Cryptography research-Digital Signature

Source: Internet
Author: User

Introduction:

When it comes to signatures, everyone is familiar with it. As we all know, signatures are generally required for major files to ensure their authenticity and effectiveness. Some important contracts, such as the house purchase contract, must be stamped with the "Seam seal". This seam seal is the seal stamped in the middle of two pages, which also represents the signature, it is used to guarantee the integrity of your contract. Therefore, signatures are very important in daily life. They are mainly used to ensure the integrity of information. Similarly, the computer world has simulated the signature process, and the concept of digital signature is born from this.


Digital signature process:

Generally, the digital signature process is divided into two parts:SignatureProcess, one isVerifyProcess.


The basic process of digital signature is as follows::

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131229/123502D93-0.png "title =" 115.png" alt = "151819545.png"/>

(1) The sender uses the specified hash function to act on the original packet and calculates the original digest of the original packet.

(2) The sender uses the private key in the asymmetric key to encrypt the original abstract.

(3) The sender constructs a message (SignedObject object) and adds the original packet to it.

(4) The sender adds the encrypted original abstract generated in step (2) to the Message constructed in step (3.

This packet is transmitted to the receiving end through an untrusted network.

(5) The receiver extracts the original packet from the message, and calculates the digest value using the agreed hash function, which is recorded as D1.

(6) The receiver extracts the encrypted original Digest from the message, decrypts it with the public key, and restores the digest value, which is marked as D2.

(7) the receiving end compares the values of D1 and D2. If the values are the same, the original packet is considered reliable.



Practice:

We use java. the security package provides a set of APIs to represent the digital Signature process. This core class is the Signature class, which provides a set of methods for Signature and verification, the general usage of this class is given here:


We should first create a tool class, which is a singleton. It mainly provides some encapsulation methods to encapsulate the signature and verification process, because both signature and verification require a public key-private key pair, it contains the key generation logic.


Package com. charles. signaturestudy; import java. io. IOException; import java. security. invalidKeyException; import java. security. keyPair; import java. security. keyPairGenerator; import java. security. keyStore; import java. security. noSuchAlgorithmException; import java. security. signature; import java. security. signatureException; import java. security. signedObject;/***** Description: This tool class provides a set of methods to operate the Signature class. It can mainly perform some operations on the Signature ** @ author charles. wang * @ created Oct 28,201 3 11:11:52 AM **/public class SignatureUtil {private static SignatureUtil instance = null; // public key private key pair private KeyPair keyPair = null; // Digital Signature Class private signature Signature = null;/*** private constructor, which uses the specified algorithm to initialize the Signature Class * @ param algorithm */private SignatureUtil (String algorithm) {try {// instantiate the KeyPairGenerator object and specify the algorithm as DSA KeyPairGenerator keyPairGenerator = KeyPairGenerator. getInstance (algorithm); // initialize the KeyPairGenerator object keyPairGenerator. initialize (1024); // generate Keypair object keyPair = keyPairGenerator. generateKeyPair (); // instantiate the Signature object, which provides a set of action method class operation signatures signature = Signature. getInstance (keyPairGenerator. getAlgorithm ();} catch (NoSuchAlgorithmException ex) {keyPair = null; signature = null;}/*** factory method of the Singleton, instance used to create SignatureUtil ** @ return */public static SignatureUtil getInstance (String algorithm) {if (instance = null) instance = new SignatureUtil (algorithm); return instance ;} /*** sign the specified raw data with the private key * @ param data the signed data * @ return */public byte [] signWithPrivateKey (byte [] data) {try {// Private Key to complete the Signature. Therefore, use the private key to initialize the signature Signature for signature. initSign (keyPair. getPrivate (); // update the original data signature to be signed. update (data); // return the signature content return signature. sign ();} catch (InvalidKeyException ie) {ie. printStackTrace (); return null;} catch (SignatureException se) {se. printStackTrace (); return null ;}} /*** use the public key to verify the specified raw data and signature * @ param data * @ param sign * @ return */public boolean verifySignedObjectWithPublicKey (byte [] data, byte [] sign) {try {// The Public Key is verified. Therefore, use the public key to initialize the Signature signature for verification. initVerify (keyPair. getPublic (); // update the original data signature to be verified. update (data); // verify the signature and obtain the verification result return signature. verify (sign);} catch (InvalidKeyException ie) {ie. printStackTrace (); return false;} catch (SignatureException se) {se. printStackTrace (); return false ;}}}



Then we provide a demo class. The process is as follows:

First, give the original data, and then use our API to sign it, and print the digital signature content. Then we use our API to verify (verify) the validity of the digital signature.

Package com. charles. signaturestudy;/***** Description: This class is used to demonstrate how to use digital signatures. ** @ author charles. wang * @ created Oct 28,201 3 10:37:32 AM **/public class SignatureDemo {public static void main (String [] args) throws Exception {// SignatureUtil is a set of authorization classes developed by us, it further encapsulates the Signature Class // It provides a set of actions that we can complete for digital signatures SignatureUtil sigUtil = SignatureUtil. getInstance ("DSA"); // original data object String content = "tested original data object"; // print the original data System. out. println ("original data:" + content); // convert the original data object into a byte array byte [] rawData = content. getBytes (); System. out. println ("\ n starts to sign the original data... "); // sign and return the signature content byte [] sign = sigUtil. signWithPrivateKey (rawData); System. out. println ("signature content (hexadecimal):" + byte2hex (sign); System. out. println ("\ n starts to verify the signature content... "); // verify and analyze the verification result boolean status = sigUtil. verifySignedObjectWithPublicKey (rawData, sign); if (status = true) {System. out. println ("verification result, this signature is valid");} else {System. out. println ("verification result, this signature is invalid ");}} /*** convert the binary into a String ** @ param B * @ return */protected static String byte2hex (byte [] B) // two-line conversion String {// The hexadecimal String StringBuilder hexString = new StringBuilder (); // process each converted current String tmpStr = ""; for (int n = 0; n <B. length; n ++) {// convert binary to hexadecimal tmpStr = (Integer. toHexString (B [n] & 0XFF); // if the currently converted string has only one character length, add 0 in front, and then add the current converted value if (tmpStr. length () = 1) {hexString. append ("0 "). append (tmpStr);} // otherwise, the current converted value tmpStr is directly appended to else hexString after hexString. append (tmpStr); // if the end of byte [] is not reached, separate them with colons. if (n <B. length-1) hexString. append (":");} return hexString. toString (). toUpperCase ();}}


Finally, we run the instance program, and then we can clearly see the above process:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131229/1235026220-1.png "title =" 114.png" alt = "125422283.png"/>

This article from "parallel line cohesion" blog, please be sure to keep this source http://supercharles888.blog.51cto.com/609344/1316192

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.