Digitally sign the payload with Private Key using RSASSA-PKCS1-V1_5

Question

I'm trying to interplate and implement the following statement.

Digitally sign the payload with Private Key using RSASSA-PKCS1-V1_5 signature scheme and SHA1 cryptographic hash function.

Note: Refer to PKCS #1 v2.1: RSA Cryptography Standard specification for PKCS1-v1.5 Signature and Encryption scheme.

I'm confused when it says "and" sha1 hash function, below is adopted code which i'm not sure if it the right interpretation

    public String getSignature(String _plainTextMessage,PrivateKey privateKey){

        try {
            Signature signer = Signature.getInstance("SHA1withRSA");
            signer.initSign(privateKey);
            signer.update(_plainTextMessage.getBytes());
            byte[] signature = signer.sign();
            return new BASE64Encoder().encode(signature);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (SignatureException e) {
            e.printStackTrace();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
}

or do i need to include MessageDiget like below

public String getSignature(String _plainTextMessage,PrivateKey privateKey){
try {
    Signature signer = Signature.getInstance("SHA1withRSA");
    signer.initSign(privateKey);
    signer.update(_plainTextMessage.getBytes());
    byte[] signature = signer.sign();

    MessageDigest sha1 = MessageDigest.getInstance("SHA1");
    byte[] digest = sha1.digest(signature);

    return new BASE64Encoder().encode(digest);

} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
} catch (InvalidKeyException e) {
    e.printStackTrace();
} catch (SignatureException e) {
    e.printStackTrace();
} catch (Exception e) {
    e.printStackTrace();
}
return null;

}

I will appreciate any hint, and if applicable how do i verify the signature if i use the second option.

thanks

Answer 1

The first option makes sense and the second option makes very little sense; you'll need the first option: just using SHA1withRSA .

Calculating the hash is part of the signature generation operation. The signature generation operation allows you to configure the signing operation for a specific hash, eg SHA-1 or SHA-256. This is what you do when you specify SHA1withRSA . That it is using PKCS#1 v1.5 padding is implicit as at the time they wrote the function there was only one scheme that was widely standardized.

In your second piece of code you hash the signature. That's interesting, but it disallows you to verify the signature using the public key. And that's why you were generating the signature in the first place. Note that if you'd use a different undeterministic signature scheme such as PSS that you would get a different hash each time, rendering your second scheme completely useless.

---

Note that in general SHA-1 is not considered secure anymore and this is especially the case for signature generation. Only if the input to the signatue algorithm (and the underlying hash algorithm) is restricted could it still be considered secure.