The Signature class (jxta.security.signature.Signature) creates and verifies digital signatures. Digital signatures are used to validate that a particular set of data came from a particular source. In our JXTA restaurant auction, for example, we might require each restaurant to sign its bid so that the HungyPeer knows that the bid came from the restaurant listed in the bid. Otherwise, a competitor to Chez JXTA may send out a bid saying that Chez JXTA’s price for small fries is $100; without a digital signature to verify the author of the bid document, the HungryPeer must proceed based only on his trust of the (inherently non-trustworthy) network.

Digital signatures require RSA public and private keys: a digital signature is created with a private key and verified with a public key. Therefore, in our restaurant example, the HungryPeer must have Chez JXTA’s public key in order to validate the accompanying signature.

Signature objects are returned via the getJxtaSignature( ) method of the JxtaCrypto interface; the type of object that is returned will depend on the profile that was used to instantiate the crypto suite. The valid signature types are defined in the signature class:

static final byte ALG_RSA_SHA_PKCS1;
static final byte ALG_RSA_MD5_PKCS1;

Hence, the JXTA platform can work with RSA signatures that use either the MD5 or SHA1 hash algorithm and PKCS1 padding.

Once you have a signature object, you must initialize it either for signing ...