Message Digests and Digital Signatures
The authentication portion of the Java Security API
includes support for message digests (also known as cryptographic
checksums), digital signatures, and simple key management tasks
through a “keystore” abstraction. Example 7-4 shows a program named
Manifest
that demonstrates the use
of message digests, digital signatures, and keystores. The Manifest
program provides the following
functionality:
When you pass a list of filenames on the command line, the program reads each file, computes a message digest on the contents of the file, and then writes an entry in a manifest file (named MANIFEST by default) that specifies each of the filenames and its digest.
If you use the optional
-s
flag to specify a signer and the-p
flag to specify a password, the program signs the contents of the manifest file and includes a digital signature within the manifest.When you invoke the program with the
-v
option, it verifies an existing manifest file. First, it checks the digital signature, if any. If the signature is valid, it then reads each file named in the manifest and verifies that its digest matches the one specified in the manifest.
Using the Manifest
program to create a signed manifest file and then later verify it accomplishes two goals. First, the message digests prove that the named files have not been maliciously or inadvertently modified or corrupted since the digests were computed. And second, the digital signature proves that the manifest ...
Get Java Examples in a Nutshell, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.