File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Help on signatures Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Help on signatures" Watch "Help on signatures" New topic

Help on signatures

J Krem

Joined: Sep 14, 2004
Posts: 11
Good day all,
I would like to know the difference between digital signatures and hashing. For example, if i make a hash of a certificate using the message digest class and then encrypt the result.... would this be a signature?
Does the following method describe a signature? :

At sending end:
Hash generated certificate
Encrypt hashed value using private key
Send certificate, encrypted hash value over connection

At receiving end:
Receive certificate and encrypted hash value
Using the public key of certificate, decrypt and obtain the hash value....(A)
Make a hash of the received certificate using the same algorithm from the sending end, and compare this hashed value with the hash in line (A)
If they are equal ..and so on

Does the above represent a digital signature? Or do i have to use the signature class to accomplish authenticity? Another question, a generated certificate using the bouncycastle library, does it contain a signature?What is a signature? From my knowledge, I think a signature is the hashed value of the certificate encrypted using an algorithm. Am i correct? If this is true then the above method i described should suffice.....?

I agree. Here's the link:
subject: Help on signatures
It's not a secret anymore!