Oracle Security Developer Tools Crypto Java API Reference
10g (10.1.4.0.1)

B28171-01


oracle.security.crypto.core
Class Signature

java.lang.Object
  extended byoracle.security.crypto.core.Signature

Direct Known Subclasses:
DSA, RSAMDSignature

public abstract class Signature
extends java.lang.Object

An abstract class for generating and verifying signatures. Functionality is provided by subclasses which implement the sign() and verify() methods.

The following example generates a new RSA signature for the document stored in the byte array doc. The bytes of the signature are stored in the byte array sigBytes.

                RSAPrivateKey privKey = ...;
                Signature sig = Signature.getInstance(AlgID.sha_1WithRSAEncryption);
                sig.setPrivateKey(privKey);
                sig.setDocument(doc);
                byte[] sigBytes = sig.sign();
        

This signature can be verified as follows, where pubKey is the corresponding public key:

                Signature sig = Signature.getInstance(AlgID.sha_1WithRSAEncryption);
                sig.setPublicKey(pubKey);
                sig.setDocument(doc);
                sig.setSigBytes(sigBytes);
                System.out.println(sig.verify() ? "VALID" : "INVALID");
        
See Also:
DSA, RSAMDSignature

Field Summary
protected  byte[] document
          The document to be signed or verified.
protected  byte[] signatureBytes
          The actual bytes of the signature.

 

Constructor Summary
protected Signature()
           

 

Method Summary
abstract  java.lang.String algName()
          Returns the name of the signing algorithm.
abstract  AlgorithmIdentifier getAlgID()
           
 byte[] getBytes()
          Deprecated. Replaced by getSigBytes().
 AlgorithmIdentifier getDigestEncryptionAlgID()
          Returns the algorithm identifier of the message digest encryption for this signature.
 byte[] getDocument()
          Gets the document.
static Signature getInstance(AlgorithmIdentifier algID)
          Create a new instance of the correct Signature subclass for the specified algorithm identifier.
static Signature getInstance(PrivateKey signingKey)
          Create a new instance of the correct Signature subclass for the specified key's algorithm and sets the key as the signing key.If the signature can use more than one digest algorithm (see RSAMDSignature), the default for the instantiated class is used.
static Signature getInstance(PublicKey verificationKey)
          Create a new instance of the correct Signature subclass for the specified key's algorithm and sets the key as the verification key.If the signature can use more than one digest algorithm (see RSAMDSignature), the default for the instantiated class is used.
 byte[] getSigBytes()
          Returns a copy of the signature bytes of the document, as generated by sign(), or specified by setSigBytes(byte[]).
abstract  void setAlgID(AlgorithmIdentifier algID)
           
 void setBytes(byte[] sig)
          Deprecated. Replaced by setSigBytes(byte[]).
 void setDocument(byte[] doc)
          Specifies the document that will be signed, or whose signature will be verified.
abstract  void setHash(byte[] hash)
          Sets the document digest to be used in the signature calculation, bypassing the digesting step.
abstract  void setPrivateKey(PrivateKey key)
          Sets the key to be used for verification.
abstract  void setPublicKey(PublicKey key)
          Sets the key to be used for signing.
 void setRandomBitsSource(RandomBitsSource rbs)
          Sets the random bits source used to generate signatures.
 void setSigBytes(byte[] sig)
          Sets the signature to prepare for verification.
abstract  byte[] sign()
          Signs the document.
abstract  boolean verify()
          Verify that the signature matches the document.

 

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Field Detail

signatureBytes

protected byte[] signatureBytes
The actual bytes of the signature.

document

protected byte[] document
The document to be signed or verified.

