i trying sign data on server side , validate on client side. keys - private , public saved pem strings both on client (public) , server (private).
when execute actions in server or in client side works fine - signing , verifying.
the code on server side:
// prepare data sign bytes[] byte[] datatosign = encoding.utf8.getbytes(data); var keyparamaspem = (asymmetriccipherkeypair)pemreader.readobject(); asymmetrickeyparameter key = keyparamaspem.private; var keyparameter = new rsakeyparameters(key.isprivate, ((rsaprivatecrtkeyparameters) key).modulus, ((rsaprivatecrtkeyparameters) key).exponent); // init alg isigner sig = signerutilities.getsigner("sha256withrsa"); // populate key sig.init(true, keyparameter); // calc signature sig.blockupdate(datatosign, 0, datatosign.length); byte[] signature = sig.generatesignature(); // base 64 encode sig 8-bit clean string signatureserver = convert.tobase64string(signature);
the code in client side:
const pubkey = rsa.keyutil.getkey(public_key); const rsaobj = new rsa.signature({ alg: 'sha256withrsa' }); rsaobj.init(pubkey); rsaobj.updatestring(json.stringify(data)); const isvalid = rsaobj.verify(signature);
i signed data in client side:
const privkey = rsa.keyutil.getkey(private_key); const sig = new rsa.signature({ alg: 'sha256withrsa' }); sig.init(privkey); sig.updatestring(json.stringify(data)); const signatureclient = sig.sign();
and found out 'signatureclient' (signature created in client side) is not equal signature signed in signatureserver
(signature created in server side).
the issue resolved.
i using jose-jwt dll in server side, bouncy castle, sign data. create token while storing data in 'sub' property in claims section.
in client side still using jsrsasign package verifying the token using jws.jws.verifyjwt()
method.
Comments
Post a Comment