For Programmers: Free Programming Magazines  


Home > Archive > Java Security > April 2006 > Verify PKCS#7 in Web server









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author Verify PKCS#7 in Web server
fealfu@gmail.com

2006-04-21, 8:05 am

Hi

I have generated a PKCS#7 digital signature in Firefox (with javascript
function window.crypto.signtext) and in Internet Explorer (with ActiveX
Capicom).

Now I must verify this signature in the web server Tomcat.

My problem is that my signature is not verified.

I don=B4t know the reason.

In the browser I have 2 inputs:

1=2E sha --> Text input with an hexadecimal sha to firm:
1D8595D6DC3712AFDA66A616B2232A8DAB8648D6


2=2E firma--> The pkcs#7 detached obtain with Capicom o Javascript.

And in the web server I have this code:

Signature firma;
try
{
Security.addProvider(new BouncyCastleProvider());
firma =3D Signature.getInstance("SHA1WithRSAEncryption");
firma.initVerify(cert);
firma.update(request.getParameter("sha").getBytes());
if (firma.verify(request.getParameter("firma")))
{
out.print("**********VERIFIED******************");
}
else
{
out.print("-------NOT VERIFIED----------");
}
}
catch(Exception e)
{
out.print("ERROR EN LA VALIDACION: " + e.getMessage());
e.printStackTrace();
return;
}

What is wrong? Are there another way to validate the signature?.

Thans

Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com