Interaction between Crypt::RSA (Perl) and java.security.Signature (Java)

Question

I'd like to sign a file by using a RSA keypair. For this purpose I have this Perl script:

#!/usr/bin/perl

use Crypt::RSA;

my $data = ... # File contents

my $rsa = new Crypt::RSA; 
my $key = new Crypt::RSA::Key::Private(Filename => "stackoverflow.priv", Password => "*****");
my $signature = $rsa->sign(Message => $data, Key => $key, Armour => 0);

# Write signature to file

On the client side, I'd like to use the following Java function to verify the file:

private static final String PUBLICKEY_MOD = "190343051422614110006523776876348493...";
private static String PUBLICKEY_EXP = "65537";

public boolean check() {
     byte[] data = ... // Data
     byte[] dataSignature = ... // Signature (as calculated in the Perl script)

     Signature signature = Signature.getInstance("SHA256withRSA");

     signature.initVerify(getPublicKey());
     signature.update(data);
     return signature.verify(dataSignature);
}

private PublicKey getPublicKey() {
    RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(PUBLICKEY_MOD), new BigInteger(PUBLICKEY_EXP));
    KeyFactory factory = KeyFactory.getInstance("RSA");
    return factory.generatePublic(spec);
}

However, check() always reports false. These things I already checked:

data and dataSignature are correctly read
PUBLICKEY_MOD and PUBLICKEY_EXP are correct
getPublicKey() returns a PublicKey which has the correct attributes
the private key and the public key are part of the same pair

Does anyone know how to verify the file correctly? Is signature correctly instanced?

Thank you very much! I fixed these two issues and it works perfectly. If you'd like to add your points as an answer, I will mark it as a solution. — SecStone, Mar 21 '12 at 13:01
Could you indicate what you did to get SHA-256 to work for PERL, there is [this other question](http://stackoverflow.com/questions/12142381/is-there-a-perl-implementation-of-sha256withrsa)... — Maarten Bodewes, Aug 27 '12 at 18:23
What did you do? I am stuck in same position. Tried to make both the change but didnt work. In SCALA it looks like `var signature = Signature.getInstance("SHA256withRSA" )` and in PERL `$publickey->verify_message($signature, $datatosign, 'SHA256', 'v1.5')` — user3450546, Oct 05 '21 at 07:21

score 2 · Accepted Answer · answered Mar 21 '12 at 22:20

Your first clue that something might be wrong is that you never tell Perl what hash function to use, but you tell Java to use SHA256. You have a lot of work to do on the Perl side. Also, the default padding scheme for Crypt::RSA seems to be PSS, whereas for Java it is PKCSv1.5

Interaction between Crypt::RSA (Perl) and java.security.Signature (Java)

1 Answers1