1 2 Previous Next 20 Replies Latest reply: Jun 27, 2012 4:12 AM by 813524 RSS

    I can verify a digital signature with an incorrect cert

    813524
      Hello,

      I am writing some code to digitally sign and then verify data.
      The code I have written allows me to verify data using a certificate that does not correspond to the private key.

      This is the code i have written for signing:

                     /**
                     * Get the private key
                     */
                     PrivateKey key = KeyStoreUtil.getPrivateKey(keyStoreName, keyStoreType, keyStorePassword, keyAlias);

                     /**
                     * Encrypt the data,
                     */
                     Signature signatureAlgoithm = Signature.getInstance(getAlgorithm());
                     signatureAlgoithm.initSign(key);
                     signatureAlgoithm.update(data.getBytes());
                     signature = signatureAlgoithm.sign();

      and this is the code I have writen for verification:

                     /**
                     * Get the cert that will be used to
                     * verifiy the data and signature
                     */
                     Certificate cert = KeyStoreUtil.getCertificate(keyStoreName, keyStoreType, keyStorePassword, certAlias);

                     /**
                     * Initialise signature algorithm,
                     * supply the data to be verified
                     * and verify with signature
                     */
                     Signature signatureAlgoithm = Signature.getInstance(getAlgorithm());
                     signatureAlgoithm.initVerify(cert);
                     signatureAlgoithm.update(data.getBytes());
                     result = signatureAlgoithm.verify(signature);

      Can someone please tell me, if I'm missing something here? The KeyStoreUtil code used above to get the private key and cert is shown below and the algorithm I am using is SHA1withRSA.

      Thanks





      package aero.sita.ir.security.util;

      import java.io.BufferedInputStream;
      import java.io.Closeable;
      import java.io.FileInputStream;
      import java.io.IOException;
      import java.security.KeyStore;
      import java.security.KeyStoreException;
      import java.security.NoSuchAlgorithmException;
      import java.security.PrivateKey;
      import java.security.UnrecoverableKeyException;
      import java.security.cert.Certificate;
      import java.security.cert.CertificateException;

      import org.apache.log4j.Logger;

      /**
      * The Class KeyStoreUtil.
      */
      public class KeyStoreUtil {

           // ===========================================
           // Public Members
           // ===========================================

           // ===========================================
           // Private Members
           // ===========================================

           /** The Constant LOGGER. */
           private static final Logger LOGGER = Logger.getLogger(KeyStoreUtil.class);

           // ===========================================
           // Static initialisers
           // ===========================================

           // ===========================================
           // Constructors
           // ===========================================

           /**
           * Instantiates a new key store util.
           */
           public KeyStoreUtil() {
           }

           // ===========================================
           // Public Methods
           // ===========================================

           public static Certificate getCertificate(String keyStoreName, String keyStoreType, String keyStorePassword, String certAlias) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {

                /**
                * Get a handle on the keystore
                */
                KeyStore ks = loadKeyStore(keyStoreName, keyStoreType, keyStorePassword);

                /**
                * Return the requested cert
                */
                return ks.getCertificate(certAlias);

           }

           public static PrivateKey getPrivateKey(String keyStoreName, String keyStoreType, String keyStorePassword, String keyAlias) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {

                /**
                * Get a handle on the keystore
                */
                KeyStore ks = loadKeyStore(keyStoreName, keyStoreType, keyStorePassword);

                /**
                * Return the requested key
                */
                return (PrivateKey) ks.getKey(keyAlias,keyStorePassword.toCharArray());
           }

           // ===========================================
           // Protected Methods
           // ===========================================

           // ===========================================
           // Private Methods
           // ===========================================

           /**
           * Load key store.
           *
           * @param keyStoreName the key store name
           * @param keyStoreType the key store type
           * @param keyStorePassword the key store password
           * @return the key store
           * @throws KeyStoreException
           * @throws IOException
           * @throws CertificateException
           * @throws NoSuchAlgorithmException
           */
           private static final KeyStore loadKeyStore(String keyStoreName, String keyStoreType, String keyStorePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {

                /**
                * The keystore to return
                */
                KeyStore ks = null;

                /**
                * Input stream used to read keystore
                */
                BufferedInputStream ksbufin = null;

                try {

                     /**
                     * Initilise input stream
                     */
                     ksbufin = new BufferedInputStream(new FileInputStream(keyStoreName));

                     /**
                     * Get keystore instance
                     */
                     ks = KeyStore.getInstance(keyStoreType);

                     /**
                     * Load up the keystore
                     */
                     ks.load(ksbufin, keyStorePassword.toCharArray());

                } finally {
                     close(ksbufin);
                }

                /**
                * Return the keystore
                */
                return ks;
           }

