Tuesday, 11 March 2014

Java Digital Singnature

Digital Signatures are used to authenticate the sender sending the message. Digital signature are also based on Asymmetric key Encryption mentioned here. Here the sender signs the message by its private key and any receiver can verify the signature who has the public key. An analogy for digital signatures is the sealing of an envelope with a personal wax seal. The message can be opened by anyone, but the presence of the unique seal authenticates the sender. This is termed in Java as Digital Signature.

Fire below commands to generate private key/public key pair keystore, certificate and truststore.

keytool -genkeypair -alias mykey -keyalg RSA -keysize 1024 -storetype jceks -validity 365 -keypass password -keystore ppkeystore.jck -storepass password -dname "cn=localhost, ou=Verisign, o=MyComp Inc, l=Foster City, st=California, c=US"
keytool -export -alias mykey -storetype jceks -keystore ppkeystore.jck -storepass password -file  mykey.crt
keytool -importcert -alias mykey -file mykey.crt -keystore pptruststore.jck -keypass password -storepass password
Owner: CN=localhost, OU=Verisign, O=MyComp Inc, L=Foster City, ST=California, C=US
Issuer: CN=localhost, OU=Verisign, O=MyComp Inc, L=Foster City, ST=California, C=US
Serial number: 47ae6a4d
Valid from: Tue Mar 18 16:04:37 IST 2014 until: Wed Mar 18 16:04:37 IST 2015
Certificate fingerprints:
         MD5:  A2:B6:27:D1:D9:46:62:3E:93:9F:5C:B7:78:B6:B9:E5
         SHA1: BF:F0:E0:33:F3:58:F7:CC:ED:55:00:88:90:9E:DE:62:3E:F0:FB:86
         SHA256: F3:D6:20:88:C2:A2:FC:73:C3:3A:59:7D:50:EC:81:92:D5:33:37:2E:28:6A:25:2A:15:48:74:1D:96:F9:31:1A
         Signature algorithm name: SHA256withRSA
         Version: 3


#1: ObjectId: Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0A B0 D5 08 BA 2C C9 14   07 25 94 12 3E 85 A9 A9  .....,...%..>...
0010: DC 02 94 3B                                        ...;

Trust this certificate? [no]:  yes
Certificate was added to keystore

For a maven project you will need the apache-common-codec jar as a dependency or else just download the jar and paste it in the folder which is in the classpath.

Maven dependency:

Main Class

package digitalSignature;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;

import org.apache.commons.codec.binary.Base64;

public class DigitalSignature {
 KeyStore trustStore;
 KeyStore keyStore;
 String trustStorePassword;
 String keyStorePass;
 public static void main(String[] args) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, InvalidKeyException, SignatureException {
  DigitalSignature digitalSignature = new DigitalSignature();
  String data = "ABC";

  // Generate the signature of data key
  byte[] signedEncryptedKey = null;
  Signature dsa = Signature.getInstance("MD5withRSA");
  PrivateKey priv = (PrivateKey) digitalSignature.keyStore.getKey("mykey",
  signedEncryptedKey = dsa.sign();
  String signatureOfKey = Base64.encodeBase64String(signedEncryptedKey);
  System.out.println("Signed Ecrypted Key : " + signatureOfKey);

   * At the receiver

  // Verify signature
  Signature sig = Signature.getInstance("MD5withRSA");
  java.security.cert.Certificate cert =  digitalSignature.trustStore.getCertificate("mykey");
  PublicKey publicKey = cert.getPublicKey();
  boolean verifies = sig.verify(signedEncryptedKey);
  System.out.println("signature verified:"+verifies);

 public void loadTrustStore() throws KeyStoreException,
   NoSuchAlgorithmException, CertificateException, IOException {
  trustStore = KeyStore.getInstance("JCEKS");
  trustStorePassword = "password";
  FileInputStream stream = new FileInputStream("pptruststore.jck");
  trustStore.load(stream, trustStorePassword.toCharArray());

 public void loadKeyStore() throws KeyStoreException,
   NoSuchAlgorithmException, CertificateException, IOException {
  keyStore = KeyStore.getInstance("JCEKS");
  keyStorePass = "password";
  FileInputStream stream = new FileInputStream("ppkeystore.jck");
  keyStore.load(stream, keyStorePass.toCharArray());


Signed Ecrypted Key : LV2nmYCD7FLlSM6uhWaD10+G0BvUVRp263b9iWIabcne0jV2ZDeDXq0XE/+5U+D8zRy37hbcRLWWbJk646LUUfAk7G7PtnfL/18fkDV/ZZKhU7XV+4AJWZxY19d+FNRlSUrrknzWLVDGLXa7TR90XAOym6A8YtKjeQTlST2cBhk=
signature verified:true

Java Examples

1 comment:

  1. Nice Blog Information!!

    We know as the Digital signature is electronic signature that authenticate for e-Filing, income return filing and e-tendering. I am regular blog reader for update news about Tax, Audit and Digital Signature so please keep up sharing your valuable information.


    digital signature FAQ


Share the post