0

I am writing an application targeting Android 25 and I am trying to sign my HTTP query parameter String by using my public key. However, I am getting the following exception java.security.SignatureException: object not initialized for signing when this method is invoked.

What do you think I am missing here? The related line in my code where exception is thrown is marked with the comment //EXCEPTION IS THROWN HERE IN THE FOLLOWING LINE.

 private static String signSHA256RSA(String httpQueryParameterString, String strPublicKey) throws Exception {

    String input = httpQueryParameterString;

    if(input == null || input.isEmpty() || strPublicKey == null || strPublicKey.isEmpty()){
        return "";
    }

    String realPublicKey = strPublicKey.
            replaceAll("-----END PUBLIC KEY-----", "").
            replaceAll("-----BEGIN PUBLIC KEY-----", "").
            replaceAll("\n", "");

    byte[] b1 = Base64.decode(realPublicKey, Base64.DEFAULT);
    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(b1);
    KeyFactory kf = KeyFactory.getInstance("RSA"); 
    RSAPublicKey rsaPubKey = (RSAPublicKey) kf.generatePublic(keySpec);

    Signature publicSignature = Signature.getInstance("SHA256withRSA");
    publicSignature.initVerify(rsaPubKey);

    //EXCEPTION IS THROWN HERE IN THE FOLLOWING LINE
    byte[] s = publicSignature.sign();

    return Base64.encodeToString(s, Base64.DEFAULT);
}
Alexander Rossa
  • 1,900
  • 1
  • 22
  • 37
F. Aydemir
  • 2,665
  • 5
  • 40
  • 60
  • 1
    it *is* initialized, but for verifying, not signing. You need to use the `verify()` method, not the `sign()` method. Also, you cannot sign using a public key, only a private key. You are missing some important concepts. – President James K. Polk Apr 08 '18 at 16:00
  • Oki I started to see the picture a bit. Thanks – F. Aydemir Apr 08 '18 at 16:18
  • My problem now centers around this line: byte[] b1 = Base64.decode(realPublicKey, Base64.DEFAULT); It throws: java.lang.IllegalArgumentException: bad base-64 Can anyone advise the proper usage base64 encoding? I have been googling about this and used different flags but they did not help fix the issue. – F. Aydemir Apr 08 '18 at 17:45
  • Base64 is fairly simple and straightforward. There are only 64 legal characters, and 62 of them are just letters and numbers, the other two are '+' and '/'. Take a look at the string and see if it contains any non base64 characters. Whitespace is not valid base64, though there may be an option to the decoder to ignore it. – President James K. Polk Apr 08 '18 at 18:05
  • I have created a private key file using bitvise ssh client and then saved the file under res/raw directory and read it into the above static method in question but this 64bit encoding problem continues... My intentiton to read directly from file was to avoid any manual intervention with the key kontent and retrieve the content as it is in order to avoid possible base64 violating charecters. – F. Aydemir Apr 08 '18 at 19:02
  • Unfortunately I don't have access to a Windows computer so I can't install and experiment with the Bitvise SSH client. Perhaps you can create a throwaway keypair and post the relevant portions as an example. – President James K. Polk Apr 08 '18 at 20:07

0 Answers0