Question & Answer
Question
Why does digital signature verification fail on a WebSphere DataPower SOA appliance?
Answer
Error:
'Hash values do not match.' - This is returned for detached and enveloping signatures.
'Incorrect reference digest value' - This is returned for enveloped-signatures.
'RSA signature did not verify' - This is thrown for errors that occur while comparing the provided RSA signature to the generated version.
If you are still unable to verify digital signatures after investigating the causes above, contact DataPower support.
'Hash values do not match.' - This is returned for detached and enveloping signatures.
'Incorrect reference digest value' - This is returned for enveloped-signatures.
Cause:
The hash DataPower generated of the reference node(s) did not match the hash provided by the original signer in the DigestValue node. Typically this is caused by one of the following:
- The processing policy modified the data
- The message was modified by a intermediate node
- Improper handling by the signing application
Error:
'RSA signature did not verify' - This is thrown for errors that occur while comparing the provided RSA signature to the generated version.
Cause:
The most common causes are as follows:
- The device has an HSM that has not been initialized. RSA operations are not available on HSM enabled devices until the unit is initialized. For details on the initialization process, see Intializing the HSM
- The private key used to sign the request does not match the specified certificate. If both keys are already stored on DataPower, you can confirm that the keys match using an IDCred. If it is up after adding both keys, they match, otherwise they may not.
- The SignedInfo nodeset was modified after the signature was generated. This may occur for the same reasons as the hash/digest mismatch.
- The SignatureValue itself was modified.
- The signature verification is performed using a custom style sheet that is not implemented properly.
If you are still unable to verify digital signatures after investigating the causes above, contact DataPower support.
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"ARM Category":[{"code":"a8m50000000CdntAAC","label":"DataPower->Security (SE)"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
04 October 2021
UID
swg21418624