java.security
public abstract class Signature extends SignatureSpi
Signature is used to provide an interface to digital signature
algorithms. Digital signatures provide authentication and data integrity of
digital data.
The GNU provider provides the NIST standard DSA which uses DSA and SHA-1. It can be specified by SHA/DSA, SHA-1/DSA or its OID. If the RSA signature algorithm is provided then it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The algorithm must be specified because there is no default.
Signature provides implementation-independent algorithms which are
requested by the user through the getInstance() methods. It can
be requested by specifying just the algorithm name or by specifying both the
algorithm name and provider name.
The three phases of using Signature are:
Update the bytes for signing or verifying with calls to update.
| Field Summary | |
|---|---|
| protected int | state Current sate of this instance. |
| protected static int | SIGN
Possible state value which signifies that this instance has been
initialized for signing purposes. |
| protected static int | UNINITIALIZED
Possible state value which signifies that this instance has not yet been
initialized. |
| protected static int | VERIFY
Possible state value which signifies that this instance has been
initialized for verification purposes. |
| Constructor Summary | |
|---|---|
| protected | Signature(String algorithm)
Constructs a new Signature instance for a designated digital
signature algorithm.
|
| Method Summary | |
|---|---|
| Object | clone()
Returns a clone of this instance.
|
| String | getAlgorithm()
Returns the name of the algorithm currently used. |
| static Signature | getInstance(String algorithm)
Returns an instance of Signature representing the specified
signature.
|
| static Signature | getInstance(String algorithm, String provider)
Returns an instance of Signature representing the specified
signature from the named provider.
|
| static Signature | getInstance(String algorithm, Provider provider)
Returns an instance of Signature representing the specified
signature from the specified {@link Provider}.
|
| Object | getParameter(String param)
Returns the value for the specified algorithm parameter.
|
| AlgorithmParameters | getParameters()
Return the parameters of the algorithm used in this instance as an
{@link AlgorithmParameters}.
|
| Provider | getProvider()
Returns the {@link Provider} of this instance.
|
| void | initSign(PrivateKey privateKey)
Initializes this class with the private key for signing purposes.
|
| void | initSign(PrivateKey privateKey, SecureRandom random)
Initializes this class with the private key and source of randomness for
signing purposes.
|
| void | initVerify(PublicKey publicKey)
Initializes this instance with the public key for verification purposes.
|
| void | initVerify(Certificate certificate)
Verify a signature with a designated {@link Certificate}. |
| void | setParameter(String param, Object value)
Sets the specified algorithm parameter to the specified value.
|
| void | setParameter(AlgorithmParameterSpec params)
Sets the signature engine with the specified {@link AlgorithmParameterSpec}.
|
| byte[] | sign()
Returns the signature bytes of all the data fed to this instance. |
| int | sign(byte[] outbuf, int offset, int len)
Generates signature bytes of all the data fed to this instance and stores
it in the designated array. |
| String | toString()
Returns a rstring representation of this instance.
|
| void | update(byte b)
Updates the data to be signed or verified with the specified byte.
|
| void | update(byte[] data)
Updates the data to be signed or verified with the specified bytes.
|
| void | update(byte[] data, int off, int len)
Updates the data to be signed or verified with the specified bytes.
|
| void | update(ByteBuffer input)
Update this signature with the {@link java.nio.Buffer#remaining()}
bytes of the input buffer.
|
| boolean | verify(byte[] signature)
Verifies a designated signature.
|
| boolean | verify(byte[] signature, int offset, int length)
Verifies a designated signature.
|
Signature instance for a designated digital
signature algorithm.
Parameters: algorithm the algorithm to use.
Returns: a clone of this instace.
Throws: CloneNotSupportedException if the implementation does not support cloning.
Returns: name of algorithm.
Signature representing the specified
signature.
Parameters: algorithm the algorithm to use.
Returns: a new instance repesenting the desired algorithm.
