0

I want to sign a message using RSA private key. This message will be verified by someone else maybe using another programming language other than Java.

I will use the java.security.Signature class to sign the messsage. The code will be :

Signature privateSignature = Signature.getInstance("SHA256withRSA");
privateSignature.initSign(key); //RSA private key
privateSignature.update(text.getBytes("UTF8")); //text is the clear text string

byte[] signature = privateSignature.sign();

return Base64.getEncoder().encodeToString(signature);

When I check the result and used the publickey to decrypt the signature, I found that padding bytes are added before the SHA256 digest.

My Question is : is the resulted signature generated in a standard way so that it can be verified with the public key in widely used programming languages or is it java specific?

Tamer
  • 129
  • 1
  • 1
  • 14
  • 1
    The padding used by `SHA256withRSA` is [RSASSA-PKCS1-v1_5](https://tools.ietf.org/html/rfc8017#section-8.2) and described in RFC 8017. It is a standard and the signature can be verified cross-platform (i.e. not only in Java), for details see [here](https://stackoverflow.com/a/21019504/9014097). – Topaco Sep 01 '20 at 12:46
  • Thank you Topaco, your comment answered my question. – Tamer Sep 01 '20 at 14:17

0 Answers0