           /**
           * Close.
           *
           * @param closeable
           * the closeable
           */
           private static final void close(Closeable closeable) {
                if (closeable != null) {
                     try {
                          closeable.close();
                     } catch (IOException e) {
                          LOGGER.error("Error closing file or stream. " + e.getMessage());
                     }
                }
           }
      }
        • 1. Re: I can verify a digital signature with an incorrect cert
          EJP
          Really? Doesn't sound likely, does it? What are the values of the public key associated with the private key, and the public key of the certificate?
          • 2. Re: I can verify a digital signature with an incorrect cert
            sabre150
            My standard test example for signing using SHA1withRSA first signs and verifies with a corresponding (PrivateKey,Certificate) pair and then tries to verify with a different certificate. I have just run it using JDK1.7.0_04 and it runs correctly. It has always run correctly. The basic code is similar to your code but without the superfluous and sometimes misleading/erroneous comment.
            • 3. Re: I can verify a digital signature with an incorrect cert
              813524
              Im going to resist the temptation to answer to the comment about superfluous comments etc, I think that says more about the ego of the respondent.

              I do however have this problem and I'd be happy to share my code, superfluous comments included.
              • 4. Re: I can verify a digital signature with an incorrect cert
                sabre150
                810521 wrote:
                Im going to resist the temptation to answer to the comment about superfluous comments etc, I think that says more about the ego of the respondent.
                So you didn't resist!

                Example of a superfluous comment -
                /**
                * Get keystore instance
                */
                ks = KeyStore.getInstance(keyStoreType);
                Example of an erroneous comment -
                /**
                * Encrypt the data,
                */
                Signature signatureAlgoithm = Signature.getInstance(getAlgorithm());
                signatureAlgoithm.initSign(key);
                signatureAlgoithm.update(data.getBytes());
                signature = signatureAlgoithm.sign();
                >
                I do however have this problem and I'd be happy to share my code, superfluous comments included.
                Why would I want to share your code since you say it does not work? I already have code that actually does work.

                Bye
                • 5. Re: I can verify a digital signature with an incorrect cert
                  EJP
                  I'd be happy to share my code
                  You've already shared your code. How about sharing the answers to the questions you were asked?
                  • 6. Re: I can verify a digital signature with an incorrect cert
                    813524
                    vaules of the public key associated with the private key, and the public key of the certificate?

                    The cert associated with the private key that was used to sign the data:

                    Owner: CN=TUE 1-TUE 1 ADMIN-187413
                    Issuer: CN=Test CA, OU=For Test Purposes Only, O=A Ltd, C=IE
                    Serial number: 3d43ebb325f79c6d6ce475f8514fc626
                    Valid from: Wed May 02 01:00:00 BST 2012 until: Thu May 31 00:59:59 BST 2012
                    Certificate fingerprints:
                         MD5: 98:96:99:A0:1C:26:41:4D:5A:99:68:CC:3D:A4:6D:77
                         SHA1: 91:BB:E1:F5:A5:3E:F7:A7:05:14:CC:8C:D4:CE:3F:0E:5C:25:40:D4
                         Signature algorithm name: SHA1withRSA
                         Version: 3

                    Extensions:

                    #1: ObjectId: 2.5.29.15 Criticality=true
                    KeyUsage [
                    DigitalSignature
                    Non_repudiation
                    ]

                    #2: ObjectId: 2.5.29.37 Criticality=true
                    ExtendedKeyUsages [
                    clientAuth
                    ]

                    #3: ObjectId: 2.5.29.31 Criticality=false
                    CRLDistributionPoints [
                    [DistributionPoint:
                    [URIName: http://pilotonsitecrl.verisign.com/ACA/LatestCRL.crl]
                    ]]

                    #4: ObjectId: 2.5.29.19 Criticality=false
                    BasicConstraints:[
                    CA:false
                    PathLen: undefined
                    ]


                    The cert used to verify (incorrectlyl) the signature:

                    Owner: CN=PUE 1-PUE 1 Admin-294937
                    Issuer: CN=Test CA, OU=For Test Purposes Only, O=A Ltd, C=IE
                    Serial number: 1bf9f63394d41471538a4bbc25deff3
                    Valid from: Wed Jun 13 01:00:00 BST 2012 until: Thu Jul 12 00:59:59 BST 2012
                    Certificate fingerprints:
                         MD5: 35:96:D5:32:DE:48:A9:AB:FE:8F:D8:7E:BA:14:37:23
                         SHA1: D9:FE:C1:C8:6C:F6:5E:EF:23:59:98:B5:CD:DE:66:04:C3:F3:37:75
                         Signature algorithm name: SHA1withRSA
                         Version: 3

                    Extensions:

