I’ve spent quite amount of time now to find out why can’t i verify at
server side (written in Java) a signature done in Ruby.
Here’s some of the code from Ruby side:
private_key = OpenSSL::PKey::RSA.new(File.read(‘priv.pem’))
digest = Digest::SHA1.digest(data)
signed = Base64.encode64(private_key.private_encrypt(digest))
parameters.merge! ‘my_data’ => signed.gsub(/[\r\n]/, ‘’)
And at the Java side verification fails. It works with another real
services so the problem cannot be at Java side.
After some inspection, i’ve extracted public key from priv.pem with
openssl in PEM format and tried private_key.public_key() which also
returns a public key in PEM format, but it is different!
How is it possible that using Ruby’s OpenSSL::PKey::RSA#public_key
returns different public key than using openssl on command line?
I suspect that to be a culprit of the problem, but i’m not sure. I don’t
even understand how can that happen…
I also tried to sign the same data with the same private key at Java
side and got a different base64 output than Ruby…
I also tried to sign and verify with the same keys using openssl command
line tool and were successful.
Data has only ASCII characters although let’s not forget that in Java
UTF-8 is default. Could there be any encoding issues?
Anyway, any help or suggestion is welcome.