-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Here's what I think I found out how message signing could work with the freenet.crypt classes. Please correct me and tell me which of these assumptions are wrong: 1. The private ssk key is a Base64-encoded DSAPrivateKey 2. The public ssk key is the Base64-encoded fingerprint of the DSAPublicKey 3. Message signing and verification can be done with the DSA.sign(...) and DSA.verify(...) methods 4. I can create a SHA-digest of the method by creating an instance of SHA1, call sha1.update(bytesToBeHashed), and then sha1.digest(); 5. I convert the byte[] representation to a BigInteger with new BigInteger(1, sha1DigestBytes); 6. I get the byte[] representation of the private key by calling Base64.decode(privateSSKkeyString); 7. I convert the byte[] representation to a BigInteger with new BigInteger(1, privateKeyBytes); 8. I need a DSAGroup to call DSA.sign(...), freenet.crypt.Global defines three DSAGroups, but I don't know what are the differences between them 9. I need a java.util.Random instance to call DSA.sign(...). Can I simply create one with new java.util.Random()?. 10. After calling DSA.sign(...), I have an DSASignature instance and only need to call toString() to get the String representaiton to include in the message 11. To verify a message, I create the SHA-digest in the same way I did before 12. I create an instance of DSASignature by calling new DSASignature(signatureStringThatWasIncludedInTheMessage). 12. I need an instance of DSAPublicKey, and the same DSAGroup as used for signing to verify the message with DSA.verify(...) The only question that would remain if all of my assumption above were correct is: Is there any way to create an instance of DSAPublicKey when I only now the SSK public key String, which is the public key fingerprint? Or does the complete public key (which is much longer than the fingerprint) needs to be published for message verification to work? nacktschneck -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wmEEARECACEFAj1C0rYaHG5hY2t0c2NobmVja0BodXNobWFpbC5jb20ACgkQ2++6pAG1 GbABLwCggrgoXTQ4R1HQOAxKHL8HXpYVAyAAoJqRlXqdoPHRnxEB9pk2EUNhWhgr =hvxH -----END PGP SIGNATURE----- Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl
