5

I'm trying to create an ECDSA Signature in Java. When i create one in python it can be verified just fine in Java. But vice-versa gives me a BadSignatureException.Python is using the ECDSA library and Java is using SpongyCastle.

Python Implementation of Signing:

private_key = SigningKey.from_der(PRIVATE_KEY.decode('hex'))
private_key.sign(payload, hashfunc=hashlib.sha256, 
sigencode=sigencode_der).encode('hex'),

Python Implementation of Verifying

verifying_key = VerifyingKey.from_der(public_key.decode('hex'))
return vk.verify(signature.decode('hex'), payload, hashfunc=hashlib.sha256, sigdecode=sigdecode_der)

Java Implementation of Signing

signature = Signature.getInstance("SHA256withECDSA", "SC");
signature.initSign(this.privateKey);
signature.update(input.getBytes("UTF-8"));
return new String(Hex.encode(signature.sign()));

Java Implementation of Verifying

signature = Signature.getInstance("SHA256withECDSA", "SC");
signature.initVerify(publicKey);
signature.update(input.getBytes("UTF-8"));
return signature.verify(Hex.decode(expectedSignature));
ahmed bodiwala
  • 51
  • 2

1 Answers1

0

You can try to use verify_digest() and sign_digest() from python.
For example to verify the signature,

digest = SHA256.new() 
digest.update((message.encode('utf-8')))

verified = vk.verify_digest(bytes.fromhex(signature), digest.digest())
Weidian Huang
  • 2,787
  • 2
  • 20
  • 29