I have an application where I've to verify digital signatures from different users. These users are programming is different languages/platforms, such as .NET, JAVA, C, etc; yet may application is developed in Erlang/OTP. When I test may application from the Erlang/OTP platform everything works as expected but it fails when used from other platforms.
Here is the section for verifying the signatures.
Signature - Base64 enconded string digital signature as
recieved from users.
SignBinData - is obtained by reconstructing a String (using data
that was md5 digested and used to generate the signature), that is,
SignBinData = term_to_binary(String)
Then verifying the signature using
public_key:verify(SignBinData, md5, base64:decode(Signature), UserPublicKey).
I test this implementation in the Erlang/OTP using this approach:
- Generate a string according to stated procedure.
- Convert the string to binary using
term_to_binary/1. - Digitally sign the string(binary) using the private key with MD5 as the digest type. (I use the public key to verify this).
- Base64 encode the signature output and generate a base64 encoded string. This base64 encoded string output is the Signature.
My issue is that where as I use term_to_binary/1 to manage binaries, my users don't know such and it is not applicable to them anyway and thus use their own applicable methods like those in Java have such;
... some left out code ...
String s = SignatureStringData;
byte[] data = s.getBytes("UTF-8");
signature.update(data);
byte[] digitalSignature = signature.sign();
to generate the digital signatures, that I'm finding impossible to verify.
My question is that, is the way I'm implementing it in Erlang the universal way to handle digital signatures from across all other platforms in Erlang or there is another way and this is only applicable to Erlang/OTP users only? Thank you.