iaik.security.rsa
Class ShaRSASignature
java.lang.Object
|
+--java.security.SignatureSpi
|
+--java.security.Signature
|
+--iaik.security.rsa.RSASignature
|
+--iaik.security.rsa.ShaRSASignature
- public class ShaRSASignature
- extends RSASignature
This class extends the RSASignature class for providing the functionality of the
RSA digital signature algorithm using the Secure Hash Algorithm (SHA)
as message digest algorithm.
This class only creates a new RSASignature object and sets the hash
function to be used to SHA.
This RSASignature algorithm implementation follows the guidelines described in
PKCS#1. The signature
algorithms described in PKCS#1 use either MD2, MD4 or MD5 as message digest algorithm
and are recommended to be used in signing X.509/PEM certificates, certificate-revocation
lists, PKCS#6 extended certificates, and other objects employing digital signatures such
as X.401 message tokens. The algorithms presented in PKCS#1 are not intended to be used
in PKCS#7, where signatures (encrypted message digests) are treated as octet strings,
in contrast to the bit string interpretation of PKCS#1. Since this class follows the
general signature algorithm description of PKCS#1 (but using SHA as message digest
algorithm) it also is not intended to be used with PKCS#7.
An application wishing to sign some message (e.g. the TBSCertificate contents of a
X.509 certificate) or to verify some signature using the "SHA with RSA" algorithm,
generally has to perform three steps:
- First an instance of the desired signature algorithm has to be created using
a proper
getInstance method, e.g.
Signature sha_rsa = Signature.getInstance("SHA/RSA");
- Second, the Signature object just created has to be properly initialized
for signing a message respectively verifying a signature using a RSA private
respectively RSA public key, e.g.:
- Initialize for Signing:
sha_rsa.initSign(rsaPrivateKey);
- Initialize for Verifying:
sha_rsa.initVerify(rsaPublicKey);
- Finally, if the Signature object has been initialized for signing, the data
to be signed is supplied to it and subsequently the signature is created by
calling the
sign method returning the signature as DER encoded byte
array. Otherwise, if the Signature object has been initialized for verifying,
first the data to be verified is supplied to the Signature object, and
subsequently the signature is verified by calling the verify
method, supplied with the DER encoded byte array holding the corresponding
signature:
- Supply the data to be signed, and subsequently sign it:
sha_rsa.update(data);
byte[] signature = sha_rsa.sign();
- Supply the data to be verified, and verify the signature:
sha_rsa.update(data);
System.out.println("Signature " + (sha_rsa.verify(signature) ? "correct!" : "not correct!"));
- See Also:
RSASignature,
Md5RSASignature,
SSLRSASignature,
Signature,
SHA
| Methods inherited from class java.security.Signature |
clone,
getAlgorithm,
getInstance,
getInstance,
getParameter,
getProvider,
initSign,
initSign,
initVerify,
setParameter,
setParameter,
sign,
sign,
toString,
update,
update,
update,
verify |
| Methods inherited from class java.lang.Object |
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
wait,
wait,
wait |
ShaRSASignature
public ShaRSASignature()
- Default Constructor.
This constructor only tells the superclass to use the SHA hash algorithm
for creating the message digest.
Applications do not call this constructor. They shall use one of the
getInstance methods of the java.security.Signature
class for obtaining a ShaRSASignature object.
- Throws:
- NoSuchAlgorithmException - shows that there is no implementation
of the SHA hash algorithm.
- See Also:
Signature.getInstance(java.lang.String)