Created
September 24, 2019 11:29
-
-
Save ensingerphilipp/05565a4f0dc8252f881fedc1e68a4627 to your computer and use it in GitHub Desktop.
Secure RSA Signature implementation in Java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package rsaSignature; | |
import java.security.KeyPair; | |
import java.security.KeyPairGenerator; | |
import java.security.NoSuchAlgorithmException; | |
import java.security.SecureRandom; | |
public class RsaKeyGenerator { | |
//Generate RSA Key with size of at least 3072 bits | |
//Use "SecureRandom.getInstanceStrong()" for more secure Randomness | |
//For Availability Oriented Implementation use the nonBlocking "SecureRandom.getInstance()" | |
//If executed on Windows Systems, it is strongly advised not to use "SecureRandom.getInstance()" as this will trigger | |
//the insecure SHA1PRNG | |
public static KeyPair generateKeyPair() throws NoSuchAlgorithmException { | |
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); | |
generator.initialize(3072, SecureRandom.getInstanceStrong()); | |
return generator.generateKeyPair(); | |
} | |
public static void main(String[] args) throws NoSuchAlgorithmException { | |
KeyPair keyPair = generateKeyPair(); | |
System.out.println(keyPair.getPrivate()); | |
System.out.println(keyPair.getPublic()); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package rsaSignature; | |
import rsaEncryption.RsaKeyGenerator; | |
import java.security.*; | |
import java.security.spec.MGF1ParameterSpec; | |
import java.security.spec.PSSParameterSpec; | |
public class RsaSignature { | |
public static byte[] sign(byte[] data, PrivateKey privateKey) throws NoSuchAlgorithmException, SignatureException, | |
InvalidKeyException, InvalidAlgorithmParameterException { | |
//Initialize RSA PSS with SHA512 | |
Signature privSignature = Signature.getInstance("RSASSA-PSS"); | |
privSignature.setParameter(new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 32, 1)); | |
//Initialize Signing of Data and provide Private Key | |
privSignature.initSign(privateKey, SecureRandom.getInstanceStrong()); | |
//Load Data to sign | |
privSignature.update(data); | |
//Sign data and store in byte array | |
byte[] signature = privSignature.sign(); | |
return signature; | |
} | |
public static boolean verify(byte[] data, byte[] signature, PublicKey publicKey) throws NoSuchAlgorithmException, | |
InvalidKeyException, SignatureException, InvalidAlgorithmParameterException { | |
//Initialize RSA PSS with SHA512 | |
Signature pubSignature = Signature.getInstance("RSASSA-PSS"); | |
pubSignature.setParameter(new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 32, 1)); | |
//Initialize Verifying of Signature and provide Public Key | |
pubSignature.initVerify(publicKey); | |
//Load Data to Verify the Signature on | |
pubSignature.update(data); | |
//Verify Signature | |
return pubSignature.verify(signature); | |
} | |
public static void main(String args[]) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, | |
InvalidAlgorithmParameterException { | |
KeyPair keyPair = RsaKeyGenerator.generateKeyPair(); | |
byte[] data = "hallo".getBytes(); | |
byte[] signature = sign(data, keyPair.getPrivate()); | |
KeyPair keyPair2 = RsaKeyGenerator.generateKeyPair(); | |
byte[] data2 = "hallo2".getBytes(); | |
byte[] signature2 = sign(data2, keyPair2.getPrivate()); | |
System.out.println("Signature \"signature\" was " + verify(data, signature, keyPair.getPublic()) + " for \"data\" "); | |
System.out.println("Signature \"signature2\" was " + verify(data, signature2, keyPair2.getPublic()) + " for \"data\" "); | |
System.out.println("Signature \"signature2\" was " + verify(data2, signature2, keyPair2.getPublic()) + " for \"data2\" "); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment