Digital Document Signing in Java-Based Web Applications

Events
- JupiterEvents
- internet.com/webcasts
Jobs
Partners
Solutions
- eBooks
- Video
Shop

IT MANAGEMENT
CIO Update
Datamation eCRMGuide
DRM Watch eSecurity Planet
ITSMWatch Intranet Journal
Inside ID Grid Computing Planet
bITa Planet IT Career Planet
Project Manager Planet Semantic Web

NETWORKING
EnterpriseNetworkingPlanet
InstantMessagingPlanet EnterpriseStorageForum
OpenNetworksToday OpticallyNetworked
PracticallyNetworked

WEB DEVELOPMENT
HTML Goodies
Javascripts.com

HARDWARE & SYSTEMS
EarthWeb Hardware
SysOpt Virtual Dr.
WorkstationPlanet

SOFTWARE DEVELOPMENT
CodeGuru
Developer jGuru.com
JARS Gamelan

EARTHWEBNEWS.COM
Business
Developer Ecommerce
Enterprise Networking
Security Special Reports
Storage Opinion
Mobility xSP
Stats

IT MANAGEMENT

NETWORKING

WEB DEVELOPMENT

HARDWARE & SYSTEMS

SOFTWARE DEVELOPMENT

IT NEWS

CodeGuru | Gamelan | Jars | Wireless | Discussions

Architecture & Design

Database

Java

Languages & Tools

Microsoft & .NET

Open Source

Project Management

Security

Techniques

Voice

Web Services

Wireless/Mobile

XML

Technology Jobs

Developer.com Webcasts:

   The Impact of Coding Standards and Code Reviews

   Project Management for the Developer

   Defining Your Own Software Development Methodology

   more Webcasts...

See the Winners!

Be a Commerce Partner
Laptops
Logo Design Custom
GPS Devices
Corporate Gifts
Free Business Cards
Online Shopping
Shop
Desktop Computers
PDA Phones & Cases
Server Racks
Auto Insurance Quote
Condos For Sale
Memory Upgrades
Logo Design

<script language="JavaScript" type="text/javascript"> document.write('<a href="http://clk.atdmt.com/MRT/go/rthwbvse0120000480mrt/direct/01/1736968641" target="_blank"><img src="http://view.atdmt.com/MRT/view/rthwbvse0120000480mrt/direct/01/1736968641"/></a>'); </script><noscript><a href="http://clk.atdmt.com/MRT/go/rthwbvse0120000480mrt/direct/01/1736968641" target="_blank"><img border="0" src="http://view.atdmt.com/MRT/view/rthwbvse0120000480mrt/direct/01/1736968641"/></a></noscript>

Silverlight 2 SDK for Visual Studio 2008
This package is an add-on to the RTM release of Visual Studio 2008 to provide tooling for Microsoft Silverlight 2 Beta 1. It provides a Silverlight project system for developing Silverlight applications using C# or Visual Basic. »

Article: What Does it Take to Build the Best RIA?
With the proliferation of Rich Interactive Application (RIA) platform choices out there, you no longer have to take a one-size-fits-all approach to developing your next RIA application. Knowing the strengths (and weaknesses) of each platform can help you to decide the best RIA for your next application. »

Expression Blend 2.5 Preview
Use Expression Blend 2.5 to create and modify managed Silverlight 2-based applications. Expression Blend for Silverlight 2 includes all of the features in Expression Blend 2 but has not reached the quality level of Expression Blend 2 for WPF or Silverlight 1 development. »

The Hottest Mobile Platform Meets the Hottest RIA Platform
With the Symbian OS now supporting Microsoft Silverlight, mobile developers can bring new and exciting capabilities to handsets all over the globe. Find out why developers now need to make mobile devices a core part of their RIA development strategy. »

Article: Leveraging Your Flash Development with Silverlight
You're not giving up Flash any time soon (and we don't blame you.) But if you could get your Flash application working in Silverlight, why wouldn't you? We show you the tools and techniques required to have your rockin' Flash application rolled for Silverlight. »

•SaaS Tool Offers Custom Database Development    May 9, 2008
•Microsoft’s Automated Agent: Can We Talk?    May 7, 2008
•Borland Finally Sells CodeGear    May 7, 2008
•Red Hat Heads For The JON 2.0    May 7, 2008

Project Management Guide: Developing a Web Site. Best Practices, Tips and Strategies. Download Exclusive eBook Now.

Digital Document Signing in Java-Based Web Applications
By Svetlin Nakov
Go to page: 1 2 3 4 Next

This series of articles makes the reader familiar with the problems related to digitally signing documents in Java-based Web applications and suggests specific approaches for their solving. A fully functional, open-source framework is presented for digitally signing documents in the client's Web browsers and verifying signatures, certificates, and certification chains.

Part 1 introduces the basic concepts of digital signatures and PKI (Public Key Infrastructure): public keys, private keys, digital certificates, certification authorities, certification chains, keystores, and so forth.

Part 2 describes the procedures and algorithms for digitally signing documents and digital signature verification.

Part 3 introduces the class libraries for working with digital signatures and certificates on a Java 2 platform and gives a short description of the most important classes and interfaces from Java Cryptography Architecture (JCA) and Java Certification Path API that concern the use of digital signatures and certificates.

