JDK Tutorials - Herong's Tutorial Notes - JCA

JDK Tutorials - Herong's Tutorial Notes

Dr. Herong Yang, Version 4.32, 2006

JCA - Digital Signature

Part: 1 2 3 4 5

JDK Tutorials - Herong's Tutorial Notes © Dr. Herong Yang

Internationalization

Character Set and Encoding

Socket Communication

Document Object Model (DOM)

XSD Validation in Java

XSL - Transformer in Java

JCA - Private and Public Key Pairs

JCE - Secret Key

SSL (Secure Socket Layer)

SSL - Client Authentication

... Table of Contents

(Continued from previous part...)

The Signature Class

java.security.Signature is an abstract class providing a link to implementation classes of digital signature algorithms provided by various security package providers. Major methods in the KeyPairGenerator class:

getInstance() - Returns a Signature object of the specified algorithm from the implementation of the specified provider. If provider is not specified, the default implementation is used. This is a static method.

initSign() - Initializes the current Signature object with the specified private key to be ready to take input data for generating a new signature.

initVerify() - Initializes the current Signature object with the specified public key to be ready to take input data for verifying an existing signature.

update() - Adds more data to the current Signature object for signature generation or signature verification.

sign() - Generates a new signature for the input data received so far in the current Signature object, and returns the signature as a byte array. It also removes the input data.

verify() - Verifies the input data received so far in the current Signature object against the specified signature, and returns true or false. It also removes the input data.

getAlgorithm() - Returns the algorithm name of the current Signature object.

getProvider() - Returns the provider as a Provider object of the current Signature object.

Signature Sample Program - JcaSignatureTest.java

The following sample program shows you how to use signature algorithms provided by the default provider, generate signatures and verify the signatures.

/**
 * JcaSignatureTest.java
 * Copyright (c) 2002 by Dr. Herong Yang
 */
import java.io.*;
import java.security.*;
class JcaSignatureTest {
   public static void main(String[] a) {
      if (a.length<4) {
         System.out.println("Usage:");
         System.out.println("java JcaSignatureTest input output"
            +" keyAlgo signAlgo");
         return;
      }
      String input = a[0];
      String output = a[1];
      String keyAlgo = a[2];
      String signAlgo = a[3];
      try {
         KeyPair pair = getKeys(keyAlgo);
         PrivateKey priKey = pair.getPrivate();
         PublicKey pubKey = pair.getPublic();
         byte[] sign = sign(input,output,signAlgo,priKey);
         verify(input,signAlgo,sign,pubKey);
      } catch (Exception e) {
         System.out.println("Exception: "+e);
         return;
      }
   }
   private static KeyPair getKeys(String algorithm) throws Exception {
      KeyPairGenerator kg = KeyPairGenerator.getInstance(algorithm);
      int keySize = 512;
      kg.initialize(keySize);
      KeyPair pair = kg.generateKeyPair();
      return pair;
   }
   private static byte[] sign(String input, String output, 
      String algorithm, PrivateKey priKey) throws Exception {
      Signature sg = Signature.getInstance(algorithm);
      sg.initSign(priKey);
      System.out.println();
      System.out.println("Signature Object Info: ");
      System.out.println("Algorithm = "+sg.getAlgorithm());
      System.out.println("Provider = "+sg.getProvider());
      FileInputStream in = new FileInputStream(input);
      int bufSize = 1024;
      byte[] buffer = new byte[bufSize];
      int n = in.read(buffer,0,bufSize);
      int count = 0;
      while (n!=-1) {
         count += n;
         sg.update(buffer,0,n);
         n = in.read(buffer,0,bufSize);
      }
      in.close();
      FileOutputStream out = new FileOutputStream(output);
      byte[] sign = sg.sign();
      out.write(sign);
      out.close();
      System.out.println();
      System.out.println("Sign Processing Info: ");
      System.out.println("Number of input bytes = "+count);
      System.out.println("Number of output bytes = "+sign.length);
      return sign;
   }
   private static boolean verify(String input, String algorithm, 
         byte[] sign, PublicKey pubKey) throws Exception {
      Signature sg = Signature.getInstance(algorithm);
      sg.initVerify(pubKey);
      System.out.println();
      System.out.println("Signature Object Info: ");
      System.out.println("Algorithm = "+sg.getAlgorithm());
      System.out.println("Provider = "+sg.getProvider());
      FileInputStream in = new FileInputStream(input);
      int bufSize = 1024;
      byte[] buffer = new byte[bufSize];
      int n = in.read(buffer,0,bufSize);
      int count = 0;
      while (n!=-1) {
         count += n;
         sg.update(buffer,0,n);
         n = in.read(buffer,0,bufSize);
      }
      in.close();
      boolean ok = sg.verify(sign);
      System.out.println("Verify Processing Info: ");
      System.out.println("Number of input bytes = "+count);
      System.out.println("Verification result = "+ok);
      return ok;
   }
}

(Continued on next part...)

Part: 1 2 3 4 5

Dr. Herong Yang, updated in 2006

JDK Tutorials - Herong's Tutorial Notes - JCA - Digital Signature