-3

All i need is to generate signature corresponding to a string and store it in database and later on when the string is required again it can be extracted from the database using the signature stored(i.e. by decrypting signature).

S.SAHU
  • 37
  • 1
  • 7
  • u should hashing for this,like MD5 in java http://stackoverflow.com/questions/415953/how-can-i-generate-an-md5-hash – vinay kaushik Sep 22 '16 at 06:14
  • 1
    If you need to retrieve the original string from the stored data, then you need encryption, not signing. Signatures allow you to verify that a given piece of data is the same string as the one which was originally signed; they do not allow to retrieve the original data. (A signature is fixed size; it would not be possible to retrieve a longer original string from a fixed-size signature.) – yole Sep 22 '16 at 06:50
  • There are ways of doing this, but please indicate what your requirements are. Why do you need to put the data within the signature? Why do you need the encryption? – Maarten Bodewes Sep 22 '16 at 07:12
  • The requirement is something like I need to store data (filled by customer in a form) into the database. Then this data would be converted to comma separated string and using a certificate's (.p12 format) private key a signature would be generated for that string. This signature would also be stored in database. Now in future, if the data that was originally filled in is needed again, then that should be extracted with the help of the signature stored. @Maarten Bodewes – S.SAHU Sep 22 '16 at 09:30

2 Answers2

1

No. Signatures involve lossy data transforms, so you can't recover original data. (You can only present data, the public key, and a signature and ask "does the candidate data work with this signature?")

If you need to prove it didn't get tampered with, then you need to store both the signature and the data. You can combine the two with the PKCS#7 SignedData structure. .NET has the SignedCms class to help with that, Java probably has something similar.

If what you want is to make the data unreadable, then what you want is encryption, not signing (a difference I recently discussed in an answer to a different question, as I'm sure many others have). If you want to use a certificate, and thus an asymmetric operation, you'll likely need a hybrid scheme due to the size limitations of asymmetric encryption.

Community
  • 1
  • 1
bartonjs
  • 30,352
  • 2
  • 71
  • 111
0

At first read this so you can understand the process: https://crackstation.net/hashing-security.htm then use this: https://github.com/defuse/password-hashing. happy coding :)

DEADALICE7000
  • 1
  • 5