Java/Security/Signature
Содержание
Creating a Signature
<source lang="java">
import java.math.BigInteger; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.Signature; import java.security.interfaces.DSAParams; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.DSAPublicKey; import java.security.spec.DSAPrivateKeySpec; import java.security.spec.KeySpec; public class Main {
public static void main(String[] argv) throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
keyGen.initialize(1024);
KeyPair keypair = keyGen.genKeyPair();
DSAPrivateKey privateKey = (DSAPrivateKey) keypair.getPrivate();
DSAPublicKey publicKey = (DSAPublicKey) keypair.getPublic();
DSAParams dsaParams = privateKey.getParams();
BigInteger p = dsaParams.getP();
BigInteger q = dsaParams.getQ();
BigInteger g = dsaParams.getG();
BigInteger x = privateKey.getX();
BigInteger y = publicKey.getY();
// Create the DSA key factory
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
// Create the DSA private key
KeySpec privateKeySpec = new DSAPrivateKeySpec(x, p, q, g);
PrivateKey privateKey1 = keyFactory.generatePrivate(privateKeySpec);
byte[] buffer = new byte[1024];
Signature sig = Signature.getInstance(privateKey1.getAlgorithm());
sig.initSign(privateKey1);
sig.update(buffer, 0, buffer.length);
}
}
</source>
Generate a DSA signature
<source lang="java">
/* From http://java.sun.ru/docs/books/tutorial/index.html */ /*
* Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* -Redistribution of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* -Redistribution in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of Sun Microsystems, Inc. or the names of contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* This software is provided "AS IS," without a warranty of any kind. ALL
* EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
* ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
* OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN")
* AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
* AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
* DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
* REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
* INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
* OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*
* You acknowledge that this software is not designed, licensed or intended
* for use in the design, construction, operation or maintenance of any
* nuclear facility.
*/
import java.io.BufferedInputStream; import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.security.Signature; public class GenSig {
public static void main(String[] args) {
/* Generate a DSA signature */
if (args.length != 1) {
System.out.println("Usage: GenSig nameOfFileToSign");
} else
try {
/* Generate a key pair */
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA",
"SUN");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG",
"SUN");
keyGen.initialize(1024, random);
KeyPair pair = keyGen.generateKeyPair();
PrivateKey priv = pair.getPrivate();
PublicKey pub = pair.getPublic();
/*
* Create a Signature object and initialize it with the private
* key
*/
Signature dsa = Signature.getInstance("SHA1withDSA", "SUN");
dsa.initSign(priv);
/* Update and sign the data */
FileInputStream fis = new FileInputStream(args[0]);
BufferedInputStream bufin = new BufferedInputStream(fis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
dsa.update(buffer, 0, len);
}
;
bufin.close();
/*
* Now that all the data to be signed has been read in, generate
* a signature for it
*/
byte[] realSig = dsa.sign();
/* Save the signature in a file */
FileOutputStream sigfos = new FileOutputStream("sig");
sigfos.write(realSig);
sigfos.close();
/* Save the public key in a file */
byte[] key = pub.getEncoded();
FileOutputStream keyfos = new FileOutputStream("suepk");
keyfos.write(key);
keyfos.close();
} catch (Exception e) {
System.err.println("Caught exception " + e.toString());
}
};
}
</source>
Signature Sign And Verify
<source lang="java">
import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.security.Security; import java.security.Signature; public class MainClass {
public static void main(String args[]) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyPair keyPair = generateKeyPair(999);
byte[] data = { 65, 66, 67, 68, 69, 70, 71, 72, 73, 74 };
byte[] digitalSignature = signData(data, keyPair.getPrivate());
boolean verified;
verified = verifySig(data, keyPair.getPublic(), digitalSignature);
System.out.println(verified) ;
keyPair = generateKeyPair(888);
verified = verifySig(data, keyPair.getPublic(), digitalSignature);
System.out.println(verified);
}
public static byte[] signData(byte[] data, PrivateKey key) throws Exception {
Signature signer = Signature.getInstance("SHA1withDSA");
signer.initSign(key);
signer.update(data);
return (signer.sign());
}
public static boolean verifySig(byte[] data, PublicKey key, byte[] sig) throws Exception {
Signature signer = Signature.getInstance("SHA1withDSA");
signer.initVerify(key);
signer.update(data);
return (signer.verify(sig));
}
public static KeyPair generateKeyPair(long seed) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("DSA");
SecureRandom rng = SecureRandom.getInstance("SHA1PRNG", "SUN");
rng.setSeed(seed);
keyGenerator.initialize(1024, rng);
return (keyGenerator.generateKeyPair());
}
}
</source>
Signing a Java Object
<source lang="java">
import java.io.Serializable; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.SignedObject; public class Main {
public static void main(String[] argv) throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
keyGen.initialize(1024);
KeyPair keypair = keyGen.genKeyPair();
PrivateKey privateKey = keypair.getPrivate();
PublicKey publicKey = keypair.getPublic();
Serializable o = new MyClass();
Signature sig = Signature.getInstance(privateKey.getAlgorithm());
SignedObject so = new SignedObject(o, privateKey, sig);
sig = Signature.getInstance(publicKey.getAlgorithm());
boolean b = so.verify(publicKey, sig);
o = (MyClass) so.getObject();
}
} class MyClass implements Serializable {
String s = "my string"; int i = 123;
}
</source>
Test the signature
<source lang="java">
/* From http://java.sun.ru/docs/books/tutorial/index.html */ /*
* Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* -Redistribution of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* -Redistribution in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of Sun Microsystems, Inc. or the names of contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* This software is provided "AS IS," without a warranty of any kind. ALL
* EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
* ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
* OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN")
* AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
* AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
* DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
* REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
* INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
* OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*
* You acknowledge that this software is not designed, licensed or intended
* for use in the design, construction, operation or maintenance of any
* nuclear facility.
