Use cases

  • Verifying if a string has been changed

Java version

  • openjdk8
  • oraclejdk9
  • openjdk9
  • oraclejdk11
  • openjdk11
  • oraclejdk13
  • openjdk13

Example Code

package com.cryptoexamples.java;

import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.PublicKeySign;
import com.google.crypto.tink.PublicKeyVerify;
import com.google.crypto.tink.config.TinkConfig;
import com.google.crypto.tink.signature.PublicKeySignFactory;
import com.google.crypto.tink.signature.PublicKeyVerifyFactory;
import com.google.crypto.tink.signature.SignatureKeyTemplates;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.logging.Level;
import java.util.logging.Logger;

/**
 * All in one example for cryptographic signing of a string in one method using Google Tink.
 * - Generation of public and private elliptic curve key pair
 * - BASE64 encoding as representation for the byte-arrays
 * - UTF-8 encoding of Strings
 * - Exception handling
 */
public class ExampleSignatureInOneMethod {
  private static final Logger LOGGER = Logger.getLogger(ExampleSignatureInOneMethod.class.getName());

  public static void main(String[] args) {
    String plainText = "Text that should be signed to prevent unknown tampering with its content.";
    try {
      // Initialize Tink configuration
      TinkConfig.register();

      // GENERATE NEW KEYPAIR
      KeysetHandle privateKeysetHandle = KeysetHandle.generateNew(SignatureKeyTemplates.ED25519);
      PublicKeySign signer = PublicKeySignFactory.getPrimitive(privateKeysetHandle);

      // SIGN DATA/STRING
      byte[] signatureBytes = signer.sign(plainText.getBytes(StandardCharsets.UTF_8));
      String signatureForPlainTextString = new String(Base64.getEncoder().encode(signatureBytes), StandardCharsets.UTF_8);
      LOGGER.log(Level.INFO, () -> String.format("Signature: %s", signatureForPlainTextString));

      // VERIFY JUST CREATED SIGNATURE USING PUBLIC KEY
      KeysetHandle publicKeysetHandle = privateKeysetHandle.getPublicKeysetHandle();
      PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(publicKeysetHandle);

      // verify does NOT return anything, instead it will throw an exception if the signature is incorrect!
      verifier.verify(signatureBytes, plainText.getBytes(StandardCharsets.UTF_8));
      LOGGER.log(Level.INFO, "Signature is correct, because no exception has been thrown during verification.");
    } catch (java.security.GeneralSecurityException e) {
      LOGGER.log(Level.SEVERE, e.getLocalizedMessage(), e);
    }
  }
}

References

Authors

Kai Mindermann

Reviews

Tags: Java