[GO] Try implementing signature verification for elliptic curve cryptography in Java

Elliptic Curve Cryptography (ECC), which belongs to the same public key cryptography as RSA in cryptography, has been said to be a child that can be done by RSA for about 15 years. I wondered if it would end up as a secret weapon as it is, but there are no signs that it will finally start to be used, so I investigated how to implement it in Java. Java seems to have added a native provider of elliptic curve cryptography in JDK 7 and above.

Sample code

This is a signature verification sample code for the Elliptic Curve Digital Signature Algorithm (ECDSA). Key pair generation, signature creation, and signature verification are performed in order. In actual use, the person who creates the signature and the person who verifies the signature are different people, but in the sample, they are done in the same method.

package com.example;

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;

import javax.xml.bind.DatatypeConverter;

public class ECDSAExample {

	/**
	 *Elliptic curve DSA signature verification sample
	 */
	public static void main(String[] args) throws Exception {
        /*
         *Elliptic curve cryptographic key pair generation
         */
		//Key pair generator
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC"); // Elliptic Curve
        //Random number generator
        SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG");
        //Initialize the key pair generator by specifying the key size and random number generator
        int keySize = 256;
        keyGen.initialize(keySize, randomGen);

        //Key pair generation
        KeyPair keyPair = keyGen.generateKeyPair();
        //Private key
        PrivateKey privateKey = keyPair.getPrivate();
        //Public key
        PublicKey publicKey = keyPair.getPublic();

        /*
         *Signature generation
         */
        String originalText = "This is string to sign";

        //Specify the signature generation algorithm
        Signature dsa = Signature.getInstance("SHA1withECDSA");
        //Initialization
        dsa.initSign(privateKey);
        //Signature generation
        dsa.update(originalText.getBytes("UTF-8"));
        //Extract the generated signature
        byte[] signature = dsa.sign();
        System.out.println("Signature: " + DatatypeConverter.printHexBinary(signature));

        /*
         *Signature verification
         */
        //Initialization
        dsa.initVerify(publicKey);
        //Set the target for signature verification
        dsa.update(originalText.getBytes("UTF-8"));
        //Signature verification
        boolean verifyResult = dsa.verify(signature);
        System.out.println("Verify: " + verifyResult);
    }
}

KeyPair Generator algorithm

The following can be specified for the argument of the key pair generator.

Algorithm name Description
DiffieHellman Diffie-Generates a key pair for the Hellman Key Agreement algorithm.
note: key.getAlgorithm()Returns "DH" instead of "Diffie Hellman".
DSA Generates a key pair for a digital signature algorithm.
RSA RSA algorithm(Signature/Cipher)Generate a key pair for.
EC Generates a key pair for the Elliptic Curve algorithm.

http://docs.oracle.com/javase/jp/8/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator

SecureRandom random number generation algorithm

The following can be specified as the arguments of the random number generator.

Algorithm name Description
NativePRNG Get random numbers from the underlying native OS. Nothing is said about the blockability of random number generation.
NativePRNGBlocking Get random numbers from the underlying native OS and block them as needed. For example, on UNIX-like systems/dev/random etc.
NativePRNGNonBlocking It gets a random number from the underlying native OS, but does not block it to avoid slowing down the application. For example, on UNIX-like systems/dev/urandom etc.
PKCS11 Get random numbers from the underlying installed and configured PKCS11 library.
SHA1PRNG Pseudo-random number generator provided by Sun provider(PRNG)algorithm. This algorithm is SHA as the basis of PRNG-Use 1. SHA from a truly random seed value chained together using a 64-bit counter that increments by 1 for each operation-1 Calculate the hash. 160-bit SHA-Only 64 bits of one output are used.
Windows-PRNG Get random numbers from the underlying Windows OS.

http://docs.oracle.com/javase/jp/8/docs/technotes/guides/security/StandardNames.html#SecureRandom

Signature algorithm

The following can be specified as the signature algorithm.

