I get an HTTP request that comes in the HEADER a signature (SHA1). I have, stored in a String, a private key. I need to generate the signature between the BODY of the HTTP request and my key and compare it with the signature that comes in the HEADER. I tried it as follows:
public static boolean checkSignature(String body, String key, String assinatura) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, InvalidKeyException, SignatureException{
Signature sig = Signature.getInstance("SHA1withRSA");
PublicKey pkey;
byte encKey[] = key.getBytes();
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encKey);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
sig.initVerify(pubKey);
sig.update(body.getBytes());
return sig.verify(assinatura.getBytes());
}
However, an error occurs in keyFactory.generatePublic (pubKeySpec). The java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format exception is thrown. I have already tried with SHA1withDSA as well. My key is in String. Do I need to turn it to some other format? How do I solve this? Thank you in advance.
Anderson