Signature

Discussion in 'Java' started by andrewzzz, Jan 28, 2007.

  1. andrewzzz

    andrewzzz Guest

    Hi guys,
    I'm working on my thesis,and my prof. told me that I have to sign a
    java object with a public key.
    Looks to be impossible, but I asked him again and he confirmed what he
    said.
    How do I create a digital signature of a java object using a Publik
    Key??
    Thanks a Lot guys!!!
    Bye!
     
    andrewzzz, Jan 28, 2007
    #1
    1. Advertising

  2. andrewzzz

    Alex Hunsley Guest

    andrewzzz wrote:
    > Hi guys,
    > I'm working on my thesis,and my prof. told me that I have to sign a
    > java object with a public key.


    I know of no existing standard way of doing that.
    Are you sure you mean a "sign a Java object" and not "sign an object
    instance"? Or maybe you just mean "sign a Java source file or jar"?

    And is it signing quite literally any Java object/instance that may
    exist, or only a certain class or instanceS of that class?

    > Looks to be impossible, but I asked him again and he confirmed what he
    > said.


    Of course it's not impossible. It might not be possible using existing
    Java APIs - i.e. there's nothing there already to do this - but you
    could implement this yourself. That, however, doesn't look to be a
    trivial thing.

    > How do I create a digital signature of a java object using a Publik
    > Key??
    > Thanks a Lot guys!!!


    Is a "publik key" different to a "public key"? You use both spellings in
    your post...

    Like I said, unless there is some built-in ojbect signing technology
    I've missed in Java, you'll have to roll your own. If you're
    implementing this, you need to go and understand what the public key
    encryption concept is about, and how the signing concept works. Then
    look at the existing encryption functionality provided by Java (and also
    by third party 'providers'). *Then* you are maybe in a position to
    implement a technology that verifies signed Java objects or instances
    (whereby person A applies a public key, P, to an object/instance X, via
    a well known function F, and checks if the resulting checksum C1 matches
    a checksum, C2, that was provided along with X.)

    A word to the wise: cryptography is not to be taken lightly. This may
    just be for a project/hand-in, but if it's for serious use in any way,
    you have to be very careful. For example, I've given info to you above.
    How do you know I'm not just speaking rubbish, to try and get you to
    implement an insecure system? Or suppose I give you good info, and you
    implement something, also using correct publicly available information
    (e.g. crypto stuff on Wikipedia) - you must be aware that you may
    implement it wrongly, so that it is insecure, and never know. How would
    you verify you'd done it correctly? (Hint: peer review, by the right
    people, goes some way to fixing this problem.)

    I've probably gone into far too much detail above (I find it an
    interesting subject) - but you really need to speak to your prof/teacher
    again and clarify exactly what they mean.

    lex
     
    Alex Hunsley, Jan 28, 2007
    #2
    1. Advertising

  3. andrewzzz

    andrewzzz Guest

    On 28 Gen, 17:46, Alex Hunsley <> wrote:
    > andrewzzz wrote:
    > > Hi guys,
    > > I'm working on my thesis,and my prof. told me that I have to sign a
    > > java object with a public key.I know of no existing standard way of doing that.

    > Are you sure you mean a "sign a Java object" and not "sign an object
    > instance"? Or maybe you just mean "sign a Java source file or jar"?
    >
    > And is it signing quite literally any Java object/instance that may
    > exist, or only a certain class or instanceS of that class?
    >
    > > Looks to be impossible, but I asked him again and he confirmed what he
    > > said.Of course it's not impossible. It might not be possible using existing

    > Java APIs - i.e. there's nothing there already to do this - but you
    > could implement this yourself. That, however, doesn't look to be a
    > trivial thing.
    >
    > > How do I create a digital signature of a java object using a Publik
    > > Key??
    > > Thanks a Lot guys!!!Is a "publik key" different to a "public key"? You use both spellings in

    > your post...
    >
    > Like I said, unless there is some built-in ojbect signing technology
    > I've missed in Java, you'll have to roll your own. If you're
    > implementing this, you need to go and understand what the public key
    > encryption concept is about, and how the signing concept works. Then
    > look at the existing encryption functionality provided by Java (and also
    > by third party 'providers'). *Then* you are maybe in a position to
    > implement a technology that verifies signed Java objects or instances
    > (whereby person A applies a public key, P, to an object/instance X, via
    > a well known function F, and checks if the resulting checksum C1 matches
    > a checksum, C2, that was provided along with X.)
    >
    > A word to the wise: cryptography is not to be taken lightly. This may
    > just be for a project/hand-in, but if it's for serious use in any way,
    > you have to be very careful. For example, I've given info to you above.
    > How do you know I'm not just speaking rubbish, to try and get you to
    > implement an insecure system? Or suppose I give you good info, and you
    > implement something, also using correct publicly available information
    > (e.g. crypto stuff on Wikipedia) - you must be aware that you may
    > implement it wrongly, so that it is insecure, and never know. How would
    > you verify you'd done it correctly? (Hint: peer review, by the right
    > people, goes some way to fixing this problem.)
    >
    > I've probably gone into far too much detail above (I find it an
    > interesting subject) - but you really need to speak to your prof/teacher
    > again and clarify exactly what they mean.
    >
    > lex



    thanks a lot lex...
    I will send an email to my prof. right now. I think he misconstrue
    misconstrued.
    Bye!
     
    andrewzzz, Jan 28, 2007
    #3
  4. andrewzzz

    Daniel Pitts Guest

    On Jan 28, 6:49 am, "andrewzzz" <> wrote:
    > Hi guys,
    > I'm working on my thesis,and my prof. told me that I have to sign a
    > java object with a public key.
    > Looks to be impossible, but I asked him again and he confirmed what he
    > said.
    > How do I create a digital signature of a java object using a Publik
    > Key??
    > Thanks a Lot guys!!!
    > Bye!


    Perhaps he meant you have to "Digitally sign" your application (byte
    code).
    I'm not sure how to do this, but I know it is possible and common.
    <http://www.developer.com/tech/article.php/602301> is one page I found
    from google...
    <http://java.sun.com/j2se/1.3/datasheet.html> Talks about signing.
    You now need to do the rest of your research yourself :) Good luck.

    Hope this helps,
    Daniel.
     
    Daniel Pitts, Jan 29, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Richard Loupatty

    The check of the signature failed

    Richard Loupatty, Apr 15, 2004, in forum: ASP .Net
    Replies:
    6
    Views:
    1,290
    Richard Loupatty \(MIO\)
    Apr 20, 2004
  2. caldera

    digital signature usage in asp.net

    caldera, Apr 22, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    673
    caldera
    Apr 22, 2004
  3. JJBW
    Replies:
    1
    Views:
    10,359
    Joerg Jooss
    Apr 24, 2004
  4. Jake

    Error: Signature has zero size.

    Jake, Apr 27, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    591
  5. Gustavo Narea
    Replies:
    14
    Views:
    880
    Gustavo Narea
    Feb 16, 2009
Loading...

Share This Page