Is SignedObject Safe to Deliver to Client Applications

Question

SignedObject  (Serializable  object, PrivateKey  signingKey, Signature  signingEngine)

Is it safe to serialize and deliver this object to the client application? Is there a way they can take possession of PrivateKey through reflection?

I want to use this object to store a digital signature, as well as for data that has been signed.

+3

jax Jul 6 '10 at 4:40

2 answers

Java :

0

Thiago Diniz 27 . '10 17:41

Shirik · Accepted Answer · 2010-07-06T04:48:54+0000

Serialized objects include only the object itself and the signature (and the algorithm used for signing purposes), as indicated here:

. , , , ( ).