public final class RawDSA
extends java.security.SignatureSpi
 Use it like any other signature algorithm, but supply the hashed data
 to the update() methods instead of the original data to be
 signed. You can call all of the update methods in any combination, but when
 you call sign() or verify() exactly 20 bytes must
 have been passed during the updates. This is necessary because DSA was
 specifically designed for the 160 bit hashes of SHA-1.
 
 If you are going to sign some yet not hashed data (respectively verify the
 corresponding signature), you can use the DSA implementation
 which automatically hashes the supplied data according the SHA algorithm
 before processing it with the RawDSA algorithm.
 
The Digital Signature Algorithm (DSA) only can be used for digital signing (respectively signature verifying). It cannot be used for data encryption.
The DSA algorithm uses a certain number of parameters:
p, which length is a multiple of 64 bits
 lying between 512 and 1024 bits
 q) of p-1
 (h(p-1)/q)(mod p) > 1
 g = (h(p-1)/q)(mod p)
 x less than q
 y calculated from
 y = (gx)(mod p)
 k, which has to be shorter than q. These
 computations are done using the entities private key and result in two
 BigInteger values r and s representing the
 signature. For verifying a given signature, the signing entity's public key
 has to be used for performing computations on the signature consisting of the
 two BigIntegers r and s. Beside the common way of
 signing messages and verifying signatures (see below) by using the
 corresponding sign and verify methods, this class
 is equipped with a set of alternative signing and verifying methods allowing
 to handle DSA signatures immediately by their inherent BigInteger values
 r and s.
 For signing some message or verifying a signature using RawDSA, generally an application will have to perform three steps:
getInstance method, e.g.: 
 
 
 Signature dsa = Signature.getInstance("RawDSA");
 
 
 
 
dsa.initSign(dsaPrivateKey);
 dsa.initVerify(dsaPublicKey);
 
sign method returning the
 signature as DER encoded byte array. Otherwise, if the Signature object has
 been initialized for verifying, first the already hashed data to be verified
 is supplied to the Signature object, and subsequently the signature is
 verified by calling the verify method, supplied with the DER
 encoded byte array holding the corresponding signature:
 dsa.update(hashedData); byte[] signature = dsa.sign();
 
 
 dsa.update(hashedData);
 System.out.println("Signature "
     + (dsa.verify(signature) ? "correct!" : "not correct!"));
 
 
 
 | Modifier and Type | Field and Description | 
|---|---|
| protected java.io.ByteArrayOutputStream | dataBuffer_Data buffer to which the hash is written when supplied via an update
 method. | 
| Constructor and Description | 
|---|
| RawDSA()The default constructor. | 
| Modifier and Type | Method and Description | 
|---|---|
| java.math.BigInteger[] | dsaSignRS()Sign method that returns the signature as two BigIntegers. | 
| boolean | dsaVerifyRS(java.math.BigInteger[] rs)Verify method that accepts the signature as an array of two BigIntegers. | 
| boolean | dsaVerifyRS(java.math.BigInteger r,
           java.math.BigInteger s)Verify method that accepts the signature as two BigIntegers. | 
| protected java.lang.Object | engineGetParameter(java.lang.String param)Returns a previously set KSEED parameter as a byte array, or -- if KSEED
 has not been set, or the supplied param String is not "KSEED" -- the DSA
 parameters p, q, g as  DSAParametersobject. | 
| protected java.security.AlgorithmParameters | engineGetParameters()Returns the DSA parameters (p, q, g) as
  DSAParametersobject. | 
| protected void | engineInitSign(java.security.PrivateKey privateKey)SPI: Initializes this DSA Signature object with the given DSA
 private key for going to sign some data. | 
| protected void | engineInitSign(java.security.PrivateKey privateKey,
              java.security.SecureRandom random)SPI: Initializes this Signature object with the given DSA private
 key and the given SecureRandom generator for going to sign some data. | 
| protected void | engineInitVerify(java.security.PublicKey publicKey)SPI: Initializes this RawDSA signature object with the given DSA
 public key for performing a signature verification. | 
| protected void | engineSetParameter(java.security.spec.AlgorithmParameterSpec params)Initializes this DSA signature engine with the given parameter set. | 
| protected void | engineSetParameter(java.lang.String param,
                  java.lang.Object value)Set the KSEED parameter for DSA signing. | 
| protected byte[] | engineSign()SPI: Returns the signature bytes of all the data updated so far. | 
| protected void | engineUpdate(byte b)SPI: Updates the data to be signed or verified with the specified
 byte. | 
| protected void | engineUpdate(byte[] b,
            int off,
            int len)SPI: Updates the data to be signed or verified with the specified
 number of hashed bytes, beginning at the specified offset within the given
 byte array. | 
| protected boolean | engineVerify(byte[] sigBytes)SPI: Verifies the passed-in signature. | 
protected java.io.ByteArrayOutputStream dataBuffer_
public RawDSA()
 Applications use Signature.getInstance("RawDSA"); for creating
 a RawDSA Signature object.
 
