[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] X509 verify question

What is the proper way to verify that a certificate has not been tampered with?  I'm not looking to see if the cert has
a valid certificate chain, yet...I want to first verify that the certificate itself has not been tampered with.
I exported an X.509 certificate to a file using the following code: 
    cert.writeTo(new FileOutputStream("c:/myx509.cer"));   
This certifcate is not self-signed (it has as it's parent the Thawte certificate). 
I tried reading in the certificate and verifying that it has not been tampered with using the following:
  X509Certificate x509 = new X509Certificate(new FileInputStream("c:/midway/myx509.cer"));
  System.out.println(x509.toString()); // This prints out the contents of the certificate correctly.
But the verify throws the following exception:
java.security.SignatureException: Signature decryption error: javax.crypto.BadPaddingException: Invalid PKCS#1 padding: no leading zero!
Do I need to do some other decoding?  Do I need to have the parent X509 cert in order to verify this imported X509 cert has not been tampered with?
Thank you
Daniel Teng
Software Engineer
DSI Corp
7901 Stoneridge Dr, Suite 320
Pleasanton, CA   94588