Class java.security.Signature

java.lang.Object
   |
   +----java.security.Signature

public abstract class Signature
extends Object

This Signature class is used to provide the functionality of a digital signature algorithm, such as RSA with MD5 or DSA. Digital signatures are used for authentication and integrity assurance of digital data.

Like other algorithm-based classes in Java Security, the Signature class has two major components:

Digital Signature API (Application Program Interface)

This is the interface of methods called by applications needing digital signature services. The API consists of all public methods.

Digital Signature SPI (Service Provider Interface)

This is the interface implemented by providers that supply specific algorithms. It consists of all methods whose names are prefixed by engine. Each such method is called by a correspondingly-named public API method. For example, the engineSign method is called by the sign method. The SPI methods are abstract; providers must supply a concrete implementation.

Also like other algorithm-based classes in Java Security, Signature provides implementation-independent algorithms, whereby a caller (application code) requests a particular signature algorithm and is handed back a properly initialized Signature object. It is also possible, if desired, to request a particular algorithm from a particular provider. See the getInstance methods.

Thus, there are two ways to request a Signature algorithm object: by specifying either just an algorithm name, or both an algorithm name and a package provider.

• If just an algorithm name is specified, the system will determine if there is an implementation of the algorithm requested available in the environment, and if there is more than one, if there is a preferred one.
• If both an algorithm name and a package provider are specified, the system will determine if there is an implementation of the algorithm in the package requested, and throw an exception if there is not.

A Signature object can be used to generate and verify digital signatures.

There are three phases to the use of a Signature object for either signing data or verifying a signature:

1. Initialization, with either
   • a public key, which initializes the signature for verification (see initVerify), or
   • a private key, which initializes the signature for signing (see initSign).

2. Updating

   Depending on the type of initialization, this will update the bytes to be signed or verified. See the update methods.

3. Signing or Verifying

   a signature on all updated bytes. See sign and verify.