  += "\n\nDecript, False -> " + msg;

        //msg = rsa.encryptStringENC("28p9P8ov68imSmbU7uYrHEhOAuw=",true);
        //SignatureValue  += "\n\nEncript, True -> " + msg;
        //msg = rsa.decryptStringENC(msg,false);
        //SignatureValue  += "\n\nDecript, False -> " + msg;
        SignatureValue += rsa.openSslSignStringENC(strData);
        return SignatureValue;

Answer

First, if possible, make sure the hash values input to the signing algorithm match. If the inputs to the signing algorithm don't match, then the first step is to get matching hash values.

Second, make sure the private keys used for signing are exactly the same.


Answer

I'm sure the hash values are correct.

I believe that Private Key is ok too, but i'm not sure. How to guarantee that Private key is the same from certificate?

In add, I pass hash value in a base64 string. Is it correct?

Thanks!

(please forgive my poor english, my first language is português)