Problem verifying signatures

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Problem verifying signatures

Johnny Gonzalez
Hello Everybody,

I have made some additions to my bouncycastle clases,
following the suggestions Sidney gave me (
http://www.bouncycastle.org/devmailarchive/msg04682.html
 ), to be able to sign big files (more than 30 MBs),
without having to load the complete file in a
bytearray because this causes an OutOfMemory
exception.

Now that I can successfully sign big files I need to
be able to verify the signatures. I'm trying first of
all verifying the signature of a small file, so I can
be sure the signature is ok, but the test failed.

The way I'm checking the hash of the signatures is
this:

[code]

 boolean valid = false;
 Security.addProvider(new BouncyCastleProvider());
 try{
        CMSSignedData csd = new CMSSignedData(p7z);
CMSProcessableByteArray pba= new
CMSProcessableByteArray(original);
                                             
 Collection signers =
csd.getSignerInfos().getSigners();
 CertStore cs =
csd.getCertificatesAndCRLs("Collection","BC");
         
 Iterator it = signers.iterator();
 while (it.hasNext()) {
 SignerInformation signer =  
(SignerInformation)it.next();
 Collection ccollect;
 ccollect = cs.getCertificates(signer.getSID());
 Iterator certit = ccollect.iterator();
 X509Certificate cert =
(X509Certificate)certit.next();
 if (signer.verifyDetached(cert,"BC",pba)){
 }else{
 throw new ValidacionHashException("hash invalido");
 }
 }
 valido = true;
 }catch(CMSException e){
      e.printStackTrace();
 }catch(CertStoreException e){
      e.printStackTrace();
 }catch(CertificateException e){
      e.printStackTrace();
 }catch(NoSuchAlgorithmException e){
      e.printStackTrace();
 }catch(NoSuchProviderException e){
      e.printStackTrace();
 }
                         
 return valido;
[/code]
where p7z and original are byte arrays.
The signature is detached.

As we can see there's an invalid hash exception here.
What is the incidence of the matter that I used
FileInputStreams to do the signature instead of byte[]
and I'm using byte[] to do the validation?

Does anyone see something wrong here?

Thanks a lot,
Johnny



               
______________________________________________
Renovamos el Correo Yahoo!
Nuevos servicios, m?s seguridad
http://correo.yahoo.es