Java Reference
In-Depth Information
up these keys. This database stores keys for various entities, which may be peo-
ple, corporations, or other computers or programs.
In order to make this example work, you need to generate a public and private
key pair for yourself (or for some test entity) and add those keys to the keystore.
The Java SDK includes a program named
keytool
you can use to generate keys and
perform other operations on a keystore. Use
keytool
as follows to generate a key
pair for yourself. Note that the program prompts you for the information, including
passwords, that it needs. See
Java in a Nutshell
for documentation on
keytool
.
% keytool -genkey -alias david
Enter keystore password: secret
What is your first and last name?
[Unknown]: David Flanagan
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]: davidflanagan.com
What is the name of your City or Locality?
[Unknown]: Bellingham
What is the name of your State or Province?
[Unknown]: WA
What is the two-letter country code for this unit?
[Unknown]: US
Is <CN=David Flanagan, OU=Unknown, O=davidflanagan.com, L=Bellingham, ST=WA,
C=US> correct?
[no]: yes
Enter key password for <david>
(RETURN if same as keystore password): moresecret
Example 6-4 uses the
MessageDigest
and
DigestInputStream
classes to compute
and verify message digests. It uses the
Signature
class with a
PrivateKey
to com-
pute digital signatures and uses
Signature
with a
PublicKey
to verify digital signa-
tures. The
PrivateKey
and
PublicKey
objects are obtained from the
KeyStore
object. The manifest file itself is created and read by a
java.util.Properties
object, which is ideal for this purpose. Message digests and digital signatures are
stored in the manifest file using a simple hexadecimal encoding implemented by
convenience methods that appear at the end of the example. (This is one short-
coming of the
java.security
package; it doesn't provide an easy way to convert
an array of bytes to a portable textual representation.)
Example 6−4: Manifest.java
package com.davidflanagan.examples.security;
import java.security.*;
import java.io.*;
import java.util.*;
/**
* This program creates a manifest file for the specified files, or verifies
* an existing manifest file. By default the manifest file is named
* MANIFEST, but the -m option can be used to override this. The -v
* option specifies that the manifest should be verified. Verification is
* also the default option if no files are specified.
**/
public class Manifest {
