how to do verify using java.security.Signature

2
votes

I have a key pair already, public and private. How do I actually use the java.security.Signature to do verification of a string I signed with one of the keys?

Edit:

I have both the keys as Strings. The verify method, it is actually

verify(byte[] signature)

The javadoc says:

verify(byte[] signature) Indicates whether the given signature can be verified using the public key or a certificate of the signer.

How would I make that signature recognize which public/private key to use for that verifying, before I call the verify method? In other words, how do I turn my string keys into key objects that would get accepted by signature?

1
javarsadigital-signature
Is there by any chance a method named verify in that class? If so perhaps you have a more specific question.President James K. Polk

1 Answers

7
votes
  1. Use KeyFactory to translate key specifications to objects.
  2. Call Signature.getInstance(algName) to get a signature instance.
  3. Use Signature's initVerify method to associate a key for signature verification.
  4. Use update to feed the Signature bytes.
  5. Finally, call verify.
  6. Profit

From the KeyFactory javadoc:

The following is an example of how to use a key factory in order to instantiate a DSA public key from its encoding. Assume Alice has received a digital signature from Bob. Bob also sent her his public key (in encoded format) to verify his signature. Alice then performs the following actions:

X509EncodedKeySpec bobPubKeySpec = new X509EncodedKeySpec(bobEncodedPubKey);
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
PublicKey bobPubKey = keyFactory.generatePublic(bobPubKeySpec);
Signature sig = Signature.getInstance("DSA");
sig.initVerify(bobPubKey);
sig.update(data);
sig.verify(signature);