4.9 Java Code to Sign a Sample Proprietary Certificate Hash

The following Java code illustrates how to sign a Proprietary Certificate Hash with RSA.

 import java.math.BigInteger;
  
 public class RdpRsaSign
 {
     //
     // Print out the contents of a byte array in hexadecimal.
     //
     private static void PrintBytes(
         byte[] bytes
         )
     {
         int cBytes = bytes.length;
         int iByte = 0;
  
         for (;;) {
             for (int i = 0; i < 8; i++) {
                 String hex = Integer.toHexString(bytes[iByte++] & 0xff);
                 if (hex.length() == 1) {
                     hex = "0" + hex;
                 }
  
                 System.out.print("0x" + hex + " ");
                 if (iByte >= cBytes) {
                     System.out.println();
                     return;
                 }
             }
             System.out.println();
         }
     }
  
     //
     // Reverse the order of the values in a byte array.
     //
     public static void ReverseByteArray(
         byte[] array
         )
     {
         int i, j;
         byte temp;
  
         for (i = 0, j = array.length - 1; i < j; i++, j--) {
             temp = array[i];
             array[i] = array[j];
             array[j] = temp;
         }        
     }
  
     //
     // Use RSA to encrypt data.
     //
     public static byte[] RsaEncrypt(
         byte[] modulusBytes,
         byte[] exponentBytes,
         byte[] dataBytes
         )
     {
         //
         // Reverse the passed in byte arrays and then use these to 
         // create the BigIntegers for the RSA computation.
         //
         ReverseByteArray(modulusBytes);
         ReverseByteArray(exponentBytes);
         ReverseByteArray(dataBytes);
  
         BigInteger modulus = new BigInteger(
             1, 
             modulusBytes
             );
         BigInteger exponent = new BigInteger(
             1, 
             exponentBytes
             );
         BigInteger data = new BigInteger(
             1, 
             dataBytes
             );
  
         //
         // Perform RSA encryption: 
         // ciphertext = plaintext^exponent % modulus.
         //
         BigInteger cipherText = data.modPow(
             exponent, 
             modulus
             );
  
         //
         // Reverse the generated ciphertext.
         //
         byte[] cipherTextBytes = cipherText.toByteArray();
         ReverseByteArray(cipherTextBytes);
  
         //
         // Undo the reversal of the passed in byte arrays.
         //
         ReverseByteArray(modulusBytes);
         ReverseByteArray(exponentBytes);
         ReverseByteArray(dataBytes);
  
         return cipherTextBytes;
     }
    
     //
     // Use RSA to decrypt data.
     //
     public static byte[] RsaDecrypt(
         byte[] modulusBytes,
         byte[] privateExponentBytes,
         byte[] encryptedDataBytes
         )
     {
         //
         // Reverse the passed in byte arrays and then use these to 
         // create the BigIntegers for the RSA computation.
         //
         ReverseByteArray(modulusBytes);
         ReverseByteArray(privateExponentBytes);
         ReverseByteArray(encryptedDataBytes);
  
         BigInteger modulus = new BigInteger(
             1, 
             modulusBytes
             );
         BigInteger privateExponent = new BigInteger(
             1, 
             privateExponentBytes
             );
         BigInteger encryptedData = new BigInteger(
             1, 
             encryptedDataBytes
             );
  
         //
         // Perform RSA encryption: 
         // plaintext = ciphertext^privateExponent % modulus.
         //
         BigInteger decryptedData = encryptedData.modPow(
             privateExponent, 
             modulus
             );
  
         //
         // Reverse the generated plaintext.
         //
         byte[] decryptedDataBytes = decryptedData.toByteArray();
         ReverseByteArray(decryptedDataBytes);
  
         //
         // Undo the reversal of the passed in byte arrays.
         //
         ReverseByteArray(modulusBytes);
         ReverseByteArray(privateExponentBytes);
         ReverseByteArray(encryptedDataBytes);
  
