Re: HELP on DSA signature

Jan Luehe (Jan.Luehe@Eng)
Tue, 10 Mar 1998 09:49:13 -0800 (PST)

Date: Tue, 10 Mar 1998 09:49:13 -0800 (PST)
From: Jan Luehe <Jan.Luehe@Eng>
Subject: Re: HELP on DSA signature
To: java-security@web2.javasoft.com, dhe@orlando.fr

David:

> First application look like ...
>
> String s=name;
>
> keyGen=KeyPairGenerator.getInstance("DSA");
> keyGen.initialize(256,new SecureRandom());

The modulus size for DSA must be greater or equal to 512,
and must be a multiple of 64. So use 512 instead of 256.


> pair=keyGen.generateKeyPair();
> dsa=Signature.getInstance("DSA");
> privatekey=pair.getPrivate();
> publickey=pair.getPublic();
> dsa.initSign(privatekey);
> dsa.update(s.getBytes());
> byte[] b=dsa.sign();
>
> ... Don't know how to right the right information to a file?

You create a java.io.FileOutputStream and use its write() methods
to write the signature bytes.

In order to write the public key, call its getEncoded() method,
and write it to a file as described above.

If you want to store the public key and signature bytes in the
same file, you might want to use a java.io.DataOutputStream, and store
the size of the public key, followed by the key bytes, followed
by the size of the signature, followed by the signature bytes.

>
> Second,
> ... Don't know how to retreive information on public key and
> signature from file,
> and how to initialize the object Signature with a given public
> key ?

You create a java.io.FileInputStream or java.io.DataInputStream
and read the bytes from there.
Once you have retrieved all the bytes of your public key and signature,
you do the following:

import java.security.*;
import java.security.spec.*;

byte[] keyBytes = ....; // the key bytes read from the file
byte[] signature = ....; // the signature bytes read from the file

X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
PublicKey pubKey = keyFactory.generatePublic(keySpec);

Signature sig = Signature.getInstance("DSS");
sig.initVerify(pubKey);
boolean verified = sig.verify(signature);


Jan