0

I am using the java.security library to do an Elliptic Curve Digital Signature. I do not get a syntax error or any exception error.

The code basically creates a public and private key. I then test it by creating a signature of a string and I use the same string for verification. However, the result is false but it should be true.

I do not know where I am going wrong. Any feedback is appreciated.

The code as follows:

import java.security.*;
import java.security.spec.ECGenParameterSpec;

public class ECTests {
    static PrivateKey privatekey;
    static PublicKey publickey;

    public static void main(String[] args) throws Exception {
        generateKeyPair();

        String strTest = "Hello World! This is a test";

        byte[] sign = generateSignature(privatekey, strTest.getBytes());
        boolean isSignValid = verifySignature(publickey, strTest.getBytes(), sign);

        System.out.println(isSignValid);
    }

    public static KeyPair generateKeyPair() throws GeneralSecurityException {
        KeyPairGenerator keyPair = KeyPairGenerator.getInstance("EC");
        ECGenParameterSpec ec = new ECGenParameterSpec("secp256r1");
        keyPair.initialize(ec, new SecureRandom());

        privatekey = keyPair.genKeyPair().getPrivate();
        publickey = keyPair.genKeyPair().getPublic();

        return keyPair.generateKeyPair();
    }

    public static byte[] generateSignature(PrivateKey ecPrivate, byte[] input) throws GeneralSecurityException {
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(ecPrivate, new SecureRandom());
        signature.update(input);
        return signature.sign();
    }

    public static boolean verifySignature(PublicKey ecPublic, byte[] input, byte[] encSignature) throws GeneralSecurityException {
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initVerify(ecPublic);
        signature.update(input);
        boolean state = signature.verify(encSignature);
        return state;
    }
}
cazhium akanam
  • 1
  • 1
  • You create **two** key pairs and combine the private key of the first one with the public key of the second one, i.e. the two keys do not belong together and therefore verification fails. Try `KeyPair keypair = keyPair.genKeyPair(); privatekey = keypair.getPrivate(); publickey = keypair.getPublic();` – Topaco Mar 13 '21 at 15:15
  • @Topaco Yes this solved my problem, thank you! I didn't know I was creating different keys that do not belong together. – cazhium akanam Mar 13 '21 at 15:44
  • 1
    I’m voting to close this question because it was a user mistake by creating two different keys. – Maarten Bodewes Mar 13 '21 at 22:30
  • @Topaco Feel free to answer such questions instead, that creates more rep, and more importantly, allows others to see that the problem has been solved. Now it needs to go through the close queue. – Maarten Bodewes Mar 13 '21 at 22:32
  • @MaartenBodewes I don't understand what you mean. But why don't you answer it then? – cazhium akanam Mar 14 '21 at 15:04
  • @cazhiumakanam Topaco often hints in the right direction in the comments, but never closes questions and never answers questions either. That means that people like me first have to read all the comments before seeing if the question has been answered or not. For me helping to answer questions is my main drive (not rep). However, investing time into questions that have already been answered is tiring. Furthermore, the questions are likely show to fewer people and the people that do find it have to look for answers in the comments as well. – Maarten Bodewes Mar 14 '21 at 20:32
  • @MaartenBodewes Ohh okay now I understand, I didn't think that deeply into it. Thanks for the clarification! – cazhium akanam Mar 15 '21 at 21:15

0 Answers0