Chapter 12. Digital Signatures
In the previous few chapters, we’ve examined various aspects of Java’s security package with an eye toward the topics of this chapter: the ability to generate and to verify digital signatures. We’ve now reached the fruits of that examination. In this chapter, we’ll explore the mechanisms of the digital signature.
The use and verification of digital signatures is another standard engine that is included in the security provider architecture. Like the other engines we’ve examined, the classes that implement this engine have both a public interface and an SPI for implementors of the engine.
In the JDK, the most common use of digital signatures is to create signed classes; users have the option of granting additional privileges to these signed classes using the mechanics of the access controller. In addition, a security manager and a class loader can use this information to change the policy of the security manager; this technique is quite useful in 1.1. Hence, we’ll also show an example that reads a signed JAR file.
The Signature Class
Operations
on digital signatures are abstracted by the
Signature
class
(java.security.Signature
):
- public abstract class Signature extends SignatureSpi
Provide an engine to create and verify digital signatures. In Java 1.1, there is no
SignatureSpi
class, and this class simply extends theObject
class.
The Sun security provider includes a single implementation of this class that generates signatures based on the DSA algorithm. ...
Get Java Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.