Signatures

A signature provides two security services, authentication and integrity. A signature gives you assurance that a message has not been tampered with and that it originated from a certain person. As you’ll recall from Chapter 2, a signature is a message digest that is encrypted with the signer’s private key. Only the signer’s public key can decrypt the signature, which provides authentication. If the message digest of the message matches the decrypted message digest from the signature, then integrity is also assured.

Signatures do not provide confidentiality. A signature accompanies a plaintext message. Anyone can intercept and read the message. Signatures are useful for distributing software and documentation because they foil forgery.

The Java Security API provides a class, java.security.Signature, that represents cryptographic signatures. This class operates in two distinct modes, depending on whether you wish to generate a signature or verify a signature.

Like the other cryptography classes, Signature has two factory methods:

public static Signature getInstance(String algorithm) throws NoSuchAlgorithmException

This method returns a Signaturefor the given algorithm. The first provider supporting the given algorithm is used.

public static Signature getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException

This method returns a Signature for the given algorithm, using the given provider.

One of two methods initializes the Signature ...

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.