0

I am trying to validate a SHA1 DSA signature with this code:

X509EncodedKeySpec bobPubKeySpec = new X509EncodedKeySpec(bobEncodedPubKey);
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
PublicKey bobPubKey = keyFactory.generatePublic(bobPubKeySpec);
Signature sig = Signature.getInstance("SHAwithDSA");
sig.initVerify(bobPubKey);
sig.update(data);
sig.verify(signature);

Basically load my pub key and compute a signature, then compare with a signature I already have... The thing is that this line throws an java.security.NoSuchAlgorithmException:

KeyFactory keyFactory = KeyFactory.getInstance("DSA");

My Java skills aren't impresive so I may be missing something... I run Java 8 and I have JDK 13 if that might be helpful in any way...

Kaloyan Manev
  • 406
  • 6
  • 20
  • 1
    Haven't had this happen to me but keep in mind that this exception is thrown when no providers are found for this algorithm so you might want to check what `Security.getProviders();` returns and see if that can point you in the right direction. – InsertKnowledge Aug 13 '21 at 14:41
  • Yep, if the providers section in the security folder of your runtime is messed up then this can happen. DSA is an implementation requirement for Java / `KeyFactory`, so if the normal providers are present then this should not happen. – Maarten Bodewes Aug 13 '21 at 14:44
  • Yeah, DSA provider is missing, do you have any idea on how to restore it? – Kaloyan Manev Aug 13 '21 at 14:46
  • Obviously you should not be using SHA-1 for signatures anymore, if it can be helped. Neither should you put too much trust in DSA anymore. – Maarten Bodewes Aug 13 '21 at 14:46
  • @KaloyanManev Look within `$JAVAHOME/lib/security/java.security` and make sure you have a line such as `security.provider.1=sun.security.provider.Sun` in there. If things are really messed up somebody may have performed `Security.removeProvider("SUN");` earlier in the code; that should be restored in that case. Also, the .jar file of the Sun provider may be missing for some reason or other, so make sure you don't just incude `rt.jar` in your classpath. – Maarten Bodewes Aug 13 '21 at 14:51
  • And please let me know what fixed your problem :) – Maarten Bodewes Aug 13 '21 at 14:55

0 Answers0