Is it possible to decrypt RSA sign value in JAVA?












0














So as far as I understand, sign usually comes with data, sign value is to make sure the data value has never been revised, the principle is to decrypt sign then compare with the data see if they are exactly the same, in Java it gives you true if they are, false otherwise.



my question is now: I get response from an API and it contains data and sign value, I can manage to decrypt the data (yes the data is encrypted as well) to get plaintext but somehow when it process to verify the sign it gives me false everytime.
now I'm wondering what's the difference between the decrypted sign and data, there must be some inconsistency as it gives me false.



is there the other way round to check it?










share|improve this question


















  • 2




    The signature is (essentially, ignore specifics) an asymmetrically encrypted hash of the data. To verify, you use the public key to "decrypt" the hash and compare it to a hash of the received data. A cryptographic hash is by definition a surjective function and therefore cannot be reversed. So short answer, no - without looking at the plaintext data on both sides of the interaction there is no way to determine what the difference is.
    – Boris the Spider
    Nov 21 '18 at 15:09












  • Perhaps the signature is over the ciphertext and not the plaintext?
    – James K Polk
    Nov 21 '18 at 15:20
















0














So as far as I understand, sign usually comes with data, sign value is to make sure the data value has never been revised, the principle is to decrypt sign then compare with the data see if they are exactly the same, in Java it gives you true if they are, false otherwise.



my question is now: I get response from an API and it contains data and sign value, I can manage to decrypt the data (yes the data is encrypted as well) to get plaintext but somehow when it process to verify the sign it gives me false everytime.
now I'm wondering what's the difference between the decrypted sign and data, there must be some inconsistency as it gives me false.



is there the other way round to check it?










share|improve this question


















  • 2




    The signature is (essentially, ignore specifics) an asymmetrically encrypted hash of the data. To verify, you use the public key to "decrypt" the hash and compare it to a hash of the received data. A cryptographic hash is by definition a surjective function and therefore cannot be reversed. So short answer, no - without looking at the plaintext data on both sides of the interaction there is no way to determine what the difference is.
    – Boris the Spider
    Nov 21 '18 at 15:09












  • Perhaps the signature is over the ciphertext and not the plaintext?
    – James K Polk
    Nov 21 '18 at 15:20














0












0








0







So as far as I understand, sign usually comes with data, sign value is to make sure the data value has never been revised, the principle is to decrypt sign then compare with the data see if they are exactly the same, in Java it gives you true if they are, false otherwise.



my question is now: I get response from an API and it contains data and sign value, I can manage to decrypt the data (yes the data is encrypted as well) to get plaintext but somehow when it process to verify the sign it gives me false everytime.
now I'm wondering what's the difference between the decrypted sign and data, there must be some inconsistency as it gives me false.



is there the other way round to check it?










share|improve this question













So as far as I understand, sign usually comes with data, sign value is to make sure the data value has never been revised, the principle is to decrypt sign then compare with the data see if they are exactly the same, in Java it gives you true if they are, false otherwise.



my question is now: I get response from an API and it contains data and sign value, I can manage to decrypt the data (yes the data is encrypted as well) to get plaintext but somehow when it process to verify the sign it gives me false everytime.
now I'm wondering what's the difference between the decrypted sign and data, there must be some inconsistency as it gives me false.



is there the other way round to check it?







java encryption rsa sign






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 21 '18 at 15:05









muchHassle

113




113








  • 2




    The signature is (essentially, ignore specifics) an asymmetrically encrypted hash of the data. To verify, you use the public key to "decrypt" the hash and compare it to a hash of the received data. A cryptographic hash is by definition a surjective function and therefore cannot be reversed. So short answer, no - without looking at the plaintext data on both sides of the interaction there is no way to determine what the difference is.
    – Boris the Spider
    Nov 21 '18 at 15:09












  • Perhaps the signature is over the ciphertext and not the plaintext?
    – James K Polk
    Nov 21 '18 at 15:20














  • 2




    The signature is (essentially, ignore specifics) an asymmetrically encrypted hash of the data. To verify, you use the public key to "decrypt" the hash and compare it to a hash of the received data. A cryptographic hash is by definition a surjective function and therefore cannot be reversed. So short answer, no - without looking at the plaintext data on both sides of the interaction there is no way to determine what the difference is.
    – Boris the Spider
    Nov 21 '18 at 15:09












  • Perhaps the signature is over the ciphertext and not the plaintext?
    – James K Polk
    Nov 21 '18 at 15:20








2




2




The signature is (essentially, ignore specifics) an asymmetrically encrypted hash of the data. To verify, you use the public key to "decrypt" the hash and compare it to a hash of the received data. A cryptographic hash is by definition a surjective function and therefore cannot be reversed. So short answer, no - without looking at the plaintext data on both sides of the interaction there is no way to determine what the difference is.
– Boris the Spider
Nov 21 '18 at 15:09






The signature is (essentially, ignore specifics) an asymmetrically encrypted hash of the data. To verify, you use the public key to "decrypt" the hash and compare it to a hash of the received data. A cryptographic hash is by definition a surjective function and therefore cannot be reversed. So short answer, no - without looking at the plaintext data on both sides of the interaction there is no way to determine what the difference is.
– Boris the Spider
Nov 21 '18 at 15:09














Perhaps the signature is over the ciphertext and not the plaintext?
– James K Polk
Nov 21 '18 at 15:20




Perhaps the signature is over the ciphertext and not the plaintext?
– James K Polk
Nov 21 '18 at 15:20












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414929%2fis-it-possible-to-decrypt-rsa-sign-value-in-java%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414929%2fis-it-possible-to-decrypt-rsa-sign-value-in-java%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

404 Error Contact Form 7 ajax form submitting

How to know if a Active Directory user can login interactively

Refactoring coordinates for Minecraft Pi buildings written in Python