Wednesday, May 30, 2012

Re: [android-developers] Questions on Digital Signing and Verification

I haven't dealt with this yet, but my expectation is to generate a certificate on the server and then that should be used on iOS and Android.

I have no experience with it, but look at chilkatsoft.com, bit it will cost.

Also, you can look at the source for how the key is packaged and port it to iOS.

On May 30, 2012 9:00 PM, "Qin Ding" <qinding1@gmail.com> wrote:
I have an application that requires digital signing plain text messages on the client (Android and IOS) and the signature verification is performed on J2EE server.
For example, on Android, when the application is registered with my app, it generates a keypair on device. The private key is stored on device and publicKey is sent to server for future use. The private key is protected by a secret key only known to the user.  When the server sends the message for the client to sign, the private key is retrieved and the message is signed using the private key.  The result signature is sent to the server, which retrieves the user's publicKey and use it to verify the signature.  It works very well.

Now we have IOS customers.  When the publicKey and signature are generated on IOS device, I tried to send the IOS publicKey and signature as byte[] in a hope that I can reconstruct the publicKey from byte[] at the J2EE server.  It failed to rebuild the publicKey using X509PublicKeySpec.  How should I handle this using the publicKey and signature from non-java source.

I wonder if someone has the experience in verify digital signature using the publicKey and signature from IOS or RIM.  Thank you in advance for any pointers and ideas.

QD

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)