Java – generate ECDSA signature using secp256r1 curve and sha256 algorithm – bouncycastle

I am trying to generate a signature using ECDSA with secp256r1 curve (P256) and sha256 algorithm for message hashing I also use the bouncy castle library

public class MyTest {

    /**
     * @param args
     */
    public static void main(String[] args) {
        new Mytest().getSign();
    }

    void getSign() {
        // Get the instance of the Key Generator with "EC" algorithm

        try {
            KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
            ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
            g.initialize(kpgparams);

            KeyPair pair = g.generateKeyPair();
            // Instance of signature class with SHA256withECDSA algorithm
            Signature ecdsaSign = Signature.getInstance("SHA256withECDSA");
            ecdsaSign.initSign(pair.getPrivate());

            System.out.println("Private Keys is::" + pair.getPrivate());
            System.out.println("Public Keys is::" + pair.getPublic());

            String msg = "text ecdsa with sha256";//getSHA256(msg)
            ecdsaSign.update((msg + pair.getPrivate().toString())
                    .getBytes("UTF-8"));

            byte[] signature = ecdsaSign.sign();
            System.out.println("Signature is::"
                    + new BigInteger(1,signature).toString(16));

            // Validation
            ecdsaSign.initVerify(pair.getPublic());
            ecdsaSign.update(signature);
            if (ecdsaSign.verify(signature))
                System.out.println("valid");
            else
                System.out.println("invalid!!!!");

        } catch (Exception e) {
            // TODO: handle exception
            e.printStackTrace();
        }

    }

}

Here, keypair is used to generate key pairs, but according to my requirements, I will use static privatekey and public key In addition, signature verification always returns false

If you need help, how can I have the static private key and the authentication part

Solution

Cumulative bonus – there is no problem with your title!

First, you may not actually use bouncy castle Sun / Oracle Java 7 and 8 now include an EC provider (not available in earlier versions), and a getInstance in the form of Arg uses the first available provider, usually SUNEC, unless you or someone changes the provider list

Verify signature: when passed to signature Update(), pass the same data to the verified signature update(). Bytes are identical Only the signature value is passed to signature verify(). Privatekey Tostring() is stupid to put into data; This value is specific to the running java process, so you must send it to the receiving process (if it should usually be different), it will be useless and waste space

Use static keys: do this Create a key pair and store it somewhere, then read it in and use it The simplest secure (password protected) storage is a Java keystore (JKS) file, but it requires a certificate chain (possibly a virtual chain), which is very troublesome for your own coding; Fortunately, the keytool utility with - genkeypair generates key pairs with virtual self signed certificates, while for - keyalg EC - keysize 256, it uses the (very popular) secp256r1 curve Also specify the - alias name, the - keystore file name, any name you have for the virtual certificate, and the password To use the key pair in the JKS file:

>Using Java security. KeyStore. GetInstance ("JKS") creates a store object and returns it Load (InputStream, char []) to the FileInputStream and password on the file. > use. GetKey (string alias, char [] password) and cast to obtain privatekey For signature. > use. getCertificateChain(String alias)[0] . Getpublickey() gets the publickey from the first (unique) cert For verification