RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent); KeyFactory factory = KeyFactory.getInstance("RSA"); PublicKey pub = factory.generatePublic(spec); Signature verifier = Signature.getInstance("SHA1withRSA"); verifier.initVerify(pub); verifier.update(url.getBytes("UTF-8")); // Or whatever interface specifies. boolean okay = verifier.verify(signature);
public byte[] sign(SignatureAlgorithmIdentifier signatureAlgorithmIdentifier, PrivateKey privateKey) throws GeneralSecurityException { Signature signature = Signature.getInstance(signatureAlgorithmIdentifier.getName()); signature.initSign(privateKey); signature.update(getEncoded()); return signature.sign(); }
protected boolean doVerify(Signature sig, PublicKey publicKey, byte[] data, byte[] signature) throws InvalidKeyException, java.security.SignatureException { sig.initVerify(publicKey); sig.update(data); return sig.verify(signature); }
private static boolean matches(PrivateKey privateKey, Certificate certificate) { try { PublicKey publicKey = certificate.getPublicKey(); Signature signer = createSignature(privateKey, publicKey); signer.initSign(privateKey); signer.update(TEST_SIGNATURE_DATA); byte[] signature = signer.sign(); signer.initVerify(publicKey); signer.update(TEST_SIGNATURE_DATA); return signer.verify(signature); } catch (GeneralSecurityException ignored) { return false; } }
public static boolean validateSignBySoft256(PublicKey publicKey, byte[] signData, byte[] srcData) throws Exception { Signature st = Signature.getInstance(BC_PROV_ALGORITHM_SHA256RSA, "BC"); st.initVerify(publicKey); st.update(srcData); return st.verify(signData); }
public void setPrvKey(byte[] d, byte[] n) throws Exception{ RSAPrivateKeySpec rsaPrivKeySpec = new RSAPrivateKeySpec(new BigInteger(n), new BigInteger(d)); PrivateKey prvKey = keyFactory.generatePrivate(rsaPrivKeySpec); signature.initSign(prvKey); } public byte[] sign() throws Exception{
public void setPubKey(byte[] e, byte[] n) throws Exception{ RSAPublicKeySpec rsaPubKeySpec = new RSAPublicKeySpec(new BigInteger(n), new BigInteger(e)); PublicKey pubKey=keyFactory.generatePublic(rsaPubKeySpec); signature.initVerify(pubKey); } public void setPrvKey(byte[] d, byte[] n) throws Exception{
/** * Generates a self-signed certificate. These are used to identify servers. * * @return A matched pair of public and private certificates. */ public CertificatePair generateSelfSigned() { keyPairGenerator.initialize(KEY_SIZE); KeyPair kp = keyPairGenerator.genKeyPair(); try { RSAPublicKeySpec pub = keyFactory.getKeySpec(kp.getPublic(), RSAPublicKeySpec.class); RSAPrivateKeySpec priv = keyFactory.getKeySpec(kp.getPrivate(), RSAPrivateKeySpec.class); String uuid = UUID.randomUUID().toString(); signer.initSign(kp.getPrivate(), new SecureRandom()); signer.update(uuid.getBytes(Charsets.UTF_8)); signer.update(pub.getModulus().toByteArray()); signer.update(pub.getPublicExponent().toByteArray()); byte[] rawSig = signer.sign(); BigInteger signature = new BigInteger(rawSig); PublicIdentityCertificate publicCert = new PublicIdentityCertificate(uuid, pub.getModulus(), pub.getPublicExponent(), signature); PrivateIdentityCertificate privateCert = new PrivateIdentityCertificate(priv.getModulus(), priv.getPrivateExponent()); return new CertificatePair(publicCert, privateCert); } catch (InvalidKeySpecException | SignatureException | InvalidKeyException e) { throw new RuntimeException("Unexpected exception generating certificate", e); } }
/** * Produces a signature for data that can be verified as by the paired public certificate. * * @param dataToSign * @return The signature */ public byte[] sign(byte[] dataToSign) { RSAPrivateKeySpec keySpec = new RSAPrivateKeySpec(modulus, exponent); Signature signer = null; try { signer = Signature.getInstance(IdentityConstants.SIGNATURE_ALGORITHM); KeyFactory keyFactory = KeyFactory.getInstance(IdentityConstants.CERTIFICATE_ALGORITHM); PrivateKey key = keyFactory.generatePrivate(keySpec); signer.initSign(key, new SecureRandom()); signer.update(dataToSign); return signer.sign(); } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidKeyException | SignatureException e) { throw new RuntimeException("Unexpected exception during signing", e); } }
