[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] X509 verify question



Hello,
 
for verifying the signature of a not self-signed certificate you have to use method
 
verify(PublicKey)
 
where PublicKey is the one of the issuer.
 
Regards,
Dieter Bratko

           
-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at [mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von DTeng@DSI-Corp.com
Gesendet: Mittwoch, 22. November 2000 22:39
An: iaik-jce@iaik.at
Betreff: [iaik-jce] X509 verify question

Hi,
 
What is the proper way to verify that a certificate has not been tampered with?  I'm not looking to see if the cert has
a valid certificate chain, yet...I want to first verify that the certificate itself has not been tampered with.
 
I exported an X.509 certificate to a file using the following code: 
    cert.writeTo(new FileOutputStream("c:/myx509.cer"));   
 
This certifcate is not self-signed (it has as it's parent the Thawte certificate). 
 
I tried reading in the certificate and verifying that it has not been tampered with using the following:
 
  X509Certificate x509 = new X509Certificate(new FileInputStream("c:/midway/myx509.cer"));
  System.out.println(x509.toString()); // This prints out the contents of the certificate correctly.
  x509.verify(); 
 
But the verify throws the following exception:
java.security.SignatureException: Signature decryption error: javax.crypto.BadPaddingException: Invalid PKCS#1 padding: no leading zero!
Do I need to do some other decoding?  Do I need to have the parent X509 cert in order to verify this imported X509 cert has not been tampered with?
 
Thank you
Daniel Teng
Software Engineer
DSI Corp
7901 Stoneridge Dr, Suite 320
Pleasanton, CA   94588
 
***************************************************************************
*                                                                         *
* IAIK S/MIME Mapper Security Info                                        *
* ===================================                                     *
*                                                                         *
* for message:                                                            *
*   From: "Dieter Bratko" <Dieter.Bratko@iaik.at>                         *
*   Date: Tue, 28 Nov 2000 18:24:37 +0100                                 *
*   Subject: AW: [iaik-jce] X509 verify question                          *
*                                                                         *
* Message S/MIME properties:                                              *
*                                                                         *
*   Encrypted using:    not encrypted                                     *
*                                                                         *
*   Digitally signed:   yes                                               *
*   Signature valid:    yes                                               *
*   Signature trusted:  yes                                               *
*                                                                         *
*                                                                         *
* Compliance with policy for email addresses *@iaik.at:                   *
*                                                                         *
*   Encryption:         OK (None or better required)                      *
*                                                                         *
*   Digital Signature:  OK (digital signature required)                   *
*                                                                         *
***************************************************************************