Java Signature.verify results in SignatureException: Signature encoding error Caused by IOException: Sequence tag error

Question

first of all this is not a duplicate question as most people report this exception when creating a Public Key from a Certificate which is missing \"---BEGIN RSA CERTIFICATE

Answer 1

You've moved your smart card provider in front of the other providers on Java SE, and for some reason it is also trying to verify RSA signatures instead of just using it for RSA private key operations.

There are a few methods of solving this:

1. if you are using the same signature instance for verification, then use a different one for the verification with the public key
2. if that doesn't solve your problem, try and see if you can move the smart card provider down in the list of providers in the Security class (check the JCA documentation on how to do this)
3. otherwise simply provide the correct provider using the Signature class, I would recommend specifying "SunRsaSign" (you may want to make this string configurable)
4. explain to the company behind com.mse that they should implement delayed provider selection correctly and not gobble up software public keys for use in their hardware device

Note that talking about "server side" is very confusing as the smart card acts as a server. "Terminal side" and "card side" would be a much more clear.