Signature.getInstance(java.lang.String)protected void engineInitVerify(java.security.PublicKey publicKey)
                         throws java.security.InvalidKeyException
engineInitVerify in class java.security.SignatureSpipublicKey - the DSA public key belonging to the DSA private key that has been
          used for signingjava.security.InvalidKeyException - if a key encoding error occursprotected void engineInitSign(java.security.PrivateKey privateKey)
                       throws java.security.InvalidKeyException
engineInitSign in class java.security.SignatureSpiprivateKey - the DSA private key to be used for signing.java.security.InvalidKeyException - if the key is improperly encoded, parameters are missing, and
              so on.protected void engineInitSign(java.security.PrivateKey privateKey,
                  java.security.SecureRandom random)
                       throws java.security.InvalidKeyException
Note that this method is not available for JDK versions prior JDK 1.2. If a SecureRandom never has been supplied by the application, the signature engine will use a default SecureRandom, if required.
engineInitSign in class java.security.SignatureSpiprivateKey - the DSA private key to be used for signing.random - the random number generatorjava.security.InvalidKeyException - if a key decoding error occursprotected void engineUpdate(byte b)
                     throws java.security.SignatureException
engineUpdate in class java.security.SignatureSpib - the hash byte to be used for updating.java.security.SignatureException - if the engine has not been properly initializedprotected void engineUpdate(byte[] b,
                int off,
                int len)
                     throws java.security.SignatureException
engineUpdate in class java.security.SignatureSpib - the byte array holding the already hashed data to be used for this
          update operation.off - the offset, indicating the start position within the given byte
          array.len - the number of bytes to be obtained from the given byte array,
          starting at the given position.java.security.SignatureException - if the engine has not been properly initialized.protected byte[] engineSign()
                     throws java.security.SignatureException
engineSign in class java.security.SignatureSpijava.security.SignatureException - if the engine has not been properly initialized.public java.math.BigInteger[] dsaSignRS()
 This method works exactly like engineSign(), but it
 returns the signature as the two BigIntegers r and s instead of their ASN.1
 encoding.
 
r at index 0, and
         s at index 1) representing the signatureprotected boolean engineVerify(byte[] sigBytes)
                        throws java.security.SignatureException
engineVerify in class java.security.SignatureSpisigBytes - the signature bytes to be verified.true if the signature is o.k., false if
         not.java.security.SignatureException - if the engine is not initialized properly, or the passed-in
              signature is improperly encoded or of the wrong type, etc.public boolean dsaVerifyRS(java.math.BigInteger[] rs)
 Index 0 of the array must hold r, index 1 s.
 
rs - the BigInteger array holding r at index 0 and
          s at index 1true if the signature is o.k., false if
         not.public boolean dsaVerifyRS(java.math.BigInteger r,
                  java.math.BigInteger s)
r - the first BigIntegers - the second BigIntegertrue if the signature is o.k., false if
         not.protected void engineSetParameter(java.lang.String param,
                      java.lang.Object value)
                           throws java.security.InvalidParameterException
The generation of a DSA signature involves a random, secret number k that is usually newly generated for each signature. This method allows you to set this number to a specified value. Use "KSEED" as the name and a byte array or a BigInteger as parameter. Use a null value to unset a previously set seed.
CAUTION: Use of this feature is recommended for testing purposes only.
 If "KSEED" is not supplied as param string, a SecureRandom object (for
 kseed generation) or a DSAParameterSpec object (for setting the p, g, g parameters) maybe
 supplied as param value.
engineSetParameter in class java.security.SignatureSpiparam - the name of the parameter ("KSEED")value - the value of the parameter to be set, either the kseed as byte
          array or BigInteger, or a SecureRandom object (for kseed
          generation) or a DSAParameterSpec object (for setting the p, g, g parameters)java.security.InvalidParameterException - if the given parameter name is not "KSEED" or the given
              parameter value is not specified as byte array or BigIntegerSignature.setParameter(java.lang.String, java.lang.Object)protected void engineSetParameter(java.security.spec.AlgorithmParameterSpec params)
                           throws java.security.InvalidAlgorithmParameterException
java.security.spec.DSAParameterSpec. This method only can be
 used with JDK1.2.x. This method may be useful for initializing the
 signature verification in situations where there are no parameters are
 included in the subjectPublicKeyInfo field of a X.509 certificate and
 therefore have to be supplied by other means.engineSetParameter in class java.security.SignatureSpiparams - the parameters as instance of java.security.spec.DSAParameterSpecjava.security.InvalidAlgorithmParameterException - if the given parameters are not supplied as
              java.security.spec.DSAParameterSpecprotected java.lang.Object engineGetParameter(java.lang.String param)
                                       throws java.security.InvalidParameterException
DSAParameters
 object.
 
 For security reasons this method only may return a KSEED that was
 previously set using engineSetParameter(), not
 an internally generated one while signing.
 
engineGetParameter in class java.security.SignatureSpiparam - the name of the parameter which value is to be obtained ("KSEED")setParameter, or
         -- if KSEED has not been set, or the supplied param String is not
         "KSEED" -- the DSA parameters p, q, g as
         DSAParameters objectjava.security.InvalidParameterException - if an error occurs when creating the parametersprotected java.security.AlgorithmParameters engineGetParameters()
DSAParameters object.engineGetParameters in class java.security.SignatureSpiDSAParameters