Java/Security/Signature
Содержание
Creating a Signature
<source lang="java">
import java.math.BigInteger; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.Signature; import java.security.interfaces.DSAParams; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.DSAPublicKey; import java.security.spec.DSAPrivateKeySpec; import java.security.spec.KeySpec; public class Main {
public static void main(String[] argv) throws Exception { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA"); keyGen.initialize(1024); KeyPair keypair = keyGen.genKeyPair(); DSAPrivateKey privateKey = (DSAPrivateKey) keypair.getPrivate(); DSAPublicKey publicKey = (DSAPublicKey) keypair.getPublic(); DSAParams dsaParams = privateKey.getParams(); BigInteger p = dsaParams.getP(); BigInteger q = dsaParams.getQ(); BigInteger g = dsaParams.getG(); BigInteger x = privateKey.getX(); BigInteger y = publicKey.getY(); // Create the DSA key factory KeyFactory keyFactory = KeyFactory.getInstance("DSA"); // Create the DSA private key KeySpec privateKeySpec = new DSAPrivateKeySpec(x, p, q, g); PrivateKey privateKey1 = keyFactory.generatePrivate(privateKeySpec); byte[] buffer = new byte[1024]; Signature sig = Signature.getInstance(privateKey1.getAlgorithm()); sig.initSign(privateKey1); sig.update(buffer, 0, buffer.length); }
}
</source>
Generate a DSA signature
<source lang="java">
/* From http://java.sun.ru/docs/books/tutorial/index.html */ /*
* Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * -Redistribution of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * -Redistribution in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed, licensed or intended * for use in the design, construction, operation or maintenance of any * nuclear facility. */
import java.io.BufferedInputStream; import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.security.Signature; public class GenSig {
public static void main(String[] args) { /* Generate a DSA signature */ if (args.length != 1) { System.out.println("Usage: GenSig nameOfFileToSign"); } else try { /* Generate a key pair */ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA", "SUN"); SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); keyGen.initialize(1024, random); KeyPair pair = keyGen.generateKeyPair(); PrivateKey priv = pair.getPrivate(); PublicKey pub = pair.getPublic(); /* * Create a Signature object and initialize it with the private * key */ Signature dsa = Signature.getInstance("SHA1withDSA", "SUN"); dsa.initSign(priv); /* Update and sign the data */ FileInputStream fis = new FileInputStream(args[0]); BufferedInputStream bufin = new BufferedInputStream(fis); byte[] buffer = new byte[1024]; int len; while (bufin.available() != 0) { len = bufin.read(buffer); dsa.update(buffer, 0, len); } ; bufin.close(); /* * Now that all the data to be signed has been read in, generate * a signature for it */ byte[] realSig = dsa.sign(); /* Save the signature in a file */ FileOutputStream sigfos = new FileOutputStream("sig"); sigfos.write(realSig); sigfos.close(); /* Save the public key in a file */ byte[] key = pub.getEncoded(); FileOutputStream keyfos = new FileOutputStream("suepk"); keyfos.write(key); keyfos.close(); } catch (Exception e) { System.err.println("Caught exception " + e.toString()); } };
}
</source>
Signature Sign And Verify
<source lang="java">
import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.security.Security; import java.security.Signature; public class MainClass {
public static void main(String args[]) throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPair keyPair = generateKeyPair(999); byte[] data = { 65, 66, 67, 68, 69, 70, 71, 72, 73, 74 }; byte[] digitalSignature = signData(data, keyPair.getPrivate()); boolean verified; verified = verifySig(data, keyPair.getPublic(), digitalSignature); System.out.println(verified) ; keyPair = generateKeyPair(888); verified = verifySig(data, keyPair.getPublic(), digitalSignature); System.out.println(verified); } public static byte[] signData(byte[] data, PrivateKey key) throws Exception { Signature signer = Signature.getInstance("SHA1withDSA"); signer.initSign(key); signer.update(data); return (signer.sign()); } public static boolean verifySig(byte[] data, PublicKey key, byte[] sig) throws Exception { Signature signer = Signature.getInstance("SHA1withDSA"); signer.initVerify(key); signer.update(data); return (signer.verify(sig)); } public static KeyPair generateKeyPair(long seed) throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("DSA"); SecureRandom rng = SecureRandom.getInstance("SHA1PRNG", "SUN"); rng.setSeed(seed); keyGenerator.initialize(1024, rng); return (keyGenerator.generateKeyPair()); }
}
</source>
Signing a Java Object
<source lang="java">
import java.io.Serializable; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.SignedObject; public class Main {
public static void main(String[] argv) throws Exception { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA"); keyGen.initialize(1024); KeyPair keypair = keyGen.genKeyPair(); PrivateKey privateKey = keypair.getPrivate(); PublicKey publicKey = keypair.getPublic(); Serializable o = new MyClass(); Signature sig = Signature.getInstance(privateKey.getAlgorithm()); SignedObject so = new SignedObject(o, privateKey, sig); sig = Signature.getInstance(publicKey.getAlgorithm()); boolean b = so.verify(publicKey, sig); o = (MyClass) so.getObject(); }
} class MyClass implements Serializable {
