[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] Digital signature



Alessandro Minghelli wrote:
> 
> I wanted to know how fast the signing algorithm works, so I wrote a piece of
> code which signs the same data several times.
> According to Java documentation the following cycle should work, there
> wouldn't be the need to init the signing object again, but it usually gives
> an error during the third iteration;
> 
> Signature mySig;
> KeyPairGenerator keyGen;
> mySig = Signature.getInstance("SHA/DSA", "IAIK");
> keyGen = KeyPairGenerator.getInstance("DSA", "IAIK");
> keyGen.initialize(1024);
> KeyPair dsakp = keyGen.generateKeyPair();
> PrivateKey dsask = dsakp.getPrivate();
> byte[] data = new byte[4096];
> byte[] firma;
> for (k = 0; k < 4096; k++)
>   data[k] = (byte) (k % 256);
> mySig.initSign(dsask);
> for (i = 0; i < n; i++) {
>   mySig.update(data);
>   firma = mySig.sign();
> }
> 
> on the contrary, the following works correctly:
> 
> for (i = 0; i < n; i++) {
>   mySig.initSign(dsask);
>   mySig.update(data);
>   firma = mySig.sign();
> 
> }
> 
> Though it's not a real problem, I'd like to know your opinion about it.
> Alessandro.

According to the JCE spec it should work, it is the same as Cipher
an Mac objects.  You shouldn't have to re-initialise the object after
doing
a sign()/verify()/doFinal() operation.  It is however a common Provider
bug that you do need to.

bernard.
--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce