MD5WithRSA digital signatures

John Morris mailjohnmorris at
Thu Jun 9 23:24:31 CEST 2011


I'm trying to verify digital signatures generated in libgcrypt in a java app
using "MD5WithRSA" type signatures.

I think perhaps I am creating the signature incorrectly in libgcrypt, but I
am not sure what to do to produce one that can be used by the java Signature

Here is how I am verifying in java:

Signature sig = Signature.getInstance("MD5WithRSA");
boolean result = sig.verify(signature);

The above works for signatures I created with the java Signature class, but
not those I created in my C app with libgcrypt.

Here is my libgcrypt code for creating the signature:

char md5[16];

gcry_md_hash_buffer(GCRY_MD_MD5, md5, data, dataLen);
rc = gcry_sexp_build(&data_sexp, NULL, "(data(flags pkcs1)(hash md5 %b))",
(size_t)16, md5);
rc = gcry_pk_sign(&signature, data_sexp, privKey);

I am able to verify the libgcrypt signatures with libgcrypt itself, so I am
pretty sure I am just specifying some option wrong when creating the
signature, or I am misunderstanding how to include the md5 using libgcrypt
in a way that is compatible with the java Signature class.

Does anyone know how I can create signatures that are compatible with the
Signature class in the standard java libraries?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110609/a2c7980f/attachment-0001.htm>

More information about the Gcrypt-devel mailing list