JDK Tutorials - Herong's Tutorial Notes - JCA

JDK Tutorials - Herong's Tutorial Notes

Dr. Herong Yang, Version 4.32, 2006

JCA - Digital Signature

Part: 1 2 3 4 5

JDK Tutorials - Herong's Tutorial Notes © Dr. Herong Yang

Internationalization

Character Set and Encoding

Socket Communication

Document Object Model (DOM)

XSD Validation in Java

XSL - Transformer in Java

JCA - Private and Public Key Pairs

JCE - Secret Key

SSL (Secure Socket Layer)

SSL - Client Authentication

... Table of Contents

This chapter describes some parts of the JCA (Java Cryptography Architecture) which has been included in JDK since 1.1:

What digital signature?
The Signing Process and the Verification Process
The Signature Class
Signature Sample Program - JcaSignatureTest.java
Signature Generation Program - JcaSign.java
Signature Verification Program - JcaVerify.java

What is Digital Signature?

Digital signature is a computer technology to protect digital data in two security areas: authentication and integrity.

The following diagram illustrates a common way to applying the digital signature technology to protect your data when sending it to someone else:

Sender                               Receiver

Public key      --> |          | --> Public key --
                    |          |                 |
Private key         |          |                 |
           |        |          |                 |
Data       |    --> |          | --> Data ------ |
   |       |        |          |               | |
   v       v        |          |               | |
   Signing process  | Delivery |               | |
      |             |          |               | |
      v             |          |               | |
      Signature --> |          | --> Signature | |
                    |          |        |      | |
                    |          |        v      v v
                    |          |        Verification process
                    |          |           |
                    |          |           v
                    |          |           OK?

As you can see in the above diagram, in order to apply the digital signature technology, the sender needs to:

Generate a private and public key pair.
Generate a signature from the data file with the private key.
Send the data, the signature, and the public key to the receiver.

The receiver needs to:

Verify the data with the signature and the public key.

The Signing Process and the Verification Process

Of course, the most important part of the digital signature technology is the signing process and the verification process.

The goal of the signing process is to produce a signature based on the original data, and the sender's private key. One way to do this is:

Generate a message digest out of the data.
Encrypt the message digest with the private key.
Collect the encrypted message digest as the signature.

Of course, the verification process needs to match the signing process:

Decrypt the received signature with the public key. The decrypted signature is the message digest of the original data.
Generate a message digest out of the received data using the same algorithm as in the signing process.
Comparing the message digest decrypted from the signature with the message digest generated from the received data. If they match, signature is verified ok. If not, verification failed.

(Continued on next part...)

Part: 1 2 3 4 5

Dr. Herong Yang, updated in 2006

JDK Tutorials - Herong's Tutorial Notes - JCA - Digital Signature