JDK Tutorials - Herong's Tutorial Examples - Version 6.02, by Dr. Herong Yang
JcaVerify.java - Signature Verification Sample Program
This section provides tutorial example on how to write a digital signature verification sample program to verify any input data and its digital signature with a given public key.
The following program is a standalone program that reads in an input file, a signature file and a public key file, and verifies that if the signature file matches the input file based on the specified digital signature algorithm.
/* JcaVerify.java - Copyright (c) 2014, HerongYang.com, All Rights Reserved. */ import java.io.*; import java.security.*; import java.security.spec.*; class JcaVerify { public static void main(String[] a) { if (a.length<5) { System.out.println("Usage:"); System.out.println("java JcaVerify input signFile" +" signAlgo keyFile keyAlgo"); return; } String input = a[0]; String signFile = a[1]; String signAlgo = a[2]; // SHA1withDSA, SHA1withRSA, String keyFile = a[3]; String keyAlgo = a[4]; // DSA, RSA try { PublicKey pubKey = readPublicKey(keyFile,keyAlgo); byte[] sign = readSignature(signFile); verify(input,signAlgo,sign,pubKey); } catch (Exception e) { System.out.println("Exception: "+e); return; } } private static PublicKey readPublicKey(String input, String algorithm) throws Exception { FileInputStream pubKeyStream = new FileInputStream(input); int pubKeyLength = pubKeyStream.available(); byte[] pubKeyBytes = new byte[pubKeyLength]; pubKeyStream.read(pubKeyBytes); pubKeyStream.close(); X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(pubKeyBytes); KeyFactory keyFactory = KeyFactory.getInstance(algorithm); PublicKey pubKey = keyFactory.generatePublic(pubKeySpec); System.out.println(); System.out.println("Public Key Info: "); System.out.println("Algorithm = "+pubKey.getAlgorithm()); System.out.println("Saved File = "+input); System.out.println("Length = "+pubKeyBytes.length); System.out.println("toString = "+pubKey.toString()); return pubKey; } private static byte[] readSignature(String input) throws Exception { FileInputStream signStream = new FileInputStream(input); int signLength = signStream.available(); byte[] signBytes = new byte[signLength]; signStream.read(signBytes); signStream.close(); return signBytes; } private static boolean verify(String input, String algorithm, byte[] sign, PublicKey pubKey) throws Exception { Signature sg = Signature.getInstance(algorithm); sg.initVerify(pubKey); System.out.println(); System.out.println("Signature Object Info: "); System.out.println("Algorithm = "+sg.getAlgorithm()); System.out.println("Provider = "+sg.getProvider()); FileInputStream in = new FileInputStream(input); int bufSize = 1024; byte[] buffer = new byte[bufSize]; int n = in.read(buffer,0,bufSize); int count = 0; while (n!=-1) { count += n; sg.update(buffer,0,n); n = in.read(buffer,0,bufSize); } in.close(); boolean ok = sg.verify(sign); System.out.println("Verify Processing Info: "); System.out.println("Number of input bytes = "+count); System.out.println("Verification result = "+ok); return ok; } }
Here is result of my first test to verify a signature generated with the DSA algorithm and the SHA1withDSA algorithm. See the previous section for more information.
>java -cp . JcaVerify JcaSign.class JcaSign_dsa.sgn SHA1withDSA dsa.pub DSA Public Key Info: Algorithm = DSA Saved File = dsa.pub Length = 244 toString = Sun DSA Public Key Parameters:DSA p: fca682ce 8e12caba 26efccf7 110e526d b078b05e decbcd1e b4a208f3 ae1617ae 01f35b91 a47e6df6 3413c5e1 2ed0899b cd132acd 50d99151 bdc43ee7 37592e17 q: 962eddcc 369cba8e bb260ee6 b6a126d9 346e38c5 g: 678471b2 7a9cf44e e91a49c5 147db1a9 aaf244f0 5a434d64 86931d2d 14271b9e 35030b71 fd73da17 9069b32e 2935630e 1c206235 4d0da20a 6c416e50 be794ca4 y: a1352fe3 8a9c7087 35dc2ada f57f5808 24ef3cc5 2c64b304 c242d454 b5c108e9 7f8bf487 891b536a 170a2158 e0b3537c bf572d37 f906ed2e 57c482f1 d1616072 Signature Object Info: Algorithm = SHA1WithDSA Provider = SUN version 1.8 Verify Processing Info: Number of input bytes = 3116 Verification result = true
Yes. The program is working correctly. Here is another verification on the signature generated with RSA and MD2withRSA algorithms.
>java -cp . JcaVerify JcaSign.class JcaSign_rsa.sgn MD2withRSA rsa.pub RSA Public Key Info: Algorithm = RSA Saved File = rsa.pub Length = 94 toString = Sun RSA public key, 512 bits modulus: 7459244741598364941593136037130364374527370485869942130559032300 2280608760378479825322149826810889143669075090234733914758382626 86848167028157628455117711 public exponent: 65537 Signature Object Info: Algorithm = MD2WithRSA Provider = SunRsaSign version 1.8 Verify Processing Info: Number of input bytes = 3116 Verification result = true
Last update: 2014.
Table of Contents
Downloading and Installing JDK 1.8.0 on Windows
Downloading and Installing JDK 1.7.0 on Windows
Downloading and Installing JDK 1.6.2 on Windows
Date, Time and Calendar Classes
Date and Time Object and String Conversion
Number Object and Numeric String Conversion
Locales, Localization Methods and Resource Bundles
Calling and Importing Classes Defined in Unnamed Packages
HashSet, Vector, HashMap and Collection Classes
Character Set Encoding Classes and Methods
Encoding Conversion Programs for Encoded Text Files
Datagram Network Communication
DOM (Document Object Model) - API for XML Files
DTD (Document Type Definition) - XML Validation
XSD (XML Schema Definition) - XML Validation
XSL (Extensible Stylesheet Language)
Message Digest Algorithm Implementations in JDK
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
►Digital Signature Algorithm and Sample Program
The Signing Process and the Verification Process
java.security.Signature - The Data Signing Class
JcaSignatureTest.java - Signature Test Program
JcaSign.java - Signature Generation Sample Program
►JcaVerify.java - Signature Verification Sample Program
"keytool" Commands and "keystore" Files
KeyStore and Certificate Classes
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
The SSL (Secure Socket Layer) Protocol
SSL Socket Communication Testing Programs