views:

80

answers:

2

Using Java 1.4.2 with unlimited jurisdiction policy files installed.

I have a class that has been successfully signing and verifying. However, now I've changed the keys and suddenly verification is failing.

Keys were generated with:

openssl genrsa -aes256 -out production_private.pem 2048
openssl pkcs8 -topk8 -nocrypt -in production_private.pem -outform der -out production_private.der
openssl rsa -in production_private.pem -pubout -outform DER -out production_public.der

I did do a verification using the PEM keys and openssl using:

openssl dgst -sha1 -sign production_private.pem -out test.txt.sha1 test.txt
Enter pass phrase for production_private.pem:
openssl dgst -sha1 -verify production_public.pem -signature test.txt.sha1 test.txt
Verified OK

But it does not appear you can do that using DER keys.

No errors are thrown. Signature.verify just returns false. Since it works with one set of keys and not another, my assumption is it must be a key problem of some kind.

Any additional thoughts on how I might verify that the keypair is correct? I don't want to kill myself looking for coding errors just to find out that the keys were the source of the problem.

I am happy to share source upon request - I just don't want to muddy the issue until necessary.

A: 

The default key format is PEM. You need to add this parameter to use DER,

  -keyform DER
ZZ Coder
Doesn't look like it supports it. From the documentation:-keyform argSpecifies the key format to sign digest with. Only PEM and ENGINE formats are supported by the dgst command.
Wade Williams
A: 

Turned out to be totally unrelated. DB procedure was corrupting the key value.

Wade Williams