Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WAS 6.1 IBMJCE provider generating wrong sha256withrsa signature

We are generating a digital signature (PKCS7) using Java security API. The digest algorithm is SHA-256 and the encryption algorithm is RSA (SHA256withRSA).

Using SunRsaSign provider in the local machine, a signature was generated on some content. Using IBMJCE provider in WAS 8.0.0.2, we were able to generate the same signature on the same content.

However, the problem is, we had to migrate back to WAS 6.1. Now, the signature generated is different than the one generated in above 2 cases. I checked the message-digests created in all the 3 cases, and it is the same in all the 3 cases, but the signature is different in case of WAS 6.1.

Is there any known issue with WAS 6.1's IBMJCE provider with respect to SHA256withRSA encryption? Any pointers would be greatly appreciated. Thanks

like image 707
phani nalla Avatar asked Apr 11 '13 10:04

phani nalla


1 Answers

Is there really a problem? From what I know, this must apply

signature = sign(message)  
verify(signature) == message  

There is no requirement that all signatures must be the same. So do you really have problem with verification of those signatures?

like image 199
epinuj Avatar answered Oct 06 '22 00:10

epinuj