com.rsa.jsafe.JSAFE_Object
com.rsa.jsafe.JSAFE_AsymmetricCipher
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
The JSAFE_AsymmetricCipher class defines the factory method and
API for all asymmetric cipher objects. This is the actual encryption
object; it does not create or manage keys. This class can instantiate the
classes that perform asymmetric encryption and defines the functionality.
See Overview of Crypto-J for background and reference material on using and understanding Crypto-J.
Note: Not all Crypto-J transformations have OIDs assigned to them. See Crypto-J Transformations and Their Associated Classes for a list of transformations that have assigned OIDs.
Copyright © RSA Security Inc., 1997-2005. All rights reserved.
| Field Summary | |
static int |
BLINDING
|
static int |
NO_BLINDING
|
static int |
PERSISTENT_BLINDING
|
| Constructor Summary | |
JSAFE_AsymmetricCipher()
|
|
| Method Summary | |
void |
clearSensitiveData()
Clears any sensitive data from an object. |
byte[] |
decryptFinal()
Finalizes the decryption process and strips any padding. |
int |
decryptFinal(byte[] partOut,
int offset)
Finalizes the decryption process and strips any padding. |
void |
decryptInit(JSAFE_PrivateKey key)
Initializes an object to perform private-key decryption using
|
void |
decryptInit(JSAFE_PrivateKey key,
JSAFE_Session[] sessions)
Initializes an object to perform private-key decryption,
using |
void |
decryptInit(JSAFE_PublicKey key)
Initializes an object to perform public-key decryption, using key. |
void |
decryptInit(JSAFE_PublicKey key,
JSAFE_Session[] sessions)
Initializes an object to perform public-key decryption, using key. |
void |
decryptReInit()
Re-initializes this object to decrypt using the key passed in during
the previous call to |
byte[] |
decryptUpdate(byte[] partIn,
int offset,
int partInLen)
Decrypts the first |
int |
decryptUpdate(byte[] partIn,
int inOffset,
int partInLen,
byte[] partOut,
int outOffset)
Decrypts the first |
byte[] |
encryptFinal()
Finalizes the encryption process by encrypting any leftover bytes and padding (if it was requested). |
int |
encryptFinal(byte[] partOut,
int offset)
Finalizes the encryption process by encrypting any leftover bytes and padding (if it was requested). |
void |
encryptInit(JSAFE_PrivateKey key)
Initializes an object to perform private-key encryption, using key. |
void |
encryptInit(JSAFE_PrivateKey key,
SecureRandom random)
Initializes an object to perform private-key encryption, using key. |
void |
encryptInit(JSAFE_PrivateKey key,
SecureRandom random,
JSAFE_Session[] sessions)
Initializes this object to perform private-key encryption, using key. |
void |
encryptInit(JSAFE_PublicKey key)
Initializes an object to perform public-key encryption,
using |
void |
encryptInit(JSAFE_PublicKey key,
SecureRandom random)
Initializes an object to perform public-key encryption,
using |
void |
encryptInit(JSAFE_PublicKey key,
SecureRandom random,
JSAFE_Session[] sessions)
Initializes this object to perform public-key encryption,
using |
void |
encryptReInit()
Re-initializes an object to encrypt using the key passed in during
the previous call to the |
byte[] |
encryptUpdate(byte[] partIn,
int offset,
int partInLen)
Encrypts the first |
int |
encryptUpdate(byte[] partIn,
int inOffset,
int partInLen,
byte[] partOut,
int outOffset)
Encrypts the first |
abstract int[] |
getAlgorithmParameters()
Returns a new |
getBlankKeyPair()
Returns a new, empty |
|
abstract int |
getBlinding()
Returns the level of blinding this object will use. |
byte[] |
getDERAlgorithmID()
Returns a new |
getDevice()
Returns a |
|
String[] |
getDeviceList()
Returns a |
abstract String |
getEncryptionAlgorithm()
Returns the standard name of the encryption algorithm. |
int |
getInputBlockSize()
Returns the size, in bytes, of an input block for an algorithm. |
static JSAFE_AsymmetricCipher |
getInstance(byte[] berAlgID,
int offset,
String device)
Builds an object that performs an algorithm using the possible parameters
defined in |
