Re: [android-developers] Re: BouncyCastle signature value does not match with dotNET signature value.

On Wed, Jan 16, 2013 at 1:12 AM, Nikolay Elenkov
<nikolay.elenkov@gmail.com> wrote:
>
> On Jan 16, 2013 12:45 AM, "mbarbiero" <marco.barbiero@gmail.com> wrote:
>>
>> My ideia was that the header is in signature, not in Base64.
>>
>>
>
> OK, my bad (again...). The signature is just the padded hash encrypted with
> the private key. You have the same hash, so either the padding is wrong
> (unlikely) or the key (more likely). You can actually check by decrypting
> the signature with OpenSSL or a similar tool that lets you do 'raw' RSA. I
> still think it must be something simpler like byte order, but you never
> know...

So, going back to basics: if you decrypt the given signature values with
the key from certificate above, you get this (where s1 is the .NET signature
and s2 is the BC one):

$ openssl rsautl -verify -in s1.bin -pubin -inkey pub1.pem -raw -hexdump
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0070 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0080 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0090 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00a0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00b0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00c0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00d0 - ff ff ff ff ff ff ff ff-ff ff ff ff 00 30 21 30 .............0!0
00e0 - 09 06 05 2b 0e 03 02 1a-05 00 04 14 73 0d 0e bc ...+........s...
00f0 - 6a e0 bb e9 17 67 30 40-b6 19 5b 4d 83 59 ff 84 j....g0@..[M.Y..

Last 20 bytes is the SHA1 hash of the signed data, <SignedInfo/>:

7e 3c 94 a3 a1 78 c0 b9 01 ac c2 b9-e7 c7 1e 7b e4 c0 99 90


$ openssl rsautl -verify -in s2.bin -pubin -inkey pub1.pem -raw -hexdump
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0070 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0080 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0090 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00a0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00b0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00c0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00d0 - ff ff ff ff ff ff ff ff-ff ff ff ff 00 30 21 30 .............0!0
00e0 - 09 06 05 2b 0e 03 02 1a-05 00 04 14 7e 3c 94 a3 ...+........~<..
00f0 - a1 78 c0 b9 01 ac c2 b9-e7 c7 1e 7b e4 c0 99 90 .x.........{....

Again, last 20 bytes is the SHA1 hash of the signed data, <SignedInfo/>:

73 0d 0e bc 6a e0 bb e9 17 67 30 40-b6 19 5b 4d 83 59 ff 84


As you can see you have two different hashes, which suggests that
you are hashing different things. Either you are not creating the
canonical form of <SignedInfo/> properly or you have a bug in your
Java code (or both). If you have the source to the .NET one you can
log the canonical before hashing and compare.

As for Santuario, etc. not all Java libraries will run on Android, and you
will get errors if it has dependencies that do not exist on Android.
Check the log/Eclipse console, it should tell you which classes failed.
It might be easier to fix your current program than start with something
completely new though.

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en