This lesson walks you through the steps necessary to use the JDK Security API to generate a digital signature for data, and to verify that a signature is authentic. It is meant for developers who wish to incorporate security functionality into their programs, including cryptography services.
For further information regarding the concepts and terminology (digital signatures, certificates, keystores, ...) see the API and Tools Use for Secure Code and File Exchanges lesson.
In this lesson, you create two basic applications, one for the digital signature generation and the other for the verification. This is followed by a discussion and demonstration of potential enhancements:
- Generating a Digital Signature shows using the API to generate keys, generate a digital signature for data using the private key, and export the public key and the signature to files. The application gets the data file name from the command line.
- Verifying a Digital Signature shows using the API to import a public key and a signature that is alleged to be the signature of a specified data file, and to verify the authenticity of the signature. The data, public key, and signature file names are specified on the command line.
- Weaknesses and Alternatives discusses potential weaknesses of the approach used by the basic programs. It then presents and demonstrates possible alternative approaches and methods of supplying and importing keys, including the use of files containing encoded key bytes and the use of certificates containing public keys.