static JSAFE_AsymmetricCipher |
getInstance(String transformation,
String device)
Builds an object that performs the |
int |
getMaxInputLen()
Returns the maximum allowed input length. |
static int |
getNextBEROffset(byte[] berAlgID,
int offset)
Gets the next offset after the algorithm ID. |
abstract String |
getOAEPDigestAlgorithm()
Returns the standard name of the OAEP digest algorithm used by the OAEP padding scheme. |
abstract String |
getOAEPMaskGeneratingFunction()
Returns the name of the mask generating function used by the OAEP padding scheme. |
abstract String |
getOAEPMaskUnderlyingAlgorithm()
Returns the name of the mask generating function's underlying algorithm used by the OAEP padding scheme. |
abstract byte[] |
getOAEPParameters()
Returns the OAEP parameters of an object. |
abstract String |
getOAEPParameterSource()
Returns the name of the parameter source used by the OAEP padding scheme. |
int |
getOutputBlockSize()
Returns the size, in bytes, of an output block from an algorithm. |
int |
getOutputBufferSize(int inputLen)
Returns the maximum size, in bytes, that an output buffer should be
to hold the asymmetric cipher processing results if encrypting
data of |
int[] |
getPaddingParameters()
Returns a new |
abstract String |
getPaddingScheme()
Returns the standard padding algorithm name. |
abstract void |
setBlinding(int blindingLevel)
Set the desired level of blinding. |
abstract void |
setOAEPParameters(byte[] params,
int offset,
int len)
Sets an object to contain the OAEP parameters given in the
|
unwrapSecretKey(byte[] wrappedKey,
int offset,
int keyLen,
boolean ber,
String encryptedKeyAlgorithm)
Decrypts |
|
unwrapSecretKey(byte[] wrappedKey,
int offset,
int keyLen,
boolean ber,
String encryptedKeyAlgorithm,
String unwrappedKeyDevice)
Decrypts |
|
byte[] |
wrapSecretKey(JSAFE_SecretKey keyToWrap,
boolean ber)
Encrypts the secret key, |
| Methods inherited from class com.rsa.jsafe.JSAFE_Object |
clone, overwrite, overwrite |
| Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
public static final int NO_BLINDING
NO_BLINDING is the flag to use when calling
setBlinding() and you wish to set the object to perform its
operations without blinding. This is also the return value of
getBlinding() if the object will perform its operations
without blinding.
public static final int BLINDING
BLINDING is the flag to use when calling
setBlinding() and you wish to set the object to perform its
operations with blinding. This is also the return value of
getBlinding() if the object will perform its operations
with blinding.
public static final int PERSISTENT_BLINDING
PERSITENT_BLINDING is the flag to use when calling
setBlinding() and you wish to set the object to perform its
operations with blinding using persistent blinding values. These values are
associated with a key, will be generated once and used each time the key
is used. This is in contrast to the normal blinding which generates
different blinding values each time the key is used.
This is also the return value of getBlinding() if the
object will perform its operations with persistent blinding.
| Constructor Detail |
public JSAFE_AsymmetricCipher()
| Method Detail |
public static JSAFE_AsymmetricCipher getInstance(byte[] berAlgID, int offset, String device) throws JSAFE_UnimplementedException, JSAFE_InvalidParameterException
berAlgID, beginning at offset.
This is the BER encoding of the algorithm identifier. The specified
device is used.
The value encoded in berAlgID
is as follows:
AlgorithmIdentifier ::- SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
berAlgID - A byte array containing the BER encoding
of an algorithm ID.offset - The offset into berAlgID where the encoding
begins.device - A list of devices used to build the object.
JSAFE_AsymmetricCipher object that performs the
transformation as described by the algorithm ID.
JSAFE_UnimplementedException - If the device or devices
cannot perform the designated algorithm, or if the toolkit cannot decode
the BER encoding.
