In cryptography, PKCS #1 is the first of a family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It provides the basic definitions of and recommendations for implementing the RSA algorithm for public-key cryptography. It defines the mathematical properties of public and private keys, primitive operations for encryption and signatures, secure cryptographic schemes, and related ASN.1 syntax representations. This article will show you how to create PKCS#1 signature in Java.What will we do?
- Generate Public Key and Private Key. In further post, I will show you how to use exiting KeyPair from P12 Keystore or Security Device (token)
- Generate Signature base on Private Key.
- Verify Signature base on Public Key.
Sample
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024);
KeyPair keypair = keyGen.generateKeyPair();
PublicKey publicKey = keypair.getPublic();
PrivateKey privateKey = keypair.getPrivate();
String dataTobeSign = "Hello World";
// Sign message
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initSign(privateKey);
sig.update(dataTobeSign.getBytes());
byte[] signature = sig.sign();
System.out.println("Signature: "+DatatypeConverter.printBase64Binary(signature));
// Verify signature
sig.initVerify(publicKey);
sig.update(dataTobeSign.getBytes());
boolean isValid = sig.verify(signature);
System.out.println("Signature valid: "+isValid);
OutputSignature: tBxs0axyMQg5SUyledKJAWfXStrigUJr2E0nELgoUqHkLGKVYZuBM0roU0lbzU3oM1OEU6Y70ZPvlnLjQ84DErKkC4IzqfIS02TbPVyr3k3zAgp+hqkyIci30PdQviWTO2RSyx/8IBhG3z5fnHHIdrdbP9kB3ceCHcxJgjlhYLo= Signature valid: trueThis sample above using SHA1withRSA algorithm for signature. You can refer the table below to use others algorithms
| Algorithm Name | Description |
|---|---|
| NONEwithRSA | The RSA signature algorithm, which does not use a digesting algorithm (for example, MD5/SHA1) before performing the RSA operation. For more information about the RSA Signature algorithms, see PKCS #1. |
| MD2withRSA MD5withRSA | The MD2/MD5 with RSA Encryption signature algorithm, which uses the MD2/MD5 digest algorithm and RSA to create and verify RSA digital signatures as defined in PKCS #1. |
| SHA1withRSA SHA256withRSA SHA384withRSA SHA512withRSA | The signature algorithm with SHA-* and the RSA encryption algorithm as defined in the OSI Interoperability Workshop, using the padding conventions described in PKCS #1. |
| NONEwithDSA | The Digital Signature Algorithm as defined in FIPS PUB 186-2. The data must be exactly 20 bytes in length. This algorithm is also known as rawDSA. |
| SHA1withDSA | The DSA with SHA-1 signature algorithm, which uses the SHA-1 digest algorithm and DSA to create and verify DSA digital signatures as defined in FIPS PUB 186. |
| NONEwithECDSA SHA1withECDSA SHA256withECDSA SHA384withECDSA SHA512withECDSA (ECDSA) | The ECDSA signature algorithms as defined in ANSI X9.62. Note:"ECDSA" is an ambiguous name for the "SHA1withECDSA" algorithm and should not be used. The formal name "SHA1withECDSA" should be used instead. |
| Use this to form a name for a signature algorithm with a particular message digest (such as MD2 or MD5) and algorithm (such as RSA or DSA), just as was done for the explicitly defined standard names in this section (MD2withRSA, and so on). For the new signature schemes defined in PKCS #1 v 2.0, for which the |
You use RSA algorithm to generate keys
KeyPairGenerator.getInstance("RSA")
You must use RSA algorithm for creating signature.Signature.getInstance("SHA1withRSA")
You use DSA algorithm to generate keysKeyPairGenerator.getInstance("DSA")
You must use RSA algorithm for creating signature.Signature.getInstance("SHA1withDSA")
Reference
No comments:
Post a Comment