Signature

The Blockdaemon Builder Vault JCE supports generation of ECDSA keys and ECDSA signatures. Key pairs can be stored under an alias using the KeyStore. The following example shows how to use the Signature service to sign a string and verify it with a key generated on the TSM.

//Generate the keypair
final KeyPairGenerator kpg = KeyPairGenerator.getInstance("ECDSA", SepiorProvider.PROVIDER_NAME);
ECGenParameterSpec spec = new ECGenParameterSpec("secp256r1");
kpg.initialize(spec);
final KeyPair kp = kpg.generateKeyPair();

//Sign some data
final Signature sig = Signature.getInstance("sha256withECDSA", SepiorProvider.PROVIDER_NAME);
sig.initSign(kp.getPrivate());
final String plaintext = "Sign this string";
sig.update(plaintext.getBytes("UTF-8"));
final byte[] s = sig.sign();

//Verify signature
sig.initVerify(kp.getPublic());
sig.update(plaintext.getBytes("UTF-8"));
final boolean res = sig.verify(s);

The Signature service supports the following curves for ECGenParameterSpec:

  • secp256r1
  • secp384r1
  • secp521r1

Note that the hash function specified must match the bit size of the curve i.e. SHA256 for secp256r1. The provider supports the following Signature algorithms:

  • NONEwithECDSA
  • SHA1withECDSA
  • SHA224withECDSA
  • SHA256withECDSA
  • SHA384withECDSA
  • SHA512withECDSA