We used a Java library called license management. The library uses asymmetric encryption and relies on Bouncycastle. We create a license file using a simple command and check the license in our software using our public key. So far, everything has been working fine. BUT: in 1000 generated licenses there is a very small fraction that cannot be verified correctly, although they are valid (approximately 5/1000). license3jgpg
What happens in this case: when you need to check in , throws the following exception: com.verhas.licensor.License.setLicenseEncoded(InputStream) com.verhas.licensor.License.setLicenseEncoded(InputStream) org.bouncycastle.openpgp.PGPOnePassSignature.verify(PGPSignature)
org.bouncycastle.openpgp.PGPRuntimeOperationException: unable to verify signature: Signature length not correct: got 511 but was expecting 512
It sounds rather obscure to me, having only basic knowledge in the field of cryptography. Spending hours, googling, gave me a hint that there is something about the "leading zeros". Thus, in this example, it is obvious that the initial zero was deleted somewhere (where?), And the signature data lengths for comparison do not match. Has the meaning.
Now I have no idea where the problem could be located. Is this when creating a license file? Essentially, just doing the following:
gpg --armor --local-user=name.of.software --sign
Which will give us the license file.
? - Bouncycastle ? , License3j , - Cipher, , API.
, , , , . , .