I'm trying to verify an ECDSA digital signature on Android using SpongyCastle. I have a X509Certificate that contains the public key that I need to use to verify it but I can't quite figure out how to get the PublicKey (down cast ECPublicKey) for use with the ECDSASigner class.
I've done this using the C# version of BouncyCastle which looks like this:
ECDsaSigner signer = new ECDsaSigner();
signer.Init(false, cert.GetPubliKey());
In the Java version of the APIs, the X509Certificate.getPublicKey() method returns a PublicKey class instead of AsymmetricKeyParameter. However, the ECDSASigner.init() method needs a CipherParameters object. I can't figure out how to do this for ECDSA.
For RSA signatures I just manually reconstructed a new RSAKeyParameters object:
RSAEngine engine = new RSAEngine();
engine.init(
false,
new RSAKeyParameters(
false,
((RSAPublicKey) pubKey).getModulus(),
((RSAPublicKey) pubKey).getPublicExponent()
)
);
This doesn't seem ideal but I think it should work. But I can't even figure out how to do this equivalent for ECDSA. I would think there's a better way to do this but I can't figure out the right APIs to use.
I think I finally figured this out. It looks like I need to use the Signature class to handle this instead of using the ECDSASigner class directly. I'd still like to understand how the ECDSASigner class is used internally inside all of this abstraction (just for my own curiosity).
Anyways, this is what my code looks like to verify the ECDSA signature (for my use at least). Hopefully this will help some future person trying to solve a similar issue:
Signature sig = Signature.getInstance("NONEwithECDSA", "BC");
sig.initVerify(pubKey);
sig.update(plainBytes);
if (!sig.verify(signedBytes)) {
throw new Exception("ECDSA signature verification failed.");
}