Throws: NoSuchAlgorithmException if the algorithm is not implemented by any
provider. IllegalArgumentException if algorithm is
null or is an empty string.
Signature representing the specified
signature from the named provider.
Parameters: algorithm the algorithm to use. provider the name of the provider to use.
Returns: a new instance repesenting the desired algorithm.
Throws: NoSuchProviderException if the named provider was not found. NoSuchAlgorithmException if the algorithm is not implemented by the
named provider. IllegalArgumentException if either algorithm or
provider is null or empty.
Signature representing the specified
signature from the specified {@link Provider}.
Parameters: algorithm the algorithm to use. provider the {@link Provider} to use.
Returns: a new instance repesenting the desired algorithm.
Throws: NoSuchAlgorithmException if the algorithm is not implemented by the
{@link Provider}. IllegalArgumentException if either algorithm or
provider is null, or if
algorithm is an empty string.
Deprecated: use the other getParameter
Returns the value for the specified algorithm parameter.Parameters: param the parameter name.
Returns: the parameter value.
Throws: InvalidParameterException if the parameter is invalid.
Returns: the parameters used with this instance, or null if
this instance does not use any parameters.
Returns: the {@link Provider} of this instance.
Parameters: privateKey the private key to sign with.
Throws: InvalidKeyException if the key is invalid.
Parameters: privateKey the private key to sign with. random the {@link SecureRandom} to use.
Throws: InvalidKeyException if the key is invalid.
Parameters: publicKey the public key to verify with.
Throws: InvalidKeyException if the key is invalid.
If the {@link Certificate} is an X.509 one, has a KeyUsage parameter and that parameter indicates this key is not to be used for signing then an exception is thrown.
Parameters: certificate a {@link Certificate} containing a public key to verify with.
Throws: InvalidKeyException if the key is invalid.
Deprecated: use the other setParameter
Sets the specified algorithm parameter to the specified value.Parameters: param the parameter name. value the parameter value.
Throws: InvalidParameterException if the parameter is invalid, the parameter is already set and can not be changed, a security exception occured, etc.
By default, and unless overriden by the concrete SPI, this method always throws an {@link UnsupportedOperationException}.
Parameters: params the parameters to use for intializing this instance.
Throws: InvalidParameterException if the parameter is invalid, the parameter is already set and cannot be changed, a security exception occured, etc.
Returns: the signature bytes.
Throws: SignatureException if the engine is not properly initialized.
After calling this method, the instance is reset to its initial state and can then be used to generate additional signatures.
IMPLEMENTATION NOTE: Neither this method nor the GNU provider
will return partial digests. If len is less than the
signature length, this method will throw a {@link SignatureException}. If
it is greater than or equal then it is ignored.
Parameters: outbuf array of bytes of where to store the resulting signature bytes. offset the offset to start at in the array. len the number of the bytes to use in the array.
Returns: the real number of bytes used.
Throws: SignatureException if the engine is not properly initialized.
Since: 1.2
Returns: a rstring representation of this instance.
Parameters: b the byte to update with.
Throws: SignatureException if the engine is not properly initialized.
Parameters: data the array of bytes to use.
Throws: SignatureException if the engine is not properly initialized.
Parameters: data an array of bytes to use. off the offset to start at in the array. len the number of bytes to use from the array.
Throws: SignatureException if the engine is not properly initialized.
Parameters: input The input buffer.
Throws: SignatureException If this instance was not properly initialized.
Parameters: signature the signature bytes to verify.
Returns: true if verified, false otherwise.
Throws: SignatureException if the engine is not properly initialized or the signature does not check.
Parameters: signature the signature bytes to verify. offset the offset to start at in the array. length the number of the bytes to use from the array.
Returns: true if verified, false otherwise.
Throws: IllegalArgumentException
if the signature byte array is null,
or the offset or length is less
than 0, or the sum of the offset
and length is greater than the length of the
signature byte array. SignatureException
if the engine is not properly initialized or the signature does
not check.