I'm trying to verify digital signatures generated in libgcrypt in a java app using "MD5WithRSA" type signatures.
I think perhaps I am creating the signature incorrectly in libgcrypt, but I am not sure what to do to produce one that can be used by the java Signature class.
Here is how I am verifying in java:
Code:
Signature sig = Signature.getInstance("MD5WithRSA");
sig.initVerify(pubKey);
sig.update(data)
boolean result = sig.verify(signature);
The above works for signatures I created with the java Signature class, but not those I created in my C app with libgcrypt.
Here is my libgcrypt code for creating the signature:
Code:
char md5[16];
gcry_md_hash_buffer(GCRY_MD_MD5, md5, data, dataLen);
rc = gcry_sexp_build(&data_sexp, NULL, "(data(flags pkcs1)(hash md5 %b))", (size_t)16, md5)
rc = gcry_pk_sign(&signature, data_sexp, privKey);
I am able to verify the libgcrypt signatures with libgcrypt itself, so I am pretty sure I am just specifying some option wrong when creating the signature, or I am misunderstanding how to include the md5 using libgcrypt in a way that is compatible with the java Signature class.
Does anyone out there have experience with these libraries that might be able to help me figure out problem?
Thanks,
John