SignerFilter
Documentation |
#include <cryptopp/filters.h>
|
SignerFilter is used to create a signature over a message using Crypto++ pipelines. The counterpart to a SignerFilter
is a SignatureVerificationFilter
.
The SignerFilter
takes a pointer to a BufferedTransformation
. Because a pointer is taken, the SignerFilter
owns the attached transformation, and therefore will destroy it. See ownership for more details.
Sources, filters and sinks are discussed at Pipelining. The pipeline article explains the design and shows you how to use them.
Construction
SignerFilter(RandomNumberGenerator &rng, const PK_Signer &signer, BufferedTransformation *attachment=NULL, bool putMessage=false)
rng
is a cryptographically secure random number generator. Some signature schemes, such as the Digital Signature Algorithm, require a random, per message value. If the scheme in use does not require a random source, use the NullRng()
declared in cryptlib.h
. See the cryptlib.h File Reference.
signer
is a PK_Signer
-derived object. Each signature scheme supplies its own signer which implements the signing algorithm.
attachment
is a BufferedTransformation, such as another filter or sink. If attachment
is NULL
, then the SignerFilter
object will internally accumulate the output byte stream.
putMessage
controls whether the message is placed in the attached BufferedTransormation
(which is usually a Sink
). If putMessage = false
, the message is not part of the signature. When verification occurs, message+signature
would be presented to the verifier (most likely a SignatureVerificationFilter
). If putMessage = true
, the signature is prepended to the message. In this case, only signature
would be presented to the verifier since signature
is actually a concatenation of the message
and signature
.
When using a signature scheme with recovery, such as PSSR
, putMessage
should be specified as true
. If putMessage
is left at its default value for a recovery scheme, the message will not be interleaved into the signature using its redundancy function. See, for example, Signature with recovery problem.
Sample Program
The following code loads a private key and then signs a message. The byte array representing the pair { message, signature } would be sent for verification. The party performing the verification must have the public key associated with the private key.
In the DSA example below, only the signature on the message will be placed in signature
since putMessage = false
.
//////////////////////////////////////////////////// // Generate or Load keys DSA::PrivateKey privateKey = ...; string message="Digital Signature", signature; DSA::Signer signer(privateKey); StringSource ss(message, true, new SignerFilter(rng, signer, new StringSink(signature) ) // SignerFilter ); // StringSource
The example below is from RSA Signature Schemes. The sample demonstrates signing and recovery with putMessage = true
. signature
will include both the message and the signature.
//////////////////////////////////////////////////// // Generate or Load keys RSA::PrivateKey privateKey = ...; RSA::PublicKey publicKey = ...; //////////////////////////////////////////////////// // Setup string message = "RSA-PSSR Test"; string signature, recovered; //////////////////////////////////////////////////// // Sign and Encode RSASS<PSSR, SHA1>::Signer signer(privateKey); StringSource ss1(message, true, new SignerFilter(rng, signer, new StringSink(signature), true // putMessage for recovery ) // SignerFilter ); // StringSource //////////////////////////////////////////////////// // Verify and Recover RSASS<PSSR, SHA1>::Verifier verifier(publicKey); StringSource ss2(signature, true, new SignatureVerificationFilter( verifier, new StringSink(recovered), THROW_EXCEPTION | PUT_MESSAGE ) // SignatureVerificationFilter ); // StringSource //////////////////////////////////////////////////// // The SignatureVerificationFilter did not // throw an exception. Use recovered as expected. cout << "Verified signature on message" << endl;
Bouncy Castle
If you are using Bouncy Castle and need to recover the signature under a PSSR scheme, then see Iso9796d2PssSigner
class in the Org.BouncyCastle.Crypto.Signers
namespace. Also see BouncyCastle RSA Probabilistic Signature Scheme with Recovery on Stack Overflow.
Downloads
DSA-Test.zip Crypto++ DSA sample program - 5KB
RSA-SSA-Filter-Test.zip - Demonstrates RSA-SSA (Appendix) using SignerFilter - 5KB
RSA-PSSR-Filter-Test.zip - Demonstrates RSA-PSSR (Recovery) using SignerFilter - 5KB