Signing a Java Object example

With this example we are going to demonstrate how to sign a Java Object. In particular, we will use the Digital Signature Algorithm (DSA) to create a 1024-bit key pair and then sign a Serializable Object, using the key pair Signature. In short, to sign an Object in Java you should:

  • Create a KeyPairGenerator for the DSA algorithm and initialize it with a 1024-bit key size.
  • Generate the KeyPair, with the genKeyPair() API method of the KeyPairGenerator.
  • Get the PrivateKey component and the PublicKey component of the key pair, using the getPrivate() and getPublic() API methods of the KeyPair.
  • Create a new String Object.
  • Create a new Signature Object for the specified algorithm, using the getInstance(String algorithm) API method.
  • Create a new SignedObject, using the initial Object to be signed, the PrivateKey and the Signature.
  • Verify the signed Object. Use the getInstance(String algorithm) of the Signature, using the public key’s algorithm. Then invoke the verify(PublicKey verificationKey, Signature verificationEngine) API method of the SignedObject.
  • Retrieve the Object, using the getObject() API method of the SignedObject.

Let’s take a look at the code snippet that follows:

package com.javacodegeeks.snippets.core;

public class ObjectSigningExample {
  public static void main(String[] args) {

    try {
	// Generate a 1024-bit Digital Signature Algorithm (DSA) key pair
	KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
	KeyPair keyPair = keyPairGenerator.genKeyPair();
	PrivateKey privateKey = keyPair.getPrivate();
	PublicKey publicKey = keyPair.getPublic();
	// We can sign Serializable objects only
	String unsignedObject = new String("A Test Object");
	Signature signature = Signature.getInstance(privateKey.getAlgorithm());
	SignedObject signedObject = new SignedObject(unsignedObject, privateKey, signature);
	// Verify the signed object
	Signature sig = Signature.getInstance(publicKey.getAlgorithm());
	boolean verified = signedObject.verify(publicKey, sig);

	System.out.println("Is signed Object verified ? " + verified);
	// Retrieve the object
	unsignedObject = (String) signedObject.getObject();
	System.out.println("Unsigned Object : " + unsignedObject);
    } catch (SignatureException e) {
    } catch (InvalidKeyException e) {
    } catch (NoSuchAlgorithmException e) {
    } catch (ClassNotFoundException e) {
    } catch (IOException e) {




Is signed Object verified ? true
Unsigned Object : A Test Object

This was an example of how to sign a Java Object.

Ilias Tsagklis

Ilias is a software developer turned online entrepreneur. He is co-founder and Executive Editor at Java Code Geeks.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Back to top button