JcaVerify.java - Signature Verification Sample Program

This section provides tutorial example on how to write a digital signature verification sample program to verify any input data and its digital signature with a given public key.

The following program is a standalone program that reads in an input file, a signature file and a public key file, and verifies that if the signature file matches the input file based on the specified digital signature algorithm.

/* JcaVerify.java
 - Copyright (c) 2014, HerongYang.com, All Rights Reserved.
 */
import java.io.*;
import java.security.*;
import java.security.spec.*;
class JcaVerify {
   public static void main(String[] a) {
      if (a.length<5) {
         System.out.println("Usage:");
         System.out.println("java JcaVerify input signFile"
            +" signAlgo keyFile keyAlgo");
         return;
      }
      String input = a[0];
      String signFile = a[1];
      String signAlgo = a[2];  // SHA1withDSA, SHA1withRSA,
      String keyFile = a[3];
      String keyAlgo = a[4]; // DSA, RSA
      try {
         PublicKey pubKey = readPublicKey(keyFile,keyAlgo);
         byte[] sign = readSignature(signFile);
         verify(input,signAlgo,sign,pubKey);
      } catch (Exception e) {
         System.out.println("Exception: "+e);
         return;
      }
   }
   private static PublicKey readPublicKey(String input,
         String algorithm) throws Exception {
      FileInputStream pubKeyStream = new FileInputStream(input);
      int pubKeyLength = pubKeyStream.available();
      byte[] pubKeyBytes = new byte[pubKeyLength];
      pubKeyStream.read(pubKeyBytes);
      pubKeyStream.close();
      X509EncodedKeySpec pubKeySpec 
         = new X509EncodedKeySpec(pubKeyBytes);
      KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
      PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
      System.out.println();
      System.out.println("Public Key Info: ");
      System.out.println("Algorithm = "+pubKey.getAlgorithm());
      System.out.println("Saved File = "+input);
      System.out.println("Length = "+pubKeyBytes.length);
      System.out.println("toString = "+pubKey.toString());
      return pubKey;
   }
   private static byte[] readSignature(String input) 
         throws Exception {
      FileInputStream signStream = new FileInputStream(input);
      int signLength = signStream.available();
      byte[] signBytes = new byte[signLength];
      signStream.read(signBytes);
      signStream.close();
      return  signBytes;
   }
   private static boolean verify(String input, String algorithm, 
         byte[] sign, PublicKey pubKey) throws Exception {
      Signature sg = Signature.getInstance(algorithm);
      sg.initVerify(pubKey);
      System.out.println();
      System.out.println("Signature Object Info: ");
      System.out.println("Algorithm = "+sg.getAlgorithm());
      System.out.println("Provider = "+sg.getProvider());
      FileInputStream in = new FileInputStream(input);
      int bufSize = 1024;
      byte[] buffer = new byte[bufSize];
      int n = in.read(buffer,0,bufSize);
      int count = 0;
      while (n!=-1) {
         count += n;
         sg.update(buffer,0,n);
         n = in.read(buffer,0,bufSize);
      }
      in.close();
      boolean ok = sg.verify(sign);
      System.out.println("Verify Processing Info: ");
      System.out.println("Number of input bytes = "+count);
      System.out.println("Verification result = "+ok);
      return ok;
   }
}

Here is result of my first test to verify a signature generated with the DSA algorithm and the SHA1withDSA algorithm. See the previous section for more information.

>java -cp . JcaVerify JcaSign.class JcaSign_dsa.sgn SHA1withDSA dsa.pub DSA

Public Key Info:
Algorithm = DSA
Saved File = dsa.pub
Length = 244
toString = Sun DSA Public Key
Parameters:DSA
p:     
fca682ce 8e12caba 26efccf7 110e526d b078b05e decbcd1e b4a208f3 ae1617ae
01f35b91 a47e6df6 3413c5e1 2ed0899b cd132acd 50d99151 bdc43ee7 37592e17
q:
962eddcc 369cba8e bb260ee6 b6a126d9 346e38c5
g:
678471b2 7a9cf44e e91a49c5 147db1a9 aaf244f0 5a434d64 86931d2d 14271b9e
35030b71 fd73da17 9069b32e 2935630e 1c206235 4d0da20a 6c416e50 be794ca4

y:
a1352fe3 8a9c7087 35dc2ada f57f5808 24ef3cc5 2c64b304 c242d454 b5c108e9
7f8bf487 891b536a 170a2158 e0b3537c bf572d37 f906ed2e 57c482f1 d1616072

Signature Object Info:
Algorithm = SHA1WithDSA
Provider = SUN version 1.8
Verify Processing Info:
Number of input bytes = 3116
Verification result = true

Yes. The program is working correctly. Here is another verification on the signature generated with RSA and MD2withRSA algorithms.

>java -cp . JcaVerify JcaSign.class JcaSign_rsa.sgn MD2withRSA rsa.pub RSA

Public Key Info:
Algorithm = RSA
Saved File = rsa.pub
Length = 94
toString = Sun RSA public key, 512 bits
modulus: 
7459244741598364941593136037130364374527370485869942130559032300
2280608760378479825322149826810889143669075090234733914758382626
86848167028157628455117711
public exponent: 65537

Signature Object Info:
Algorithm = MD2WithRSA
Provider = SunRsaSign version 1.8
Verify Processing Info:
Number of input bytes = 3116
Verification result = true

Last update: 2014.

Table of Contents

 About This JDK Tutorial Book

 Downloading and Installing JDK 1.8.0 on Windows

 Downloading and Installing JDK 1.7.0 on Windows

 Downloading and Installing JDK 1.6.2 on Windows

 Java Date-Time API

 Date, Time and Calendar Classes

 Date and Time Object and String Conversion

 Number Object and Numeric String Conversion

 Locales, Localization Methods and Resource Bundles

 Calling and Importing Classes Defined in Unnamed Packages

 HashSet, Vector, HashMap and Collection Classes

 Character Set Encoding Classes and Methods

 Character Set Encoding Maps

 Encoding Conversion Programs for Encoded Text Files

 Socket Network Communication

 Datagram Network Communication

 DOM (Document Object Model) - API for XML Files

 SAX (Simple API for XML)

 DTD (Document Type Definition) - XML Validation

 XSD (XML Schema Definition) - XML Validation

 XSL (Extensible Stylesheet Language)

 Message Digest Algorithm Implementations in JDK

 Private key and Public Key Pair Generation

 PKCS#8/X.509 Private/Public Encoding Standards

Digital Signature Algorithm and Sample Program

 What Is Digital Signature?

 The Signing Process and the Verification Process

 java.security.Signature - The Data Signing Class

 JcaSignatureTest.java - Signature Test Program

 Signature Test Program Result

 JcaSign.java - Signature Generation Sample Program

JcaVerify.java - Signature Verification Sample Program

 "keytool" Commands and "keystore" Files

 KeyStore and Certificate Classes

 Secret Key Generation and Management

 Cipher - Secret Key Encryption and Decryption

 The SSL (Secure Socket Layer) Protocol

 SSL Socket Communication Testing Programs

 SSL Client Authentication

 HTTPS (Hypertext Transfer Protocol Secure)

 Outdated Tutorials

 References

 PDF Printing Version