Is it possible to decrypt RSA sign value in JAVA?
So as far as I understand, sign usually comes with data, sign value is to make sure the data value has never been revised, the principle is to decrypt sign then compare with the data see if they are exactly the same, in Java it gives you true if they are, false otherwise.
my question is now: I get response from an API and it contains data and sign value, I can manage to decrypt the data (yes the data is encrypted as well) to get plaintext but somehow when it process to verify the sign it gives me false everytime.
now I'm wondering what's the difference between the decrypted sign and data, there must be some inconsistency as it gives me false.
is there the other way round to check it?
java encryption rsa sign
asked Nov 21 '18 at 15:05
muchHassle
113
add a comment |
So as far as I understand, sign usually comes with data, sign value is to make sure the data value has never been revised, the principle is to decrypt sign then compare with the data see if they are exactly the same, in Java it gives you true if they are, false otherwise.
my question is now: I get response from an API and it contains data and sign value, I can manage to decrypt the data (yes the data is encrypted as well) to get plaintext but somehow when it process to verify the sign it gives me false everytime.
now I'm wondering what's the difference between the decrypted sign and data, there must be some inconsistency as it gives me false.
is there the other way round to check it?
java encryption rsa sign
asked Nov 21 '18 at 15:05
muchHassle
113
2
The signature is (essentially, ignore specifics) an asymmetrically encrypted hash of the data. To verify, you use the public key to "decrypt" the hash and compare it to a hash of the received data. A cryptographic hash is by definition a surjective function and therefore cannot be reversed. So short answer, no - without looking at the plaintext data on both sides of the interaction there is no way to determine what the difference is.
– Boris the Spider
Nov 21 '18 at 15:09
Perhaps the signature is over the ciphertext and not the plaintext?
– James K Polk
Nov 21 '18 at 15:20
add a comment |
So as far as I understand, sign usually comes with data, sign value is to make sure the data value has never been revised, the principle is to decrypt sign then compare with the data see if they are exactly the same, in Java it gives you true if they are, false otherwise.
my question is now: I get response from an API and it contains data and sign value, I can manage to decrypt the data (yes the data is encrypted as well) to get plaintext but somehow when it process to verify the sign it gives me false everytime.
now I'm wondering what's the difference between the decrypted sign and data, there must be some inconsistency as it gives me false.
is there the other way round to check it?
java encryption rsa sign
asked Nov 21 '18 at 15:05
muchHassle
113
So as far as I understand, sign usually comes with data, sign value is to make sure the data value has never been revised, the principle is to decrypt sign then compare with the data see if they are exactly the same, in Java it gives you true if they are, false otherwise.
my question is now: I get response from an API and it contains data and sign value, I can manage to decrypt the data (yes the data is encrypted as well) to get plaintext but somehow when it process to verify the sign it gives me false everytime.
now I'm wondering what's the difference between the decrypted sign and data, there must be some inconsistency as it gives me false.
is there the other way round to check it?
java encryption rsa sign
java encryption rsa sign
asked Nov 21 '18 at 15:05
muchHassle
113
asked Nov 21 '18 at 15:05
muchHassle
113
asked Nov 21 '18 at 15:05
muchHassle
113
asked Nov 21 '18 at 15:05
muchHassle
113
asked Nov 21 '18 at 15:05
muchHassle
113
113
2
The signature is (essentially, ignore specifics) an asymmetrically encrypted hash of the data. To verify, you use the public key to "decrypt" the hash and compare it to a hash of the received data. A cryptographic hash is by definition a surjective function and therefore cannot be reversed. So short answer, no - without looking at the plaintext data on both sides of the interaction there is no way to determine what the difference is.
– Boris the Spider
Nov 21 '18 at 15:09
Perhaps the signature is over the ciphertext and not the plaintext?
– James K Polk
Nov 21 '18 at 15:20
add a comment |
2
The signature is (essentially, ignore specifics) an asymmetrically encrypted hash of the data. To verify, you use the public key to "decrypt" the hash and compare it to a hash of the received data. A cryptographic hash is by definition a surjective function and therefore cannot be reversed. So short answer, no - without looking at the plaintext data on both sides of the interaction there is no way to determine what the difference is.
– Boris the Spider
Nov 21 '18 at 15:09
Perhaps the signature is over the ciphertext and not the plaintext?
– James K Polk
Nov 21 '18 at 15:20
2
2
The signature is (essentially, ignore specifics) an asymmetrically encrypted hash of the data. To verify, you use the public key to "decrypt" the hash and compare it to a hash of the received data. A cryptographic hash is by definition a surjective function and therefore cannot be reversed. So short answer, no - without looking at the plaintext data on both sides of the interaction there is no way to determine what the difference is.
– Boris the Spider
Nov 21 '18 at 15:09
The signature is (essentially, ignore specifics) an asymmetrically encrypted hash of the data. To verify, you use the public key to "decrypt" the hash and compare it to a hash of the received data. A cryptographic hash is by definition a surjective function and therefore cannot be reversed. So short answer, no - without looking at the plaintext data on both sides of the interaction there is no way to determine what the difference is.
– Boris the Spider
Nov 21 '18 at 15:09
Perhaps the signature is over the ciphertext and not the plaintext?
– James K Polk
Nov 21 '18 at 15:20
Perhaps the signature is over the ciphertext and not the plaintext?
– James K Polk
Nov 21 '18 at 15:20
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414929%2fis-it-possible-to-decrypt-rsa-sign-value-in-java%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414929%2fis-it-possible-to-decrypt-rsa-sign-value-in-java%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
The signature is (essentially, ignore specifics) an asymmetrically encrypted hash of the data. To verify, you use the public key to "decrypt" the hash and compare it to a hash of the received data. A cryptographic hash is by definition a surjective function and therefore cannot be reversed. So short answer, no - without looking at the plaintext data on both sides of the interaction there is no way to determine what the difference is.
– Boris the Spider
Nov 21 '18 at 15:09
Perhaps the signature is over the ciphertext and not the plaintext?
– James K Polk
Nov 21 '18 at 15:20