Problem verifying signatures

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Problem verifying signatures

Johnny Gonzalez
Hello Everybody,

I have made some additions to my bouncycastle clases,
following the suggestions Sidney gave me (
 ), to be able to sign big files (more than 30 MBs),
without having to load the complete file in a
bytearray because this causes an OutOfMemory

Now that I can successfully sign big files I need to
be able to verify the signatures. I'm trying first of
all verifying the signature of a small file, so I can
be sure the signature is ok, but the test failed.

The way I'm checking the hash of the signatures is


 boolean valid = false;
 Security.addProvider(new BouncyCastleProvider());
        CMSSignedData csd = new CMSSignedData(p7z);
CMSProcessableByteArray pba= new
 Collection signers =
 CertStore cs =
 Iterator it = signers.iterator();
 while (it.hasNext()) {
 SignerInformation signer =  
 Collection ccollect;
 ccollect = cs.getCertificates(signer.getSID());
 Iterator certit = ccollect.iterator();
 X509Certificate cert =
 if (signer.verifyDetached(cert,"BC",pba)){
 throw new ValidacionHashException("hash invalido");
 valido = true;
 }catch(CMSException e){
 }catch(CertStoreException e){
 }catch(CertificateException e){
 }catch(NoSuchAlgorithmException e){
 }catch(NoSuchProviderException e){
 return valido;
where p7z and original are byte arrays.
The signature is detached.

As we can see there's an invalid hash exception here.
What is the incidence of the matter that I used
FileInputStreams to do the signature instead of byte[]
and I'm using byte[] to do the validation?

Does anyone see something wrong here?

Thanks a lot,

Renovamos el Correo Yahoo!
Nuevos servicios, m?s seguridad