public abstract class Signature extends SignatureSpi
The signature algorithm can be, among others, the NIST standard DSA, using DSA and SHA-1. The DSA algorithm using the
SHA-1 message digest algorithm can be specified as SHA1withDSA
. In the case of RSA, there are multiple
choices for the message digest algorithm, so the signing algorithm could be specified as, for example,
MD2withRSA
, MD5withRSA
, or SHA1withRSA
. The algorithm name must be specified, as there is no
default.
A Signature object can be used to generate and verify digital signatures.
There are three phases to the use of a Signature object for either signing data or verifying a signature:
initVerify
),
or
initSign(PrivateKey)
and initSign(PrivateKey, SecureRandom)
).
Depending on the type of initialization, this will update the bytes to be signed or verified. See the
update
methods.
sign
methods and the
verify
method.
Note that this class is abstract and extends from SignatureSpi
for historical reasons. Application developers
should only take notice of the methods defined in this Signature
class; all the methods in the superclass are
intended for cryptographic service providers who wish to supply their own implementations of digital signature
algorithms.
Every implementation of the Java platform is required to support the following standard Signature
algorithms:
SHA1withDSA
SHA1withRSA
SHA256withRSA
Modifier and Type | Field and Description |
---|---|
protected static int |
SIGN
Possible
state value, signifying that this signature object has been initialized for signing. |
protected int |
state
Current state of this signature object.
|
protected static int |
UNINITIALIZED
Possible
state value, signifying that this signature object has not yet been initialized. |
protected static int |
VERIFY
Possible
state value, signifying that this signature object has been initialized for verification. |
appRandom
Modifier | Constructor and Description |
---|---|
protected |
Signature(String algorithm)
Creates a Signature object for the specified algorithm.
|
Modifier and Type | Method and Description |
---|---|
Object |
clone()
Returns a clone if the implementation is cloneable.
|
String |
getAlgorithm()
Returns the name of the algorithm for this signature object.
|
static Signature |
getInstance(String algorithm)
Returns a Signature object that implements the specified signature algorithm.
|
static Signature |
getInstance(String algorithm,
String provider)
Returns a Signature object that implements the specified signature algorithm.
|
void |
initSign(PrivateKey privateKey)
Initialize this object for signing.
|
void |
initSign(PrivateKey privateKey,
SecureRandom random)
Initialize this object for signing.
|
void |
initVerify(Certificate certificate)
Initializes this object for verification, using the public key from the given certificate.
|
void |
initVerify(PublicKey publicKey)
Initializes this object for verification.
|
void |
setParameter(AlgorithmParameterSpec params)
Initializes this signature engine with the specified parameter set.
|
byte[] |
sign()
Returns the signature bytes of all the data updated.
|
int |
sign(byte[] outbuf,
int offset,
int len)
Finishes the signature operation and stores the resulting signature bytes in the provided buffer
outbuf ,
starting at offset . |
String |
toString()
Returns a string representation of this signature object, providing information that includes the state of the
object and the name of the algorithm used.
|
void |
update(byte b)
Updates the data to be signed or verified by a byte.
|
void |
update(byte[] data)
Updates the data to be signed or verified, using the specified array of bytes.
|
void |
update(byte[] data,
int off,
int len)
Updates the data to be signed or verified, using the specified array of bytes, starting at the specified offset.
|
boolean |
verify(byte[] signature)
Verifies the passed-in signature.
|
boolean |
verify(byte[] signature,
int offset,
int length)
Verifies the passed-in signature in the specified array of bytes, starting at the specified offset.
|
engineInitSign, engineInitSign, engineInitVerify, engineSetParameter, engineSign, engineSign, engineUpdate, engineUpdate, engineVerify, engineVerify
protected static final int UNINITIALIZED
state
value, signifying that this signature object has not yet been initialized.protected static final int SIGN
state
value, signifying that this signature object has been initialized for signing.protected static final int VERIFY
state
value, signifying that this signature object has been initialized for verification.protected int state
protected Signature(String algorithm)
algorithm
- the standard string name of the algorithm. See the Signature section in the
Java Cryptography
Architecture Standard Algorithm Name Documentation for information about standard algorithm names.public static Signature getInstance(String algorithm) throws NoSuchAlgorithmException
This method traverses the list of registered security Providers, starting with the most preferred Provider. A new Signature object encapsulating the SignatureSpi implementation from the first Provider that supports the specified algorithm is returned.
algorithm
- the standard name of the algorithm requested. See the Signature section in the
Java Cryptography
Architecture Standard Algorithm Name Documentation for information about standard algorithm names.NoSuchAlgorithmException
- if no Provider supports a Signature implementation for the specified algorithm.public static Signature getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException
A new Signature object encapsulating the SignatureSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.
