Crittografia e signature

La seguente classe possiede due metodi:
uno (clacolaHash) calcola l'hash di un file usando l'algoritmo specificato come parametro nel corpo del codice.
l'altro (verificaHash) verifica l'autenticità della firma generata.
Da premettere (bada bene) la checksum ha senso sui file in formato binario se devo crittografare files..


package mypackage;

import java.security.MessageDigest;

import java.security.*;
import java.io.*;
import java.util.*;

import sun.misc.BASE64Encoder;

public class Hash {
public static File filei = new File(
"\\C:\\Documents and Settings\\zzffurn\\Desktop\\MD5\\MD5\\file.txt");

/**
* Calcola l'hash di un file usando l'algoritmo irreversibile MD5 Ronald
* Rivest "http://it.wikipedia.org/wiki/Ronald_Rivest"
*
* @param file
* @return
* @throws Exception
*/

public static byte[] calcolaHash(String file) throws Exception {
System.out.print("Inizio calcolo hash");
BufferedInputStream bis = new BufferedInputStream(new FileInputStream(
filei));
System.out.print(".");
MessageDigest md = MessageDigest.getInstance("SHA1");
System.out.println("\n\tMessage Digest: " + md.toString());
System.out.print(".");
DigestInputStream digestIn = new DigestInputStream(bis, md);
System.out.print(".");
while (digestIn.read() != -1)
;
byte[] digest = md.digest();
BASE64Encoder encoder = new BASE64Encoder();
String base64 = encoder.encode(digest);
System.out.println("digest in base 64: " + base64);
System.out
.println(". Calcolo terminato!! Digest: " + digest.toString());
return digest;
}

/**
*
* @param fileIn
* @param fileHash
* @throws Exception
* Verifica l'autenticità del documento
*/
public static void verificaHash(String fileIn, String fileHash)
throws Exception {
byte[] digest = calcolaHash(fileIn);
FileInputStream fis = new FileInputStream(fileHash);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
int b = 0;
while ((b = fis.read()) != -1) {
baos.write(b);
}
byte[] hashSaved = baos.toByteArray();
BASE64Encoder encoder = new BASE64Encoder();
String base64 = encoder.encode(hashSaved);
System.out.println("hashSaved in base 64: " + base64);
if (Arrays.equals(digest, hashSaved)) {
System.out.println("L'impronta combacia,HashSaved: "
+ hashSaved.toString());
} else {
System.out.println("L'impronta non combacia");
}
}

public static void main(String args[]) throws Exception {

FileOutputStream fos = new FileOutputStream("hash" + "file.txt");
fos.write(calcolaHash("file.txt"));
fos.close();

verificaHash("readme.txt", "hashfile.txt");

}

}

Una classe java per criptare messaggi utilizzando gli algoritmi

MD5: Questo tipo di codifica prende in input una stringa di lunghezza arbitraria e produce in output una firma digitale sotto forma di stringa a 128 bit (ovvero con lunghezza fissa di 32 valori esadecimali, indipendentemente dalla stringa di input). La codifica avviene molto velocemente e si presuppone che l'output (noto anche come "MD5 Checksum" o "MD5 Hash") restituito sia univoco (ovvero si ritiene che sia impossibile ottenere con due diverse stringhe in input un'unica firma digitale in output) e che non ci sia possibilità, se non per tentativi, di risalire alla stringa di input partendo dalla stringa di output (la gamma di possibili valori in output è pari a 16 alla 32esima potenza).

SHA: The SHA (Secure Hash Algorithm) hash functions refer to five FIPS-approved algorithms for computing a condensed digital representation (known as a message digest) that is, to a high degree of probability, unique for a given input data sequence (the message). These algorithms are called “secure” because (in the words of the standard), “for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest.”

The five algorithms, denoted SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512, are cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U. S. government standard. The latter four variants are sometimes collectively referred to as SHA-2.

SHA-1 is employed in several widely used security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec. It was considered to be the successor to MD5, an earlier, widely-used hash function.

The security of SHA-1 has been somewhat compromised by cryptography researchers[1]. Although no attacks have yet been reported on the SHA-2 variants, they are algorithmically similar to SHA-1 and so efforts are underway to develop improved alternative hashing algorithms [2][3]. Due to recent attacks on the SHA-1, "NIST is initiating an effort to develop one or more additional hash algorithms through a public competition, similar to the development process for the Advanced Encryption Standard (AES)." [4]