The principle and generation of Java digital signature

digital signatures and digital certificates

The introduction of digital signature can refer to this article.

Here's a little bit about asymmetric encryption:

Content encrypted with the public key can only be decrypted with the private key, and the content encrypted with the private key can only be decrypted with the public key.

This is more secure than symmetric encryption

How digital signatures are in Java

The same principle as normal text encryption.

The role of Java digital signatures and digital certificates

Undoubtedly, these are for security reasons.

For example, the applet can protect the user (client) files and private data from being infected and destroyed by malicious programs or viruses, identifying the identity of the code provider. for developers, the ability to integrate security features into applications by using the API approach, because the API's architecture can define and integrate usage rights, encryption, security management, policy management for specific resources, and provides classes to manage public key/key pairs and public key certificates for trusted user groups. At the same time, system administrators, developers and users can use the tools it provides to manage key libraries, generate digital signatures in jar files, integrity detection of signatures, create and modify policy files

Take a look at the process of developing and running 1 applets:

On the distribution side of the code:
(1) Develop Java source program and compile it.
(2) Encapsulation of class files and resource files with the Jar tool.
(3) Create the public key and key with Keytool and generate X. 509V1 signing certificate, output certificate.
(4) Digitally sign the jar file with the generated key using the Jarsigner tool.

At the receiving end of the code:
(1) Use Keytool to enter a certificate as trusted.
(2) Use Policytool to create and modify security policy profiles to authorize access to requests.
(3) Obtain the bytecode from the network, verify the integrity of the digital signature certificate and the document code with the public key.
(4) Verify the legitimacy of the bytecode and assign the appropriate permissions according to the policy file.
(5) Execute the code and be reclaimed by the garbage collector after completion.

Before a digital signature certificate is validated with a public key, the receiver needs to confirm the authenticity of the public key itself, so it is common to provide a certificate that contains the public key instead of the public key itself. 1 certificates include:
(1) 1 public keys.
(2) 1 Unique name entity (individual or company), which is the owner of the certificate and contains information such as the user name, company, organization, city, address, country code, province, and so on.
(3) Digital signature: 1 certificates are signed by an entity of 1 distributors to ensure that the certificate does contain the public key of the other 1 entities (owners).
(4) The issuer's identity name information.

Instance steps of Applet development,

On the service side:

1. Develop code, use jar or other way to reach Xx.jar file;

2. Create KeyStore and keys for the jar file.

. keystore the file used to hold the key and the public key

Keytool-genkey-keystore Xx.keystore–alias XX

A bunch of setup information will be entered here.

3. Sign the jar file with the generated key

Jarsigner-keystore Xx.keystore Xx.jar XX

4. Import the public key into a CER file that will be imported to the client

Keytool-export-keystore Xx.keystore-alias Xx-file Xx.cer

These documents are then Xx.jar; Xx.keystore; The xx.cer is placed in the service-side directory.

On the client:

1. Import the server-generated xx.cer into the lib\security of the JRE .

2. Import the public key into the cacerts

Keytool-import-alias xx-file Xx.cer-keystore Cacerts

I want you to enter Cacerts's password here, it should be changeit.

3. Modify the policy policies file to use the command Policytool in DOS

The principle and generation of Java digital signature