Part 4 provides an analysis of the most essential problems connected with the digitally signing of documents in Web-based systems and suggests a particular solution for them. Motivated is the need for using a digitally signed Java applet that is integrated with the Web application and signs the files on the client's machine before uploading them to the server. The problems related to Java applets signing and interoperability between applets and Web browsers are examined. The mechanisms for verification of digital signatures, certificates, and certification chains and the possibilities for their particular application are also discussed and analyzed.

Part 5 proposes the NakovDocumentSigner system to give the developers a fully functional framework for digitally signing documents in the client's Web browsers and verifying signatures, certificates, and certification chains on the server side. The system consists of a Java applet for digitally signing and a reference J2EE Web application for signatures and certificates verification. It demonstrates how the Java Cryptography Architecture and Java Certification Path API can be applied to provide the Web applications with digital signature functionality. The full source code of the framework is included and discussed.

Part 1. Basic Concepts Related to Digital Signatures

When transferring important documents electronically, it is often necessary to certify in a reliable way who is actually the sender (author) of a given document. One approach for certifying the origin of documents and files is by using the so-called digital signature (electronic signature).

The digital signing of documents uses public key cryptography as a mathematical base.

Public Key Cryptography

Public key cryptography is a mathematical science used to provide confidentiality and authenticity in information exchange by using cryptographic algorithms that work with public and private keys. These cryptographic algorithms are used to digitally sign documents, digital signature verification, and document encryption and decryption.

The public and private keys are a mathematically bound cryptographic key pair (public/private key pair). To each public key corresponds exactly one private key and vice versa; to each private key corresponds exactly one public key. To use public key cryptography, one must have a public key and its corresponding private key.

The public key is a number (sequence of bits), which is usually bound to a person. A public key can be used to check digital signatures, created with the corresponding private key, as well as for encrypting documents that can then be decrypted only by the owner of the corresponding private key. The public keys are not secret to anybody and are usually publicly available. The public key of a given person must be known to anyone communicating with the person using public key cryptography.

The private key is a number (sequence of bits), known only to its owner. With his or her private key, a person can sign documents and decrypt documents that are encrypted with the corresponding public key. To a certain extent, the private keys resemble the well-known access passwords, which are a widespread authentication method over the Internet. The similarity is that with the private key, as well with the password, a person can prove his or her identity, i.e. to authenticate himself or herself. In addition, as with the passwords, the private keys are meant to be secret to all but the owner. In contrast to the access passwords, the private keys are not so short to be remembered and therefore their storing requires special care. If a private key falls into the hands of a person not owning the key (that is, if the key is stolen), the whole communication, based on public key cryptography, depending on this private key, becomes meaningless. In such cases, the stolen key must be announced invalid and be substituted to become possible again to communicate securely with the owner of the key.

For its purposes, public key cryptography uses such cryptographic algorithms that it is practically impossible for contemporary mathematics and the current computing machinery to find the private key of a person, knowing his or her public key. In fact, the finding of a private key that corresponds to a given public key is possible in theory, but the necessary time and computing power make such operations meaningless. From a mathematical point of view, it is impossible to sign a document without knowing the private key of the person who signs it. It is also impossible to decrypt a document that was encrypted with the public key of a given person without knowing the corresponding private key. The science dealing with breaking cryptographic keys and codes is called cryptanalysis.

The digital signing is a mechanism for certifying the origin and the integrity of electronically transmitted information. In the process of digitally signing, additional information—called a digital signature—is added to the given document, calculated using the contents of the document and some private key. At a later stage, this information can be used to check the origin of the signed document.

The digital signature is a number (sequence of bits), calculated mathematically when signing a given document (message). This number depends on the contents of the message, the algorithm used for signing, and the private key used to perform the signing. The digital signature allows the recipient to check the actual origin of the information and its integrity.

Go to page: 1 2 3 4 Next
Next article: How Digital Signatures Work: Digitally Signing Messages

Tools:

Add www.developer.com to your favorites

Add www.developer.com to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed

Security Archives

Whitepaper: Enterprise Information Integration--Deployment Best Practices for Low-Cost Implementation
Five Trends for Application Development & Program Management. Download Complimentary Report Now.
Best Practices for Developing a Web Site. Checklists, Tips & Strategies. Download Exclusive eBook Now.
Learn about expanding business opportunities for the reseller channel. Visit IT Channel Planet.
Generate Complete .NET Web Apps in Minutes . Download Iron Speed Designer today.

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape? Microsoft Article: 7.0, Microsoft's Lucky Version? Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008 Avaya Article: How to Feed Data into the Avaya Event Processor Microsoft Article: Install What You Need with Windows Server 2008 HP eBook: Putting the Green into IT Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1		Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency Avaya Article: Setting Up a SIP A/S Development Environment IBM Article: How Cool Is Your Data Center? Microsoft Article: Managing Virtual Machines with Microsoft System Center HP eBook: Storage Networking , Part 1 Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007 MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
Intel Video: Are Multi-core Processors Here to Stay? On-Demand Webcast: Five Virtualization Trends to Watch HP Video: Page Cost Calculator Intel Video: APIs for Parallel Programming		HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2 MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
Sun Download: Solaris 8 Migration Assistant Sybase Download: SQL Anywhere Developer Edition Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook		Red Gate Download: SQL Compare Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors IBM Article: Collaborating in the High-Performance Workplace HP Demo: StorageWorks EVA4400		Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class Microsoft How-to Article: Get Going with Silverlight and Windows Live MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES