Supported signature algorithms
This section describes the signature algorithms that are available with the Provider through the java.security.Signature interface.
MD2withRSA
This Signature class implements the algorithm “MD2withRSA” as defined in PKCS#1. This algorithm will perform a message digest of the data to be signed, encode that information in a X.509 DigestInfo block, and then RSA encrypt the DER-encoded block.
Initialization requires a ProtectToolkit-J RSA key, either a private key for signing or a public key for signature verification. For more information on RSA keys, see RSA.
This algorithm is provided for compatibility only; newer applications should use either MD5withRSA or SHA1withRSA.
The following example will sign the message “hello world” with a pre-existing RSA private key, and then verify it with the corresponding public key.
KeyPair rsaPair; // pre existing key pair
Signature rsaSig = Signature.getInstance(“MD2withRSA”, “SAFENET”);
rsaSig.initSign(rsaPair.getPrivate());
rsaSig.update(“hello world”.getBytes());
byte[] sig = rsaSig.sign();
rsaSig.initVerify(rsaPair.getPublic());
rsaSig.update(“hello world”.getBytes());
if (rsaSig.verify(sig)) {
System.out.println(“Signature okay”);
}
else {
System.out.println(“Signature fails verification”);
}
MD5withRSA
This Signature class implements the algorithm “MD5withRSA”, as defined in PKCS#1. This algorithm will perform a message digest of the data to be signed, encode that information in a X.509 DigestInfo block, and then RSA encrypt the DER-encoded block.
Initialization requires a ProtectToolkit-J RSA key, either a private key for signing or a public key for signature verification. For more information on RSA keys, see RSA.
See MD2withRSA for a simple example on using this algorithm; modify the algorithm name used to “MD5withRSA”.
SHA1withRSA
This Signature class implements the algorithm “RSASSA-PKCS1-v1_5”, as defined in PKCS#1. This algorithm will perform a message digest of the data to be signed, encode that information in a X.509 DigestInfo block and then finally RSA encrypt the DER-encoded block.
Initialization requires a ProtectToolkit-J RSA key, either a private key for signing or a public key for signature verification. For more information on RSA keys, see RSA.
See MD2withRSA for a simple example on using this algorithm; modify the algorithm name used to “SHA1withRSA”.
SHA224withRSA
This signature class is similar to SHA1withRSA, except it produces a signature from a digest length of 224 bits.
See MD2withRSA for a simple example on using this algorithm; modify the algorithm name used to “SHA224withRSA”.
SHA256withRSA
This signature class is similar to SHA1withRSA, except it produces a signature from a digest length of 256 bits.
See MD2withRSA for a simple example on using this algorithm; simply modify the algorithm name used to “SHA256withRSA”.
SHA384withRSA
This signature class is similar to SHA1withRSA, except it produces a signature from a digest length of 384 bits.
See MD2withRSA for a simple example on using this algorithm; simply modify the algorithm name used to “SHA384withRSA”.
SHA512withRSA
This signature class is similar to SHA1withRSA, except it produces a signature from a digest length of 512 bits.
See MD2withRSA for a simple example on using this algorithm; simply modify the algorithm name used to “SHA512withRSA”.
SHA1withDSA
This Signature class implements the Digital Signature Algorithm (DSA) as defined in FIPS PUB 186, which is also compatible with the Sun-provided Signature algorithm of the same name. This algorithm will perform a message digest (using SHA1) of the data to be signed, and then sign that data using DSA. The result of a sign operation using this algorithm will be a DER-encoded block containing a sequence of the two integer values r and s.
Initialization requires a ProtectToolkit-J DSA key, either a private key for signing or a public key for signature verification. The section DSA Key describes how to generate ProtectToolkit-J provider DSA keys.
DSA Key
The DSA Signature requires a ProtectToolkit-J DSA public or private Key during initialization. The DSA key may be any length between 512 and 4096 bits (inclusive).
A new ProtectToolkit-J DSA key pair can be generated randomly using the KeyPairGenerator, as described in Key Generation, or, a provider-independent form. The AES key can also be stored in the ProtectToolkit-J KeyStore as described in Key storage.
The ProtectToolkit-J DSA public and private keys will return the string “DSA” as the algorithm name, “RAW” as the encoding type and null for the encoding.
DSA KeyGenerator
The DSA KeyPairGenerator is used to generate random DSA key pairs. The generated key pair will consist of two hardware keys: the public key and a private key with the Cryptoki CKA_SENSITIVE attribute set. Each key will also share the same set of DSA parameters.
