In this chapter, we’re going to look at the API that implements the ability to create and verify message digests. The ability to create a message digest is one of the standard engines provided by the Sun default security provider, and there are engines that manipulate digests in the Java Cryptography Extension as well. You can therefore reasonably expect every Java implementation to create message digests.

Message digests are the simplest of the standard engines that compose the security provider architecture. They provide the first link in creating and verifying a digital signature -- one of the most important goals of the provider architecture. However, message digests are useful entities in their own right since a message digest can verify that data has not been tampered with -- up to a point. As we’ll see, there are certain limitations on the security of a message digest that is transmitted along with the data it represents.

We’ll examine how developers can use the message digest in this chapter and also explore how a security provider can implement her own message digest algorithm.