Generating and Verifying Signatures

Generate Public and Private Keys

In order to be able to create a digital signature, you need a private key. (Its corresponding public key will be needed in order to verify the authenticity of the signature.)

In some cases, the key pair (private key and corresponding public key) are already available in files. In that case, the program can import and use the private key for signing, as shown in Weaknesses and Alternatives.

In other cases, the program needs to generate the key pair. A key pair is generated using the KeyPairGenerator class.

In this example you will generate a public-private key pair for the algorithm named "DSA" (Digital Signature Algorithm). You will generate keys with a 1024-bit length.

Generating a key pair is done with the following steps:

Create a Key Pair Generator

The first step is to get a key pair generator object for generating keys for the DSA signature algorithm.

As with all engine classes, the way to get a KeyPairGenerator object for a particular type of algorithm is to call the getInstance static factory method on the KeyPairGenerator class. There are two forms of this method. Both hava a String algorithm first argument, and one also has a String provider second argument.

A caller may thus optionally specify the name of a provider, which will guarantee that the implementation of the algorithm requested is from the named provider. The sample code of this lesson always specifies the default "SUN" provider built into the JDK.

Put the following statement after the

    else try {

line in the file created in the previous step, Prepare Initial Program Structure:

        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA", "SUN");

Initialize the Key Pair Generator

The next step is to initialize the key pair generator. All key pair generators share the concepts of a "strength" and a source of randomness. The KeyPairGenerator class has an initialize method that takes these two types of arguments.

The "strength" for a DSA key generator is the key length (in bits), which you will set to 1024.

The source of randomness must be an instance of the SecureRandom class. This example requests one that uses the "SHA1PRNG" pseudo-random number generation algorithm, as provided by the built-in "SUN" provider. It then passes this SecureRandom instance to the key pair generator initialization method:

        SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
        keyGen.initialize(1024, random);

Note: The SecureRandom implementation attempts to completely randomize the internal state of the generator itself unless the caller follows the call to the getInstance method with a call to the setSeed method. So if you had a specific seed value that you wanted used, you would call

        random.setSeed(seed);

prior to the initialize call.

Generate the Pair of Keys

The final step is generating the key pair and storing the keys in PrivateKey and PublicKey objects:

        KeyPair pair = keyGen.generateKeyPair();
        PrivateKey priv = pair.getPrivate();
        PublicKey pub = pair.getPublic();

Generating and Verifying Signatures