During initialization, the strength parameter may be either 512 or 4096. The default key size is 1024 bits. The random parameter is ignored as the hardware includes a cryptographically-secure random source. Any provided AlgorithmParameterSpec parameters will also be ignored (this precludes generation of keys with non-default parameters). The DSA parameters used for the 512 and 1024 bit keys are as specified in the Java Cryptography Architecture Specification.
Keys generated using the KeyGenerator are not thread-safe. That is, a ProtectToolkit-J Key instance can only be used by a single Cipher instance (as well as a single MAC instance) at any given time. See Key generation for information on threading and ProtectToolkit-J keys.
The following example will generate a new random 1024 bit key pair:
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(
“DSA”, “SAFENET”);
KeyPair dsaPair = keyGen.generateKeyPair();
DSA KeyFactory
The DSA KeyFactory is used to construct ProtectToolkit-J keys from their provider-independent form. There are two standard provider-independent forms for DSA keys: one for public keys and one for private keys. They are java.security.spec.DSAPublicKeySpec, and java.security.spec.DSAPrivateKeySpec.
Keys generated using the KeyFactory are not thread-safe. That is, a ProtectToolkit-J Key instance can only be used by a single Cipher instance (as well as a single MAC instance) at any given time. See Key Generation for information on threading and ProtectToolkit-J keys.
To convert one of these supported KeySpec classes into a ProtectToolkit-J provider key:
KeyFactory dsaKeyFact = KeyFactory.getInstance(“DSA”,
“SAFENET”);
PublicKey pubKey = dsaKeyFact.generatePublic(pubKeySpec);
PrivateKey privKey = dsaKeyFact.generatePrivate(privKeySpec);
The DSA KeyFactory cannot currently convert ProtectToolkit-J keys into their provider independent format so the getKeySpec() method will throw an InvalidKeySpecException. The class also cannot perform any key translation via the translateKey() method.
DSA Example Code
The following example code will create a random DSA key pair, then create a DSA Signature. We will then use this instance to sign the message “hello world” and verify that signature using the public key.
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA",
"SAFENET");
KeyPair rsaPair = keyGen.generateKeyPair();
Signature dsaSig = Signature.getInstance("DSA",
"SAFENET");
dsaSig.initSign(dsaPair.getPrivate());
dsaSig.update(“hello world”.getBytes());
byte[] sig = dsaSig.sign();
dsaSig.initVerify(dsaPair.getPublic();
dsaSig.update(“hello world”.getBytes());
if (dsaSig.verify()) {
System.out.println(“Signature okay”);
}
else {
System.out.println(“Signature fails verification”);
}
PKCS#1RSA
This signature algorithm will produce a PKCS#1 encoded block (block type 01) containing the private-key encrypted message. The message length must be k-11 bytes long, where k is the length of the RSA modulus. The generated signature will be k bytes long.
X.509RSA
This signature algorithm will perform "raw" RSA exponentiation on the input message by converting it to an integer (most-significant byte first) and converting the result to a byte string (most-significant byte first). The input message, considered as an integer, must be less than the modulus. Where necessary, the input message is padded by prepending the message with 0-valued bytes.
This algorithm is intended for compatibility with applications that do not follow the PKCS#1 block format.
DSARaw
This signature algorithm will perform "raw" DSA exponentiation on the input message by converting it to an integer (most-significant byte first) and converting the result to a byte string (most-significant byte first). The input message, considered as an integer, must be less than the modulus. Where necessary, the input message is padded by prepending the message with 0-valued bytes.
This algorithm is intended for compatibility with applications that do not follow the PKCS#1 block format.
RIPEMD128withRSA
This Signature class implements the algorithm “MD5withRSA”, as defined in PKCS#1, with the message digest algorithm RIPEMD128 in place of MD5. This algorithm will perform a message digest of the data to be signed, encode that information in a X.509 DigestInfo block, and then RSA-encrypt the DER-encoded block.
Initialization requires a ProtectToolkit-J RSA key, either a private key for signing or a public key for signature verification. For more information on RSA keys, see RSA.
See MD2withRSA for a simple example on using this algorithm; simply modify the algorithm name used to “RIPEMD128withRSA”.
RIPEMD160withRSA
This Signature class implements the algorithm “MD5withRSA”, as defined in PKCS#1, with the message digest algorithm RIPEMD160 in place of MD5. This algorithm will perform a message digest of the data to be signed, encode that information in a X.509 DigestInfo block and then RSA-encrypt the DER-encoded block.
Initialization requires a ProtectToolkit-J RSA key, either a private key for signing or a public key for signature verification. For more information on RSA keys, see RSA.
See MD2withRSA for a simple example on using this algorithm; simply modify the algorithm name used to “RIPEMD128withRSA”.