Java Signature can not be verified cross platform

Question

I have a problem and i'm not able to solve it. I create a signature object on linux, and try to verify it on windows and it fails. The same the other way around. If i stay on one platform everythings fine.

First i thought about encoding, so i started some tests like setting -Dfile.encoding to different standards. But even if i create the signature using UTF-8 and verify it using windows-1215, if i stay on the same platform everythings fine.

The code is very basic, and i just can't find the problem:

Creating the signature:

public void signData(File fileToSign, String outPutFileName)...
{
    Signature dsa = Signature.getInstance("DSA");
    dsa.initSign(privateKey);

    byte[] bytesToSign = FileUtils.readByteArrayFromFile(fileToSign);
    dsa.update(bytesToSign);

    byte[] sigData = dsa.sign();
    FileUtils.saveByteArrayToFile(outPutFileName, sigData);
}

public static void saveByteArrayToFile(String outPutFileName, byte[] bytesToSave)...
{
    FileOutputStream fos = new FileOutputStream(outPutFileName);
    fos.write(Base64.encodeBase64(bytesToSave));
    fos.close();
}

verifying it:

public boolean isVerified(File fileToVerify, File signatureFile)...
{
    byte[] sigData = FileUtils.readByteArrayFromFile(signatureFile);

    Signature signature = Signature.getInstance("DSA");
    signature.initVerify(publicKey);

    byte[] byteToVerify = FileUtils.readByteArrayFromFile(fileToVerify);
    signature.update(byteToVerify);

    return signature.verify(sigData);
}

public static byte[] readByteArrayFromFile(File file)...
{
    FileInputStream fis = new FileInputStream(file);
    byte[] byteArray = new byte[fis.available()];
    fis.read(byteArray);
    fis.close();

    return Base64.decodeBase64(byteArray);
}

I hope someone can point me in the right direction.
Thanks.

With kind regards,

Write the same signature on both platforms, then do a binary compare to see how they are different. — PearsonArtPhoto, Nov 22 '12 at 14:14
Is `-Dfile.encoding` respected by all the IO methods you're using? See http://stackoverflow.com/questions/361975/setting-the-default-java-character-encoding — Duncan Jones, Nov 22 '12 at 14:16
Why is the code to read the file different in both pieces of code? Note that `available()` on an `InputStream` may return zero even if you have not read all data yet. Don't use this to detect if you've read everything from the `InputStream`. Use the method in the first block of code instead to read data. — Jesper, Nov 22 '12 at 14:17
If you found a solution you can answer your own question, fyi — arshajii, Nov 22 '12 at 17:02

score 1 · Answer 1 · edited Nov 26 '12 at 03:31

1

I finally found a solution. The problem was indeed the encoding. Now I just de- and encode my data and everything's fine. I updated the code accordingly.

edited Nov 26 '12 at 03:31

Michael Petrotta

59,888
27
145
179

answered Nov 23 '12 at 07:18

user1845266

41
5

Java Signature can not be verified cross platform

1 Answers1