JSAFE_InvalidParameterException - If the BER encoding contains
parameters that do not work.
public static int getNextBEROffset(byte[] berAlgID,
int offset)
throws JSAFE_UnimplementedException
berAlgID, the BER encoding of the algorithm ID,
beginning at offset, returns the index to the next
byte in the array.
berAlgID - A byte array containing the BER encoding
of an algorithm ID.offset - The offset into berAlgID where the
encoding begins.
berAlgID of the byte following the
algorithm ID.
JSAFE_UnimplementedException - If the toolkit cannot decode the
BER encoding.public static JSAFE_AsymmetricCipher getInstance(String transformation, String device) throws JSAFE_UnimplementedException, JSAFE_InvalidParameterException
transformation on the
given device.
Currently, the RSA algorithm is the only asymmetric cipher that Crypto-J supports.
The value of transformation is as follows:
| "RSA/padding" |
| "RSA/PKCS1V2OAEPPad/ digest/mgf/mgfAlg/pSource" |
The possible getInstance padding values are:
| Padding Values | Input Constraints |
| "NoPad (raw RSA)" | Total number of input bytes must be a multiple of modulus size (in bytes), and each input block must be numerically less than the modulus. |
| "PKCS1Block02Pad" | Total number of input bytes must be less
than modulusSize -11 (where modulusSize is the
length of the modulus in bytes). |
| "PKCS1V2OAEPPad" | Total number of input bytes must be less
than modulusSize - 42 (where modulusSize is the
length of the modulus in bytes). |
Currently, Crypto-J supports the following OAEP supporting algorithms:
The mgf is the mask generating function. The mgfAlg is the mask generating function's underlying algorithm. The pSource is the OAEP parameter source. When using OAEP, the total number of input bytes must be less than modulusSize - 42, where modulusSize is the length of the modulus in bytes. See the Crypto-J Developer's Guide for a more detailed description of OAEP.
The device value is as follows: "choice1[/choice2[...[/choicen]]]" Possible device values are:
Note: Do not attempt to use hardware versions of Crypto-J classes unless you are very familiar with the hardware. See the "Cryptographic Hardware" section in the Crypto-J Developer's Guide, which describes hardware usage, its benefits, and its problems.
The following example illustrates how to build an RSA encryption or decryption object, and pads the input according to the Block02 scheme outlined in PKCS #1. Crypto-J uses a Native version if it is available; otherwise, it uses the Java version.
JSAFE_AsymmetricCipher rsa =
JSAFE_AsymmetricCipher.getInstance
("RSA/PKCS1Block02Pad", "Native/Java");
transformation - The representation of the desired operation
(for example, "RSA/PKCS1Block02Pad").device - A list of devices used to build the object
(for example, "Java", "Native/Java").
JSAFE_AsymmetricCipher object that performs the
transformation.
JSAFE_UnimplementedException - If the device or devices cannot
perform the designated algorithm.
JSAFE_InvalidParameterException - If the
transformation contains parameters that do not work.
public byte[] getDERAlgorithmID()
throws JSAFE_UnimplementedException
byte array containing the DER encoding of the
algorithm ID of the algorithm in this object.
byte array that contains the algorithm ID.
JSAFE_UnimplementedException - If the algorithm has no OID,
or there is not enough information to build the algorithm ID.public String getDevice()
String that is the name of the device of record.
Possible device values are:
public String[] getDeviceList()
String array that describes all
the devices used to execute the transformation. Because a
transformation often consists of component algorithms, the
implementation can consist of several component objects.
A device can perform one or more of the algorithms, but it may let
Java or another device perform one or more. For example, because padding
is not time-consuming, a device might let the Crypto-J implementation
perform padding. Returns the names of the devices used by each component.
String array that describes
the device used for a specific component.
public abstract void setOAEPParameters(byte[] params,
int offset,
int len)
params argument.
If using OAEP, sets the OAEP parameters to be the bytes in the given input.
params - The byte array containing the OAEP parameters.offset - The offset into params where the value begins.len - The length of the parameters in bytes.public abstract byte[] getOAEPParameters()
null. If OAEP is being
used and there are no parameters (empty parameters), this method
returns a zero-length array.
byte array that contains the OAEP parameters.
