Script: Class dw.crypto.Signature

Class Signature

This class allows access to signature services offered through the Java Cryptography Architecture (JCA). At this time the signature/verification implementation of the methods is based on the default RSA JCE provider of the JDK - sun.security.rsa.SunRsaSign

dw.crypto.Signature is an adapter to the security provider implementation and covers several digest algorithms:

  • SHA1withRSA (deprecated)
  • SHA256withRSA
  • SHA384withRSA
  • SHA512withRSA
  • SHA256withRSA/PSS
  • SHA384withRSA/PSS
  • SHA512withRSA/PSS

Key size generally ranges between 512 and 65536 bits (the latter of which is unnecessarily large).
Default key size for RSA is 1024. SHA384withRSA and SHA512withRSA require a key with length of at least 1024 bits.
When choosing a key size - beware of the tradeoff between security and processing time:
The longer the key, the harder to break it but also it takes more time for the two sides to sign and verify the signature.
An exception will be thrown for keys shorter than 2048 bits in this version of the API.

Note: this class handles sensitive security-related data. Pay special attention to PCI DSS v3. requirements 2, 4, 12, and other relevant requirements.

Constants

SUPPORTED_DIGEST_ALGORITHMS_AS_ARRAY : String[]

Supported digest algorithms exposed as a string array

Properties

Constructor Summary

Signature()

Method Summary

isDigestAlgorithmSupported(digestAlgorithm : String) : boolean

Checks to see if a digest algorithm is supported

sign(contentToSign : String, privateKey : String, digestAlgorithm : String) : String

Signs a string and returns a string

sign(contentToSign : String, privateKey : KeyRef, digestAlgorithm : String) : String

Signs a string and returns a string

signBytes(contentToSign : Bytes, privateKey : String, digestAlgorithm : String) : Bytes

Signs bytes and returns bytes

signBytes(contentToSign : Bytes, privateKey : KeyRef, digestAlgorithm : String) : Bytes

Signs bytes and returns bytes

verifyBytesSignature(signature : Bytes, contentToVerify : Bytes, publicKey : String, digestAlgorithm : String) : boolean

Verifies a signature supplied as bytes

verifyBytesSignature(signature : Bytes, contentToVerify : Bytes, certificate : CertificateRef, digestAlgorithm : String) : boolean

Verifies a signature supplied as bytes

verifySignature(signature : String, contentToVerify : String, publicKey : String, digestAlgorithm : String) : boolean

Verifies a signature supplied as string

verifySignature(signature : String, contentToVerify : String, certificate : CertificateRef, digestAlgorithm : String) : boolean

Verifies a signature supplied as string

Methods inherited from class Object

assign, create, create, defineProperties, defineProperty, entries, freeze, fromEntries, getOwnPropertyDescriptor, getOwnPropertyNames, getOwnPropertySymbols, getPrototypeOf, hasOwnProperty, is, isExtensible, isFrozen, isPrototypeOf, isSealed, keys, preventExtensions, propertyIsEnumerable, seal, setPrototypeOf, toLocaleString, toString, valueOf, values

Constructor Detail

Signature

publicSignature()

Method Detail

isDigestAlgorithmSupported

isDigestAlgorithmSupported(digestAlgorithm : String) : boolean

Checks to see if a digest algorithm is supported

Parameters:

digestAlgorithm - the digest algorithm name

Returns:

a boolean indicating success (true) or failure (false)

sign

sign(contentToSign : String, privateKey : String, digestAlgorithm : String) : String

Signs a string and returns a string

Parameters:

contentToSign - base64 encoded content to sign

privateKey - base64 encoded private key

digestAlgorithm - must be one of the currently supported ones

Returns:

the base64 encoded signature

sign

sign(contentToSign : String, privateKey : KeyRef, digestAlgorithm : String) : String

Signs a string and returns a string

Parameters:

contentToSign - base64 encoded content to sign

privateKey - a reference to a private key entry in the keystore

digestAlgorithm - must be one of the currently supported ones

Returns:

the base64 encoded signature

signBytes

signBytes(contentToSign : Bytes, privateKey : String, digestAlgorithm : String) : Bytes

Signs bytes and returns bytes

Parameters:

contentToSign - transformed with UTF-8 encoding into a byte stream

privateKey - base64 encoded private key

digestAlgorithm - must be one of the currently supported ones

Returns:

signature

signBytes

signBytes(contentToSign : Bytes, privateKey : KeyRef, digestAlgorithm : String) : Bytes

Signs bytes and returns bytes

Parameters:

contentToSign - transformed with UTF-8 encoding into a byte stream

privateKey - a reference to a private key entry in the keystore

digestAlgorithm - must be one of the currently supported ones

Returns:

signature

verifyBytesSignature

verifyBytesSignature(signature : Bytes, contentToVerify : Bytes, publicKey : String, digestAlgorithm : String) : boolean

Verifies a signature supplied as bytes

Parameters:

signature - signature to check as bytes

contentToVerify - as bytes

publicKey - base64 encoded public key

digestAlgorithm - must be one of the currently supported ones

Returns:

a boolean indicating success (true) or failure (false)

verifyBytesSignature

verifyBytesSignature(signature : Bytes, contentToVerify : Bytes, certificate : CertificateRef, digestAlgorithm : String) : boolean

Verifies a signature supplied as bytes

Parameters:

signature - signature to check as bytes

contentToVerify - as bytes

certificate - a reference to a trusted certificate entry in the keystore

digestAlgorithm - must be one of the currently supported ones

Returns:

a boolean indicating success (true) or failure (false)

verifySignature

verifySignature(signature : String, contentToVerify : String, publicKey : String, digestAlgorithm : String) : boolean

Verifies a signature supplied as string

Parameters:

signature - base64 encoded signature

contentToVerify - base64 encoded content to verify

publicKey - base64 encoded public key

digestAlgorithm - must be one of the currently supported ones

Returns:

a boolean indicating success (true) or failure (false)

verifySignature

verifySignature(signature : String, contentToVerify : String, certificate : CertificateRef, digestAlgorithm : String) : boolean

Verifies a signature supplied as string

Parameters:

signature - base64 encoded signature

contentToVerify - base64 encoded content to verify

certificate - a reference to a trusted certificate entry in the keystore

digestAlgorithm - must be one of the currently supported ones

Returns:

a boolean indicating success (true) or failure (false)