Java Reference
In-Depth Information
(java.lang.RuntimePermission exitVM)
Attempting to find java version...
1.3.0
Attempting to find home directory...
Failed: java.security.AccessControlException: access denied
(java.util.PropertyPermission user.home read)
Attempting to read service.tmp property...
/tmp/scratch
Attempting to write a file in /tmp/scratch...
Opened file for writing: /tmp/scratch/testfile
Attempting to read from /tmp/scratch...
Opened file for reading: /tmp/scratch/testfile
Connection closed by server.
Message Digests and Digital Signatures
The authentication portion of the Java Security API includes support for message
digests (also known as cryptographic checksums), digital signatures, and simple
key management tasks through a “keystore” abstraction. Example 6-4 shows a pro-
gram named
Manifest
that demonstrates the use of message digests, digital signa-
tures, and keystores. The
Manifest
program provides the following functionality:
•
When you pass a list of filenames on the command line, the program reads
each file, computes a message digest on the contents of the file, and then
writes an entry in a manifest file (named
MANIFEST
by default) that specifies
each of the filenames and its digest.
•
If you use the optional
-s
flag to specify a signer and the
-p
flag to specify a
password, the program signs the contents of the manifest file and includes a
digital signature within the manifest.
•
When you invoke the program with the
-v
option, it verifies an existing mani-
fest file. First, it checks the digital signature, if any. If the signature is valid, it
then reads each file named in the manifest and verifies that its digest matches
the one specified in the manifest.
Using the
Manifest
program to create a signed manifest file and then later verify it
accomplishes two goals. First, the message digests prove that the named files have
not been maliciously or inadvertently modified or corrupted since the digests were
computed. And second, the digital signature proves that the manifest file itself has
not been modified since it was signed. (Attaching a digital signature to a file is like
signing a legal document. By signing a manifest file, you are making the implicit
assertion that the contents of the manifest are true and valid, and that you are will-
ing to stake your trustworthiness on it.)
Digital signatures use public-key cryptography technology. A
private key
can cre-
ate a digital signature and the corresponding
public key
verifies the signature. The
classes of the
java.security
package rely on a keystore in which they can look
