Sunday, August 3, 2014
In an earlier post here , we have shown you how to sign data and generate a digital signature in Java. Generating the signature alone does not provide security, you will also have to verify the digital signature. So according to that today I am going to show you how to verify a Digital Signature in Java. Here in our example we will show how you can do it once you are provided with the original dta, the public key (whose corresponding private key was used to sign the data) and finally the signature bytes that were generated earlier.
     In our previous article we have stored the public key in encided form in a file with an extension .pubkey and the signature bytes in a file with extension .dsa . So in order to verify first we will try to read the key bytes and pass them to X509EncodedKeySpec object. Then use the KeyFactory to reconstruct the public key. Next we have to create the Signature object with the same algorithm as earlier and initialize with the public key.
Next read the signature bytes from file in a byte array. After that we have to read the original data file and update signature object. Finally we have to call verify() method to understand whether the signature is verified or not.

Java Source Code

public class SignatureVerifier {

  * Verifies digital signature of a file
  * @param pkPath String - path of file with public key
  * @param sPath String - path of file with signature
  * @param fPath String - path of file with data to be verified
  * @throws FileNotFoundException
  * @throws IOException
  * @throws InvalidKeySpecException
  * @throws InvalidKeyException
  * @throws NoSuchAlgorithmException
  * @throws NoSuchProviderException
  * @throws SignatureException
 public void verify(String pkPath,String sPath,String fPath) throws FileNotFoundException, IOException, InvalidKeySpecException, InvalidKeyException,NoSuchAlgorithmException, NoSuchProviderException, SignatureException{
  byte keyBytes[] = readFromFile(pkPath);  //read the key in bytes
  X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(keyBytes);
  KeyFactory keyFactory = KeyFactory.getInstance("DSA", "SUN");
  PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);  //reconstruct key
  Signature sig = Signature.getInstance("SHA1withDSA", "SUN");
  sig.initVerify(pubKey);  //initialize signature with public key
  byte sigToVerify[] = readFromFile(sPath);  //read the signature earlier generated
  try(BufferedInputStream bin = new BufferedInputStream(new FileInputStream(fPath))){
   byte buf[] = new byte[4096];
   int read = 0;
   while((read = != -1)  //read data to be signed
    sig.update(buf, 0, read);  //update signature object with data
  boolean verifies = sig.verify(sigToVerify);  //verify signature

  System.out.println("signature verifies: " + verifies);
  * Reads the binary data from file and returns a byte array
  * @param path String - path of file to be read
  * @return byte[] - data read from file
  * @throws FileNotFoundException
  * @throws IOException
 public byte[] readFromFile(String path) throws FileNotFoundException, IOException{
  byte data[] = null;
  try(FileInputStream fis = new FileInputStream(path)){
   data = new byte[fis.available()];;
  return data;
 public static void main(String[] args) {
  try {
   String fPath = "sample.txt";
   new SignatureVerifier().verify(fPath+".pubkey", fPath+".dsa", fPath);
         } catch (Exception e) {
             System.err.println("Caught exception " + e.toString());
Download Links 
DOWNLOAD the source from Mediafire


Post a Comment

Total Pageviews

Subscribe via Email


Popular Posts