Fatemeh Fatemeh - 17 days ago 6
Android Question

Error "Malformed content." in Signature Verification

I want to verify my signature . my signature is a byte array. I use spongy castle
I get error "org.spongycastle.cms.CMSException: Malformed content."
this is my code:

String base64 = Base64.toBase64String(signedchallenge);
CMSSignedData cms = new CMSSignedData(Base64.decode(base64));
Store store = cms.getCertificates();
SignerInformationStore signers = cms.getSignerInfos();
Collection c = signers.getSigners();


I get error in line " CMSSignedData cms = new CMSSignedData(Base64.decode(base64));"

also I used this method for signed challenge generation. It did in smart cart

Signature signature=Signature.getInstance(Signature.ALG_RSA_SHA_PKCS1,false);
signature.init(thePrivateKey,Signature.MODE_SIGN);
signLength=signature.sign(buffer,(short)(ISO7816.OFFSET_CDATA & 0xFF), inputlength, buffer, (short)(0));
apdu.setOutgoingAndSend((short)0,signLength);

Answer

According to javacard documentation

ALG_RSA_SHA_PKCS1 generates a 20-byte SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA

To verify the signature in Android side use this code

Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(publicKey);
sig.update(challenge);
boolean verifies = sig.verify(signedchallenge);

Where signedchallenge is the signature available on buffer from (short)(ISO7816.OFFSET_CDATA & 0xFF) to signLength and challenge is the original data to sign