*/
import java.io.FileInputStream; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.security.Signature; public class testSig {
public static void main(String[] args) {
/* Test generating and verifying a DSA signature */
try {
/* generate a key pair */
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
keyGen.initialize(1024, new SecureRandom());
KeyPair pair = keyGen.generateKeyPair();
/*
* create a Signature object to use for signing and verifying
*/
Signature dsa = Signature.getInstance("SHA/DSA");
/* initialize the Signature object for signing */
PrivateKey priv = pair.getPrivate();
dsa.initSign(priv);
/* Update and sign the data */
FileInputStream fis = new FileInputStream(args[0]);
byte b;
while (fis.available() != 0) {
b = (byte) fis.read();
dsa.update(b);
}
;
fis.close();
/*
* Now that all the data to be signed has been read in, sign it
*/
byte[] sig = dsa.sign();
/* Verify the signature */
/* Initialize the Signature object for verification */
PublicKey pub = pair.getPublic();
dsa.initVerify(pub);
/* Update and verify the data */
fis = new FileInputStream(args[0]);
while (fis.available() != 0) {
b = (byte) fis.read();
dsa.update(b);
}
;
fis.close();
boolean verifies = dsa.verify(sig);
System.out.println("signature verifies: " + verifies);
} catch (Exception e) {
System.err.println("Caught exception " + e.toString());
}
}
}
</source>
Verifies the signature for the given buffer of bytes using the public key.
<source lang="java">
import java.math.BigInteger; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.interfaces.DSAParams; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.DSAPublicKey; import java.security.spec.DSAPrivateKeySpec; import java.security.spec.DSAPublicKeySpec; import java.security.spec.KeySpec; public class Main {
public static void main(String[] argv) throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
keyGen.initialize(1024);
KeyPair keypair = keyGen.genKeyPair();
DSAPrivateKey privateKey = (DSAPrivateKey) keypair.getPrivate();
DSAPublicKey publicKey = (DSAPublicKey) keypair.getPublic();
DSAParams dsaParams = privateKey.getParams();
BigInteger p = dsaParams.getP();
BigInteger q = dsaParams.getQ();
BigInteger g = dsaParams.getG();
BigInteger x = privateKey.getX();
BigInteger y = publicKey.getY();
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
KeySpec publicKeySpec = new DSAPublicKeySpec(y, p, q, g);
PublicKey publicKey1 = keyFactory.generatePublic(publicKeySpec);
KeySpec privateKeySpec = new DSAPrivateKeySpec(x, p, q, g);
PrivateKey privateKey1 = keyFactory.generatePrivate(privateKeySpec);
byte[] buffer = new byte[1024];
Signature sig = Signature.getInstance(privateKey1.getAlgorithm());
sig.initSign(privateKey1);
sig.update(buffer, 0, buffer.length);
byte[] signature = sig.sign();
sig = Signature.getInstance(publicKey1.getAlgorithm());
sig.initVerify(publicKey1);
sig.update(buffer, 0, buffer.length);
sig.verify(signature);
}
}
</source>
Verify a DSA signature
<source lang="java">
/* From http://java.sun.ru/docs/books/tutorial/index.html */ /*
* Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* -Redistribution of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* -Redistribution in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of Sun Microsystems, Inc. or the names of contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* This software is provided "AS IS," without a warranty of any kind. ALL
* EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
* ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
* OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN")
* AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
* AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
* DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
* REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
* INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
* OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*
* You acknowledge that this software is not designed, licensed or intended
* for use in the design, construction, operation or maintenance of any
* nuclear facility.
*/
import java.io.BufferedInputStream; import java.io.FileInputStream; import java.security.KeyFactory; import java.security.PublicKey; import java.security.Signature; import java.security.spec.X509EncodedKeySpec; public class VerSig {
public static void main(String[] args) {
/* Verify a DSA signature */
if (args.length != 3) {
System.out
.println("Usage: VerSig publickeyfile signaturefile datafile");
} else
try {
/* import encoded public key */
FileInputStream keyfis = new FileInputStream(args[0]);
byte[] encKey = new byte[keyfis.available()];
keyfis.read(encKey);
keyfis.close();
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encKey);
KeyFactory keyFactory = KeyFactory.getInstance("DSA", "SUN");
PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
/* input the signature bytes */
FileInputStream sigfis = new FileInputStream(args[1]);
byte[] sigToVerify = new byte[sigfis.available()];
sigfis.read(sigToVerify);
sigfis.close();
/*
* create a Signature object and initialize it with the public
* key
*/
Signature sig = Signature.getInstance("SHA1withDSA", "SUN");
sig.initVerify(pubKey);
/* Update and verify the data */
FileInputStream datafis = new FileInputStream(args[2]);
BufferedInputStream bufin = new BufferedInputStream(datafis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
sig.update(buffer, 0, len);
}
;
bufin.close();
boolean verifies = sig.verify(sigToVerify);
System.out.println("signature verifies: " + verifies);
} catch (Exception e) {
System.err.println("Caught exception " + e.toString());
}
;
}
}
</source>
