Java Articles

Security signing a document

0
By on Java Security

In this article we will see how to sign a document. In order to sign a document, we need a Signature instance implementing a specified signature algorithm, a private key and the document to be signed.

  1. We will first need access to private key for signing and then the public key when we want to verify the signature. The security keys are stored in files sec.priv and sec.pub. See here to know more about how to generate and extract security keys. We need to read the sec.priv and import it into PrivateKey object.
  2. Next is to get an instance of Signature for a specified signature algorithm. In our case, it is SHA1withDSA.
  3. We then initialize the signature with the private key and provide the document to be signed.
  4. We then sign the document, encode the signature and append the signature to the original document.

SignDocumentExample:

package com.javarticles.security;

import java.io.BufferedWriter;
import java.io.FileWriter;
import java.io.IOException;
import java.io.Writer;
import java.security.Signature;

import org.springframework.security.crypto.codec.Base64;

public class SignDocumentExample {
    public static void main(String[] args) {
        Writer output = null;
        try {
            ImportDSAKey keys = new ImportDSAKey("sec.priv", "sec.pub");
            String doc = "This is test document";
            System.out.println("Sign document  (" + doc + ")");
            Signature signer = Signature.getInstance("SHA1withDSA");
            signer.initSign(keys.getPrivKey());
            signer.update(doc.getBytes());
            
            //Sign
            byte[] signatureBytes = signer.sign();
            byte[] encodedSignature = Base64.encode(signatureBytes);
            String signed = new String(encodedSignature);
            System.out.println("Encoded key is (" + new String(encodedSignature) +")");
            
            //Signed doc
            output = new BufferedWriter(new FileWriter("signed.txt"));
            String signedDoc = doc + " key=" + signed;
            output.write(signedDoc);
            System.out.println("Signed document (" + signedDoc +")");
        } catch (Exception e) {
            System.out.println(e);
        } finally {
            if (output != null) {
                try {
                    output.close();
                } catch (IOException e) {
                    System.out.println(e);
                }
            }
        }
    }
}

Below class imports the DSA keys.

ImportDSAKey:

package com.javarticles.security;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;

public class ImportDSAKey {
    private PrivateKey privKey;
    private PublicKey pubKey;

    public ImportDSAKey(String privateKeyFile, String publicKeyFile) {
        importPrivateKeys(privateKeyFile);
        importPublicKeys(publicKeyFile);
    }

    private void importPublicKeys(String publicKeyFile) {
        ObjectInputStream ois = null;
        try {
            ois = new ObjectInputStream(new FileInputStream(publicKeyFile));
            DSAPublicKeySpec ks = new DSAPublicKeySpec(
                    (BigInteger) ois.readObject(),
                    (BigInteger) ois.readObject(),
                    (BigInteger) ois.readObject(),
                    (BigInteger) ois.readObject());
            KeyFactory kf = KeyFactory.getInstance("DSA");
            pubKey = kf.generatePublic(ks);
        } catch (Exception e) {
            System.out.println(e);
        } finally {
            if (ois != null) {
                try {
                    ois.close();
                } catch (IOException e) {
                    System.out.println(e);
                }
            }
        }
    }

    private void importPrivateKeys(String privateKeyFile) {
        ObjectInputStream ois = null;
        try {

            ois = new ObjectInputStream(
                    new FileInputStream(privateKeyFile));
            DSAPrivateKeySpec ks = new DSAPrivateKeySpec(
                    (BigInteger) ois.readObject(),
                    (BigInteger) ois.readObject(),
                    (BigInteger) ois.readObject(),
                    (BigInteger) ois.readObject());
            KeyFactory kf = KeyFactory.getInstance("DSA");
            privKey = kf.generatePrivate(ks);
        } catch (Exception e) {
            System.out.println(e);
        } finally {
            if (ois != null) {
                try {
                    ois.close();
                } catch (IOException e) {
                    System.out.println(e);
                }
            }
        }
    }

    public PrivateKey getPrivKey() {
        return privKey;
    }

    public PublicKey getPubKey() {
        return pubKey;
    }

}

Output:

Sign document  (This is test document)
Encoded key is (MC0CFQCLjtR/wplDkClarntbIpQSZcqITAIUdpPAb4JXJiKJWYenSe7M35sEem8=)
Signed document (This is test document key=MC0CFQCLjtR/wplDkClarntbIpQSZcqITAIUdpPAb4JXJiKJWYenSe7M35sEem8=)

Download the source code

This example was about how to sign a document.

You can download the source code here: javaSignDocument.zip
Share.

Comments are closed.