jxta.security.signature.Signature) creates and
verifies digital signatures. Digital signatures are used to validate
that a particular set of data came from a particular source. In our
JXTA restaurant auction, for example, we might require each
restaurant to sign its bid so that the HungyPeer knows that the bid
came from the restaurant listed in the bid. Otherwise, a competitor
to Chez JXTA may send out a bid saying that Chez
JXTA’s price for small fries is $100; without a
digital signature to verify the author of the bid document, the
HungryPeer must proceed based only on his trust of the (inherently
Digital signatures require RSA public and private keys: a digital signature is created with a private key and verified with a public key. Therefore, in our restaurant example, the HungryPeer must have Chez JXTA’s public key in order to validate the accompanying signature.
Signature objects are
returned via the
getJxtaSignature( ) method of the
JxtaCrypto interface; the type of object that is
returned will depend on the profile that was used to instantiate the
crypto suite. The valid signature types are defined in the signature
static final byte ALG_RSA_SHA_PKCS1; static final byte ALG_RSA_MD5_PKCS1;
Hence, the JXTA platform can work with RSA signatures that use either the MD5 or SHA1 hash algorithm and PKCS1 padding.
Once you have a signature object, you must initialize it either for signing ...