The JavaTM Tutorial
Previous Page Lesson Contents Next Page Start of Tutorial > Start of Trail > Start of Lesson Search

Trail: Security in JDK 1.2
Lesson: Generating and Verifying Signatures

Verifying a Digital Signature

If you have data for which a digital signature was generated, you can verify the authenticity of the signature. To do so, you need

In this example you write a VerSig program to verify the signature generated by the GenSig program. This demonstrates the steps required to verify the authenticity of an alleged signature.

VerSig imports a public key and a signature that is alleged to be the signature of a specified data file and then verifies the authenticity of the signature. The public key, signature, and data file names are specified on the command line.

The steps to create the VerSig sample program to import the files and to verify the signature are the following.

  1. Prepare Initial Program Structure

    Create a text file named VerSig.java. Type in the initial program structure (import statements, class name, main method, and so on).

  2. Input and Convert the Encoded Public Key Bytes

    Import the encoded public key bytes from the file specified as the first command line argument and convert them to a PublicKey.

  3. Input the Signature Bytes

    Input the signature bytes from the file specified as the second command line argument.

  4. Verify the Signature

    Get a Signature object and initialize it with the public key for verifying the signature. Supply it with the data whose signature is to be verified (from the file specified as the third command line argument), and verify the signature.

  5. Compile and Run the Program

Previous Page Lesson Contents Next Page Start of Tutorial > Start of Trail > Start of Lesson Search