Signature
A valid digital
signature gives a recipient reason to believe that the message was created by a
known sender (authentication),
that the sender cannot deny having sent the message (non-repudiation), and that the
message was not altered in transit (integrity)
Original-data.getByte()
+ private key à signature
All are in byte
array
As signature has
to be passed through network, we convert into string but we cant use just
string of original byte array because of security. Hence we do manipulation of
byte array and convert into a different string.
We shoud not
send new String(byte [] signature),
we should send new
String(Base64.encode(byte[] signature))
Verification:
Client send (new
data + signature)
object{
User name: Ram
Id : 678
Signature : ZTngSmnSpmWIj40r5TQ1hmec0UbfJLSCRSxbVBxCwchcFu6A8RS+O9BUFgG7U+UozVlrO5xGl9tARHxcIK4y2x/UHvhfYu74SOq22XgdGNuPMGQ560pUpiSkXspfGuFh9xHqovNGs7MQvWyESgurqehdsFD18sXV0z7gnqqFm78=
}
Server will
receive new data and then again calculate a signature internally and then it matches with th received
signature.
Generate
signature:
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initSign(certDetails.getPrivateKey());
// Supply the data to be signed to the
Signature object
// using the update() method and generate
the digital
// signature.
byte[] databytes = Files.readAllBytes(Paths.get("D:\\user.txt"));
signature.update(databytes);
byte[] digitalSignature = signature.sign();
// Save digital signature and the public
key to a file.
//Files.write(Paths.get("D:\\signature.txt"),
digitalSignature);
System.out.println(new
String(Base64.encodeBase64(digitalSignature)));
Verify :
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initVerify(publicKey);
byte[] bytes = Files.readAllBytes(Paths.get("D:\\test1.txt"));
signature.update(bytes);
boolean verified = signature.verify(digitalSignature);
Java program :
Java program :
package com.crypto.Digital;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.*;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.swing.JOptionPane;
import org.apache.commons.codec.binary.Base64;
public class GenerateDigitalSignature {
public static
void main(String[] args) {
try {
CertificateDetails certDetails = CertificateUtil.getCertificateDetails("d:\\test.keystore",
"changeit");
System.out.println(certDetails.getPrivateKey());
System.out.println(certDetails.getX509Certificate());
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initSign(certDetails.getPrivateKey());
.
byte[] bytes =
Files.readAllBytes(Paths.get("D:\\test.txt"));
signature.update(bytes);
byte[] digitalSignature = signature.sign();
System.out.println(new String(Base64.encodeBase64(digitalSignature)));
} catch
(Exception e) {
e.printStackTrace();
}
}
}
|
package
com.crypto.Digital;
import
java.nio.file.Files;
import
java.nio.file.Paths;
import
java.security.KeyFactory;
import
java.security.PublicKey;
import
java.security.Signature;
import
java.security.spec.X509EncodedKeySpec;
import
javax.swing.JOptionPane;
import
org.apache.commons.codec.binary.Base64;
public
class VerifyDigitalSignature {
public static void main(String[] args) {
try {
String digitalSignature1 =
JOptionPane.showInputDialog("Type your signature here");
byte[] digitalSignature = Base64.decodeBase64(digitalSignature1.getBytes());
CertificateDetails certDetails =
CertificateUtil.getCertificateDetails("d:\\test.keystore",
"changeit");
System.out.println(certDetails.getPrivateKey());
System.out.println(certDetails.getX509Certificate());
PublicKey publicKey =
certDetails.getX509Certificate().getPublicKey();
Signature signature =
Signature.getInstance("SHA1WithRSA");
signature.initVerify(publicKey);
byte[] bytes =
Files.readAllBytes(Paths.get("D:\\test1.txt"));
signature.update(bytes);
boolean verified =
signature.verify(digitalSignature);
if (verified) {
System.out.println("Data
verified.");
} else {
System.out.println("Cannot verify data.");
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
|
Geneate certificate and private key
and put into JKS from program
note : With out program, we
use keytool.
package com.crypto.Digital;
import
java.io.FileOutputStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import
java.security.KeyStore;
import
java.security.PrivateKey;
import java.security.PublicKey;
import
java.security.cert.X509Certificate;
import java.util.Date;
import
sun.security.x509.CertAndKeyGen;
import
sun.security.x509.X500Name;
public class
GenBothCertificateAndPrivateKey {
private static final int keysize = 1024;
private static final String commonName = "www.test.de";
private static final String organizationalUnit = "IT";
private static final String organization = "test";
private static final String city = "test";
private static final String state = "test";
private static final String country = "DE";
private static final long validity = 1096; // 3 years
private static final String alias = "tomcat";
private static final char[] keyPass = "changeit".toCharArray();
// copied most ideas from
sun.security.tools.KeyTool.java
@SuppressWarnings("restriction")
public static void main(String[] args) throws Exception {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
CertAndKeyGen keypair = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
X500Name x500Name = new X500Name(commonName, organizationalUnit, organization, city, state, country);
keypair.generate(keysize);
PrivateKey privKey = keypair.getPrivateKey();
X509Certificate[] chain = new X509Certificate[1];
chain[0] = keypair.getSelfCertificate(x500Name, new Date(), (long) validity * 24 * 60 * 60);
keyStore.setKeyEntry(alias, privKey, keyPass, chain);
keyStore.store(new FileOutputStream("d:\\test.keystore"), keyPass);
//Files.write(Paths.get("D:\\PrivateKeyTest.txt"),
privKey.getEncoded());
}
}
--------------------------------------------------------
--------------------------------------------------------
Comments
Post a Comment