From: "Vincent yu"<vyu@certco.com>
To: java-security@web2.javasoft.com
Date: Wed, 3 Sep 1997 10:08:59 -0400
Subject: DSA Verify
In my application, I have already had the public key. That means I cannot
use the key gen and then serialize the public key component.
JDK 1.1.3 cannot instantiate the public key. Can I use the following as
workaround
- get the source code on DSA Verify (sun provider) from you,
- write a class to inherit dsa class, and add routines to set publickey, p,
q, and g.
My application is a payment system on internet and I need DSA as the
encryption mechanism.
To get the source code, do I need commercial or non-commercial licence?
Thanks again.
Vincent
------------------------------------------------------
Vincent:
> I am still very confuse after reading the document CryptoSpec.html. I
need > to verify a DSA Signature. I have already public key, p, q, g, r, s
and > the text to be verify. From the example, it only require public key,
data, > and signature. It seems that it doesn't requre p, q. g. I see
that p,q,g > are only required in key-generation.
p, q, and g are encoded with the public key, i.e., the PublicKey
object contains p, q, and g. That's why you do not have to specify
them separately.
> But I think p,q,g are required to
> perform the calculation of DSA verify.
Right. They are retrieved from the public key.
You can verify this by casting PublicKey to DSAKey, and call the
getParams() method of that interface. This will give you access
to p, q, and g via the getP(), getQ(), and getG() methods.
> It will be very helpful if you can
> give me an example on DSA Verify and also DSA Sign assuming that I
already > have public key/private key, p, q, g, text and r,s(if verify).
Currently, it is impossible to instantiate a public key from given
key material. We have addressed this deficiency in the next JDK release
(JDK1.2).
A work-around for JDK1.1 is to serialize the public/private components
from the generated key pair, and then de-serialize them when you want
to use them again.
r and s are encoded in the signature.
> Also the document mention about default provider "SUN". Where can I find
> the source java code for that package.
The SUN provider code is located in the sun.security.provider package.
Are you a source code licensee?
Hope this helps.
Jan