Getting error "java.security.SignatureException: error decoding signature bytes." on signature verification using SHA256withECDSA algorithm in Java

Question

I am very new to JSON Web Signing and wanted to know how JSW Signing is done in Java. I searched for it but didnt really understood what it needs. I tried using signature algorithm as below: For signing:

Signature signature = Signature.getInstance("SHA256withECDSA");
            SecureRandom secureRandom = new SecureRandom();
            keyPair = new KeyPair(getPublicKey("path"), getPrivateKey("path"));
            signature.initSign((ECPrivateKey)keyPair.getPrivate() ,secureRandom);
            byte[] data = securedInput.getBytes(StandardCharsets.UTF_8);
            signature.update(data);

            digitalSignature = signature.sign();
            jswSign = Base64.getUrlEncoder().encodeToString(digitalSignature.toString().getBytes(StandardCharsets.UTF_8));

For verification:

private boolean verifySignature(String decodedSecuredInput,byte[] signature) throws Exception
    {
        Signature sign;
        boolean verified = false;
        try {

    sign= Signature.getInstance("SHA256withECDSA", BouncyCastleProvider.PROVIDER_NAME);
            sign.initVerify(getPublicKey());
            byte[] data2 = decodedSecuredInput.getBytes("UTF-8");
            sign.update(data2);

            verified = sign.verify(signature);

}

Retrieving Public Key like this:

private PublicKey getPublicKey() 
    {       
        File file = new File("src\\keyData\\CNserver1571409007.cer");
        try 
        {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            X509Certificate certificate = loadCertificate(certificateFactory, file);
            return certificate.getPublicKey();
        }

Signature is given by Third Party using SHA256withECDSA algorithm.

It gives Invalid Encoding for signature error when trying to verify. Error: java.security.SignatureException: error decoding signature bytes. at org.bouncycastle.jcajce.provider.asymmetric.util.DSABase.engineVerify(Unknown Source) at java.security.Signature$Delegate.engineVerify(Unknown Source) at java.security.Signature.verify(Unknown Source)

You can check this out: https://github.com/Mukit09/ECDSA/tree/master/src/main/java — Mukit09, May 14 '20 at 14:53
Thank you for your comment. I am actually getting decoding signature error while verifying the sign using signature created by CSS Code of Connection. If I try to use signature created by my program it doesn't give any error. — shweta karanje, May 18 '20 at 22:25
JWS uses 'P1363' aka 'plain' format while Java uses ASN.1/DER format by default, but Java 9 up or with BouncyCastle can get around this. See https://stackoverflow.com/questions/56824921/java-security-signatureexception-invalid-encoding-for-signature-signature-vali and links there, and possibly https://stackoverflow.com/questions/61860104/converting-p1363-format-to-asn-1-der-format-using-java — dave_thompson_085, May 19 '20 at 01:01
dave_thompson Thanks for your help, it solved my signature verification issue. Can you please suggest how to convert ECDSAHmac256 signature generated in Java from DER to plain format? — shweta karanje, May 20 '20 at 14:44
Your code in another link helped me to convert sign into Plain format. Thank you dave_thompson. — shweta karanje, Jun 01 '20 at 14:57

Getting error "java.security.SignatureException: error decoding signature bytes." on signature verification using SHA256withECDSA algorithm in Java

0 Answers0