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFact = KeyFactory.getInstance("DH"); this.clientPublicKey = keyFact.generatePublic(x509KeySpec); Signature sig = Signature.getInstance(privateKeySignAlgo); sig.initSign(privateKeyEncrypt); sig.update(clientChallenge); byte[] signedBytes = sig.sign(); dos.writeByte(REPLY_OK); DataSerializer.writeByteArray(keyBytes, dos);
throws InvalidKeyException, SignatureException { if (signerConfig.certificates.isEmpty()) { throw new SignatureException("No certificates configured for signer"); byte[] signatureBytes; try { Signature signature = Signature.getInstance(jcaSignatureAlgorithm); signature.initSign(signerConfig.privateKey); if (jcaSignatureAlgorithmParams != null) { signature.setParameter(jcaSignatureAlgorithmParams); signature.update(signer.signedData); signatureBytes = signature.sign(); } catch (InvalidKeyException e) { throw new InvalidKeyException("Failed sign using " + jcaSignatureAlgorithm, e); } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | SignatureException e) { throw new SignatureException("Failed sign using " + jcaSignatureAlgorithm, e); Signature signature = Signature.getInstance(jcaSignatureAlgorithm); signature.initVerify(publicKey); if (jcaSignatureAlgorithmParams != null) { signature.setParameter(jcaSignatureAlgorithmParams); signature.update(signer.signedData); if (!signature.verify(signatureBytes)) { throw new SignatureException("Signature did not verify");
private Optional<String> validateRsaSha256(SecurityEnvironment env, InboundClientDefinition clientDefinition) { try { Signature signature = Signature.getInstance("SHA256withRSA"); signature.initVerify(clientDefinition.keyConfig() .orElseThrow(() -> new HttpSignatureException("RSA public key configuration is " + "required")) .publicKey() .orElseThrow(() -> new HttpSignatureException( "Public key is required, yet not configured"))); signature.update(getBytesToSign(env, null)); if (!signature.verify(this.signatureBytes)) { return Optional.of("Signature is not valid"); } return Optional.empty(); } catch (NoSuchAlgorithmException e) { LOGGER.log(Level.FINEST, "SHA256withRSA algorithm not found", e); return Optional.of("SHA256withRSA algorithm not found: " + e.getMessage()); } catch (InvalidKeyException e) { LOGGER.log(Level.FINEST, "Invalid RSA key", e); return Optional.of("Invalid RSA key: " + e.getMessage()); } catch (SignatureException e) { LOGGER.log(Level.FINEST, "Signature exception", e); return Optional.of("SignatureException: " + e.getMessage()); } }
/** * Get a signature instance for this account. * * @return a signature instance for this account */ public Signature getSignature() { try { Signature signature = Signature.getInstance(signatureAlgorithm); signature.initSign(privateKey); return signature; } catch (NoSuchAlgorithmException | InvalidKeyException e) { throw acme.unableToCreateAcmeSignature(e); } }
public CertificateGenerator() { try { keyPairGenerator = KeyPairGenerator.getInstance(IdentityConstants.CERTIFICATE_ALGORITHM); keyFactory = KeyFactory.getInstance(IdentityConstants.CERTIFICATE_ALGORITHM); signer = Signature.getInstance(IdentityConstants.SIGNATURE_ALGORITHM); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("Insufficient support for '" + IdentityConstants.CERTIFICATE_ALGORITHM + "', required for identity management", e); } }
private static Signature createSignature(PrivateKey privateKey, PublicKey publicKey) throws GeneralSecurityException { if (privateKey instanceof RSAPrivateKey && publicKey instanceof RSAPublicKey) { return Signature.getInstance("NONEwithRSA"); } if (privateKey instanceof ECPrivateKey && publicKey instanceof ECPublicKey) { return Signature.getInstance("NONEwithECDSA"); } if (privateKey instanceof DSAKey && publicKey instanceof DSAKey) { return Signature.getInstance("NONEwithDSA"); } throw new InvalidKeySpecException("Key type must be one of " + SUPPORTED_KEY_TYPES); }
@Override public void write(byte[] b) throws IOException { try { mSignature.update(b, 0, b.length); } catch (SignatureException e) { throw new IOException("SignatureException: " + e); } out.write(b); mCount += b.length; }
@Override public void write(int b) throws IOException { try { signature.update((byte) b); } catch (SignatureException e) { throw new IOException(e.getLocalizedMessage()); } }
public boolean verify(final Signature signature) throws SignatureException { try { return signature.verify(bytes, offs + idx, len - idx); } finally { idx = len; } }