I read the certificate form a .pfx file and extract keys: PUBLICKEY cert = ks.getCertificate(alias); X509Certificate X509 = (X509Certificate) cert; publicKey = cert.getPublicKey();
PRIVATEKEY key = ks.getKey(alias, senha.toCharArray()); if (key instanceof PrivateKey) { privateKey = (PrivateKey) key; } I know that the publicKey is correct because they match with dotNET file. In the new version of my app i verify the privateKey using the code below. Signature signer = null; signer = Signature.getInstance("SHA1withRSA"); signer.initSign( privateKey ); signer.update(msg.getBytes("UTF-8")); byte[] theSignature = null; theSignature = signer.sign(); Log.d("theSignature ---> ", theSignature.toString()); Signature sig = null; sig = Signature.getInstance("SHA1withRSA"); sig.initVerify(publicKey); sig.update(msg.getBytes("UTF-8")); boolean verifies = false; verifies = sig.verify(theSignature); if(verifies){ Log.d("SIGNATURE OK","SIGNATURE OK"); Log.d("Signature ",Base64.encodeToString(theSignature, Base64.NO_PADDING)); }else{ Log.d("SIGNATURE NÃO OK","SIGNATURE NÃO OK"); The message in Log is "SIGNATURE OK", then I presume that privateKey is OK too. If this is right, then the error must be in format of theSignature. Maybe the signature have a header or footer like public key (-----BEGIN CERTIFICATE-----) that interfer in the Base64.encodeToString. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en