Digital Signatures

A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature provides the recipient with a reason to believe that the message was created by a known sender, and that it was not altered in transit.

The Digital Signatures family of classes implements three main functionalities that correspond to the cryptographer’s language in which an encryption scheme is composed of three algorithms:

  1. Generation of the keys.
  2. Signing a message.
  3. Verifying a signature with a message.

The DigitalSignature Interface

public interface DigitalSignature

General interface for digital signatures. Each class of this family must implement this interface. A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit.

Sign and Verify

public Signature sign(byte[] msg, int offset, int length)

Signs the given message

Parameters:
  • msg – the byte array to sign.
  • offset – the place in the msg to take the bytes from.
  • length – the length of the msg.
Throws:
Returns:

the signatures from the msg signing.

public boolean verify(Signature signature, byte[] msg, int offset, int length)

Verifies the given signature

Parameters:
  • signature – to verify
  • msg – the byte array to verify the signature with
  • offset – the place in the msg to take the bytes from
  • length – the length of the msg
Throws:
Returns:

true if the signature is valid. false, otherwise.

Key Generation and Handling

public KeyPair generateKey(AlgorithmParameterSpec keyParams)

Generates public and private keys for this digital signature.

Parameters:
  • keyParams – hold the required key parameters
Throws:
  • InvalidParameterSpecException – if the given keyParams does not match this signature scheme.
Returns:

KeyPair holding the public and private keys

public KeyPair generateKey()

Generates public and private keys for this digital signature.

Returns:KeyPair holding the public and private keys
public PublicKey getPublicKey()

Returns the PublicKey of this signature scheme.

This function should not be use to check if the key has been set. To check if the key has been set use isKeySet function.

Throws:
Returns:

the PublicKey

public boolean isKeySet()

Checks if this digital signature object has been given a key already.

Returns:true if the object has been given a key; false otherwise.
public void setKey(PublicKey publicKey, PrivateKey privateKey)

Sets this digital signature with public key and private key.

Parameters:
  • publicKey
  • privateKey
Throws:
  • InvalidKeyException – if the given keys do not match this signature scheme.
public void setKey(PublicKey publicKey)

Sets this digital signature with a public key.

In this case the signature object can be used only for verification.

Parameters:
  • publicKey
Throws:
  • InvalidKeyException – if the given key does not match his signature scheme.

RSA Based Digital Signature

The RSABasedSignature Interface

public interface RSABasedSignature extends DigitalSignature, UnlimitedTimes

General interface for RSA PSS signature scheme. Every concrete implementation of RSA PSS signature should implement this interface. The RSA PSS (Probabilistic Signature Scheme) is a provably secure way of creating signatures with RSA.

BouncyCastle Implementation

public class BcRSAPss extends RSAPssAbs

This class implements the RSA PSS signature scheme, using BC RSAPss implementation. The RSA PSS (Probabilistic Signature Scheme) is a provably secure way of creating signatures with RSA.

public BcRSAPss()

Default constructor. uses default implementations of CryptographicHash and SecureRandom.

public BcRSAPss(CryptographicHash hash, SecureRandom random)

Constructor that receives hash and secure random to use.

Parameters:
  • hash – underlying hash to use.
  • random – secure random to use.
Throws:
  • FactoriesException – if there is no hash with the given name.

Crypto++ Implementation

public class CryptoPPRSAPss extends RSAPssAbs

This class implements the RSA PSS signature scheme, using Crypto++ RSAPss implementation. The RSA PSS (Probabilistic Signature Scheme) is a provably secure way of creating signatures with RSA.

public CryptoPPRSAPss()

Default constructor. uses default implementation of SecureRandom.

public CryptoPPRSAPss(SecureRandom random)

Constructor that receives the secure random object to use.

Parameters:
  • random – secure random to use

OpenSSL Implementation

public class OpenSSLRSAPss extends RSAPssAbs

This class implements the RSA PSS signature scheme, using OpenSSL RSAPss implementation. The RSA PSS (Probabilistic Signature Scheme) is a provably secure way of creating signatures with RSA.

public OpenSSLRSAPss()

Default constructor. uses default implementation of SecureRandom.

public OpenSSLRSAPss(SecureRandom random)

Constructor that receives the secure random object to use.

Parameters:
  • random – secure random to use

Example of Usage

Sender usage:

//Create an RSAPss signature object.
RSAPss signer = new BcRSAPss();

//Generate a keyPair using the RSAPss object.
KeyPair pair = signer.generateKey(new RSAKeyGenParameterSpec(1024, null));

//Generate a keyPair using the signer.
KeyPair pair = signer.generateKey();

//Publish your public key.
Publish(pair.getPublic());

//Set private key and party2's public key:
signer.setKey(party2PublicKey, pair.getPrivate());

//Get a byte[] message to sign, and sign it.
Signature signature= signer.sign(msg, offset, length); //Send signature, msg and keys to the receiver.

Receiver usage:

//Create the same RSAPss object as the sender’s object.
//Generate a keyPair using the signer object.
KeyPair pair = signer.generateKey();

//Publish your public key.
Publish(pair.getPublic());

//Set private key and party1's public key:
signer.setKey(party1PublicKey, pair.getPrivate());

//Get the signature and message and verify it.
...

if (!signer.verify(signature, msg, offset, length)) {
    Throw new IllegalArgumentException(“the message is not verified!”);
}

//Message verified, continue working with it.
...

DSA Digital Signature

The DSABasedSignature Interface

public interface DSABasedSignature extends DigitalSignature, UnlimitedTimes

General interface for DSA signature scheme. Every concrete implementation of DSA signature should implement this interface.

Scapi Implementation

public class ScDSA implements DSABasedSignature

This class implements the DSA signature scheme.

public ScDSA()

Default constructor. uses default implementations of CryptographicHash, DlogGroup and SecureRandom.

public ScDSA(CryptographicHash hash, DlogGroup dlog, SecureRandom random)

Constructor that receives hash, dlog and secure random to use.

Parameters:
  • hash – underlying hash to use.
  • dlog – underlying DlogGroup to use.
  • random – secure random to use.

OpenSSL Implementation

public class OpenSSLDSA implements DSABasedSignature

This class implements the DSA signature scheme using OpenSSL library.

public OpenSSLDSA()

Default constructor. uses default implementations of DlogGroup.

public OpenSSLDSA(DlogGroup dlog)

Constructor that receives a dlog to use.

Parameters:
  • dlog – underlying DlogGroup to use.

Example of Usage

Sender usage:

//Create a DSA signature object.
DSA signer = new ScDSA(new MiraclDlogECFp());

//Generate a keyPair using the DSA object.
KeyPair pair = signer.generateKey();

//Publish your public key.
Publish(pair.getPublic());

//Set private key and party2's public key:
signer.setKey(party2PublicKey, pair.getPrivate());

//Get a byte[] message to sign, and sign it.
Signature signature= signer.sign(msg, offset, length);

//Send signature, msg and keys to the receiver.
...

Receiver usage:

//Create the same DSA object as the sender’s object.
//Generate a keyPair using the signer object.
KeyPair pair = signer.generateKey();

//Publish your public key.
Publish(pair.getPublic());

//Set private key and party1's public key:
signer.setKey(party1PublicKey, pair.getPrivate());

//Get the signature and message and verify it.
...

if (!signer.verify(signature, msg, offset, length)) {
    throw new IllegalArgumentException(“the message is not verified!”);
}

//Message verified, continue working with it.
...