Open in app

Sign in

Write

Sign in

Mastodon

Protect your data against unauthorized manipulation (Third part)

Asterios Raptis
2 min readNov 16, 2020

In the second part of this blog we introduced the digital signing process

In this third and last Part we will learn the verification process.

As we introduced till now in the previous two posts the preparation of the data for make them verifiable, and the digital signing process this post will introduce the verification process.

We need to make some preparation before we start the the verification process. We need a history table that tracks every change of the Draws table. There are several options to do that and i recommend to do this on Database level. Of course there is hibernate-envers but if someone changes data in database level hibernate-envers will not audit this kind of changes. I will not go to present this feature because this differs for every the database provider. For postgresql a good entrypoint is here https://wiki.postgresql.org/wiki/Audit_trigger

I will show only the verification process. The question is when to verify the objects. All signed data that are loaded for viewing or further processing are verified and processed further if the verification is successful.
If the verification fails, the last uncorrupted data record can be determined using the history table and with an error message that unauthorized manipulation have been taken place.

We have a DrawsService class that loads Draws entities by id

import java.util.Optional;
import java.util.UUID;import org.springframework.stereotype.Service;import de.alpharogroup.sign.JsonVerifier;
import io.github.astrapi69.gambleboom.jpa.entity.Draws;
import io.github.astrapi69.gambleboom.jpa.repository.DrawsRepository;
import lombok.AccessLevel;
import lombok.AllArgsConstructor;
import lombok.experimental.FieldDefaults;@Service
@AllArgsConstructor
@FieldDefaults(level = AccessLevel.PRIVATE, makeFinal = true)
public class DrawsService
{
   DrawsRepository drawsRepository;   JsonVerifier<Draws> drawsJsonVerifier;   public Draws getById(UUID id)
   {
      Draws draws = null;
      Optional<Draws> optionalDraws = drawsRepository.findById(id);
      if (optionalDraws.isPresent())
      {
         draws = optionalDraws.get();
         boolean valid = drawsJsonVerifier.verify(draws, draws.getSignature());
         if (!valid)
         {
            throw new RuntimeException("Draw manipulated");
         }
      }
      return draws;
   }
}

As you can see the verification is processed after the Draws object is loaded. If the verification failes a RuntimeException is thrown. For provocate a RuntimeException you can create a Draw object and save it with the application. Then change it with a database tool. If you then call the getById method a RuntimeException will be thrown. How to process from that point is application specific.

So for now we have learned how to prepare the data for signing them with a digital signature and verifying them when we load them. Thats is enough for continue with your application specific implementation.

Happy coding and enjoy!

Digital Signature
Java
Spring Boot
Cryptographic

--

--

Asterios Raptis

Written by Asterios Raptis

24 Followers

Asterios Raptis is a Fullstack Developer and Software Consultant with over three decades of experience in the software development

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams