xref: /aosp_15_r20/external/tink/java_src/examples/signature/SignatureExample.java (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 /**
2  * Copyright 2021 Google LLC
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
5  * in compliance with the License. You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software distributed under the License
10  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11  * or implied. See the License for the specific language governing permissions and limitations under
12  * the License.
13  */
14 // [START digital-signature-example]
15 package signature;
16 
17 import static java.nio.charset.StandardCharsets.UTF_8;
18 
19 import com.google.crypto.tink.InsecureSecretKeyAccess;
20 import com.google.crypto.tink.KeysetHandle;
21 import com.google.crypto.tink.PublicKeySign;
22 import com.google.crypto.tink.PublicKeyVerify;
23 import com.google.crypto.tink.TinkJsonProtoKeysetFormat;
24 import com.google.crypto.tink.signature.SignatureConfig;
25 import java.nio.file.Files;
26 import java.nio.file.Path;
27 import java.nio.file.Paths;
28 
29 /**
30  * A command-line utility for digitally signing and verifying a file.
31  *
32  * <p>It loads cleartext keys from disk - this is not recommended!
33  *
34  * <p>It requires the following arguments:
35  *
36  * <ul>
37  *   <li>mode: either 'sign' or 'verify'.
38  *   <li>key-file: Read the key material from this file.
39  *   <li>input-file: Read the input from this file.
40  *   <li>signature-file: name of the file containing a hexadecimal signature of the input file.
41  */
42 public final class SignatureExample {
main(String[] args)43   public static void main(String[] args) throws Exception {
44     if (args.length != 4) {
45       System.err.printf("Expected 4 parameters, got %d\n", args.length);
46       System.err.println(
47           "Usage: java SignatureExample sign/verify key-file input-file signature-file");
48       System.exit(1);
49     }
50 
51     String mode = args[0];
52     if (!mode.equals("sign") && !mode.equals("verify")) {
53       System.err.println("Incorrect mode. Please select sign or verify.");
54       System.exit(1);
55     }
56     Path keyFile = Paths.get(args[1]);
57     byte[] msg = Files.readAllBytes(Paths.get(args[2]));
58     Path signatureFile = Paths.get(args[3]);
59 
60     // Register all signature key types with the Tink runtime.
61     SignatureConfig.register();
62 
63     // Read the keyset into a KeysetHandle.
64     KeysetHandle handle =
65         TinkJsonProtoKeysetFormat.parseKeyset(
66             new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get());
67 
68     if (mode.equals("sign")) {
69       // Get the primitive.
70       PublicKeySign signer = handle.getPrimitive(PublicKeySign.class);
71 
72       // Use the primitive to sign data.
73       byte[] signature = signer.sign(msg);
74       Files.write(signatureFile, signature);
75     } else {
76       byte[] signature = Files.readAllBytes(signatureFile);
77 
78       // Get the primitive.
79       PublicKeyVerify verifier = handle.getPrimitive(PublicKeyVerify.class);
80 
81       verifier.verify(signature, msg);
82     }
83   }
84 
SignatureExample()85   private SignatureExample() {}
86 }
87 // [END digital-signature-example]
88