Algorithm name Description
NONEwithRSA Digest algorithm before doing RSA operation(MD5/SHA1 etc.)RSA signature algorithm that does not use. PKCS for RSA signature algorithm#See 1.
MD2withRSA
MD5withRSA
PKCS#MD2 with RSA cipher defined in 1/MD5 signature algorithm. MD2/Create and validate RSA digital signatures using the MD5 digest algorithm and RSA.
SHA1withRSA
SHA224withRSA
SHA256withRSA
SHA384withRSA
SHA512withRSA
SHA defined in OSI Interoperability Workshop-*And a signature algorithm using the RSA encryption algorithm. PKCS#Use the padding rules described in 1.
NONEwithDSA FIPS PUB 186-Digital signature algorithm defined in 2. The length of this data must be exactly 20 bytes. This algorithm is also known as rawDSA.
SHA1withDSA
SHA224withDSA
SHA256withDSA
FIPS PUB 186-SHA defined in 3-1、SHA-224 or SHA-A DSA signature algorithm that creates and validates digital signatures using the 256 digest algorithm.
NONEwithECDSA
SHA1withECDSA
SHA224withECDSA
SHA256withECDSA
SHA384withECDSA
SHA512withECDSA
(ECDSA)
ANSI X9.ECDSA signature algorithm defined in 62.
note:Do not use "ECDSA" as it is an ambiguous name for the "SHA1 with ECDSA" algorithm. Instead, use the official name "SHA1withECDSA".
<digest>with<encryption> Use this format for a specific message digest(MD2, MD5, etc.)And algorithms(RSA, DSA, etc.)Specifies the name of the signing algorithm to use. Explicitly defined standard names introduced in this section(MD2withRSA etc.)Is also specified in the same format.
PKCS#1 v2.For new signing schemes defined at 0<digest>with<encryption>Because the format of<digest>with<encryption>and<mgf>You can specify the name using the format of.<mgf>Should be replaced with a mask generation function such as MGF1. Example: MD5withRSAandMGF1。

http://docs.oracle.com/javase/jp/8/docs/technotes/guides/security/StandardNames.html#Signature

Reference source

java - Tutorial of ECDSA algorithm to sign a string - Stack Overflow https://stackoverflow.com/questions/11339788/tutorial-of-ecdsa-algorithm-to-sign-a-string Java Cryptography Architecture Standard Algorithm Name Document (for JDK 8)-#KeyPairGenerator Algorithm http://docs.oracle.com/javase/jp/8/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator Java Cryptography Architecture Standard Algorithm Name Document (for JDK 8)-#SecureRandom Random Number Generator http://docs.oracle.com/javase/jp/8/docs/technotes/guides/security/StandardNames.html#SecureRandom Java Cryptographic Architecture Standard Algorithm Name Document (for JDK 8)-#Signature Algorithm http://docs.oracle.com/javase/jp/8/docs/technotes/guides/security/StandardNames.html#Signature Appendix A (Standard Name of PRNG Algorithm) in Java Cryptographically Architectural API Specification & Reference https://docs.oracle.com/javase/jp/1.4/guide/security/CryptoSpec.html#AppA Elliptical curve cryptography in java http://rahulatjava.blogspot.jp/2014/02/elliptical-curve-cryptography-in-java.html bc-java/ECIESTest.java at master · bcgit/bc-java https://github.com/bcgit/bc-java/blob/master/prov/src/test/java/org/bouncycastle/jce/provider/test/ECIESTest.java Encryption and Decryption of Data using Elliptic Curve Cryptography( ECC ) with Bouncy Castle C# Library https://www.codeproject.com/Tips/1071190/Encryption-and-Decryption-of-Data-using-Elliptic-C

Recommended Posts

Try implementing signature verification for elliptic curve cryptography in Java
Try implementing Android Hilt in Java
Try implementing GraphQL server in Java
It's late! Try implementing Android Notification in Java (Beginner)
Try implementing Yubaba in Kinx
It's late! Try implementing Android Work Manager in Java (Beginner)
Try calling JavaScript in Java
Try developing Spresense in Java (1)
Try functional type in Java! ①
Implement two-step verification in Java
Implement XML signature in Java
Try implementing asynchronous processing in Azure
Rock-paper-scissors game for beginners in Java
[For beginners] Run Selenium in Java
Encrypt using RSA cryptography in Java
Try running Selenuim 3.141.59 in eclipse (java)
Try an If expression in Java
Try running AWS X-Ray in Java
Try to implement Yubaba in Java
Settings for SSL debugging in Java
[Socket communication (Java)] Impressions of implementing Socket communication in practice for the first time
Try to solve Project Euler in Java
First steps for deep learning in Java
Try to implement n-ary addition in Java
Key points for introducing gRPC in Java
Try using the Stream API in Java
[Java] for Each and sorted in Lambda
[Java] Use cryptography in the standard library
Try using JSON format API in Java
Try calling the CORBA service in Java 11+
Try making a calculator app in Java