Digital signatures are often used to verify software and software manufacturers to prevent software code from being corrupted in any way.
---- In other words, using digital signatures ensures that the software is "clean" and "authentic ", that is, the software has not been tampered with by others during the period from its maker or publisher to the end user.
---- After a brief review of the concepts of digital signature, this article provides a detailed method for creating and using digital signatures in Java.
I. Digital Signature and functions
---- Digital signature algorithm (DSA) is one of the "public key encryption algorithms". Therefore, let's start with "Private Key/Public Key" for a brief review.
---- 1. Private Key Encryption and its limitations
---- The private key encryption system uses a unique key (Private Key) for encryption and decryption. This key must be shared by the sender and receiver. That is, if a sends an encrypted email to B, A needs a key to encrypt the information. After B receives the email, it must use the same key to decrypt the information.
---- This method obviously has very serious disadvantages. For example, the recipient must have the same key, which requires a secure protocol to ensure the reliability of key transmission. Second, when an urgent encrypted message needs to be sent, the recipient may not be able to transmit the message because it does not have a key. Third, to send the message to many different groups, you need to maintain many different keys corresponding to each group.
---- To overcome these vulnerabilities of private key encryption systems, people have introduced public key encryption systems.
---- 2. Public Key Encryption
---- The sender and receiver of a message can access the encrypted information without knowing the accesskey of the other party.
---- The public key encryption system uses key pairs (public keys and private keys) to encrypt and decrypt information. The idea of encryption is also very simple: Information encrypted with a public key can only be unlocked with the corresponding private key; Information encrypted with a private key, anyone with the corresponding public key can be unlocked. Therefore, private keys are kept by individuals without being transferred out. Public keys can be authorized for use by others without compromising security. There is always a one-to-one relationship between public keys and private keys. Specifically:
---- First, if the information is encrypted with the public key of the receiver, only those who receive the message can decrypt the message (that is, only those who have the private key corresponding to the public key can decrypt the message ). For example, to send an encrypted email to B, A must encrypt the information with B's public key before sending it to B.
---- Second, if the information is encrypted with the sender's private key, any recipient with the sender's public key can decrypt the information to confirm that the information is indeed from the sender, in addition, the information content has not been maliciously or maliciously damaged.
---- The second point is the meaning of the digital signature.
---- 3. Digital Signature Function
---- A digital signature is a fixed-length binary digital stream, and its content is attached to the signed data. It can be used with digital data of any type, except for the most common code software. It can also be used in passwords, emails, and electronic documents. The main functions of digital signature are: to prevent the original document from being contaminated or changed; to prevent others from using others' names to spread fraudulent messages; and to provide evidence of who is the original author of the document.
Ii. Use Java to create and use digital signatures
---- In addition to the functions mentioned above, using Java for digital signature has more practical significance. The most common is that the application of digital signature can break through some browser security restrictions. For example, your browser usually rejects Java programs on the Internet to read or write files on your local hard disk or obtain local information (such as your user name ), even if you confirm that the Java program is "reliable" (in fact, you cannot fully confirm that a program from the Internet is "reliable "). If you really want to run the Java program, you must disable the security check function of the browser, but this is tantamount to setting the local system as a "undefended city ". Using Digital Signatures perfectly solves this problem: when the browser "feels" that you are using a signed Java Applet, it will automatically search for the matching digital signature and verify it. If it succeeds, the browser determines that the Java applet is "trustworthy" and then releases it. In this way, both the security and the real "trusted" Java program have many privileges (see the following Java program ).
---- In jdk1.1, the work related to digital signature is done by the tool javakey. Javakey is a command line tool provided by Sun to generate digital signatures for archive files (jar files) and manage the key database.
---- Here we will take a concrete example to take a look at the steps for creating and using a digital signature. The related concepts and explanations will be given in the example.
---- 1. java programs and the creation of digital signatures (steps that should be performed by the encryption party or the signatory) the following Java applet is very simple, and its main functions are: obtain the name string of the currently logged-on user of Win95/98 system, and then write it to test in the current directory of the local hard disk. TXT file.
......
---- Compile MyApp. Java as MyApp. Class, and send it to the browser with the following myapp.html (command: appletviewer myapp.html ).
......
---- We found that the browser displays "You can not write to disk or get user name ". This is because obtaining the user name and writing to the local hard disk are forbidden by the system security features.
---- Here we create a digital signature so that the user of the program can complete the program function (read the user name and write the file) without changing the security check feature of the browser ).
---- Step 1: Create an object and set it to "trusted ".
......
---- Step 2: generate a key pair (Public Key and private key) and output it to a file (optional ).
......
---- Step 3: generate a license (certificate ).
......
---- Step 4: Create an archive file (JAR file ).
......
---- Step 5: sign the archive file.
......
---- Step 6: Change the file name.
......
---- 2. Use of digital signatures (Steps to be performed by the decryption party or user)
---- Step 1: obtain the license (Digital Signature-Kompass. Key) and the signed file.
---- Step 2: Create the signatory entity and set it as "trusted ".
Javakey-C Kompass true
---- Step 3: import the license to the database.
Javakey-ic Kompass. Key
---- Last step: run the Java program.
Appletviewer signmyapp.html
Here we find the example. html"
This is not the token for myapp.html ". In fact, the two
However, signmyapp.html"
Only one parameter is added:
Archive = "signmyapp. Jar"
It tells the browser all useful files
(Here, MyApp. Class) is in the archive file instead
In other places.
......
---- Now, we finally see the long-awaited results: the browser typed "Your name has been written to file <test. TXT> ", while the file" test. TXT is indeed created, and its content is the name of the user when logging on to Win95/98:
Y o u r n a m E: m a w e n q I a n