Digital Signatures are an Asymmetrically encrypted hash of a digital message(data). It is a value that can provide a guarantee of authenticity, non-repudiation, and integrity. In other terms, it means you can verify the sender, date & time and message content have not been revealed or compromised.
Note: You can refer this link for better understanding of cryptographic terms.
Calculation of Digital Signature
Digital Signatures are often calculated using elliptical curve cryptography, especially in IoT devices, but we will be using RSA for demonstration purposes. First, we will take the input message and create a hash of it using SHA-256 because of its speed and security, and we will then encrypt that hash with the private key from Asymmetric key pair. On the other side, the receiver will decrypt it using the public key and compare the hash to ensure they are indeed the same.
Digital Signature Flow
- Let “A” and “B” be the fictional actors in the cryptography system for better understanding.
- “A” is the sender and calculates the hash of the message and attaches signature which he wants to send using his private key.
- The other side “B” hashes the message and then decrypts the signature with A’s public key and compares the two hashes
- If “B” finds the hashes matching then the message has not been altered or compromised.
Implementing Digital Signatures
Let us implement the digital signature using algorithms SHA and RSA and also verify if the hash matches with a public key.
- Create a method named Create_Digital_Signature() to implement Digital Signature by passing two parameters input message and the private key. In this method we will get an instance of the signature object passing the signing algorithm and assign it with a private key and finally pass the input this will return byte array.
public static byte Create_Digital_Signature(byte input, PrivateKey privateKey); signature.initSign(privateKey); signature.update(input);
- The next step is to generate asymmetric key pair using RSA algorithm and SecureRandom class functions.
SecureRandom secureRandom =new SecureRandom(); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM);
- Finally verifying the signature using public key. Verify_Digital_Signature() method is used to check whether the signature matches by passing it the input, signature, and public key.
Signature signature = Signature.getInstance(SIGNING_ALGORITHM); signature.initVerify(publickey); signature.update(input);
Input:msg = “GEEKSFORGEEEKS IS A COMPUTER SCIENCE PORTAL”
Below is the implementation: