If you need to switch keys when signing or verifying, use one of these.
Sometimes you need to be able to select signing keys at runtime. This is how you do it.
<crypt:signerWithChooserByPrivateKeyId id="signer" privateKeyMap-ref="privateKeyMap" algorithm="SHA1withRSA" provider="BC"/> <util:map id="privateKeyMap"> <entry key="mcDonalds"> <crypt:privateKey keystore-ref="mcDonaldsKeystore" alias="ronald" password="ketchup"/> </entry> <entry key="burgerKing"> <crypt:privateKey keystore-ref="burgerKingKeystore" alias="cowboy" password="meatIsMurder"/> </entry> </util:map> <crypt:keystore id="mcDonaldsKeystore" location="classpath:keystore-mcdonalds.jks" password="royaleWithCheese"/> <crypt:keystore id="burgerKingKeystore" location="classpath:keystore-burger-king.jks" password="r0naldSucksStinkyMeat"/>
SHA1withRSA
is the default algorithm and can be omitted.
provider
attribute is optional.
The signer can then be used like this:
import com.springcryptoutils.core.signature.SignerWithChooserByPrivateKeyId; public class MyBusinessSigner { @Autowired private SignerWithChooserByPrivateKeyId signer; public void myBusinessMethod(byte[] messageToBeTrusted) { byte[] mcsignature = signer.sign("mcDonalds", messageToBeTrusted); byte[] bksignature = signer.sign("burgerKing", messageToBeTrusted); } }
Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there also is a base64 version of the signer.
<crypt:b64SignerWithChooserByPrivateKeyId id="signer" privateKeyMap-ref="privateKeyMap" algorithm="SHA1withRSA" provider="BC"/> <util:map id="privateKeyMap"> <entry key="mcDonalds"> <crypt:privateKey keystore-ref="mcDonaldsKeystore" alias="ronald" password="ketchup"/> </entry> <entry key="burgerKing"> <crypt:privateKey keystore-ref="burgerKingKeystore" alias="cowboy" password="meatIsMurder"/> </entry> </util:map> <crypt:keystore id="mcDonaldsKeystore" location="classpath:keystore-mcdonalds.jks" password="royaleWithCheese"/> <crypt:keystore id="burgerKingKeystore" location="classpath:keystore-burger-king.jks" password="r0naldSucksStinkyMeat"/>
SHA1withRSA
is the default algorithm and can be omitted.
provider
attribute is optional.
The signer can then be used like this:
import com.springcryptoutils.core.signature.Base64EncodedSignerWithChooserByPrivateKeyId; public class MyBusinessSigner { @Autowired private Base64EncodedSignerWithChooserByPrivateKeyId signer; public void myBusinessMethod(String messageToBeTrusted) { String b64MCsignature = signer.sign("mcDonalds", messageToBeTrusted); String b64BKsignature = signer.sign("burgerKing", messageToBeTrusted); } }
Sometimes you need to be able to select verifying keys at runtime. This is how you do it.
<crypt:verifierWithChooserByPublicKeyId id="verifier" publicKeyMap-ref="publicKeyMap" algorithm="SHA1withRSA" provider="BC"/> <util:map id="publicKeyMap"> <entry key="mcDonalds"> <crypt:publicKey keystore-ref="mcDonaldsKeystore" alias="ronald"/> </entry> <entry key="burgerKing"> <crypt:publicKey keystore-ref="burgerKingKeystore" alias="cowboy"/> </entry> </util:map> <crypt:keystore id="mcDonaldsKeystore" location="classpath:keystore-mcdonalds.jks" password="royaleWithCheese"/> <crypt:keystore id="burgerKingKeystore" location="classpath:keystore-burger-king.jks" password="r0naldSucksStinkyMeat"/>
SHA1withRSA
is the default algorithm and can be omitted.
provider
attribute is optional.
Here is an example usage of the verifier:
import com.springcryptoutils.core.signature.VerifierWithChooserByPublicKeyId; public class MyBusinessVerifier { @Autowired private VerifierWithChooserByPublicKeyId verifier; public void myBusinessMethod(byte[] messageToBeTrusted, byte[] signature) { boolean verified = verifier.verify("mcDonalds", messageToBeTrusted, signature); } }
Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there also is a base64 version of the verifier.
<crypt:b64VerifierWithChooserByPublicKeyId id="verifier" publicKeyMap-ref="publicKeyMap" algorithm="SHA1withRSA" provider="BC"/> <util:map id="publicKeyMap"> <entry key="mcDonalds"> <crypt:publicKey keystore-ref="mcDonaldsKeystore" alias="ronald"/> </entry> <entry key="burgerKing"> <crypt:publicKey keystore-ref="burgerKingKeystore" alias="cowboy"/> </entry> </util:map> <crypt:keystore id="mcDonaldsKeystore" location="classpath:keystore-mcdonalds.jks" password="royaleWithCheese"/> <crypt:keystore id="burgerKingKeystore" location="classpath:keystore-burger-king.jks" password="r0naldSucksStinkyMeat"/>
SHA1withRSA
is the default algorithm and can be omitted.
provider
attribute is optional.
Here is an example usage of the verifier:
import com.springcryptoutils.core.signature.Base64EncodedVerifierWithChooserByPublicKeyId; public class MyBusinessVerifier { @Autowired private Base64EncodedVerifierWithChooserByPublicKeyId verifier; public void myBusinessMethod(String message, String b64signature) { if (verifier.verify("mcDonalds", message, b64signature)) { proceedWithOrder(message); } else { // ignore order } } }