Generating and Verifying Signatures |
In order to be able to create a digital signature, you need a private key. (Its corresponding public key will be needed in order to verify the authenticity of the signature.)
In some cases the key pair (private key and corresponding public key) are already available in files. In that case the program can import and use the private key for signing, as shown in Weaknesses and Alternatives.
In other cases the program needs to generate the key pair. A key pair is generated by using the
KeyPairGenerator
class.In this example you will generate a public/private key pair for the Digital Signature Algorithm (DSA). You will generate keys with a 1024-bit length.
Generating a key pair requires several steps:
Create a Key Pair Generator
The first step is to get a key-pair generator object for generating keys for the DSA signature algorithm.
As with all engine classes, the way to get a
KeyPairGenerator
object for a particular type of algorithm is to call thegetInstance
static factory method on theKeyPairGenerator
class. This method has two forms, both of which hava aString algorithm
first argument; one form also has aString provider
second argument.A caller may thus optionally specify the name of a provider, which will guarantee that the implementation of the algorithm requested is from the named provider. The sample code of this lesson always specifies the default SUN provider built into the JDK.
Put the following statement after the
line in the file created in the previous step, Prepare Initial Program Structure:else try {KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA", "SUN");Initialize the Key-Pair Generator
The next step is to initialize the key-pair generator. All key-pair generators share the concepts of a keysize and a source of randomness. The
KeyPairGenerator
class has aninitialize
method that takes these two types of arguments.The keysize for a DSA key generator is the key length (in bits), which you will set to 1024.
The source of randomness must be an instance of the
SecureRandom
class. This example requests one that uses the SHA1PRNG pseudo-random-number generation algorithm, as provided by the built-in SUN provider. The example then passes thisSecureRandom
instance to the key-pair generator initialization method.SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); keyGen.initialize(1024, random);Note: The
SecureRandom
implementation attempts to completely randomize the internal state of the generator itself unless the caller follows the call to thegetInstance
method with a call to thesetSeed
method. So if you had a specific seed value that you wanted used, you would call the following prior to theinitialize
call:random.setSeed(seed);Generate the Pair of Keys
The final step is to generate the key pair and to store the keys inPrivateKey
andPublicKey
objects.KeyPair pair = keyGen.generateKeyPair(); PrivateKey priv = pair.getPrivate(); PublicKey pub = pair.getPublic();
Generating and Verifying Signatures |