This may be an array of length 0.public abstract String getEncryptionAlgorithm()
String that describes the encryption algorithm.public abstract String getPaddingScheme()
String that describes the padding algorithm.public abstract String getOAEPDigestAlgorithm()
null.
String that describes the digest algorithm used
by OAEP.public abstract String getOAEPMaskGeneratingFunction()
null.
String that describes the mask generating function
used by OAEP.public abstract String getOAEPMaskUnderlyingAlgorithm()
null.
String that describes the underlying algorithm used
by the mask generating function in OAEP.public abstract String getOAEPParameterSource()
null.
String that describes the parameter source
used by OAEP.public int getMaxInputLen()
-1. This generally depends on the padding
scheme and the key size, so it is best to call this method after
init().
int that is the maximum allowed input length.
If -1, there is no logical limit.public int getInputBlockSize()
int that is the input block size.public int getOutputBlockSize()
init().
int that is the output block size.public int getOutputBufferSize(int inputLen)
inputLen bytes.
The computation includes the length of any unprocessed data. The
actual output may be smaller than the reported value.
inputLen - The length of the input in bytes.
int that indicates the size of the output in bytes.public JSAFE_KeyPair getBlankKeyPair()
JSAFE_KeyPair object to match the
algorithm and device of this object.
Sets or generates the key data with this key-pair object.
JSAFE_KeyPair object.public abstract int[] getAlgorithmParameters()
int array containing the algorithm's parameters.
This may be an array of length 0.
Note that this is not the system parameters, but the parameters of the encryption algorithm.
int array containing the parameters of the
encryption algorithm.public int[] getPaddingParameters()
int array containing the padding scheme's
parameters.
This may be an array of length 0.
int array containing the parameters of the
padding scheme.public abstract void setBlinding(int blindingLevel)
JSAFE_AsymmetricCipher.NO_BLINDING
JSAFE_AsymmetricCipher.BLINDING
JSAFE_AsymmetricCipher.PERSISTENT_BLINDING
The default is persistent blinding. That is, if you do not call this method,
the object will perform blinding using persistent blinding values.
The current BLINDING algorithm will do the following.
m = message -- the block to sign r = random value -- from a seed of block to sign and private key rInv = (r ^ -1) mod modulus b = (r ^ pubExpo) mod modulus mPrime = (b * m) mod modulus sPrime = RSA(mPrime) signature = (rInv * sPrime) mod modulus
This method should be used before an Init() call.
Use the method getBlinding() to see what level of blinding is
being employed.
Not all algorithms or situations will have blinding available. For example, there is no blinding for DSA or verification of any algorithm. It will not be possible to blind if creating an RSA signature using only the private exponent and modulus (instead of the CRT info).
blindingLevel - The desired level of blinding.getBlinding()public abstract int getBlinding()
JSAFE_AsymmetricCipher.NO_BLINDING
JSAFE_AsymmetricCipher.BLINDING
JSAFE_AsymmetricCipher.PERSISTENT_BLINDING
Call this routine only after a call to an Init method.
That is, if you call this method before an Init call,
it will return an answer, but it may not be the correct answer.
int, the level of blinding.setBlinding(int)public void encryptInit(JSAFE_PublicKey key) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException
key.
key - A JSAFE_PublicKey object that is used to encrypt.
JSAFE_InvalidUseException - If the object cannot be initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it uses a different algorithm or different
device).public void encryptInit(JSAFE_PublicKey key, SecureRandom random) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException
key and random.
If this object ever needs random bytes, encryptInit() uses
random.
JSAFE_SecureRandom is a subclass of
java.security.SecureRandom, so an object of that class is
valid input for random.
key - A JSAFE_PublicKey object that is used to encrypt.random - A SecureRandom object from which this object
draws random bytes if necessary.
JSAFE_InvalidUseException - If the object cannot be initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it uses a different algorithm or different
device).public void encryptInit(JSAFE_PublicKey key, SecureRandom random, JSAFE_Session[] sessions) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException
key, random and sessions.
If this object ever needs random bytes, encryptInit uses
random.
JSAFE_SecureRandom is a subclass of
java.security.SecureRandom, so an object of that class is
valid input for random.