         return decryptedDataBytes;
     }
  
     //
     // Main routine.
     //
     public static void main(
         String[] args
         )
     {
         //
         // Modulus bytes obtained straight from the wire in the 
         // proprietary certificate (in little endian format). 
         // This is for a 512-bit key set.
         //
         byte[] modulusBytes = 
         {        
             (byte) 0x3d, (byte) 0x3a, (byte) 0x5e, (byte) 0xbd, 
             (byte) 0x72, (byte) 0x43, (byte) 0x3e, (byte) 0xc9, 
             (byte) 0x4d, (byte) 0xbb, (byte) 0xc1, (byte) 0x1e, 
             (byte) 0x4a, (byte) 0xba, (byte) 0x5f, (byte) 0xcb, 
             (byte) 0x3e, (byte) 0x88, (byte) 0x20, (byte) 0x87, 
             (byte) 0xef, (byte) 0xf5, (byte) 0xc1, (byte) 0xe2, 
             (byte) 0xd7, (byte) 0xb7, (byte) 0x6b, (byte) 0x9a, 
             (byte) 0xf2, (byte) 0x52, (byte) 0x45, (byte) 0x95, 
             (byte) 0xce, (byte) 0x63, (byte) 0x65, (byte) 0x6b, 
             (byte) 0x58, (byte) 0x3a, (byte) 0xfe, (byte) 0xef, 
             (byte) 0x7c, (byte) 0xe7, (byte) 0xbf, (byte) 0xfe, 
             (byte) 0x3d, (byte) 0xf6, (byte) 0x5c, (byte) 0x7d, 
             (byte) 0x6c, (byte) 0x5e, (byte) 0x06, (byte) 0x09, 
             (byte) 0x1a, (byte) 0xf5, (byte) 0x61, (byte) 0xbb, 
             (byte) 0x20, (byte) 0x93, (byte) 0x09, (byte) 0x5f, 
             (byte) 0x05, (byte) 0x6d, (byte) 0xea, (byte) 0x87, 
         };
  
         //
         // Exponent bytes (in little endian order) obtained straight 
         // from the wire (in the proprietary certificate).
         //
         byte[] exponentBytes = 
         {        
             (byte) 0x5b, (byte) 0x7b, (byte) 0x88, (byte) 0xc0
         };
  
         //
         // Private exponent of the private key generated by the 
         // server (in little endian format).
         //
         byte[] privateExponentBytes = 
         {
             (byte) 0x87, (byte) 0xa7, (byte) 0x19, (byte) 0x32, 
             (byte) 0xda, (byte) 0x11, (byte) 0x87, (byte) 0x55, 
             (byte) 0x58, (byte) 0x00, (byte) 0x16, (byte) 0x16, 
             (byte) 0x25, (byte) 0x65, (byte) 0x68, (byte) 0xf8, 
             (byte) 0x24, (byte) 0x3e, (byte) 0xe6, (byte) 0xfa, 
             (byte) 0xe9, (byte) 0x67, (byte) 0x49, (byte) 0x94, 
             (byte) 0xcf, (byte) 0x92, (byte) 0xcc, (byte) 0x33, 
             (byte) 0x99, (byte) 0xe8, (byte) 0x08, (byte) 0x60, 
             (byte) 0x17, (byte) 0x9a, (byte) 0x12, (byte) 0x9f, 
             (byte) 0x24, (byte) 0xdd, (byte) 0xb1, (byte) 0x24, 
             (byte) 0x99, (byte) 0xc7, (byte) 0x3a, (byte) 0xb8, 
             (byte) 0x0a, (byte) 0x7b, (byte) 0x0d, (byte) 0xdd, 
             (byte) 0x35, (byte) 0x07, (byte) 0x79, (byte) 0x17, 
             (byte) 0x0b, (byte) 0x51, (byte) 0x9b, (byte) 0xb3, 
             (byte) 0xc7, (byte) 0x10, (byte) 0x01, (byte) 0x13, 
             (byte) 0xe7, (byte) 0x3f, (byte) 0xf3, (byte) 0x5f
         };
  
         //
         // Sample hash of a proprietary certificate.
         //
         byte[] hashBytes = 
         {
             (byte) 0xf5, (byte) 0xcc, (byte) 0x18, (byte) 0xee, 
             (byte) 0x45, (byte) 0xe9, (byte) 0x4d, (byte) 0xa6,
             (byte) 0x79, (byte) 0x02, (byte) 0xca, (byte) 0x76, 
             (byte) 0x51, (byte) 0x33, (byte) 0xe1, (byte) 0x7f,
             (byte) 0x00, (byte) 0xff, (byte) 0xff, (byte) 0xff, 
             (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
             (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 
             (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
             (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 
             (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
             (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 
             (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
             (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 
             (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
             (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 
             (byte) 0xff, (byte) 0xff, (byte) 0x01
         };
  
         System.out.println("Hash:");
         PrintBytes(hashBytes);
  
         //
         // Perform decryption (signing).
         //
         byte[] signedHashBytes = RsaDecrypt(
             modulusBytes,
             privateExponentBytes,
             hashBytes
             );        
         
         System.out.println("Signed hash bytes:");
         PrintBytes(signedHashBytes);
     
         //
         // Perform encryption (verification).
         //
         byte[] verifiedHashBytes = RsaEncrypt(
             modulusBytes,
             exponentBytes,
             signedHashBytes
             );        
  
         System.out.println("Verified hash bytes:");
         PrintBytes(verifiedHashBytes);
     }
 };
Show: