Digital signatures can verify data integrity, source of authentication data, and play a role in anti-repudiation, which corresponds to the data integrity service, authentication (identification) service, and anti-repudiation service in the OSI Reference Model (3 points). The Message digest algorithm is the best algorithm to verify the integrity of the data, so the algorithm becomes a necessary part of the digital signature.
Based on data integrity verification, we want the sender of the data to do the corresponding signature processing of the data they send, and to give the corresponding voucher (signature), and the receiver of the data can verify whether the signature matches the data sent by the data sender. How anyone can perform signature processing, then the signature loses the meaning of validation. Therefore, the signature operation can only be done by the data sender, while the operation verifying the signature is done by the data receiver. Since the signature operation is limited to the data sender, the signature operation itself can only be done based on some private information from the sender of the data. Also, the information used to verify the operation is published by the data sender to the data receiver.
The relevant information for the signature is private, information about the validation is exposed, and the two information must appear in pairs. The public key and private key in asymmetric encryption satisfy this relation exactly, so it becomes the important element in the digital signature. The digital Signature algorithm includes signature and authentication, and follows the signature/authentication method of "private key signature, public key authentication", which requires the use of the private key and the data to be signed, the public key, the signature value and the verification data to be signed, and the key algorithm is the message digest algorithm.
Here's an example of a Java using a digital signature:
Package Com.xtayfjpk.security;import Java.io.eofexception;import Java.io.fileinputstream;import Java.io.fileoutputstream;import Java.io.objectinputstream;import Java.io.objectoutputstream;import Java.io.serializable;import Java.security.key;import Java.security.keypair;import Java.security.KeyPairGenerator; Import Java.security.privatekey;import Java.security.publickey;import Java.security.signature;import Java.util.arraylist;import Java.util.list;import Org.junit.test;public class Signaturetest {private static final String key_pair_algogrithm = "DSA";p rivate static final String signature_algogrithm = "SHA1WITHDSA";p rivate static final S Tring Public_key_path = "Public.key";p rivate static final String Private_key_path = "Private.key";p rivate static final Str ing signature_path = "signature.dat"; @Test//Generate public key and private key and save to file publicly void Testgeneratekeypair () throws Exception { Keypairgenerator generator = keypairgenerator.getinstance (key_pair_algogrithm); KeyPair KeyPair = Generator.generatekeypair (); PublicKey PublicKey = Keypair.getpublic (); Privatekey Privatekey = Keypair.getprivate () writekey (Public_key_path, PublicKey); Writekey (PRIVATE_KEY_PATH, Privatekey);} @Testpublic void Testsign () throws Exception {String MyInfo = "My Test Information"; Privatekey Privatekey = PrivateKey.class.cast (ReadKey (Private_key_path));//Initialize a Signature object and sign the information with the private key, JDK (7) A number of supported digital signature algorithms are available,//See http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html# for details Signaturesignature signature = signature.getinstance (signature_algogrithm);//private key signature Signature.initsign (PrivateKey); /update the data to be signed Signature.update (Myinfo.getbytes ());//Get a digital signature byte[] signed = Signature.sign ();//store information and signatures in a file writeobjects (Signature_path, MyInfo, signed);} @Testpublic void Testverify () throws Exception {PublicKey PublicKey = PublicKey.class.cast (ReadKey (Public_key_path)); list<object> objects = readobjects (Signature_path); String info = String.class.cast (objects.get (0)); byte[] signed = Byte[].class.cast (Objects.get (1));// Initialize signature Engine class signature SiGnature = Signature.getinstance (signature_algogrithm);//Public key is used to verify signature signature.initverify (PublicKey);// Update the pending Signature verification data Signature.update (Info.getbytes ());//test signature is correct SYSTEM.OUT.PRINTLN (Signature.verify (Signed)? "Signature is correct": "Signature Error");} public void Writekey (String path, key key) throws Exception {FileOutputStream fos = new FileOutputStream (path); OBJECTOUTPU TStream Oos = new ObjectOutputStream (FOS); Oos.writeobject (key); Oos.close ();} Public Key ReadKey (String path) throws Exception {FileInputStream fis = new FileInputStream (path); ObjectInputStream bis = New ObjectInputStream (FIS); Object object = Bis.readobject (); Bis.close (); return (Key) object;} public void Writeobjects (String path, Serializable ... objects) throws Exception {if (objects!=null) {ObjectOutputStream Oos = new ObjectOutputStream (new FileOutputStream), for (Serializable object:objects) {Oos.writeobject (object);} Oos.close ();}} Public list<object> readobjects (String path) throws Exception {list<object> objects = new Arraylist<> (); ObjectInputStream ois = new ObjectInputStream (new FileInputStream); Boolean flag = True;while (flag) {try {objects . Add (Ois.readobject ());} catch (Eofexception e) {//indicates no object-readable break in the stream;}} Ois.close (); return objects;}}
Digital signature of Java security