Documentation

Digital Signatures with Single Keys

In order to sign a document you'll need a private key. To verify a signature you'll need the public key that was extracted from the private key used to generate the signature.

There are base64 versions of all signers and verifiers so you won't have to worry about encoding when exchanging data over a network.

A simple signer is useful when you need to sign something with a single private key.

<crypt:signer id="signer" privateKey-ref="privateKey"
    algorithm="SHA1withRSA" provider="BC"/>

<crypt:privateKey id="privateKey" keystore-ref="keystore" alias="test"
    password="password"/>

<crypt:keystore id="keystore" location="classpath:keystore.jks"
    password="password"/>

algorithm

SHA1withRSA is the default algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

The signer can then be used like this:

import com.springcryptoutils.core.signature.Signer;

public class MyPaymentSigner {

    @Autowired
    private Signer signer;

    public byte[] signPayment(byte[] payment) {
        byte[] signature = signer.sign(payment);
        log.debug("signed: payment={}, signature={}", payment, signature);
        return signature;
    }
}

Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there is also a base64 version of the signer.

<crypt:b64Signer id="signer" privateKey-ref="privateKey"
    algorithm="SHA1withRSA" provider="BC"/>

<crypt:privateKey id="privateKey" keystore-ref="keystore" alias="test"
    password="password"/>

<crypt:keystore id="keystore" location="classpath:keystore.jks"
    password="password"/>

algorithm

SHA1withRSA is the default algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

And this is how you use it:

import com.springcryptoutils.core.signature.Base64EncodedSigner;

public class MyBase64PaymentSigner {

    @Autowired
    private Base64EncodedSigner signer;

    public void makePayment(String clientName) {
        String messageToBeTrusted = "Please pay 250 euro to " + clientName;
        String b64signature = signer.sign(messageToBeTrusted);
    }
}

A simple verifier is useful when you need to verify something with a single public key.

<crypt:verifier id="verifier" publicKey-ref="publicKey" 
                algorithm="SHA1withRSA" provider="BC"/>

<crypt:publicKey id="publicKey" keystore-ref="keystore" alias="test"/>

<crypt:keystore id="keystore" location="classpath:keystore.jks"
    password="password"/>

algorithm

SHA1withRSA is the default algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

Here is an example usage of the verifier:

import com.springcryptoutils.core.signature.Verifier;

public class MyPaymentVerifier {

    @Autowired
    private Verifier verifier;

    public void process(byte[] payment, byte[] signature) {
        if (verifier.verify(payment, signature)) {
            proceed(payment);
        } else {
            callTheCops("I have a bad feeling about this.");
        }
    }
}

Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there is also a base64 version of the signer.

<crypt:b64Verifier id="verifier" publicKey-ref="publicKey"
    algorithm="SHA1withRSA" provider="BC"/>

<crypt:publicKey id="publicKey" keystore-ref="keystore" alias="test"/>

<crypt:keystore id="keystore" location="classpath:keystore.jks"
    password="password"/>

algorithm

SHA1withRSA is the default algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

Here is an example usage of the base64 verifier:

import com.springcryptoutils.core.signature.Base64EncodedVerifier;

public class VaderVerifier {

    @Autowired
    private Base64EncodedVerifier verifier;

    public void process(String b64signature) {
        String statement = "I am your father";

        if (verifier.verify(statement, b64signature)) {
            scream("Nooooooo!");
        } else {
            log("You are not the father I'm looking for.");
        }
    }
}