1

Programming in Java.

I have an RSA key-pair, a document, and a signature created with the Java Signature class, using SHA512WithRSA. In order to verify the signature, of course, I need to provide the

  • public key,
  • signature,
  • document.

Is it possible to verify the owner of the signature, using only:

  • public key
  • signature
otus
  • 32,132
  • 5
  • 70
  • 165
KrNeki
  • 97
  • 1
  • 4

1 Answers1

1

No.

An RSA signature is just a single number, encoded in a certain way. The number represents $x^d$, where $x$ is a padded hash of the document and $d$ the private exponent. If you know a public key $(m,e)$, you can calculate $x = (x^d)^e \mod m$, but without a document (or at least its hash) there is nothing to compare it with to verify anything.

The only thing you can check is whether the signature matches the size of the key (e.g. both 2048 bits). If it doesn't, it clearly isn't from that key, but that's it.

Community
  • 1
otus
  • 32,132
  • 5
  • 70
  • 165
  • Thank you for an answer. Your last comment (signature's size is the same as key size) helped a lot as well. – KrNeki Sep 14 '14 at 14:17