Sign and Unsigning data over http

shariff@EDS-CLEF.demon.co.uk
Tue, 8 Sep 1998 12:59:50 +0000

Hi all!!

I am trying to sign and unsign data over http.
I am using JDK 1.1.
This is what I have done so far:

1. I have an applet that takes in the data to be signed.

2. I have a servlet that is running in Java Web Server 1.1.

3. I enter the data at the applet.

4. The applet then sends the data to the servlet.

5. The servlet generates a key pair and signs the data with its
private key. The servlet maintains a copy of the key pair. The
signature is sent back to the applet.

6. The applet displays the signature and then sends that signature
back to the servlet for verification.

7. The servlet verifies the signature with its public key and sends
back 'ok' or 'fail' depending on the results.

My problem is that I cannot seem to get the servlet to verify the
signature. I have followed the tutorial 'Using Security API to
Generate and Verify a Signature'
(http://java.sun.com/docs/books/security1.1/api)
I have used UCEncode from sun.misc. package to encode the signature
before sending over HTTP.
I have put in several tracing statements in the servlet and I have
found the following:
1. The signature send and received are the same. The equals method
returns true. But the verification still fails.
2. The encoded signatures , sent and received, are the identical.

Could you help me please?

Shariff