Problem verifying in C# what was signed in Java (RSA)

Question

Hi,

I was hoping I might get some help here so that I might finally solve this frustrating problem.

On the java side of things they sign with the following code:

public static void main(String[] args) throws Exception {
    if (args.length < 2)
        printInfoAndExit();
    String cmd = args[0];
    Security.addProvider(new BouncyCastleProvider());
    Signature signature = Signature.getInstance("SHA1withRSA", "BC");
    if ("sign".equalsIgnoreCase(cmd)) {
        String pemFileName = args[1];
        String dataFileName = args[2];

        byte[] data = readFile(dataFileName);

        FileReader fr = new FileReader(new File(pemFileName));
        PEMReader pemReader = new PEMReader(fr);
        KeyPair keyPair = (KeyPair) pemReader.readObject();
        fr.close();

        signature.initSign(keyPair.getPrivate());
        signature.update(data);
        byte[] signatureBytes = signature.sign();

        writeFile(signatureBytes, dataFileName + ".signed");
        String encoded = Base64.encode(signatureBytes);
        writeFile(encoded.getBytes(), dataFileName + ".signed.base64");
    } else {
        printInfoAndExit();
    }
}

When I receive the data I have their public key and try to verify with the following C# code:

public static bool Verify(String msg, String signature, String publicKey)
{
    RsaKeyParameters remotepubkey = GetRsaPublicKey(publicKey);

    ISigner signer = SignerUtilities.GetSigner("SHA1withRSA");

    signer.Init(false, remotepubkey);
    byte[] sigBytes = Convert.FromBase64String(signature);
    byte[] msgBytes = Encoding.Default.GetBytes(msg);
    signer.BlockUpdate(msgBytes, 0, msgBytes.Length);
    return signer.VerifySignature(sigBytes);
}

This is not working!! I can however verify the data with openssl: openssl dgst -sha1 -verify public_key.pem -signature data.txt.signed data.txt

The question is, what am I missing to make this work?

NOTE: I don't have a problem with the keys, that is working correctly but somehow there is a difference between how java and .net works with RSA?

**Edit 1 : **In this particular scenario all I had to do was change the GetSigner to

ISigner signer = SignerUtilities.GetSigner("RSA");

Could someone tell me the difference between SHA1withRSA and RSA?

Answer 1

You could have an encoding problem with your message data. You've converted the original file data into a unicode string, and are trying to convert it back to raw bytes. Depending on the encoding of the file, and if it's even text at all, your msgBytes could be different from the actual file contents.

Read the raw bytes from the file instead of a string. You don't show the code for actually reading the file data, but I assume you're reading it as text.

Answer 2

The problem was actually solved on the Java side. They had some issues with their side of things.