A digital signature is a number cryptographically computed from the byte contents of the signed document. In OpenPGP the signature message digest is produced with a signing key, usually this is our private key.
OpenPGP signed files contain the original message compressed by default (see Compression) and the digital signature attached appended. The default signature message digest functions can be changed through the Hash option.
Below you will find examples that demonstrate how to OpenPGP sign file and stream data:
Sign a file
1. with a private key located in a file
2. with a private key located in a KeyStore
Sign a stream
3. with a private key located in a file
4. with a private key located in a KeyStore
Appendix A
Exception handling
1. Sign a file with private key located in a file
import com.didisoft.pgp.PGPLib; public class SignFile { public static void main(String[] args) throws Exception{ // initialize the library PGPLib pgp = new PGPLib(); // specify should the output be ASCII or binary boolean asciiArmor = false; // sign pgp.signFile("INPUT.txt", "private.key", "changeit", "signed.pgp", asciiArmor); } } |
2. Sign file with private key located in a KeyStore
import com.didisoft.pgp.KeyStore; import com.didisoft.pgp.PGPLib; public class KeyStoreSignFile { public static void main(String[] args) throws Exception{ // create an instance of the KeyStore KeyStore keyStore = new KeyStore("pgp.keystore", "changeit"); // initialize the library PGPLib pgp = new PGPLib(); // The signing key is usually our private key String signUserId = "demo@didisoft.com"; String signKeyPassword = "changeit"; // specify should the output be ASCII or binary boolean asciiArmor = false; // sign pgp.signFile("INPUT.txt", keyStore, signUserId, signKeyPassword, "signed.pgp", asciiArmor); } } |
3. Sign input stream with private key located in file
In the example below the file streams are used only to demonstrate how to encrypt with stream. The streams can be of any other type that implements InputStream.
import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.InputStream; import java.io.OutputStream; import com.didisoft.pgp.PGPLib; public class SignStream { public static void main(String[] args) throws Exception { // create instance of the library PGPLib pgp = new PGPLib(); // if true the output file will be in ascii armored format, // otherwise will be in binary format boolean asciiArmor = false; InputStream dataStream = new FileInputStream("INPUT.txt"); InputStream privateKeyStream = new FileInputStream("private.key"); String privateKeyPassword = "changeit"; OutputStream signedStream = new FileOutputStream("signed.pgp"); // This parameter is needed because OpenPGP requires // the encrypted content to have a file name label String internalFileName = "INPUT.txt"; pgp.signStream(dataStream, internalFileName, privateKeyStream, privateKeyPassword, signedStream, asciiArmor); } } |
4. Sign input stream with private key located in a KeyStore
You may notice that the second parameter of the signStream method for KeyStore has a file name parameter. This is often misunderstood, the idea is that this is just a label associated with the encrypted content in the output stream. The OpenPGP format in addition to the encrypted content stores a file name label and time stamp.
import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.InputStream; import java.io.OutputStream; import com.didisoft.pgp.KeyStore; import com.didisoft.pgp.PGPLib; public class KeyStoreSignStream { public static void main(String[] args) throws Exception{ // create an instance of the KeyStore KeyStore keyStore = new KeyStore("pgp.keystore", "changeit"); // initialize the library PGPLib pgp = new PGPLib(); // The signing key is usually our private key String signUserId = "demo@didisoft.com"; String signKeyPassword = "changeit"; InputStream dataStream = new FileInputStream("INPUT.txt"); // this parameter is just a label that is associated with // the encrypted content in the OpenPGP archive String signedContentLabel = "INPUT.txt"; // create the output stream OutputStream signedStream = new FileOutputStream("signed.pgp"); // specify should the output be ASCII or binary boolean asciiArmor = false; pgp.signStream(dataStream, signedContentLabel, keyStore, signUserId, signKeyPassword, signedStream, asciiArmor); } } |
Exception handling
In addition to the java.io.IOException that is thrown if an I/O error occurs reading or writing the data, com.didisoft.pgp.PGPException must also be caught in case of OpenPGP related error.
A more thorough exception handling is to catch a few sub classes of PGPException before catching PGPException itself. This way we can identify more specifically what has gone wrong.
Here is a short example that illustrates how to organize the catch clauses.
import java.io.IOException; import com.didisoft.pgp.*; import com.didisoft.pgp.exceptions.*; public class ExceptionHandlingDemo { public static void main(String[] a) { PGPLib pgp = new PGPLib(); try { pgp.decrypt... } catch (IOException e) { // I/O error reading input or writing output } catch (KeyIsExpiredException e) { // the passed private key file is expired } catch (KeyIsRevokedException e) { // the passed private key file is revoked } catch (NoPrivateKeyFoundException e) { // the passed private key source does not contain a private key } catch (WrongPasswordException e) { // the password for the provided private key is wrong } catch (PGPException e) { // general error during signing, not among the above ones } } } |
Summary
In this chapter we have discussed OpenPGP signing with DidiSoft OpenPGP Library for Java.
