SHA256withECDSA Signature not Verifying, Android

Asked May 27 '18 at 09:17

Active May 27 '18 at 17:54

Viewed 352 times

Update: The critical aspect is that kp (keypair) is generated "outside" this code. This code is an onclick function whereas kp is defined in the code that sets up the onclick. Shouldn't matter but that's what seems to be the problem and that's inexplicable.

What's wrong with the following code? It always prints (logs) false for the verification b even though the data is the same string "foo" and the signature is the same one that was generateded earlier in the code sig

val sig = Signature.getInstance("SHA256withECDSA").run {
    initSign(kp.private)
    update("foo".toByteArray())
    sign()
}
Log.d(tag, "sig: " + sig.toString())
val o = Signature.getInstance("SHA256withECDSA")
o.initVerify(kp.public)
o.update("foo".toByteArray())
val b = o.verify(sig)
Log.d(tag, b.toString())

edited May 27 '18 at 17:54

asked May 27 '18 at 09:17

user2297550

3,142
3
28
39

Does `sig` really contain the result of `sign()`? (I'm not familiar with Kotlin.) It should be a byte array – pedrofb May 27 '18 at 16:00
@pedrofb that's correct (kotlin's real nice, btw). I need to update this question. It works fine when `kp` is initialized just above this code. The problem is when the above code is a closure (say onclick function) whereas `kp` is defined above & outside the closure. (should be the same behavior in java). THank you. – user2297550 May 27 '18 at 17:52
You're not generating two key pairs are you? – Maarten Bodewes May 30 '18 at 01:18

SHA256withECDSA Signature not Verifying, Android

0 Answers0