Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Sign and Sign Verify

Verify Digital Signature with RSA Public Key using message/text

search

Please Note:

Verify Digital Signature with RSA Public Key using message/text

The Sign Verify operation is a two–part operation used to verify a digital signature. The Sign operation produces an encrypted message digest (digital signature). To verify a signature, the client must send the encrypted message digest (digital signature) and the message (in this example: “Hello World!”) to the NAE Server. In the first part of the Sign Verify operation, the NAE Server applies a hash function (using the same algorithm as used in the Sign operation) to the message text that needs to be verified. This produces the first hash. In the second part of the Sign Verify operation, the NAE Server decrypts the message digest using the sender’s public key. This produces the second hash. The NAE Server then compares the two hashes: if they are identical, the signature is valid; if the hashes are not identical, the signature is not valid.

  1. Get an instance of a Signature object, and pass SHA256withRSA algorithm as an argument.

  2. Obtain an instance of the key you want to use for the Sign Verify operation using the getPublicKey method of the NAEKey class.

  3. Initialize the Signature object with the key.

  4. Specify the text string that you want to verify and convert it to a byte array.

  5. Perform the verify operation, and pass the previously calculated digital signature as an argument. At this point, the NAE Server generates a hash from the text string and decrypts the previously calculated signature, which produces a second hash. The NAE Server compares the two hashes and returns true if the they are identical and false if they are not.

Code sample

the following example, the string Hello World! is verified with the RSA key, named rsakey. The algorithm used in this sample is SHA256withRSA.

byte[] signature = ... /* get previously calculated signature*/
Signature sig = Signature.getInstance("SHA256withRSA", "IngrianProvider");
PublicKey key = NAEKey.getPublicKey("rsakey");
int saltLength=80;
PSSParameterSpec pssParameterSpec = new PSSParameterSpec(saltLength);
sig.setParameter(pssParameterSpec);
sig.initVerify(key);
sig.update("Hello World".getBytes());
boolean verified = sig.verify(signature);

On this page