I have an architecture where I want to sign some data on one server with private key and verify the signature on another server with respective public key. I have java code to sign data on my first server and verification of same data on second server is using OpenSSL shell. Somehow I am unable to implement this, my verification fails on second server. To debug I decided to sign the data on second server using same private key as used by first server and compare both the signatures. It seems both the servers generate different signatures.
Generating signature on First Server -
`String My_Message = "This is Sample Text";
//Get Key from file tkt_privkey_rsa.pem
PrivateKey priv = loadPrivateKey();
// Compute digest
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
byte[] digest = sha1.digest(My_Message.getBytes());
//Prepare signature.
Signature sign = Signature.getInstance("SHA1withRSA");
sign.initSign(priv);
sign.update(digest);
//Sign the data with private key.
byte[] realSig = sign.sign();
//encode Signature
String encodedSig = Base64.getEncoder().encodeToString(realSig);
System.out.println("Signature Generated -\n"+encodedSig);
return encodedSig;
Output –
Signature Generated -
Aap+/3SvcXs/pCsSnih+MDjoMU9GdWSkPsQ8DSELpxKUhHNwKneKi8NkIzy0Hrw9GGvGfeWUTzZhg1XWYcOso4oRqN6kWyX5BLAbdDV+uncmv0kFqp5PlRobNpjPgqdvjp6vrME7HGN4yLW0eIN1alOBYRFPzS/J4O7Ds0LzRILCmToo4dhGy/DI109CdVSdNQdzuGJ4bZoTGnRiXKmupUf3arJAq+zRCtIFd/k4LCVr9tZQIjOgkpjOForjbsgkXnFrq8WAop6f9qk3cb9tJuExzqdi5LhjplO5xm8VjxqEkwB/HI+3aiF0xzgzMf6DrUyCUQx20ewWaaOubBonvg==
Second Server using OpenSSL -
echo "This is Sample Text"| openssl dgst -sha1 -sign tkt_privkey_rsa.pem | openssl enc -base64 -A
Output –
nyGcKeXHTK85/MuydT9Y/cd/rbR1ojAQmfFiVvDvEs46qOhIFAv8H4kbaQO63TUyXFlKV1nTiHaPrBnBfW2iKZXSDrcThO3R5znYwvA1RamxmHz5OVRQjGzBdStO43pRML4xGpa9keBj4RCEFM1NlDot4IUrVenyerQhEnymTaaVamIVmVyxYpm2/9b85umqXo/BsATKP174Amqd52X+ED1Cr/CbXVmErvOmxjMdPm9iEYgnWnRc74z6MQzt62gcP3uHuaFlR3U0dRNq51Vr1Z9vZ44NILSRqMZMIU//XZ7bwnnoraj3LeJ9pPzTNdN2Wv3BOYyFXxBi08O/Q517GA==
