SignVerifyPss.java

Example of signature and verification using PSS padding.

See Note on examples.

package doxy.examples;
 
import com.dinamonetworks.Dinamo;
 
import br.com.trueaccess.TacException;
import br.com.trueaccess.TacNDJavaLib;
 
public class SignVerifyPss {
 
    public static void main(String[] args) throws TacException {
 
        /*
         * Connects to the HSM.
        */
 
        Dinamo api = new Dinamo();
        api.openSession("127.0.0.1", "master", "12345678", false);
 
        byte[] message = { (byte)0xD5, (byte)0x17, (byte)0xED, (byte)0x40,(byte)0x1D,
                            (byte)0xF3, (byte)0x03,(byte)0x38, (byte)0x37, (byte)0xE0,
                            (byte)0x8B,(byte)0x62, (byte)0x55,(byte)0xBE, (byte)0xDB,
                            (byte)0xF9, (byte)0x52, (byte)0x0E, (byte)0xF8,(byte)0x8E };
 
        /*
         * Creates a private test key.
        */
        String keyId = "rsa";
 
        api.createKey(keyId, TacNDJavaLib.ALG_RSA_2048);
 
        /*
         * Sign the message.
        */
        byte[] signature = api.sign(keyId, TacNDJavaLib.ALG_SHA2_256, TacNDJavaLib.D_PSS_PADDING, message);
        System.out.println("Sign: ok");
 
        /*
         * Export the public key and import it into a handle.
         * Normally in verification, the public key is imported from a file in DER format.
         * 
        */
        byte[] pubKeyDer = api.exportKey(keyId, TacNDJavaLib.PUBLICKEY_BLOB);
 
        byte[] pubKeyHandle = api.importKey(keyId, TacNDJavaLib.PUBLICKEY_BLOB, TacNDJavaLib.ALG_RSA_2048_PUB, 
                                            0, pubKeyDer);
 
        /*
         * Sets the padding for PSS and checks the signature.
        */
        api.setPadding(pubKeyHandle, TacNDJavaLib.D_PSS_PADDING);
 
        api.verifySignature(pubKeyHandle, TacNDJavaLib.ALG_SHA2_256, signature, message);
        System.out.println("Verify: ok");
 
        api.deleteKey(keyId);
        
        api.closeSession();
    }
}