Update signing examples to produce signatures that can be verified with QZ Tray
mtoo020 opened this issue · comments
Signing using the example code in sign-message.java
causes an Invalid Signature error when verifying with QZ Tray.
The cause is:
Certificate.isSignatureVerified()
hashes the data: DigestUtils.sha256Hex(data)
sign-message.java
doesn't: sig.update(data.getBytes())
So for sign-message.java
, please can you change:
sig.update(data.getBytes());
to
sig.update(StringUtils.getBytesUtf8(DigestUtils.sha256Hex(data)));
Certificate.isSignatureVerified()
hashes the data:DigestUtils.sha256Hex(data)
sign-message.java
doesn't:sig.update(data.getBytes())
Correct, none of our signing examples hash the data because setSignaturePromise(...)
does this automatically.
Lines 246 to 255 in 3b1d953
Thanks Tres. It turned out that I was using a p12 with a correct certificate but the wrong private key. I corrected the p12 and signing and verifying worked as expected. Thanks again for your help.
Thanks for the update. :)