                    #1: ObjectId: 2.5.29.15 Criticality=true
                    KeyUsage [
                    DigitalSignature
                    Non_repudiation
                    ]

                    #2: ObjectId: 2.5.29.37 Criticality=true
                    ExtendedKeyUsages [
                    clientAuth
                    ]

                    #3: ObjectId: 2.5.29.31 Criticality=false
                    CRLDistributionPoints [
                    [DistributionPoint:
                    [URIName: http://pilotonsitecrl.verisign.com/ACA/LatestCRL.crl]
                    ]]

                    #4: ObjectId: 2.5.29.19 Criticality=false
                    BasicConstraints:[
                    CA:false
                    PathLen: undefined
                    ]
                    • 7. Re: I can verify a digital signature with an incorrect cert
                      813524
                      Here's the code that I'm using for testing. Perhaps I have done something wrong here:

                                     String data = "Yeehaw";

                                     byte[] signature = signtureService.sign(data,"myKeystore.jks","JKS","Password1","cert-tue 1-tue 1 admin-187413");

                                     LOGGER.info("Checking data with correct cert, result should = true");
                                     boolean result = signtureService.verify(data,signature,"myKeystore.jks","JKS","Password1","cert-tue 1-tue 1 admin-187413");
                                     LOGGER.info("Result = [" + result + "]");

                                     LOGGER.info("Checking data with incorrect cert, result should = false");
                                     result = signtureService.verify(data,signature,"myKeystore.jks","JKS","Password1","cert-pue 1-pue 1 admin-294937");
                                     LOGGER.info("Result = [" + result + "]");

                                     LOGGER.info("Modify data and check with correct cert, result should = false");
                                     result = signtureService.verify("Yeeha",signature,"myKeystore.jks","JKS","Password1","cert-tue 1-tue 1 admin-187413");
                                     LOGGER.info("Result = [" + result + "]");

                      and here is the output:

                      Signature = [[B@8e32e7]
                      Checking data with correct cert, result should = true
                      Result = [true]
                      Checking data with incorrect cert, result should = false
                      Result = [true]
                      Modify data and check with correct cert, result should = false
                      Result = [false]
                      • 8. Re: I can verify a digital signature with an incorrect cert
                        sabre150
                        Since I am pretty sure that the Oracle JCE provider signature code is correct the only things I can think of are :-

                        a) that you have generated two CSR from the same (private/public) key pair and processed them both through Verisign,

                        or

                        b) that your generation of the (private/public) key pair resulted in the same key for both.

                        You could extract the two public key from the certificates and compare their moduli and exponents.
                        • 9. Re: I can verify a digital signature with an incorrect cert
                          EJP
                          vaules of the public key associated with the private key, and the public key of the certificate?
                          That's what I asked for.
                          The cert associated with the private key that was used to sign the data:
                          That's not what I asked for.
                          The cert used to verify (incorrectlyl) the signature:
                          Nor is that.

                          Those are certificates. I asked for public keys.
                          • 10. Re: I can verify a digital signature with an incorrect cert
                            813524
                            Ok is this what you are looking for? I'm not sure i've done this right. But then if I knew what I was doing I wouldn't be asking questions on forums.

                            Private key:

                            Bag Attributes
                            friendlyName: cert-tue 1-tue 1 admin-187413
                            localKeyID: 54 69 6D 65 20 31 33 34 30 36 36 32 35 37 31 33 35 39
                            Key Attributes: <No Attributes>
                            -----BEGIN ENCRYPTED PRIVATE KEY-----
                            MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIWQcKzRnZnTECAggA
                            MBQGCCqGSIb3DQMHBAhC3rzoe1dxNQSCAoDseh0qTk2XzSs+Pz+rA97I3lrAVvAU
                            1VGf1IW2XkO0EVNn01VcBVX4wkT1kq9m9lUQqIwd+aEgaEuFX7tQqnW7j+1nF2Rh
                            0DV1XuqjOm/5vnDYPdjbgHmtNwrY4b+4aOPPhmMZn/8+E8xOEdHtDZhbX1dZ8w59
                            7RR7Num8Z0eTX4Vc2D59MCyYmp7uZVSQvkSVwhTs0wfWDlpzuK/Sbj6UZ8nwaR3X
                            /KDqqFd3FR0lFPVG4nMS1qdiTJVAK3aiPqyfeK5A6PAYAahS+P4JQ4Kx3DZroSIZ
                            k+JaTCm9VIkMAF8Gy6ysu3Lel1sIiHMik5CfRFD9A+4zmW9XK6spryxGz2jb4P96
                            glNqVDj+tnNHplzvgw3uJOZjuaOvL1mOypq580c/rtjpfwLalJOB3ys3IbpFyP7f
                            zMMJfek781VarB8aJ+HWsVUvAq/1ri0PWhZM3RoaNDLMQ8Oq0sW24GS5trZ72HE3
                            t1xN9cReRC6T3K6IWGm4MI2VY37basokUAA3CET1m9eqlu26XeIwzLUanjF+w1nC
                            5ylN1juNbDpoojyq78BSJydZv+N8ebRHUdGm4GhccTkDKTlX2EUoPezPPnJAGq4m
                            51R9fcer9L6l8JB2b6lNZwOSFw4SMKbGGUpEBTsJVlC0ej7eZJhbnuyWaZe12qe6
                            RXJjYPCCLr+ynrYKRxEIL9aaFoHWY1xyI0AT7LswUPzy9DPPoU9YxfJPss8BTvEx
                            Krom0VfA8Yx62FCh1/gUOYR00pJpe30Rr6bdnWixDocOmItHgGKgpw0r2YhJ5o0v
                            fxztBKSL+Aml0Tjkqdu9eEDrRoW+7+Zm7yYTzQueoQI0F/waH3Y4w0sv
                            -----END ENCRYPTED PRIVATE KEY-----

