Compatibility with Java 7+ RSA signatures

Compatibility with Java 7+ RSA signatures

As of Java version 7 and above the RSA digital signatures computation has been changed and signatures that were previously accepted by software build with Java may end being rejected with message like: “unable to verify signature: Signature length not correct: got 511 but was expecting 512

Solutions using DidiSoft OpenPGP Library for .NET may be affected when they send signed or signed and encrypted PGP data with software systems build in Java. A recent example we had was with TIBCO MFT, throwing the above mentioned error.

The technical explanation of the problem is that a digital signature consists of MPI (multi precision integers) which are kept in array of bits (not bytes!) and when serialized they may end being a number that is not divisible by two without reminder, which is not accepted by Java 7 and upper versions.

Version 1.8.3.5 of OpenPGP Library for .NET resolves this issue by padding with leading zero bytes up to a length power of two. If you encounter such behavior then please upgrade.