Skip to main content

Digital Signature

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. It is intended to solve the problem of tampering and impersonation in digital communications. The below diagram depicts the process of digital signature creation and verification. All API endpoints expect the request payload to be signed by the calling program with private key issued using ECDSA algorithm.

Sample Code‚Äč


public static String createSignature(String message) throws Exception {

PrivateKey = KeyFactory.getInstance("EC").generatePrivate(getPemPrivateKey());

java.security.Signature signature = java.security.Signature.getInstance("SHA256withECDSA");
signature.initSign(privateKey);
signature.update(message.getBytes("UTF-8"));

byte[] bytes = signature.sign();
return java.util.Base64.getEncoder().encodeToString(bytes);

}

public static PKCS8EncodedKeySpec getPemPrivateKey() throws Exception {

FileInputStream fis = new FileInputStream("/etc/ssl/certs/private.pem");
String temp = IOUtils.toString(fis, "UTF-8");
String privKeyPEM = temp.replace("-----BEGIN PRIVATE KEY-----", "");
privKeyPEM = privKeyPEM.replace("-----END PRIVATE KEY-----", "");

Base64 b64 = new Base64();
byte[] decoded = b64.decode(privKeyPEM);

PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(decoded);
return spec;

}