Re: initVerify in JSS

[Patrick]

The public key is gotten from the certificate stored in certFile (in base64 encoding). So the logic looks something like:   Signature sig = nssToken.getSignatureContext(SignatureAlgorithm.RSASignatureWithSHA1Digest); InputStream inStream = new FileInputStream(certFile); java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509"); java.security.PublicKey pubKey = ((java.security.cert.X509Certificate)cf.generateCertificate(inStream)).getPublicKey(); sig.initVerify(pubKey);   -- P "Jamie Nicolson" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick wrote: 3bfb9333$[EMAIL PROTECTED]" type="cite"> Yes it is. The private key is my NSS internal key token (NSS cert db). -- P OK, the private key is on an NSS token. But where did the public key come from? 3bfb9333$[EMAIL PROTECTED]" type="cite"> "Jamie Nicolson" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well, is it a PKCS #11 public key? JSS can only work with keys that it possesses. You can't give it a public key you created with the JDK. Patrick wrote: I get this error when doing a sig.initVerify(pubKey), using JSS' Signature: java.security.InvalidKeyException: publicKey is not a PKCS #11 public key at org.mozilla.jss.pkcs11.PK11Signature.engineInitVerify(PK11Signature.java:17 2 ) at org.mozilla.jss.crypto.Signature.initVerify(Signature.java:95) when I use Sun's java.security.Signature, I don't get that error... -- P