-1

For example I have generated signature: 

$ openssl rsautl -sign -inkey private_key.pem -keyform PEM -in data > signature

Then if I want to verify it, I just do:

$ openssl rsautl -verify -inkey public_key.pem -in signature -pubin

And the output will be my data encoded in first step.

So the question is, how to implement this verification with Java? Can I use Signature class somehow or any other way?

P.S. 1 more question: As I know, public key must not be used to decrypt rsa signature, but anyway, in my example it is used for that. So anyone who has public key, can decrypt my message?

Thanks

  • you've created a signature using your private key (you've signed the data) with your public key. So `anyone who has public key, can decrypt my message` - no, anyone with the public key could verify the signature. – gusto2 Oct 04 '17 at 15:22
  • For you question - you could try to seach internet a little for RSA signature verification (https://bits.enigmabridge.com/articles/2016-10/rsa-signatures-in-java8-without-bouncy-castle.html) still - the questino remains what digest (SHA256?) and padding (PKCS1.5 ? OAEP? ) are used by openssl – gusto2 Oct 04 '17 at 15:31
  • @gusto2: OAEP doesn't apply to signature. OpenSSL rsautl defaults to PKCS1-v1_5 with the ASN.1 SEQUENCE step skipped, but also supports none and x9.31, while pkeyutl for RSA can do PKCS1-v1_5 correctly and also supports PSS, which basic Java (Suncle/OpenJDK) does not but BouncyCastle does. See https://stackoverflow.com/q/38767660 – dave_thompson_085 Oct 05 '17 at 11:49

1 Answers1

1

Apparently the rsaautl uses equivalent of NONEwithRSA signature scheme, where the input data are takend as they are (assumed to be hashed or short ( length << N))

Signature verification: 

Signature signature = Signature.getInstance("NONEwithRSA");
signature.initVerify(pubKey);
signature.update(data);
boolean verified = signature.verify(signatureBytes);

If data are longer (say longer than a common key / hash length) I suggest to use hashed signature, for example:

openssl dgst  -sha256 -sign private.pem data.txt | base64

And verify by Java

Signature signature = Signature.getInstance("SHA256withRSA");
signature.initVerify(pubKey);
signature.update(data);
boolean verified = signature.verify(signatureBytes);
gusto2
  • 11,210
  • 2
  • 17
  • 36