I'm doing a SHA1withRSA verification method but the result is always false, is it something I coded wrong or are the public keys wrong or something?
Here's the code:
Signature signature = Signature.getInstance("SHA1withRSA");
File file = this.getPublicKey();
byte[] keyBytes = Files.readAllBytes(file.toPath());
// Setup RSA key
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPublicKey publicKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);
// verify signatures
byte[] signatureBytes = Base64.decodeBase64(this.firmaB64);
signature.initVerify(publicKey);
signature.update(this.parteFirmada.getBytes());
boolean result = signature.verify(signatureBytes);
Thanks a lot!
I found that the string that I was verifying was not as the original string that was signed and hence that it was false. The verification code was good in case anyone is interested.
The string contained a timestamp and to pass the timestamp verification it was changed... that could never pass as verified!
Thanks for all the comments