3-8 Oracle Fusion Middleware Reference for Oracle Security Developer Tools To create a new instance of Signature, call the static getInstance method with an AlgorithmIdentifier and a PrivateKey or PublicKey objects as parameters. Example 3–10 shows how to create a new Signature object and initialize it with the specified algorithm. Example 3–10 Code Example for Creating a New Signature Object Signature rsaSign = Signature.getInstanceAlgID.md5WithRSAEncryption; Signature rsaVerif = Signature.getInstanceAlgID.md5WithRSAEncryption; Example 3–11 shows how to set the keys for the Signature objects and set the document to be signed or verified. Example 3–11 Code Example for Setting Signature Keys and Documents rsaSign.setPrivateKeyprivKey; rsaSign.setDocumentdata; rsaVerif.setPublicKeypubKey; rsaVerif.setDocumentdata; Example 3–12 shows how to compute the signature using the private key or to verify the signature using the public key and the signature bytes. Example 3–12 Code Example for Computing or Verifying a Signature byte[] sigBytes = rsaSign.sign; boolean verified = rsaVerif.verifysigBytes;

3.3.5 Message Digests

Oracle Crypto provides the following message digest classes: ■ The oracle.security.crypto.core.MessageDigest Class ■ The oracle.security.crypto.core.MAC Class

3.3.5.1 The oracle.security.crypto.core.MessageDigest Class

The MessageDigest abstract class provides methods to hash and digest data. The concrete classes extending the MessageDigest class are the MD2, MD4, MD5 and the SHA classes. The available algorithms for message digest operations are: AlgID.md2, AlgID.md4, AlgID.md5, AlgID.sha_1, AlgID.sha_256, AlgID.sha_384 and AlgID.sha_ 512. The basic process for creating a message digest is as follows: 1. Create a new instance of MessageDigest by calling the static getInstance method with an AlgorithmIdentifier object as a parameter. 2. Add the data to be digested. 3. Compute the hash value. Example 3–13 shows how to create an MD5 message digest object. Example 3–13 Code Example for Creating a Message Digest Create a new MD5 MessageDigest object MessageDigest md5 = Signature.getInstanceAlgID.md5; Oracle Crypto 3-9 Add the data to be digested md5.udpatedata1; md5.udpatedata2; Compute the hash value md5.computeCurrent; byte[] digestBits = md5.getDigestBits;

3.3.5.2 The oracle.security.crypto.core.MAC Class

The MAC abstract class provides methods to compute and verify a Message Authentication Code MAC. The concrete class extending the MAC is the HMAC class. The available algorithms for MAC operations are: AlgID.hmacMD5 and AlgID.hmacSHA. The basic process for creating a MAC is as follows: 1. Create a new instance of MAC by calling the static getInstance method with an AlgorithmIdentifier and a SymmetricKey object as a parameter. 2. Add the data to be digested. 3. Compute the MAC value and verify it. Example 3–14 shows how to create a new HMAC object with the HMAC-SHA1 algorithm. Example 3–14 Code Example for Creating a MAC Create an HMAC object with the HMAC-SHA1 algorithm MAC hmacSha1Compute = MAC.getInstanceAlgID.hmacSHA, hmacSha1Key; Add the data to be digested hmacSha1Compute.udpatedata; Compute the MAC value and verify byte[] macValue = hmacSha1Compute.computeMAC; boolean verified = hmacSha1Verify.verifyMACdata, macValue;

3.3.6 Key Agreement