The authentication portion of the Java Security API
includes support for message digests (also known as cryptographic
checksums), digital signatures, and simple key management tasks
through a “keystore” abstraction. Example 7-4 shows a program named
Manifest that demonstrates the use
of message digests, digital signatures, and keystores. The
Manifest program provides the following
When you pass a list of filenames on the command line, the program reads each file, computes a message digest on the contents of the file, and then writes an entry in a manifest file (named MANIFEST by default) that specifies each of the filenames and its digest.
If you use the optional
-s flag to specify a signer and the
-p flag to specify a password,
the program signs the contents of the manifest file and includes a
digital signature within the manifest.
When you invoke the program with the
-v option, it verifies an existing
manifest file. First, it checks the digital signature, if any. If
the signature is valid, it then reads each file named in the
manifest and verifies that its digest matches the one specified in
Manifest program to create a signed manifest file and then later verify it accomplishes two goals. First, the message digests prove that the named files have not been maliciously or inadvertently modified or corrupted since the digests were computed. And second, the digital signature proves that the manifest ...