The sessions argument is an array of hardware sessions.
Crypto-J passes these sessions on to the devices specified in
the getInstance() call. The devices use or ignore the
sessions as necessary.
key - A JSAFE_PublicKey object that is used to encrypt.random - A SecureRandom object this object draws random
bytes from, if necessary.sessions - An array of JSAFE_Session objects from which
to search for a device that will perform the operation.
JSAFE_InvalidUseException - If the object cannot be initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it uses a different algorithm or different
device).public void encryptInit(JSAFE_PrivateKey key) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException
key - A JSAFE_PrivateKey object that is used to encrypt.
JSAFE_InvalidUseException - If the object cannot be initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it uses a different algorithm or different
device).public void encryptInit(JSAFE_PrivateKey key, SecureRandom random) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException
encryptInit uses random.
JSAFE_SecureRandom is a subclass of java.security.SecureRandom,
so an object of that class is valid input for random.
key - A JSAFE_PrivateKey object that is used to encrypt.random - A SecureRandom object from which this object draws random
bytes if necessary.
JSAFE_InvalidUseException - If the object cannot be initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it uses a different algorithm or different
device).public void encryptInit(JSAFE_PrivateKey key, SecureRandom random, JSAFE_Session[] sessions) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException
encryptInit uses random.
JSAFE_SecureRandom is a subclass of java.security.SecureRandom,
so an object of that class is valid input for random. The sessions argument is an array
of hardware sessions. Crypto-J passes these sessions on to the devices specified in
the getInstance call. The devices use or ignore the sessions as necessary.
key - A JSAFE_PrivateKey object that is used to encrypt.random - A SecureRandom object this object draws random
bytes from, if necessary.sessions - An array of JSAFE_Session objects from which
to search for a device that will perform the operation.
JSAFE_InvalidUseException - If the object cannot be
initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it uses a different algorithm or different
device).
public void encryptReInit()
throws JSAFE_InvalidUseException
encryptInit() method.
JSAFE_InvalidUseException - If the object is not initialized
for encryption.public byte[] wrapSecretKey(JSAFE_SecretKey keyToWrap, boolean ber) throws JSAFE_InvalidUseException
keyToWrap.
encryptInit() or encryptReinit() must be
called prior to calling this method.
If the argument ber is false,
the resulting key data is encrypted.
This is a typical digital envelope (for example, as part of PKCS #7
envelopedData).
If the argument ber is true, the resulting key
data is the BER encoding of the secret key, SecretKeyInfo
(proprietary to RSA Security) as defined below:
SecretKeyInfo ::= SEQUENCE {
secretKeyAlgorithm AlgorithmIdentifier,
secretKey OCTET STRING }
EncryptedSecretKey ::= SEQUENCE {
encryptionAlgorithm EncryptionAlgorithmIdentifier,
encryptedData EncryptedData }
EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
EncryptedData ::= OCTET STRING
keyToWrap - The object containing the key to encrypt.ber - true to get a result that is BER encoded,
false to get only the encrypted data.
byte array containing the encrypted key.
JSAFE_InvalidUseException - If the object is not
initialized to encrypt.
public byte[] encryptUpdate(byte[] partIn,
int offset,
int partInLen)
throws JSAFE_InvalidUseException,
JSAFE_InputException
partInLen bytes of the array
partIn, beginning at offset. Returns the
result in a new byte array (may be a zero-length array).
This method will not encrypt if there is not enough data to form a block. In that case it will store the input in an internal buffer.
partIn - The data to encrypt.offset - The offset into partIn where the data begins.partInLen - The length of the data to encrypt.
byte array containing the encrypted data.
This may be an array of length 0 if the object could not
encrypt yet.
JSAFE_InvalidUseException - If the object is not
initialized to encrypt.
JSAFE_InputException - If the input exceeds the maximum length.
public int encryptUpdate(byte[] partIn,
int inOffset,
int partInLen,
byte[] partOut,
int outOffset)
throws JSAFE_InvalidUseException,
JSAFE_InputException
partInLen bytes of the array
partIn, beginning at inOffset.
