|
|
Message digests use an algorythm to compute a value, often a hash value,
based on the bytes of a file, usually composed of a jar, bytecode, or binary.
-
We can then compare the digest value on the client with the digest value
generated from the source of the program.
-
If they are equal, then we can safely say the code has not been altered.
If they are not equal, then we should not run the program.
-
Though there is statistical probability of having two different files with
the same value, this probability is remote.
-
For digests to work, two properties must hold true:
-
Changing the file changes the digest.
-
A forger cannot change the file and still have the same message digest
as the original.
-
In Java, our message digests can use two well known algorythms:
-
We can use class MessageDigest
to compute the fingerprint of a bytestream.
-
You can use the static getInstance method to get an instance of the MessageDigest
class, and you can specify the algorythm you want to use.
-
Send either a byte or byte array to the update() method of MessageDigest.
Using class MessageDigest
|