Constructor Detail

Signature

protected Signature()

Method Detail

setAlgID

public abstract void setAlgID(AlgorithmIdentifier algID)
                       throws AlgorithmIdentifierException
Throws:
AlgorithmIdentifierException

getAlgID

public abstract AlgorithmIdentifier getAlgID()

getDigestEncryptionAlgID

public AlgorithmIdentifier getDigestEncryptionAlgID()
Returns the algorithm identifier of the message digest encryption for this signature. All concrete subclasses should override this method.

getInstance

public static Signature getInstance(AlgorithmIdentifier algID)
                             throws AlgorithmIdentifierException
Create a new instance of the correct Signature subclass for the specified algorithm identifier.
Parameters:
algID - One of the signature algorithm identifiers defined in AlgID.
Throws:
AlgorithmIdentifierException

getInstance

public static Signature getInstance(PrivateKey signingKey)
                             throws SignatureException
Create a new instance of the correct Signature subclass for the specified key's algorithm and sets the key as the signing key.If the signature can use more than one digest algorithm (see RSAMDSignature), the default for the instantiated class is used.
Parameters:
signingKey - The signing key for the signature.
Throws:
SignatureException

getInstance

public static Signature getInstance(PublicKey verificationKey)
                             throws AuthenticationException
Create a new instance of the correct Signature subclass for the specified key's algorithm and sets the key as the verification key.If the signature can use more than one digest algorithm (see RSAMDSignature), the default for the instantiated class is used.
Parameters:
verificationKey - The verification key for the signature.
Throws:
AuthenticationException

setPublicKey

public abstract void setPublicKey(PublicKey key)
                           throws InvalidKeyException
Sets the key to be used for signing.
Throws:
InvalidKeyException

setPrivateKey

public abstract void setPrivateKey(PrivateKey key)
                            throws InvalidKeyException
Sets the key to be used for verification.
Throws:
InvalidKeyException

setRandomBitsSource

public void setRandomBitsSource(RandomBitsSource rbs)
Sets the random bits source used to generate signatures.

Not all signature algorithms require a random bits source, and subclasses which do not use this parameter should ignore it. The default implementation of Signature does nothing.

Parameters:
rbs - The random bits source to be used to generate signatures

sign

public abstract byte[] sign()
                     throws SignatureException
Signs the document. The bytes of the signature are returned, and may also be retrieved via getSigBytes.

The document must first have been specified via setDocument or an appropriate constructor. A subclass will typically require that a private key be provided before calling this method.

Returns:
the signature
Throws:
SignatureException - if the signature could not be generated for some reason
See Also:
setDocument(byte[]), getSigBytes()

verify

public abstract boolean verify()
                        throws AuthenticationException
Verify that the signature matches the document. The signature and document must first have been specified via setSigBytes and setDocument, or an appropriate constructor. A subclass will typically require that a public key be provided before calling this method.
Returns:
true if the signature is valid, and false if it is invalid
Throws:
AuthenticationException - if the verification could not be performed for some reason
See Also:
setSigBytes(byte[]), setDocument(byte[])

setDocument

public void setDocument(byte[] doc)
Specifies the document that will be signed, or whose signature will be verified. Calling this methods sets the hash value to null.
Parameters:
doc - the document
See Also:
setHash(byte[])

getDocument

public byte[] getDocument()
Gets the document.
Returns:
the document

getBytes

public byte[] getBytes()
Deprecated. Replaced by getSigBytes().

setBytes

public void setBytes(byte[] sig)
Deprecated. Replaced by setSigBytes(byte[]).

getSigBytes

public byte[] getSigBytes()
Returns a copy of the signature bytes of the document, as generated by sign(), or specified by setSigBytes(byte[]).
Returns:
the signature bytes

setSigBytes

public void setSigBytes(byte[] sig)
Sets the signature to prepare for verification.
Parameters:
sig - the signature to verify

setHash

public abstract void setHash(byte[] hash)
Sets the document digest to be used in the signature calculation, bypassing the digesting step. Calling this method sets the document to null.
Parameters:
hash - For instances of RSAMDSignature, this parameter should be the DER encoding of a PKCS #1 DigestInfo element. For instances of DSA, this parameter should be the message digest.
See Also:
setDocument(byte[])

algName

public abstract java.lang.String algName()
Returns the name of the signing algorithm.
Returns:
a string which identifies the signing algorithm

Oracle Security Developer Tools Crypto Java API Reference
10g (10.1.4.0.1)

B28171-01


Copyright © 2005 ,2006 , Oracle. All rights reserved.