0

In signature method in xml signature you have specify in this format : SignatureMethod.RSA_SHA1 but when using normal signature you just do 

Cipher c1=Cipher.getInstance("RSA");

So what is the difference between these two?

Ashwin
  • 12,691
  • 31
  • 118
  • 190

1 Answers1

2

The difference is simple:

RSA is a (public-key) cryptography algorithm, where the public key is used to encrypt important message. The encrypted data must be decrypted with the private key.

RSA-SHA1, on the other hand, is a combination of RSA cryptography + SHA1 Message Digest. A message digest is a one-way hashing function, which has four main or significant properties:

  • it is easy to compute the hash value for any given message
  • it is infeasible to generate a message that has a given hash
  • it is infeasible to modify a message without changing the hash
  • it is infeasible to find two different messages with the same hash

In Digital Signature, one would want a guarantee that the signature is valid from sender to receiver. A signature is created through a cryptographic algorithm (e.g. RSA) and then a verification process is done to public key, message, and signature through a hashing function (e.g. SHA-1) for authenticity.

Buhake Sindi
  • 87,898
  • 29
  • 167
  • 228
  • But in xml signature you already have "DigestMethod.SHA256" where you find a digest of the referece elements. Then you sign the element with your private key. – Ashwin Apr 10 '12 at 07:31
  • I'm still not following you. The Digest method is used only to tell you which algorithm it used for Message Digest (in your case `DigestMethod.SHA256`). The `Signature` uses cryptography to generate a signature. This has to happen **before** `DigestMethod`. – Buhake Sindi Apr 10 '12 at 07:37
  • First the digent of the referecnce elements are calculated. That digenst is contained in the signed info element. then the this signed ino element is signed using the senders private key. The receiver on receiving the message first verifies the signature. And then validates the reference element by creating a digest of the reference element and comparing it with the incoming digest value. – Ashwin Apr 10 '12 at 08:30
  • No, first the SignedInfo is created and then Digested. `RSA_SHA1` means, first apply `RSA` then `SHA1` it. – Buhake Sindi Apr 10 '12 at 08:37
  • You have misunderstood me. What I am saying is that first the DigestMethod.SHA256 is done and then 'RSA_SHA1' is done. Do you agree with this? – Ashwin Apr 10 '12 at 08:40
  • @TheEliteGentleman I completely agree with Ashwin. First you have to create digest of reference element and then have to sign the digest using RSA_SHA1 in xmlsignature method. I dont know what RSA_SHA1 exactly is. – suraj Apr 10 '12 at 08:43