Re: Question about DSA & signing & such...

Jan Luehe (Jan.Luehe@Eng)
Wed, 8 Jul 1998 17:43:10 -0700 (PDT)

Date: Wed, 8 Jul 1998 17:43:10 -0700 (PDT)
From: Jan Luehe <Jan.Luehe@Eng>
Subject: Re: Question about DSA & signing & such...
To: java-security@java.Sun.COM, drsharp@concept5.com

Dan:

> If we use the "java.security.*" APIs that are built-in to the JDK 1.1.x
> (x=5 or 6) and use the default "SUN" provider:
>
> 1) will this allow us to sign and verify signatures using DSA?

Yes, it does.

> 2) will this work if the keys/certificates are created outside of Java
> (even if DSA is used)?

Yes, as long as the public key implements the
"java.security.interfaces.DSAPublicKey" interface (in the "verify"
case) and the private key implements the
"java.security.interfaces.DSAPrivateKey" interface (in the "sign"
case), it does not matter what the underlying implementation is.

If your keys are created using native code, you need to supply your
own cryptographic service provider (CSP) that implements a Java wrapper
around the native code.

http://java.sun.com/products/jdk/1.1/docs/guide/security/HowToImplAProvider.html
explains how to supply and register your own CSP.

> 3) it seems (from the API docs) that the initVerify() method requires a
> PublicKey, but this is an interface, and the DSAPublicKey is also an
> interface. Does the SUN provider implement this interface?

Yes, the DSA public-key class supplied by the SUN provider implements
"java.security.interfaces.DSAPublicKey", which itself
extends off of "java.security.PublicKey".

That is, when you create an instance of KeyPairGenerator for "DSA"
and have it generate a DSA key pair, you can use the public component
of that key pair in your initVerify() call.

> there a way to do a verify() with just JDK 1.1 or am I out of luck?

> 4) what are the export/license issues involved with this scenario?

There are none.

Jan