PKCS11验证签名错误：签名编码错误导致序列标记错误

Question

我试图验证文档的签名，但是我收到以下错误：

  

线程中的异常＆＃34; main＆＃34; java.security.SignatureException：签名   编码错误   sun.security.rsa.RSASignature.engineVerify（RSASignature.java:204）at at   java.security.Signature $ Delegate.engineVerify（Signature.java:1219）at   java.security.Signature.verify（Signature.java:652）at   VerSign.VerSign.main（VerSign.java:78）       引发者：java.io.IOException：sun.security.util.DerInputStream.getSequence（DerInputStream.java:297）中的序列标记错误     在   sun.security.rsa.RSASignature.decodeSignature（RSASignature.java:229）     at sun.security.rsa.RSASignature.engineVerify（RSASignature.java:195）     ......还有3个

我在SUNPKCS11提供商处使用智能卡。

- 签署 -

String configName = "/media/sf_Share_SI_Mint/conf";
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p); 
KeyStore ks = KeyStore.getInstance("PKCS11",p);  
ks.load(null,null);
String assinaturaCertifLabel = "CITIZEN SIGNATURE CERTIFICATE";
PrivateKey pk = (PrivateKey) ks.getKey(assinaturaCertifLabel, null);
Certificate cert = ks.getCertificate(assinaturaCertifLabel);

byte[] sig = signDocument((PrivateKey)pk,p);

FileOutputStream sigfos = new FileOutputStream("sig");
sigfos.write(sig);
sigfos.close();

byte[] certificado = cert.getEncoded();
FileOutputStream fos = new FileOutputStream("cert");
fos.write(certificado);
fos.close();

private static byte[] signDocument(PrivateKey privateKey, Provider p) throws GeneralSecurityException, FileNotFoundException, IOException {

            Signature signatureAlgorithm = Signature.getInstance("SHA256withRSA", p);
            signatureAlgorithm.initSign(privateKey);
            FileInputStream fich = new FileInputStream("Documento");
            byte[] doc = new byte[fich.available()];
            fich.read(doc); 
            signatureAlgorithm.update(doc);           
            byte[] digitalSignature = signatureAlgorithm.sign();

            return digitalSignature;


}

- 验证 -

CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream certfis = new FileInputStream(args[0]);
X509Certificate cert = (X509Certificate)cf.generateCertificate(certfis);
certfis.close();

PublicKey pubKey = cert.getPublicKey();

FileInputStream sigfis = new FileInputStream(args[1]);
byte[] sigToVerify = new byte[sigfis.available()]; 
sigfis.read(sigToVerify);
sigfis.close();

Signature sig = Signature.getInstance("SHA256withRSA");
sig.initVerify(pubKey);

FileInputStream datafis = new FileInputStream(args[2]);
byte[] doc = new byte[datafis.available()];
datafis.read(doc);
sig.update(doc);
datafis.close();

boolean verifies = sig.verify(sigToVerify);
System.out.println("signature verifies: " + verifies);