Generating and Verifying Signatures [API] |
If you have data for which a digital signature was generated, you can verify the authenticity of the signature. To do so, you need
- the data
- the signature
- the public key corresponding to the private key used to sign the data
In this example, you write a
VerSig
program to verify the signature generated by theGenSig
program. This demonstrates the steps required to verify the authenticity of an alleged signature.
VerSig
imports a public key and a signature that is alleged to be the signature of a specified data file, and verifies the authenticity of the signature. The public key, signature, and data file names are specified on the command line.The steps to create the
VerSig
sample program to import the files and verify the signature are the following:
- Prepare Initial Program Structure
Create a text file named
VerSig.java
. Type in the initial program structure (import statements, class name,main
method, and so on).
- Input and Convert the Encoded Public Key Bytes
Import the encoded public key bytes from the file specified as the first command line argument, and convert them to a
PublicKey
.
- Input the Signature Bytes
Input the signature bytes from the file specified as the second command line argument.
- Verify the Signature
Get a
Signature
object and initialize it with the public key for verifying the signature. Supply it the data whose signature is to be verified (from the file specified as the third command line argument), and verify the signature.
- Compile the Program
Use
javac
to compile the program created in the previous steps.
- Run the Program
And finally, use
java
, the interpreter, to run the program.
Generating and Verifying Signatures [API] |