Hi guys,
I'm working on my thesis,and my prof. told me that I have to sign a
java object with a public key.
Looks to be impossible, but I asked him again and he confirmed what he
said.
How do I create a digital signature of a java object using a Publik
Key?
Thanks a Lot guys!!!
Bye!
>>How do I create a digital signature of a java object using a Public Key?
Well as my fellow poster said it makes no sense siging (Encrypting) an Object using a Public Key as it would be available for access.
If it is about Siging an Object with a Single Key where there is concept having a public / private key i think most of the Symmentric Encryption Algorithms come into picture. where there would be a single key used for both encrypting & decrypting data.
However, you can very well have a look of the specified links below to recheck on things.
http://www.unix.org.ua/orelly/java-ent/security/ch12_01.htm
http://www.developer.com/java/other/article.php/630851
http://mindprod.com/jgloss/digitalsignatures.html
Hope these might be of some help...
REGARDS,
RaHuL
What your professor has asked you to do is to perform a cryptographic operation on the object with a Public Key. The only two logical cryptographic operations with a Public Key are: i) Verifying the digital signature of an object and ii) Encrypting the object.
Since you are not verifying a digitally signed object, the only other logical operation is Encryption with a Public Key. The business need for such an operation is to ensure that only the holder of the corresponding Private Key can decrypt the object. The S/MIME protocol for encryption depends on such an opreation with the Public Key of the recipient.
Signing java code is not to encrypt it to prevent somebody else to read it (for this purpose there is other tools like obfuscator that in any case doesn't make data encryption) but to ensure the code is genuine and as original as distribuited. To do this you need to archive your code in a jar and signing it with a signer tool such as jarsigner distribuited with JDK.
It appends results of hash algoritms (i.e. MD5, RSA, ...) and the public key to verify it. Jar cannot be altered if signed because the JVM fails to match hash fingerprints with public key. This is particular when deployng applets where browser's security policy could refuse to run unsigned and verified code.
> I know this...but I have to do that....is part of a
> protocol
"I know the sun doesn't come up in the West - but it has to, it's part of the protocol."
I suspect what we have here is a misunderstanding. DSA, for example, is a Public-Key Digital Signature Algorithm - Chapter 20 of "Applied Crypto" is even titled that! That doesn't mean that you use the public parts of DSA to do the signature - it just means that there is a public key available to verify the signature, which is (properly) signed using the private key.
If my assumption is true, then the prof is asking you to use either DSA or RSA to sign your data, which is perfectly reasonable. Go back to your prof and verify before you go haring off solving the wrong problem.
Grant