Returns the result in the byte array partOut,
beginning at outOffset. The return value is the number of
bytes placed in the output buffer. This method does not encrypt if there
is not enough data to form a block. In that case, it stores the input
in an internal buffer.
partIn - The data to encrypt.inOffset - The offset into partIn where the data begins.partInLen - The length of the data to encrypt.partOut - The buffer where the output is placed.outOffset - The offset into partOut where the writing
begins.
JSAFE_InvalidUseException - If the object is not
initialized to encrypt.
JSAFE_InputException - If the input exceeds the maximum length.
public byte[] encryptFinal()
throws JSAFE_InvalidUseException,
JSAFE_InputException,
JSAFE_PaddingException
encryptFinal() method
returns the result in a new byte array.
Call a Final method before reusing the object
to encrypt or decrypt data with a new key.
byte array that contains the encrypted data.
JSAFE_InvalidUseException - If the object is not
initialized to encrypt.
JSAFE_InputException - If the input exceeds the maximum length.
JSAFE_PaddingException - If the padding algorithm cannot
execute.
public int encryptFinal(byte[] partOut,
int offset)
throws JSAFE_InvalidUseException,
JSAFE_InputException,
JSAFE_PaddingException
byte array partOut,
beginning at offset. The return value is the number of bytes
placed in the output buffer.
Call a Final method before reusing the object to encrypt or
decrypt data with a new key.
partOut - The buffer where the output is placed.offset - The offset into partOut where the writing
begins.
JSAFE_InvalidUseException - If the object is not
initialized to encrypt.
JSAFE_InputException - If the input exceeds the maximum length.
JSAFE_PaddingException - If the padding algorithm cannot
execute.public void decryptInit(JSAFE_PrivateKey key) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException
key.
key - A JSAFE_PrivateKey object that is used to decrypt.
JSAFE_InvalidUseException - If the object cannot be
initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it is a different algorithm or different
device).public void decryptInit(JSAFE_PrivateKey key, JSAFE_Session[] sessions) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException
key. The sessions argument is an array of
hardware sessions. Crypto-J passes these sessions on to the devices
specified in the getInstance() call. The devices will use or
ignore the sessions as necessary.
key - A JSAFE_PrivateKey object used to decrypt.sessions - An array of JSAFE_Session objects used to
search for one device that will perform the operation.
JSAFE_InvalidUseException - If the object cannot be initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it is a different algorithm or
different device).public void decryptInit(JSAFE_PublicKey key) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException
key - A JSAFE_PublicKey object that is used to decrypt.
JSAFE_InvalidUseException - If the object cannot be
initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it is a different algorithm or different
device).public void decryptInit(JSAFE_PublicKey key, JSAFE_Session[] sessions) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException
getInstance
call. The devices will use or ignore the sessions as necessary.
key - A JSAFE_PublicKey object used to decrypt.sessions - An array of JSAFE_Session objects from which
to search for one device that will perform the operation.
JSAFE_InvalidUseException - If the object cannot be
initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it is a different algorithm or different device).
public void decryptReInit()
throws JSAFE_InvalidUseException
decryptInit().
JSAFE_InvalidUseException - If the object is not initialized
for decryption.public JSAFE_SecretKey unwrapSecretKey(byte[] wrappedKey, int offset, int keyLen, boolean ber, String encryptedKeyAlgorithm) throws JSAFE_InvalidUseException
wrappedKey (of length keyLen,
beginning at offset) and returns the result as a new
JSAFE_SecretKey object.
If the argument ber is false, pass in the
encrypted key's algorithm in encryptedKeyAlgorithm.
If the argument ber is true, this method
expects the data in the form of a BER-encoded
EncryptedSecretKey object, and the method ignores the
argument encryptedkeyAlgorithm.
Call decryptInit() or decryptReInit() before
calling this method.
wrappedKey - The encrypted key data.offset - The offset into wrappedKey where the data begins.keyLen - The length of the data to decrypt.ber - Pass in true if the data is BER encoded;
false if not.encryptedKeyAlgorithm - If the data is not BER encoded, contains the
standard name of the key's algorithm type.
