[java]java.security.Signature how to use verify

[gh0st]

well on the page says initVerify

public final void initVerify(PublicKey publicKey) throws InvalidKeyException

  Initializes this object for verification. If this method is called again with a different argument, it negates the effect of this call.   Parameters: publicKey - the public key of the identity whose signature is going to be verified. Throws: InvalidKeyException - if the key is invalid. anyone have an example? with the path location and all that?

[xzid]

never used java.security, and rarely code java. but this looks good:

http://www.exampledepot.com/egs/java.security/pkg.html

http://www.exampledepot.com/egs/java.security/VerifySig.html
http://www.exampledepot.com/egs/java.security/CreateSig.html

follow the links, lots of code.

[gh0st]

I think that this is what I want

Code: [Select]

// This method adds a certificate with the specified alias to the specified keystore file.
public static void addToKeyStore(File keystoreFile, char[] keystorePassword,
         String alias, java.security.cert.Certificate cert) {
    try {
        // Create an empty keystore object
        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());

        // Load the keystore contents
        FileInputStream in = new FileInputStream(keystoreFile);
        keystore.load(in, keystorePassword);
        in.close();

        // Add the certificate
        keystore.setCertificateEntry(alias, cert);

        // Save the new keystore contents
        FileOutputStream out = new FileOutputStream(keystoreFile);
        keystore.store(out, keystorePassword);
        out.close();
    } catch (java.security.cert.CertificateException e) {
    } catch (NoSuchAlgorithmException e) {
    } catch (FileNotFoundException e) {
        // Keystore does not exist
    } catch (KeyStoreException e) {
    } catch (IOException e) {
    }
}

now I need to apply it into a button thats named event or something like that? the file location would be replaced with keystoreFile

[gh0st]

well Ive been searching for this thing but I think that I cannot underestand it

Code: [Select]

Signatures
A signature provides two security services, authentication and integrity. A signature gives you assurance that a message has not been tampered with and that it originated from a certain person. As you'll recall from Chapter 2, a signature is a message digest that is encrypted with the signer's private key. Only the signer's public key can decrypt the signature, which provides authentication. If the message digest of the message matches the decrypted message digest from the signature, then integrity is also assured.

Signatures do not provide confidentiality. A signature accompanies a plaintext message. Anyone can intercept and read the message. Signatures are useful for distributing software and documentation because they foil forgery.

The Java Security API provides a class, java.security.Signature, that represents cryptographic signatures. This class operates in two distinct modes, depending on whether you wish to generate a signature or verify a signature.

Like the other cryptography classes, Signature has two factory methods:

public static Signature getInstance(String algorithm) throws NoSuchAlgorithmException
This method returns a Signature for the given algorithm. The first provider supporting the given algorithm is used.
public static Signature getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException
This method returns a Signature for the given algorithm, using the given provider.
One of two methods initializes the Signature:

public final void initSign(PrivateKey privateKey) throws InvalidKeyException
If you want to generate a signature, use this method to initialize the Signature with the given private key.
public final void initVerify(PublicKey publicKey) throws InvalidKeyException
To verify a signature, call this method with the public key that matches the private key that was used to generate the signature.
If you want to set algorithm-specific parameters in the Signature object, you can pass an AlgorithmParameterSpec to setParameter().

public final void setParameter(AlgorithmParameterSpec params) throws InvalidAlgorithmPararmeterException
You can pass algorithm-specific parameters to a Signature using this object. If the Signature does not recognize the AlgorithmParameterSpec object, an exception is thrown.
You can add data to a Signature the same way as for a message digest, using the update() methods. A SignatureException is thrown if the Signature has not been initialized.

public final void update(byte input) throws SignatureException
You can add a single byte to the Signature's input data using this method.
public final void update(byte[] input) throws SignatureException
This method adds the given array of bytes to the Signature's input data.
public final void update(byte[] input, int offset, int len) throws SignatureException
This method adds len bytes from the given array, starting at offset, to the Signature's input data.
at the end I dont even know how to declare a variable in java I guess that I will have to learn with basic first I felt confident at the begin but this stuck demostrates that I was incorrect any book with some good exercises ?

[gh0st]

finally got an interesting paper about AV`s develpoment cheers* http://www.agusblog.com/wordpress/what-is-a-virus-signature-are-they-still-used-3.htm

[Huntondoom]

just quickly looked through but it looked great!
hope to see you be able to do this