Generating Digital Signature with RSA Private Key using pre-calculated hash
In this approach, a digital signature is created by taking a pre-calculated hash and then using the sender's private key to encrypt the pre-calculated hash. The pre-calculated hash to be signed and the digital signature is then sent to the recipient to verify it using the public key of the sender.
The following table shows the mapping of supported algorithms and the size of pre-calculated hash ( in bytes):
| Supported Algorithms | Supported Size of Pre-calculated Hash |
|---|---|
| RSA | 20 |
| RSAPSSPaddingSHA1 | 20 |
| RSAPSSPaddingSHA256 | 32 |
| RSAPSSPaddingSHA384 | 48 |
| RSAPSSPaddingSHA512 | 64 |
Note
The RSAPSSPadding transformations are supported KeySecure 8.12.5 onward and not with the CipherTrust Manager.
Get an instance of a Signature object, and pass
RSAPSSPaddingSHA256algorithm as an argument.Obtain an instance of the key you want to use for the Sign operation using the getPrivateKey method of the NAEKey class.
(Optional) You can also use the saltLength parameter to generate signature.
Initialize the Signature object with the key.
Convert the text string, for example, “HelloWorldHelloWorldHelloWorldHe” to a byte array and pass it to the update method of the Signature object.
Invoke the sign method of the Signature object.
Code sample
the following example, a pre-calculated hash is signed with the RSA key, named rsakey. The algorithm used in this sample is RSAPSSPaddingSHA256. In this example we are demonstrating how to sign data using the saltLength parameter.
Signature sig = Signature.getInstance("RSAPSSPaddingSHA256", "IngrianProvider");
PrivateKey key = NAEKey.getPrivateKey("rsakey");
int saltLength=80;
PSSParameterSpec pssParameterSpec = new PSSParameterSpec(saltLength);
sig.setParameter(pssParameterSpec);
sig.initSign(key);
sig.update("HelloWorldHelloWorldHelloWorldHe".getBytes());
byte[] signature = sig.sign();
