Use cases

  • verifying if a string has been changed

Java version

  • openjdk8
  • oraclejdk9
  • openjdk9
  • oraclejdk11
  • openjdk11
  • oraclejdk13
  • openjdk13

Example Code for Java String Signing using SHA-512, RSA 4096, BASE64 and UTF-8 encoding

package com.cryptoexamples.java;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Base64;
import java.util.logging.Level;
import java.util.logging.Logger;

/**
 * Example for cryptographic signing of a string in one method.
 * - Generation of public and private RSA 4096 bit keypair
 * - SHA-512 with RSA
 * - BASE64 encoding as representation for the byte-arrays
 * - UTF-8 encoding of String
 * - Exception handling
 */
public class ExampleSignature {
  private static final Logger LOGGER = Logger.getLogger(ExampleSignature.class.getName());

  /**
   * Demonstrational method that signs the plainText using a newly generated keypair.
   * @param plainText
   * @return true if signing and verification were successful, false otherwise
   */
  public static boolean demonstrateSignature(String plainText) {
    try {
      // GENERATE NEW KEYPAIR
      KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
      /* @see https://www.keylength.com/ */
      keyPairGenerator.initialize(4096);
      KeyPair keyPair = keyPairGenerator.generateKeyPair();

      // INITIALIZE SIGNATURE WITH PRIVATE KEY
      Signature signature = Signature.getInstance("SHA512withRSA");
      signature.initSign(keyPair.getPrivate());
      signature.update(plainText.getBytes(StandardCharsets.UTF_8));

      // SIGN DATA/STRING
      String signatureForPlainTextString = Base64.getEncoder().encodeToString(signature.sign());
      LOGGER.log(Level.INFO, () -> String.format("Signature: %s", signatureForPlainTextString));

      // VERIFY JUST CREATED SIGNATURE USING PUBLIC KEY
      signature.initVerify(keyPair.getPublic());
      signature.update(plainText.getBytes(StandardCharsets.UTF_8));

      boolean isSignatureCorrect = signature.verify(Base64.getDecoder().decode(signatureForPlainTextString));
      LOGGER.log(Level.INFO, () -> String.format("Signature is correct: %b", isSignatureCorrect));
      return isSignatureCorrect;
    } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
      LOGGER.log(Level.SEVERE, e.getLocalizedMessage());
      return false;
    }
  }

  public static void main(String[] args) {
    demonstrateSignature("Text that should be signed to prevent unknown tampering with its content.");

  }
}

References

Authors

Kai Mindermann

Reviews

Tags: Java