Signing and verifying digital signatures in Erlang/OTP from other languages
up vote
0
down vote
favorite
I have an application where I've to verify digital signatures from different users. These users are programming is different languages/platforms, such as .NET, JAVA, C, etc; yet may application is developed in Erlang/OTP. When I test may application from the Erlang/OTP platform everything works as expected but it fails when used from other platforms.
Here is the section for verifying the signatures.
Signature - Base64 enconded string digital signature as
recieved from users.
SignBinData - is obtained by reconstructing a String (using data
that was md5 digested and used to generate the signature), that is,
SignBinData = term_to_binary(String)
Then verifying the signature using
public_key:verify(SignBinData, md5, base64:decode(Signature), UserPublicKey).
I test this implementation in the Erlang/OTP using this approach:
- Generate a string according to stated procedure.
- Convert the string to binary using
term_to_binary/1
. - Digitally sign the string(binary) using the private key with MD5 as the digest type. (I use the public key to verify this).
- Base64 encode the signature output and generate a base64 encoded string. This base64 encoded string output is the Signature.
My issue is that where as I use term_to_binary/1
to manage binaries, my users don't know such and it is not applicable to them anyway and thus use their own applicable methods like those in Java have such;
... some left out code ...
String s = SignatureStringData;
byte data = s.getBytes("UTF-8");
signature.update(data);
byte digitalSignature = signature.sign();
to generate the digital signatures, that I'm finding impossible to verify.
My question is that, is the way I'm implementing it in Erlang the universal way to handle digital signatures from across all other platforms in Erlang or there is another way and this is only applicable to Erlang/OTP users only? Thank you.
erlang elixir otp yaws nitrogen
add a comment |
up vote
0
down vote
favorite
I have an application where I've to verify digital signatures from different users. These users are programming is different languages/platforms, such as .NET, JAVA, C, etc; yet may application is developed in Erlang/OTP. When I test may application from the Erlang/OTP platform everything works as expected but it fails when used from other platforms.
Here is the section for verifying the signatures.
Signature - Base64 enconded string digital signature as
recieved from users.
SignBinData - is obtained by reconstructing a String (using data
that was md5 digested and used to generate the signature), that is,
SignBinData = term_to_binary(String)
Then verifying the signature using
public_key:verify(SignBinData, md5, base64:decode(Signature), UserPublicKey).
I test this implementation in the Erlang/OTP using this approach:
- Generate a string according to stated procedure.
- Convert the string to binary using
term_to_binary/1
. - Digitally sign the string(binary) using the private key with MD5 as the digest type. (I use the public key to verify this).
- Base64 encode the signature output and generate a base64 encoded string. This base64 encoded string output is the Signature.
My issue is that where as I use term_to_binary/1
to manage binaries, my users don't know such and it is not applicable to them anyway and thus use their own applicable methods like those in Java have such;
... some left out code ...
String s = SignatureStringData;
byte data = s.getBytes("UTF-8");
signature.update(data);
byte digitalSignature = signature.sign();
to generate the digital signatures, that I'm finding impossible to verify.
My question is that, is the way I'm implementing it in Erlang the universal way to handle digital signatures from across all other platforms in Erlang or there is another way and this is only applicable to Erlang/OTP users only? Thank you.
erlang elixir otp yaws nitrogen
Is list_to_binary/1 what should be used?
– Vianney Sserwanga
Nov 10 at 17:00
Yes, I suspectlist_to_binary/1
is what you want to use.
– chops
Nov 10 at 21:11
1
I've come to notice thatunicode:charaters_to_binary(Data::list(), utf8)
clears the ambiguity since it explicitly states the encoding type.list_to_binary/1
produces similar results but you have to be knowing that it results in UTF-8 encoded byte strings (binaries).term_to_binary/1
is platform dependent and only usable within Erlang environment and may be incompatible among different OTP releases.
– Vianney Sserwanga
Nov 11 at 8:29
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have an application where I've to verify digital signatures from different users. These users are programming is different languages/platforms, such as .NET, JAVA, C, etc; yet may application is developed in Erlang/OTP. When I test may application from the Erlang/OTP platform everything works as expected but it fails when used from other platforms.
Here is the section for verifying the signatures.
Signature - Base64 enconded string digital signature as
recieved from users.
SignBinData - is obtained by reconstructing a String (using data
that was md5 digested and used to generate the signature), that is,
SignBinData = term_to_binary(String)
Then verifying the signature using
public_key:verify(SignBinData, md5, base64:decode(Signature), UserPublicKey).
I test this implementation in the Erlang/OTP using this approach:
- Generate a string according to stated procedure.
- Convert the string to binary using
term_to_binary/1
. - Digitally sign the string(binary) using the private key with MD5 as the digest type. (I use the public key to verify this).
- Base64 encode the signature output and generate a base64 encoded string. This base64 encoded string output is the Signature.
My issue is that where as I use term_to_binary/1
to manage binaries, my users don't know such and it is not applicable to them anyway and thus use their own applicable methods like those in Java have such;
... some left out code ...
String s = SignatureStringData;
byte data = s.getBytes("UTF-8");
signature.update(data);
byte digitalSignature = signature.sign();
to generate the digital signatures, that I'm finding impossible to verify.
