|
You've added code to the VerSig program to
PublicKey named pubKeysigToVerifyInitialize the Signature Object for Verification
As with signature generation, a signature is verified by
using an instance of the Signature class.
You need to create a Signature object that uses the same signature algorithm
as was used to generate the signature. The algorithm used by the
GenSig program was the SHA1withDSA algorithm from the SUN
provider.
Signature sig = Signature.getInstance("SHA1withDSA", "SUN");
Signature object.
The initialization method for verification requires the public key.
sig.initVerify(pubKey);
Supply the Signature Object With the Data to be Verified
You now need to supply the Signature object with the data for which
a signature was generated. This data is in the file whose name was
specified as the third command line argument. As you did
when signing, read in the data one buffer at a time, and supply it to
the Signature object by calling the update method.
FileInputStream datafis = new FileInputStream(args[2]);
BufferedInputStream bufin = new BufferedInputStream(datafis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
sig.update(buffer, 0, len);
};
bufin.close();
Verify the Signature
Once you have supplied all of the data to the Signature object,
you can verify the digital signature of that data and report
the result. Recall that
the alleged signature was read into a byte array called sigToVerify.
boolean verifies = sig.verify(sigToVerify);
System.out.println("signature verifies: " + verifies);
The verifies value will be true if
the alleged signature (sigToVerify) is the actual signature of the
specified data file generated by the private key corresponding to the
public key pubKey.
|
