Digital Signatures
Digital signatures authenticate a message. They tell us:
That the message was not altered.
Who the author is.
Digital Signatures use public key cryptography.
The author of a message has the
private key
. Access to this is restricted to the author.
However, the author can send the
public key
to anyone.
Though these keys are mathematically related, one cannot be derived from the other.
Only the private key can decrypt messages from the public key, and only the private key can create messages for the public key.
Two common algorythms exist.
DSA, or the Digital Signature Algorythm, is included in the java.security package.
RSA, named after its authors, can be purchased.
You must provide the algorythm with a random number generator.
Class
Random
is not random enough. It is based on the computer's clock. Class
SecureRandom
is usable. That is, its use has not been disproven.
You should provide SecureRandom with a seed number. If you do not, it will generate one.
You can use class
KeyPairGenerator
to generate a
KeyPair
object, which contains a
PublicKey
(or
DSAPublicKey
) and
PrivateKey
(or
DSAPrivateKey
) based on your random number generator.
Then you can use the
Signature
class to sign and verify messages.
On the signer's side:
getInstance
gets an instance of the
Signature
object with the given algorythm.
initSign
prepares the
Signature
object for signing.
update
sends bytes to the
Signature
object, similar to
MessageDigest
.
sign
returns a byte array representing the signature.
On the receiver's side:
initVerify
uses the public key to prepare to verify the message.
update
accepts the message as a byte array.
verify
returns a boolean stating whether the signature is valid or not.
Sometimes, you may want to add third party verification.
You need to make sure that you're not being spoofed by the person giving you the public key in the first place.
Companies like
Verisign
specialize in this.
You can get third-party authenitcated signatures in a number of different security levels. The more secure, the more the signer has to pay.
Exercise (save for later): Use Signatures to send messages with RMI.