Hello.

I am trying to generate a signature to the XML document according to GOST 34.10-2001, i use JCP cryptopro.

Canonicalizer canon = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); InputStream is2 = new ByteArrayInputStream(canon.canonicalize(outputStream2.toByteArray())); byte[] bb = canon.canonicalize(outputStream2.toByteArray()); svt.setValue(sign("CryptoProSignature", key, bb));

I initialize the storage as follows:

 KeyStore ks = KeyStore.getInstance("FloppyStore"); ks.load(null, null); PrivateKey key = (PrivateKey)ks.getKey("maiss", passwd.toCharArray());

So, the signature value is obtained each time different with the same input data. What could be the problem?

Thank you in advance.

    2 answers 2

    It should be so. When forming the ECC signature, a random point on the elliptic curve is used. Hence the non-deterministic result.

    Algorithm

    • I didn’t know that the RNG could be used for signing - Barmaley
    • Why? This, after all, increases reliability. - Nofate

    Why canonize XML? Maybe he bastard inserts somewhere taystamp canonization XML? Otherwise it is really difficult to explain.

    Do this: 1) check the input before submitting to the signature - is it different from the run to the run 2) try another signature algorithm - does it work? It seems to me GOST nothing to do with

    • Thanks for the answer! Without canonization, the same result, the input checked, is the same. Tried to even run, substituting the input "a".getBytes() , generated, again, a different output. I have two options left: 1. Somewhere in the algorithm time or gsch is used 2. Instead of the private key, something is not read from the container - mikh