public abstract class Signature
extends java.lang.Object
sign()
and verify()
methods.
The following example generates a new RSA signature for the document stored in the byte array doc
. The bytes of the signature are stored in the byte array sigBytes
.
RSAPrivateKey privKey = ...; Signature sig = Signature.getInstance(AlgID.sha_1WithRSAEncryption); sig.setPrivateKey(privKey); sig.setDocument(doc); byte[] sigBytes = sig.sign();
This signature can be verified as follows, where pubKey
is the corresponding public key:
Signature sig = Signature.getInstance(AlgID.sha_1WithRSAEncryption); sig.setPublicKey(pubKey); sig.setDocument(doc); sig.setSigBytes(sigBytes); System.out.println(sig.verify() ? "VALID" : "INVALID");
DSA
, RSAMDSignature
Modifier and Type | Field and Description |
---|---|
protected byte[] |
document
The document to be signed or verified.
|
protected byte[] |
signatureBytes
The actual bytes of the signature.
|
Modifier | Constructor and Description |
---|---|
protected |
Signature()
Empty constructor.
|
Modifier and Type | Method and Description |
---|---|
abstract java.lang.String |
algName()
Returns the name of the signing algorithm.
|
abstract AlgorithmIdentifier |
getAlgID()
Gets the algorithm identifier of this Signature object.
|
AlgorithmIdentifier |
getDigestEncryptionAlgID()
Returns the algorithm identifier of the message digest encryption for this signature.
|
byte[] |
getDocument()
Gets the document.
|
static Signature |
getInstance(AlgorithmIdentifier algID)
Create a new instance of the correct
Signature subclass for the specified algorithm identifier. |
static Signature |
getInstance(PrivateKey signingKey)
Create a new instance of the correct
Signature subclass for the specified key's algorithm and sets the key as the signing key.If the signature can use more than one digest algorithm (see RSAMDSignature ), the default for the instantiated class is used. |
static Signature |
getInstance(PublicKey verificationKey)
Create a new instance of the correct
Signature subclass for the specified key's algorithm and sets the key as the verification key.If the signature can use more than one digest algorithm (see RSAMDSignature ), the default for the instantiated class is used. |
byte[] |
getSigBytes()
Returns a copy of the signature bytes of the document, as generated by
sign() , or specified by setSigBytes(byte[]) . |
abstract void |
setAlgID(AlgorithmIdentifier algID)
Sets the signature algorithm identifier to use,
|
void |
setDocument(byte[] doc)
Specifies the document that will be signed, or whose signature will be verified.
|
abstract void |
setHash(byte[] hash)
Sets the document digest to be used in the signature calculation, bypassing the digesting step.
|
abstract void |
setPrivateKey(PrivateKey key)
Sets the key to be used for signing.
|
abstract void |
setPublicKey(PublicKey key)
Sets the key to be used for verification.
|
void |
setRandomBitsSource(RandomBitsSource rbs)
Sets the random bits source used to generate signatures.
|
void |
setSigBytes(byte[] sig)
Sets the signature to prepare for verification.
|
abstract byte[] |
sign()
Signs the document.
|
abstract boolean |
verify()
Verify that the signature matches the document.
|
protected byte[] signatureBytes
protected byte[] document
public abstract void setAlgID(AlgorithmIdentifier algID) throws AlgorithmIdentifierException
algID
- The AlgorithmIdentifier to use to perform signature and verification.AlgorithmIdentifierException
public abstract AlgorithmIdentifier getAlgID()
public AlgorithmIdentifier getDigestEncryptionAlgID()
public static Signature getInstance(AlgorithmIdentifier algID) throws AlgorithmIdentifierException
Signature
subclass for the specified algorithm identifier.algID
- One of the signature algorithm identifiers defined in AlgID
.AlgorithmIdentifierException
public static Signature getInstance(PrivateKey signingKey) throws SignatureException
Signature
subclass for the specified key's algorithm and sets the key as the signing key.If the signature can use more than one digest algorithm (see RSAMDSignature
), the default for the instantiated class is used.signingKey
- The signing key for the signature.SignatureException
public static Signature getInstance(PublicKey verificationKey) throws AuthenticationException
Signature
subclass for the specified key's algorithm and sets the key as the verification key.If the signature can use more than one digest algorithm (see RSAMDSignature
), the default for the instantiated class is used.verificationKey
- The verification key for the signature.AuthenticationException
public abstract void setPublicKey(PublicKey key) throws InvalidKeyException
InvalidKeyException
public abstract void setPrivateKey(PrivateKey key) throws InvalidKeyException
InvalidKeyException
public void setRandomBitsSource(RandomBitsSource rbs)
Not all signature algorithms require a random bits source, and subclasses which do not use this parameter should ignore it. The default implementation of Signature
does nothing.
rbs
- The random bits source to be used to generate signaturespublic abstract byte[] sign() throws SignatureException
getSigBytes
.
The document must first have been specified via setDocument
or an appropriate constructor. A subclass will typically require that a private key be provided before calling this method.
SignatureException
- if the signature could not be generated for some reasonsetDocument(byte[])
, getSigBytes()
public abstract boolean verify() throws AuthenticationException
setSigBytes
and setDocument
, or an appropriate constructor. A subclass will typically require that a public key be provided before calling this method.true
if the signature is valid, and false
if it is invalidAuthenticationException
- if the verification could not be performed for some reasonsetSigBytes(byte[])
, setDocument(byte[])
public void setDocument(byte[] doc)
null
.doc
- the documentsetHash(byte[])
public byte[] getDocument()
public byte[] getSigBytes()
sign()
, or specified by setSigBytes(byte[])
.public void setSigBytes(byte[] sig)
sig
- the signature to verifypublic abstract void setHash(byte[] hash)
null
.hash
- For instances of RSAMDSignature
, this parameter should be the DER encoding of a PKCS #1 DigestInfo element. For instances of DSA, this parameter should be the message digest.setDocument(byte[])
public abstract java.lang.String algName()