Tech and Media Labs
This site uses cookies to improve the user experience.




Java Signature

Jakob Jenkov
Last update: 2017-12-19

The Java Signature class (java.security.Signature) can create a digital signature for binary data. A digital signature is a message digest encrypted with a private key of a private / public key pair. Anyone in possession of the public key can verify the digital signature.

Creating a Signature Instance

Before you can use the Java Signature class you must create a Signature instance. You create a Signature instance by calling the static getInstance() method. Here is an example that creates a Java Signature instance:

Signature signature = Signature.getInstance("SHA256WithDSA");

The String passed as parameter to the getInstance() method is the name of the digital signature algorithm to use.

Initializing the Signature Instance

Once you have created the Java Signature instance you need to initialize it before you can use it. You initialize a Signature instance by calling its init() method. Here is a Java Signature initialization example:

SecureRandom secureRandom = new SecureRandom();
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
KeyPair keyPair = keyPairGenerator.generateKeyPair();

signature.initSign(keyPair.getPrivate(), secureRandom);

As you can see, the Signature instance is initialized with the private key of a private / public key pair, and a SecureRandom instance.

Creating the Digital Signature

When the Signature instance is initialized you can use it to create digital signatures. You create a digital signature by calling the update() method one or more times, finishing with a call to sign(). Here is an example of creating a digital signature for a block of binary data:

byte[] data = "abcdefghijklmnopqrstuvxyz".getBytes("UTF-8");
signature.update(data);

byte[] digitalSignature = signature.sign();

Verifying the Digital Signature

If you want to verify a digital signature created by someone else, you must initialize a Signature instance into verification mode (instead of signature mode). Here is how initializing a Signature instance into verification mode looks:

Signature signature = Signature.getInstance("SHA256WithDSA");

signature.initVerify(keyPair.getPublic());

Notice how the Java Signature instance is now initialized into verification mode, passing a public key of a public / private key pair as parameter.

Once initialized into verification mode you can use the Signature instance to verify a digital signature. Here is how verifying a digital signature looks:

byte[] data2 = "abcdefghijklmnopqrstuvxyz".getBytes("UTF-8");
signature2.update(data2);

boolean verified = signature2.verify(digitalSignature);

Jakob Jenkov




Copyright  Jenkov Aps
Close TOC