I'd suggest as a next step to see if you're using the same public key for both the Java and openssl verify.
After that, the next step would be, in Java, to do a raw public key operation and examine the result. That will tell you whether it's the public key, the padding, the OID, or the hash that has the problem. -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415) From: R Redpath/Raleigh/IBM@IBMUS To: openssl-users@openssl.org, Date: 10/30/2012 04:59 PM Subject: openssl RSA_sign() and Java verify how Sent by: owner-openssl-us...@openssl.org I am using openssl to create a signature for a file contents and use openssl to verify the contents using the signature file. The public key is from an x509 cert. All works great. I need to verify a file contents using Java. So I have written a sample Java application and it returns false and should return true. I use the same artifacts as I did for the openssl. I think the saved binary file of the signature may need some conversion for Java but thats my guess? The computed SHA1 for the message digest by openssl and by Java are the same. So thats a good start. The Java Application is enclosed below. Basically 1 open the x509 and extract the public key. 2 read the contents of the file and make a SHA1 message digest 3 read the binary signature file 4 check signature against message digest using public key.