algorithm
- the name of the algorithm requested. See the Signature section in the
Java Cryptography
Architecture Standard Algorithm Name Documentation for information about standard algorithm names.provider
- the name of the provider.NoSuchAlgorithmException
- if a SignatureSpi implementation for the specified algorithm is not available from the specified
provider.NoSuchProviderException
- if the specified provider is not registered in the security provider list.IllegalArgumentException
- if the provider name is null or empty.public final void initVerify(PublicKey publicKey) throws InvalidKeyException
publicKey
- the public key of the identity whose signature is going to be verified.InvalidKeyException
- if the key is invalid.public final void initVerify(Certificate certificate) throws InvalidKeyException
If the certificate is of type X.509 and has a key usage extension field marked as critical, and the value
of the key usage extension field implies that the public key in the certificate and its corresponding
private key are not supposed to be used for digital signatures, an InvalidKeyException
is thrown.
certificate
- the certificate of the identity whose signature is going to be verified.InvalidKeyException
- if the public key in the certificate is not encoded properly or does not include required
parameter information or cannot be used for digital signature purposes.public final void initSign(PrivateKey privateKey) throws InvalidKeyException
privateKey
- the private key of the identity whose signature is going to be generated.InvalidKeyException
- if the key is invalid.public final void initSign(PrivateKey privateKey, SecureRandom random) throws InvalidKeyException
privateKey
- the private key of the identity whose signature is going to be generated.random
- the source of randomness for this signature.InvalidKeyException
- if the key is invalid.public final byte[] sign() throws SignatureException
A call to this method resets this signature object to the state it was in when previously initialized for signing
via a call to initSign(PrivateKey)
. That is, the object is reset and available to generate another
signature from the same signer, if desired, via new calls to update
and sign
.
SignatureException
- if this signature object is not initialized properly or if this signature algorithm is unable to
process the input data provided.public final int sign(byte[] outbuf, int offset, int len) throws SignatureException
outbuf
,
starting at offset
. The format of the signature depends on the underlying signature scheme.
This signature object is reset to its initial state (the state it was in after a call to one of the
initSign
methods) and can be reused to generate further signatures with the same private key.
outbuf
- buffer for the signature result.offset
- offset into outbuf
where the signature is stored.len
- number of bytes within outbuf
allotted for the signature.outbuf
.SignatureException
- if this signature object is not initialized properly, if this signature algorithm is unable to
process the input data provided, or if len
is less than the actual signature length.public final boolean verify(byte[] signature) throws SignatureException
A call to this method resets this signature object to the state it was in when previously initialized for
verification via a call to initVerify(PublicKey)
. That is, the object is reset and available to verify
another signature from the identity whose public key was specified in the call to initVerify
.
signature
- the signature bytes to be verified.SignatureException
- if this signature object is not initialized properly, the passed-in signature is improperly
encoded or of the wrong type, if this signature algorithm is unable to process the input data
provided, etc.public final boolean verify(byte[] signature, int offset, int length) throws SignatureException
A call to this method resets this signature object to the state it was in when previously initialized for
verification via a call to initVerify(PublicKey)
. That is, the object is reset and available to verify
another signature from the identity whose public key was specified in the call to initVerify
.
signature
- the signature bytes to be verified.offset
- the offset to start from in the array of bytes.length
- the number of bytes to use, starting at offset.SignatureException
- if this signature object is not initialized properly, the passed-in signature is improperly
encoded or of the wrong type, if this signature algorithm is unable to process the input data
provided, etc.IllegalArgumentException
- if the signature
byte array is null, or the offset
or length
is less than
0, or the sum of the offset
and length
is greater than the length of the
signature
byte array.public final void update(byte b) throws SignatureException
b
- the byte to use for the update.SignatureException
- if this signature object is not initialized properly.public final void update(byte[] data) throws SignatureException
data
- the byte array to use for the update.SignatureException
- if this signature object is not initialized properly.public final void update(byte[] data, int off, int len) throws SignatureException
data
- the array of bytes.off
- the offset to start from in the array of bytes.len
- the number of bytes to use, starting at offset.SignatureException
- if this signature object is not initialized properly.public final String getAlgorithm()
public String toString()
public final void setParameter(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException
params
- the parametersInvalidAlgorithmParameterException
- if the given parameters are inappropriate for this signature enginepublic Object clone() throws CloneNotSupportedException
clone
in class SignatureSpi
CloneNotSupportedException
- if this is called on an implementation that does not support Cloneable
.Cloneable