Quantcast

certificate verification -> Signature does not match

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

certificate verification -> Signature does not match

Nafise
I'm trying to verify an X509Certificate instance. Running the below code _as a part of certificate verification_ :

x509Certificate.verify(x509Certificate.getPublicKey());

the SignatureException will be raised:

java.security.SignatureException: Signature does not match.
    at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:446)
    at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:389)
    at ws.conn.cert.CertificateService.v3_0.CertificateVerificationService.readCardCertificate(CertificateVerificationService.java:106)
    at ws.conn.cert.CertificateService.v3_0.CertificateVerificationService.main(CertificateVerificationService.java:326)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:90)



The result was the same for all test certificate and as I'm pretty sure about the validity of some  of these certificates which I had created myself, I wondered if it's needed to write some other code to initiate the verify() method.

Any help would be warmly appreciated.

Nafise

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: certificate verification -> Signature does not match

psai
Are they all self-signed certificates? The code snippet is verifying
the signature on the cert with with the subject's public key, which
won't pass unless they are self-signed.

Normally you have to do - subjectCert.verify(issuerCert.getPublicKey())

Sai Pullabhotla
Phone: (402) 408-5753
Fax: (402) 408-6861
www.jMethods.com



On Sat, Aug 23, 2008 at 5:04 AM, Nafise Dianatizade
<[hidden email]> wrote:

> I'm trying to verify an X509Certificate instance. Running the below code _as
> a part of certificate verification_ :
>
> x509Certificate.verify(x509Certificate.getPublicKey());
>
> the SignatureException will be raised:
>
> java.security.SignatureException: Signature does not match.
>     at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:446)
>     at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:389)
>     at
> ws.conn.cert.CertificateService.v3_0.CertificateVerificationService.readCardCertificate(CertificateVerificationService.java:106)
>     at
> ws.conn.cert.CertificateService.v3_0.CertificateVerificationService.main(CertificateVerificationService.java:326)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>     at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>     at java.lang.reflect.Method.invoke(Method.java:597)
>     at com.intellij.rt.execution.application.AppMain.main(AppMain.java:90)
>
>
>
> The result was the same for all test certificate and as I'm pretty sure
> about the validity of some  of these certificates which I had created
> myself, I wondered if it's needed to write some other code to initiate the
> verify() method.
>
> Any help would be warmly appreciated.
>
> Nafise
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: certificate verification -> Signature does not match

Karsten Ohme
In reply to this post by Nafise
From the API:

"Verifies that this certificate was signed using the private key that
corresponds to the specified public key."

So only the certificate and its matching public key gets mathematically
verified.

Take a look into the certification path API of Java. With this API you
can verify arbitrary cert (chains).

Regards,
Karsten

Nafise Dianatizade schrieb:

> I'm trying to verify an X509Certificate instance. Running the below code
> _as a part of certificate verification_ :
>
> x509Certificate.verify(x509Certificate.getPublicKey());
>
> the SignatureException will be raised:
>
> java.security.SignatureException: Signature does not match.
>     at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:446)
>     at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:389)
>     at
> ws.conn.cert.CertificateService.v3_0.CertificateVerificationService.readCardCertificate(CertificateVerificationService.java:106)
>     at
> ws.conn.cert.CertificateService.v3_0.CertificateVerificationService.main(CertificateVerificationService.java:326)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>     at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>     at java.lang.reflect.Method.invoke(Method.java:597)
>     at com.intellij.rt.execution.application.AppMain.main(AppMain.java:90)
>
>
>
> The result was the same for all test certificate and as I'm pretty sure
> about the validity of some  of these certificates which I had created
> myself, I wondered if it's needed to write some other code to initiate
> the verify() method.
>
> Any help would be warmly appreciated.
>
> Nafise
>
>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: certificate verification -> Signature does not match

Nafise

Solved, Thank you all :)


--- On Sat, 8/23/08, Karsten Ohme <[hidden email]> wrote:
From: Karsten Ohme <[hidden email]>
Subject: Re: [dev-crypto] certificate verification -> Signature does not match
To: [hidden email]
Cc: [hidden email]
Date: Saturday, August 23, 2008, 8:30 PM

From the API:

"Verifies that this certificate was signed using the private key that
corresponds to the specified public key."

So only the certificate and its matching public key gets mathematically
verified.

Take a look into the certification path API of Java. With this API you
can verify arbitrary cert (chains).

Regards,
Karsten

Nafise Dianatizade schrieb:
> I'm trying to verify an X509Certificate instance. Running the below
code

> _as a part of certificate verification_ :
>
> x509Certificate.verify(x509Certificate.getPublicKey());
>
> the SignatureException will be raised:
>
> java.security.SignatureException: Signature does not match.
> at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:446)
> at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:389)
> at
>
ws.conn.cert.CertificateService.v3_0.CertificateVerificationService.readCardCertificate(CertificateVerificationService.java:106)
> at
>
ws.conn.cert.CertificateService.v3_0.CertificateVerificationService.main(CertificateVerificationService.java:326)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:90)
>
>
>
> The result was the same for all test certificate and as I'm pretty
sure
> about the validity of some of these certificates which I had created
> myself, I wondered if it's needed to write some other code to initiate
> the verify() method.
>
> Any help would be warmly appreciated.
>
> Nafise
>
>


Loading...