JSAFE_SecretKey object containing the
decrypted key.
JSAFE_InvalidUseException - If the object is not
initialized to decrypt.public JSAFE_SecretKey unwrapSecretKey(byte[] wrappedKey, int offset, int keyLen, boolean ber, String encryptedKeyAlgorithm, String unwrappedKeyDevice) throws JSAFE_InvalidUseException
wrappedKey (of length keyLen,
beginning at offset) and returns the result as a new
JSAFE_SecretKey object, the device of the resulting key
described by unwrappedKeyDevice.
If the argument ber is false, the encrypted
key's algorithm must be specified in encryptedKeyAlgorithm.
If the argument ber is true, this method expects
the data in the form of a BER-encoded EncryptedSecretKey
object, and the method ignores the argument
encryptedkeyAlgorithm.
decryptInit() or decryptReInit() must be called
prior to calling this method.
wrappedKey - The encrypted key data.offset - The offset into wrappedKey where the data begins.keyLen - The length of the data to decrypt.ber - true if the data is BER encoded,
false if it is not BER encoded.encryptedKeyAlgorithm - If the data is not BER encoded, contains the
standard name of the key's algorithm type.unwrappedKeyDevice - The device that unwrapped the key.
JSAFE_SecretKey object containing the decrypted
key.
JSAFE_InvalidUseException - If the object is not
initialized to decrypt.
public byte[] decryptUpdate(byte[] partIn,
int offset,
int partInLen)
throws JSAFE_InvalidUseException,
JSAFE_InputException
partInLen bytes of the
array partIn, beginning at offset.
Returns the result in a new byte array (which may be
zero-length).
This method does not decrypt if there is not enough data to form a block.
In that case, it stores the input in an internal buffer.
partIn - The data to encrypt.offset - The offset into partIn where the data begins.partInLen - The length of the data to decrypt.
byte array containing the decrypted data.
This may be an array of length 0 if the object could not
decrypt yet.
JSAFE_InvalidUseException - If the object is not
initialized to decrypt.
JSAFE_InputException - If the input exceeds the maximum length.
public int decryptUpdate(byte[] partIn,
int inOffset,
int partInLen,
byte[] partOut,
int outOffset)
throws JSAFE_InvalidUseException,
JSAFE_InputException
partInLen bytes of the array
partIn, beginning at inOffset. It places the
return value in the byte array partOut,
beginning at outOffset. The return value is the number of
bytes actually placed in the output buffer.
This method does not decrypt if there is not enough data to form a block.
In that case, it stores the input in an internal buffer.
partIn - The data to decrypt.inOffset - The offset into partIn where the data begins.partInLen - The length of the data to decrypt.partOut - The buffer where the output is placed.outOffset - The offset into partOut where the writing
begins.
JSAFE_InvalidUseException - If the object is not
initialized to decrypt.
JSAFE_InputException - If the input exceeds the maximum length.
public byte[] decryptFinal()
throws JSAFE_InvalidUseException,
JSAFE_InputException,
JSAFE_PaddingException
byte array.
Call a Final method before using an object to encrypt
or decrypt data with a new key.
byte array containing the decrypted data.
JSAFE_InvalidUseException - If the object is not
initialized to decrypt.
JSAFE_InputException - If the input exceeds the maximum length.
JSAFE_PaddingException - If the padding algorithm cannot
execute.
public int decryptFinal(byte[] partOut,
int offset)
throws JSAFE_InvalidUseException,
JSAFE_InputException,
JSAFE_PaddingException
byte array
partOut, beginning at offset.
The return value is the number of bytes placed in the output buffer.
Call a Final method before using an object to encrypt
or decrypt data with a new key.
partOut - The buffer where the output is placed.offset - The offset into partOut where the writing
begins.
JSAFE_InvalidUseException - If the object is not
initialized to decrypt.
JSAFE_InputException - If the input exceeds the maximum length.
JSAFE_PaddingException - If the padding algorithm cannot
execute.public void clearSensitiveData()
After calling the clearSensitiveData method,
an init (not a reinit) method must be called in order to perform other
operations with the object.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||