2 * Copyright (C) 2013 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package com.android.verity;
19 import java.security.PublicKey;
20 import java.security.PrivateKey;
21 import java.security.Security;
22 import java.security.cert.X509Certificate;
23 import org.bouncycastle.jce.provider.BouncyCastleProvider;
25 public class VeritySigner {
27 private static void usage() {
28 System.err.println("usage: VeritySigner <contentfile> <key.pk8> " +
29 "<sigfile> | <contentfile> <certificate.x509.pem> <sigfile> " +
34 public static void main(String[] args) throws Exception {
35 if (args.length < 3) {
40 Security.addProvider(new BouncyCastleProvider());
42 byte[] content = Utils.read(args[0]);
44 if (args.length > 3 && "-verify".equals(args[3])) {
45 X509Certificate cert = Utils.loadPEMCertificate(args[1]);
46 PublicKey publicKey = cert.getPublicKey();
48 byte[] signature = Utils.read(args[2]);
51 if (Utils.verify(publicKey, content, signature,
52 Utils.getSignatureAlgorithmIdentifier(publicKey))) {
53 System.err.println("Signature is VALID");
56 System.err.println("Signature is INVALID");
58 } catch (Exception e) {
59 e.printStackTrace(System.err);
64 PrivateKey privateKey = Utils.loadDERPrivateKey(Utils.read(args[1]));
65 byte[] signature = Utils.sign(privateKey, content);
66 Utils.write(signature, args[2]);