how to do verify using java.security.Signature
- Use
KeyFactory
to translate key specifications to objects. - Call
Signature.getInstance(algName)
to get a signature instance. - Use
Signature
'sinitVerify
method to associate a key for signature verification. - Use
update
to feed theSignature
bytes. - Finally, call
verify
. - Profit
From the KeyFactory
javadoc:
The following is an example of how to use a key factory in order to instantiate a DSA public key from its encoding. Assume Alice has received a digital signature from Bob. Bob also sent her his public key (in encoded format) to verify his signature. Alice then performs the following actions:
X509EncodedKeySpec bobPubKeySpec = new X509EncodedKeySpec(bobEncodedPubKey); KeyFactory keyFactory = KeyFactory.getInstance("DSA"); PublicKey bobPubKey = keyFactory.generatePublic(bobPubKeySpec); Signature sig = Signature.getInstance("DSA"); sig.initVerify(bobPubKey); sig.update(data); sig.verify(signature);
sammiwei
Updated on June 14, 2022Comments
-
sammiwei almost 2 years
I have a key pair already, public and private. How do I actually use the
java.security.Signature
to do verification of a string I signed with one of the keys?Edit:
I have both the keys as Strings. The verify method, it is actually
verify(byte[] signature)
The javadoc says:
verify(byte[] signature)
Indicates whether the given signature can be verified using the public key or a certificate of the signer.How would I make that signature recognize which public/private key to use for that verifying, before I call the verify method? In other words, how do I turn my string keys into key objects that would get accepted by signature?