From: Ronald T. <ron...@ia...> - 2009-09-09 09:23:32
|
Hi, While in general, for some complex cryptographic operations, the TCG specifications might require algorithms which are not supported by all of Sun's crypto providers, I do not think that this is the case here. jTSS uses "SHA-1" in exactly the same way as you do. I tend to believe that no incompatibilities between Sun and IAIK JCE implementations are likely at such a basic level. Rather check the string encodings of the text first. jTSS will, in accordance with the TSS specifications, use "UTF-16LE" by default. Please try text.getBytes(stringEncoding) and make sure that actually identical _byte_ arrays are hashed. Hoping to help, Ronald Arshad Noor wrote: > Hi, > > I'm having another problem related to SunJCE-JTSS interoperability; > I'm beginning to suspect I'm doing something wrong and hope someone > on the list can point me in the correct direction. > > I've generated a non-migratable signing key and used it to sign some > text. Upon using the JCE Signature object to verify the signature, > the verification always fails. Looking through the TestHash.java > source, I realized that it does not use the JCE for verification. > > I later ran a simple hash comparison and found that I'm getting > different values for the same text. That explains why the signature > never verifies with SunJCE; but why are the hashes different? Am I > missing something? > > Thanks for any pointers. > > Arshad Noor > StrongAuth, Inc. > > Same configuration as for the bind-unbind problem from this morning: > > JDK: 6 U15 - 64-bit > OS: CentOS 5.3 (Kernel 2.6.18-128.7.1.el5) > JTSS: 0.41 > TPM: STM 1.2.4.30 > > Sample test code: > ------------------ > String text = "The quick brown fox jumps over the lazy dog."; > TcBlobData tbs = TcBlobData.newString(text); > TcIHash sha1hash = > tpmctx.createHashObject(TcTssConstants.TSS_HASH_SHA1); > sha1hash.updateHashValue(tbs); > System.out.println("Hash from TPM is: " + new > String(Base64.encode(sha1hash.getHashValue().asByteArray()))); > MessageDigest md = MessageDigest.getInstance("SHA1"); > System.out.println("Hash from JCE is: " + new > String(Base64.encode(md.digest(text.getBytes())))); > ------------------ > -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Trusted Computing Labs fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |