Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "how to implement the DSA digital signature algorithm". In the operation of the actual case, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

I. Overview of DSA

In order to ensure the security of data transmission, a series of security technologies have to be adopted, such as encryption technology, digital signature, identity authentication, key management, firewall, security protocol and so on. Among them, digital signature is one of the core technologies to realize the security of online transactions, which can ensure the confidentiality of information transmission, the integrity of data exchange, the non-repudiation of sent information, the certainty of trader identity and so on. For data types and data conversion processing, please refer to the following two articles of Shanghai Shangxue School: "data types and their conversion" and "ajax+json data processing".

DSA (Digital Signature Algorithm, digital signature algorithm, used as part of the digital signature standard) is another public key algorithm that cannot be used for encryption, only for digital signatures. DSA uses a public key to verify the integrity of the data and the identity of the data sender for the recipient. It can also be used by a third party to determine the authenticity of the signature and the signed data. The security of DSA algorithm is based on the difficulty of solving discrete logarithm. This kind of signature standard has great compatibility and applicability, so it has become one of the basic components of network security system.

Digital signature is defined in the ISO7498-2 standard as: "some data attached to a data unit, or a cryptographic transformation made to a data unit, which allows the receiver of the data unit to confirm the source of the data unit and the integrity of the data unit, and to protect the data from being forged by people (such as the receiver)." Digital signature is an alphanumeric string obtained by processing the information to be transmitted through an one-way function to authenticate the source of information and verify whether the information has changed in the process of transmission. Digital signatures provide the identification of the source of information and can detect whether the information has been tampered with.

II. DSA principle

Process: (using double encryption)

(1) encrypt the sent file using SHA encoding to produce a digital summary of 128bit

(2) the sender encrypts the digest with its own private key to form a digital signature.

(3) send the original text and the encrypted summary to the other party at the same time

(4) the receiver decrypts the digest with the sender's public key and encrypts the received files with SHA encoding to produce the same digest.

(5) compare the decrypted summary with the summary generated by the received file re-encrypted by the recipient. If the two are consistent, it means that the information has not been destroyed or tampered with in the process of transmission. Otherwise, the information has lost its security and confidentiality.

Third, the realization of DSA in JDK 1. KeyPairGenerator

The KeyPairGenerator class is used to generate public and private key pairs. The key pair generator is constructed using the getInstance factory method (a static method that returns an instance of a given class).

The key pair generator for a particular algorithm can create a public / private key pair that can be used with this algorithm. It can also associate algorithm-specific parameters with each generated key.

There are two ways to generate key pairs: algorithm-independent and algorithm-specific.

Next we will generate the secret key KeyPairGenerator.getInstance ("RSA") according to the specified RSA algorithm.

2 、 DSAPublicKey

Interface of DSA public key

3 、 DSAPublicKey

Interface of DSA private key

4 、 PKCS8EncodedKeySpec

The PKCS8EncodedKeySpec class inherits the EncodedKeySpec class and represents the private key in an encoded format.

The PKCS8EncodedKeySpec class uses the PKCS#8 standard as the encoding format for key specification management

5 、 Signature

The Signature class is used to provide digital signature algorithm functionality for applications. Digital signatures are used to ensure the verification and integrity of digital data.

Among all algorithms, the digital signature can be NIST standard DSA, which uses DSA and SHA-1. You can specify the DSA algorithm that uses the SHA-1 message digest algorithm as SHA1withDSA.

IV. Realization

The implementation steps of DSA are similar to the RSA digital signature algorithm we learned earlier.

Implementation steps

Step 1: initialize the key group and generate the public and private keys of the DSA algorithm

Step 2: execute the private key signature and use the private key signature to generate the private key signature

Step 3: execute the public key signature and generate the public key signature

Step 4: use the public key to verify the private key signature

Note: the so-called public key and private key appear in pairs. The principle followed is "private key signature, public key verification".

The sample code is as follows:

Import java.security.KeyFactory

Import java.security.KeyPair

Import java.security.KeyPairGenerator

Import java.security.PrivateKey

Import java.security.PublicKey

Import java.security.Signature

Import java.security.interfaces.DSAPrivateKey

Import java.security.interfaces.DSAPublicKey

Import java.security.spec.PKCS8EncodedKeySpec

Import java.security.spec.X509EncodedKeySpec

Import javax.xml.bind.DatatypeConverter

Public class DSAUtil {

Private static String src = "hello"

Public static void main (String [] args) {

JdkDSA ()

}

Public static void jdkDSA () {

/ / 1. Initialize the key

Try {

KeyPairGenerator generator = KeyPairGenerator.getInstance ("DSA")

Generator.initialize (512)

KeyPair keyPair = generator.generateKeyPair ()

DSAPublicKey dsaPublicKey = (DSAPublicKey) keyPair.getPublic ()

DSAPrivateKey dsaPrivateKey = (DSAPrivateKey) keyPair.getPrivate ()

/ / 2 . Execute signature

PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec (dsaPrivateKey.getEncoded ())

KeyFactory factory = KeyFactory.getInstance ("DSA")

PrivateKey privateKey = factory.generatePrivate (pkcs8EncodedKeySpec)

Signature signature = Signature.getInstance ("SHA1withDSA")

Signature.initSign (privateKey)

Signature.update (src.getBytes ())

Byte [] sign = signature.sign ()

System.out.println (DatatypeConverter.printHexBinary (sign))

/ / verify the signature

X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec (dsaPublicKey.getEncoded ())

Factory = KeyFactory.getInstance ("DSA")

PublicKey publicKey = factory.generatePublic (x509EncodedKeySpec)

Signature = Signature.getInstance ("SHA1withDSA")

Signature.initVerify (publicKey)

Signature.update (src.getBytes ())

Boolean verify = signature.verify (sign)

System.out.println (verify)

} catch (Exception e) {

E.printStackTrace ()

}

}

}

5. Characteristics of DSA algorithm

1. DSA is based on RSA.

2. Java6 provides the implementation of DSA, but java6 only provides the implementation of SHA1withDSA.

3. Bouncycastle extension provides other ways to implement DSA.

4. Follow the principle of "private key signature, public key verification"

This is the end of the content of "how to implement DSA digital signature algorithm". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.