My question is that, is the way I'm implementing it in Erlang the universal way to handle digital signatures from across all other platforms in Erlang or there is another way and this is only applicable to Erlang/OTP users only? Thank you.
erlang elixir otp yaws nitrogen
I have an application where I've to verify digital signatures from different users. These users are programming is different languages/platforms, such as .NET, JAVA, C, etc; yet may application is developed in Erlang/OTP. When I test may application from the Erlang/OTP platform everything works as expected but it fails when used from other platforms.
Here is the section for verifying the signatures.
Signature - Base64 enconded string digital signature as
recieved from users.
SignBinData - is obtained by reconstructing a String (using data
that was md5 digested and used to generate the signature), that is,
SignBinData = term_to_binary(String)
Then verifying the signature using
public_key:verify(SignBinData, md5, base64:decode(Signature), UserPublicKey).
I test this implementation in the Erlang/OTP using this approach:
- Generate a string according to stated procedure.
- Convert the string to binary using
term_to_binary/1
. - Digitally sign the string(binary) using the private key with MD5 as the digest type. (I use the public key to verify this).
- Base64 encode the signature output and generate a base64 encoded string. This base64 encoded string output is the Signature.
My issue is that where as I use term_to_binary/1
to manage binaries, my users don't know such and it is not applicable to them anyway and thus use their own applicable methods like those in Java have such;
... some left out code ...
String s = SignatureStringData;
byte data = s.getBytes("UTF-8");
signature.update(data);
byte digitalSignature = signature.sign();
to generate the digital signatures, that I'm finding impossible to verify.
My question is that, is the way I'm implementing it in Erlang the universal way to handle digital signatures from across all other platforms in Erlang or there is another way and this is only applicable to Erlang/OTP users only? Thank you.
erlang elixir otp yaws nitrogen
erlang elixir otp yaws nitrogen
edited Nov 11 at 8:31
asked Nov 10 at 16:39
Vianney Sserwanga
7810
7810
Is list_to_binary/1 what should be used?
– Vianney Sserwanga
Nov 10 at 17:00
Yes, I suspectlist_to_binary/1
is what you want to use.
– chops
Nov 10 at 21:11
1
I've come to notice thatunicode:charaters_to_binary(Data::list(), utf8)
clears the ambiguity since it explicitly states the encoding type.list_to_binary/1
produces similar results but you have to be knowing that it results in UTF-8 encoded byte strings (binaries).term_to_binary/1
is platform dependent and only usable within Erlang environment and may be incompatible among different OTP releases.
– Vianney Sserwanga
Nov 11 at 8:29
add a comment |
Is list_to_binary/1 what should be used?
– Vianney Sserwanga
Nov 10 at 17:00
Yes, I suspectlist_to_binary/1
is what you want to use.
– chops
Nov 10 at 21:11
1
I've come to notice thatunicode:charaters_to_binary(Data::list(), utf8)
clears the ambiguity since it explicitly states the encoding type.list_to_binary/1
produces similar results but you have to be knowing that it results in UTF-8 encoded byte strings (binaries).term_to_binary/1
is platform dependent and only usable within Erlang environment and may be incompatible among different OTP releases.
– Vianney Sserwanga
Nov 11 at 8:29
Is list_to_binary/1 what should be used?
– Vianney Sserwanga
Nov 10 at 17:00
Is list_to_binary/1 what should be used?
– Vianney Sserwanga
Nov 10 at 17:00
Yes, I suspect
list_to_binary/1
is what you want to use.– chops
Nov 10 at 21:11
Yes, I suspect
list_to_binary/1
is what you want to use.– chops
Nov 10 at 21:11
1
1
I've come to notice that
unicode:charaters_to_binary(Data::list(), utf8)
clears the ambiguity since it explicitly states the encoding type. list_to_binary/1
produces similar results but you have to be knowing that it results in UTF-8 encoded byte strings (binaries). term_to_binary/1
is platform dependent and only usable within Erlang environment and may be incompatible among different OTP releases.– Vianney Sserwanga
Nov 11 at 8:29
I've come to notice that
unicode:charaters_to_binary(Data::list(), utf8)
clears the ambiguity since it explicitly states the encoding type. list_to_binary/1
produces similar results but you have to be knowing that it results in UTF-8 encoded byte strings (binaries). term_to_binary/1
is platform dependent and only usable within Erlang environment and may be incompatible among different OTP releases.– Vianney Sserwanga
Nov 11 at 8:29
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53241089%2fsigning-and-verifying-digital-signatures-in-erlang-otp-from-other-languages%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Is list_to_binary/1 what should be used?
– Vianney Sserwanga
Nov 10 at 17:00
Yes, I suspect
list_to_binary/1
is what you want to use.– chops
Nov 10 at 21:11
1
I've come to notice that
unicode:charaters_to_binary(Data::list(), utf8)
clears the ambiguity since it explicitly states the encoding type.list_to_binary/1
produces similar results but you have to be knowing that it results in UTF-8 encoded byte strings (binaries).term_to_binary/1
is platform dependent and only usable within Erlang environment and may be incompatible among different OTP releases.– Vianney Sserwanga
Nov 11 at 8:29