What are the correct steps to signing a token using SHA1 in PKI
I am implementing a PKI solution. My encryption of a clear text token is done as follows:
publicstatic String encrypt(String token)throws Exception{
Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding", provider);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] stringBytes = token.getBytes("UTF8");
byte[] raw = cipher.doFinal(stringBytes);
// BASE64 encode the result
String s = encoder.encode(raw);
// URL Encode
String senc = URLEncoder.encode(s,"UTF-8");
return senc;
}
Now this is what I am doing in my code to sign the message..
publicstatic String sign(String token)throws Exception{
Signature signer = Signature.getInstance("SHA1/RSA", provider.getName());
signer.initSign(privateKey);
byte[] stringBytes = token.getBytes("UTF8");
signer.update(stringBytes);
byte[] signature = signer.sign();
// BASE64 encode the string result
String s = encoder.encode(signature);
String senc = URLEncoder.encode(s,"UTF-8");
return senc;
}
Please look at the method sign() and inform me if I am doing the following in the sign() method..
I am being asked to hash the clear token with SHA1 and then use the private key to encrypt it with RSA.
In my method I am signing the token using the private key but it looks like I am not hasking the token first and then signing it with the private key.
Can someone please provide me with a code snippet where in I am first hashing the token using SHA1 and then signing the key with my private key..
Thanks in advance..