                            Public-Key: (1024 bit)
                            Modulus:
                            00:81:ad:0f:c2:59:3b:c2:41:a6:10:17:17:0d:79:
                            f6:3b:74:8f:42:a0:72:e5:fa:1f:90:22:50:02:fb:
                            49:82:29:34:28:24:a3:b0:17:e0:b5:09:fe:27:07:
                            c3:a6:57:67:05:82:09:8e:7a:3a:bb:ed:ed:a0:26:
                            45:ff:91:1f:e9:db:af:00:f2:bb:4f:f7:f8:7e:82:
                            7c:6c:6c:19:03:c7:5c:4c:9e:e7:62:25:49:2f:dd:
                            39:ca:b0:8a:88:b5:40:da:e7:89:d1:b5:cb:88:b6:
                            56:25:b2:6b:85:0e:89:96:ed:e6:bc:d2:28:26:ce:
                            4a:9a:d5:c0:0e:65:37:cd:8f
                            Exponent: 65537 (0x10001)
                            -----BEGIN PUBLIC KEY-----
                            MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBrQ/CWTvCQaYQFxcNefY7dI9C
                            oHLl+h+QIlAC+0mCKTQoJKOwF+C1Cf4nB8OmV2cFggmOejq77e2gJkX/kR/p268A
                            8rtP9/h+gnxsbBkDx1xMnudiJUkv3TnKsIqItUDa54nRtcuItlYlsmuFDomW7ea8
                            0igmzkqa1cAOZTfNjwIDAQAB
                            -----END PUBLIC KEY-----
                            • 11. Re: I can verify a digital signature with an incorrect cert
                              sabre150
                              You have now compromised your private key so that the whole world has access to it. It is now useless.

                              What we wanted were the two public keys; not the private key.
                              • 12. Re: I can verify a digital signature with an incorrect cert
                                EJP
                                Blimey. I ask for a public key and i get first two certificates and now a private key, which you should never disclose to anybody and which you must now destroy and regenerate.

                                However, if this is the complete answer to what we asked for, it proves there is only one key pair, which is what we have been telling you all along.
                                • 13. Re: I can verify a digital signature with an incorrect cert
                                  813524
                                  Apologies, i did realise what I had done :) but I haven't had time to post the public key associated with the private key. The private key is used for testing only and isn't used on any live site.

                                  This is the key you asked for, I think:


                                  Public-Key: (1024 bit)
                                  Modulus:
                                  00:81:ad:0f:c2:59:3b:c2:41:a6:10:17:17:0d:79:
                                  f6:3b:74:8f:42:a0:72:e5:fa:1f:90:22:50:02:fb:
                                  49:82:29:34:28:24:a3:b0:17:e0:b5:09:fe:27:07:
                                  c3:a6:57:67:05:82:09:8e:7a:3a:bb:ed:ed:a0:26:
                                  45:ff:91:1f:e9:db:af:00:f2:bb:4f:f7:f8:7e:82:
                                  7c:6c:6c:19:03:c7:5c:4c:9e:e7:62:25:49:2f:dd:
                                  39:ca:b0:8a:88:b5:40:da:e7:89:d1:b5:cb:88:b6:
                                  56:25:b2:6b:85:0e:89:96:ed:e6:bc:d2:28:26:ce:
                                  4a:9a:d5:c0:0e:65:37:cd:8f
                                  Exponent: 65537 (0x10001)
                                  • 14. Re: I can verify a digital signature with an incorrect cert
                                    813524
                                    I can see now that they are the same
                                    1 2 Previous Next