站内搜索: 请输入搜索关键词
当前页面: 在线文档首页 > Java Tutorial 5.0 英文版

Verify the Signature - Java Tutorial 5.0 英文版

The JavaTM Tutorial
Previous Page Lesson Contents Next Page Start of Tutorial > Start of Trail > Start of Lesson Search
Feedback Form

Trail: Security in Java 2 SDK 1.2
Lesson: Generating and Verifying Signatures

Verify the Signature

You've added code to the VerSig program to

  • Input the encoded key bytes and converted them to a PublicKey named pubKey

  • Input the signature bytes into a byte array named sigToVerify
You can now proceed to do the verification.

Initialize the Signature Object for Verification

As with signature generation, a signature is verified by using an instance of the Signature class. You need to create a Signature object that uses the same signature algorithm as was used to generate the signature. The algorithm used by the GenSig program was the SHA1withDSA algorithm from the SUN provider.

Signature sig = Signature.getInstance("SHA1withDSA", "SUN");
Next, you need to initialize the Signature object. The initialization method for verification requires the public key.
sig.initVerify(pubKey);

Supply the Signature Object With the Data to be Verified

You now need to supply the Signature object with the data for which a signature was generated. This data is in the file whose name was specified as the third command line argument. As you did when signing, read in the data one buffer at a time, and supply it to the Signature object by calling the update method.
FileInputStream datafis = new FileInputStream(args[2]);
BufferedInputStream bufin = new BufferedInputStream(datafis);

byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
    len = bufin.read(buffer);
    sig.update(buffer, 0, len);
};

bufin.close();

Verify the Signature

Once you have supplied all of the data to the Signature object, you can verify the digital signature of that data and report the result. Recall that the alleged signature was read into a byte array called sigToVerify.

boolean verifies = sig.verify(sigToVerify);

System.out.println("signature verifies: " + verifies);

The verifies value will be true if the alleged signature (sigToVerify) is the actual signature of the specified data file generated by the private key corresponding to the public key pubKey.


Previous Page Lesson Contents Next Page Start of Tutorial > Start of Trail > Start of Lesson Search
Feedback Form

Copyright 1995-2005 Sun Microsystems, Inc. All rights reserved.