String s = "my string"; int i = 123;
}
</source>
Test the signature
<source lang="java">
/* From http://java.sun.ru/docs/books/tutorial/index.html */ /*
* Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * -Redistribution of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * -Redistribution in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed, licensed or intended * for use in the design, construction, operation or maintenance of any * nuclear facility. */
import java.io.FileInputStream; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.security.Signature; public class testSig {
public static void main(String[] args) { /* Test generating and verifying a DSA signature */ try { /* generate a key pair */ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA"); keyGen.initialize(1024, new SecureRandom()); KeyPair pair = keyGen.generateKeyPair(); /* * create a Signature object to use for signing and verifying */ Signature dsa = Signature.getInstance("SHA/DSA"); /* initialize the Signature object for signing */ PrivateKey priv = pair.getPrivate(); dsa.initSign(priv); /* Update and sign the data */ FileInputStream fis = new FileInputStream(args[0]); byte b; while (fis.available() != 0) { b = (byte) fis.read(); dsa.update(b); } ; fis.close(); /* * Now that all the data to be signed has been read in, sign it */ byte[] sig = dsa.sign(); /* Verify the signature */ /* Initialize the Signature object for verification */ PublicKey pub = pair.getPublic(); dsa.initVerify(pub); /* Update and verify the data */ fis = new FileInputStream(args[0]); while (fis.available() != 0) { b = (byte) fis.read(); dsa.update(b); } ; fis.close(); boolean verifies = dsa.verify(sig); System.out.println("signature verifies: " + verifies); } catch (Exception e) { System.err.println("Caught exception " + e.toString()); } }
}
</source>
Verifies the signature for the given buffer of bytes using the public key.
<source lang="java">
import java.math.BigInteger; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.interfaces.DSAParams; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.DSAPublicKey; import java.security.spec.DSAPrivateKeySpec; import java.security.spec.DSAPublicKeySpec; import java.security.spec.KeySpec; public class Main {
public static void main(String[] argv) throws Exception { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA"); keyGen.initialize(1024); KeyPair keypair = keyGen.genKeyPair(); DSAPrivateKey privateKey = (DSAPrivateKey) keypair.getPrivate(); DSAPublicKey publicKey = (DSAPublicKey) keypair.getPublic(); DSAParams dsaParams = privateKey.getParams(); BigInteger p = dsaParams.getP(); BigInteger q = dsaParams.getQ(); BigInteger g = dsaParams.getG(); BigInteger x = privateKey.getX(); BigInteger y = publicKey.getY(); KeyFactory keyFactory = KeyFactory.getInstance("DSA"); KeySpec publicKeySpec = new DSAPublicKeySpec(y, p, q, g); PublicKey publicKey1 = keyFactory.generatePublic(publicKeySpec); KeySpec privateKeySpec = new DSAPrivateKeySpec(x, p, q, g); PrivateKey privateKey1 = keyFactory.generatePrivate(privateKeySpec); byte[] buffer = new byte[1024]; Signature sig = Signature.getInstance(privateKey1.getAlgorithm()); sig.initSign(privateKey1); sig.update(buffer, 0, buffer.length); byte[] signature = sig.sign(); sig = Signature.getInstance(publicKey1.getAlgorithm()); sig.initVerify(publicKey1); sig.update(buffer, 0, buffer.length); sig.verify(signature); }
}
</source>
Verify a DSA signature
<source lang="java">
/* From http://java.sun.ru/docs/books/tutorial/index.html */ /*
* Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * -Redistribution of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * -Redistribution in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed, licensed or intended * for use in the design, construction, operation or maintenance of any * nuclear facility. */
import java.io.BufferedInputStream; import java.io.FileInputStream; import java.security.KeyFactory; import java.security.PublicKey; import java.security.Signature; import java.security.spec.X509EncodedKeySpec; public class VerSig {
public static void main(String[] args) { /* Verify a DSA signature */ if (args.length != 3) { System.out .println("Usage: VerSig publickeyfile signaturefile datafile"); } else try { /* import encoded public key */ FileInputStream keyfis = new FileInputStream(args[0]); byte[] encKey = new byte[keyfis.available()]; keyfis.read(encKey); keyfis.close(); X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encKey); KeyFactory keyFactory = KeyFactory.getInstance("DSA", "SUN"); PublicKey pubKey = keyFactory.generatePublic(pubKeySpec); /* input the signature bytes */ FileInputStream sigfis = new FileInputStream(args[1]); byte[] sigToVerify = new byte[sigfis.available()]; sigfis.read(sigToVerify); sigfis.close(); /* * create a Signature object and initialize it with the public * key */ Signature sig = Signature.getInstance("SHA1withDSA", "SUN"); sig.initVerify(pubKey); /* Update and verify the data */ FileInputStream datafis = new FileInputStream(args[2]); BufferedInputStream bufin = new BufferedInputStream(datafis); byte[] buffer = new byte[1024]; int len; while (bufin.available() != 0) { len = bufin.read(buffer); sig.update(buffer, 0, len); } ; bufin.close(); boolean verifies = sig.verify(sigToVerify); System.out.println("signature verifies: " + verifies); } catch (Exception e) { System.err.println("Caught exception " + e.toString()); } ; }
}
</source>