com.rsa.jsafe.JSAFE_Object
com.rsa.jsafe.JSAFE_Signature
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
The JSAFE_Signature class defines the factory method
and API for all signature algorithm objects. This is the actual
signing and verifying object; it does not perform key management or
creation. This class can instantiate the classes that create and verify
signatures and defines the functionality.
See Overview of Crypto-J for background and reference material on using and understanding Crypto-J.
Note: Not all Crypto-J transformations have OIDs assigned to them. See Crypto-J Transformations and Their Associated Classes for a list of transformations that have assigned OIDs.
Copyright © RSA Security Inc., 1997-2005. All rights reserved.
| Field Summary | |
static int |
BLINDING
BLINDING is the flag to use when calling |
static int |
NO_BLINDING
NO_BLINDING is the flag to use when calling |
static int |
PERSISTENT_BLINDING
PERSITENT_BLINDING is the flag to use when calling
|
| Constructor Summary | |
JSAFE_Signature()
|
|
| Method Summary | |
void |
clearSensitiveData()
Clears sensitive data from an object. |
abstract int |
getBlinding()
Returns the level of blinding this object will use. |
byte[] |
getDERAlgorithmID()
Returns a new |
byte[] |
getDERAlgorithmID(String format,
boolean includeParams)
Returns the DER encoding of the algorithm ID of this object. |
getDevice()
Returns the name of the device of record. |
|
String[] |
getDeviceList()
Returns a |
abstract String |
getDigestAlgorithm()
Returns the standard digest algorithm name. |
static JSAFE_Signature |
getInstance(byte[] berAlgID,
int offset,
String device)
Builds an object based on the algorithm ID. |
static JSAFE_Signature |
getInstance(String transformation,
String device)
Builds an object that performs an algorithm defined by
|
int |
getMaxInputLen()
Returns the maximum allowed input length. |
static int |
getNextBEROffset(byte[] berAlgID,
int offset)
Gets the next offset after the algorithm ID. |
abstract String |
getPaddingScheme()
Returns the standard padding scheme name. |
abstract String |
getSignatureAlgorithm()
Returns the standard signature algorithm name. |
int |
getSignatureSize()
Returns the length of a resulting signature. |
abstract void |
setBlinding(int blindingLevel)
Set the desired level of blinding. |
byte[] |
signFinal()
Finalizes the signature process, appending the padding and creating the signature. |
int |
signFinal(byte[] signature,
int offset)
Finalizes the signature process, appending the padding and creating the signature. |
void |
signInit(JSAFE_PrivateKey key,
JSAFE_Parameters systemParameters,
SecureRandom random)
Initializes this object to sign using the specified private
|
void |
signInit(JSAFE_PrivateKey key,
JSAFE_Parameters systemParameters,
SecureRandom random,
JSAFE_Session[] sessions)
Initializes this object to sign using the specified private
|
void |
signInit(JSAFE_PrivateKey key,
SecureRandom random)
Initializes this object to sign using the specified private
|
void |
signReInit()
Re-initializes this object to sign using the private key passed in during
an earlier call to |
void |
signUpdate(byte[] partIn,
int offset,
int partInLen)
Adds more data to sign. |
boolean |
verifyFinal(byte[] signature,
int offset,
int signatureLen)
Finalizes the verification process, comparing the |
void |
verifyInit(JSAFE_PublicKey key,
JSAFE_Parameters systemParameters,
SecureRandom random)
Initializes this object to verify using |
void |
verifyInit(JSAFE_PublicKey key,
JSAFE_Parameters systemParameters,
SecureRandom random,
JSAFE_Session[] sessions)
Initializes this object to verify using the specified public
|
void |
verifyInit(JSAFE_PublicKey key,
SecureRandom random)
Initializes this object to verify using the specified public
|
void |
verifyReInit()
Re-initializes this object to verify signatures using the public key passed
in during a previous call to |
void |
verifyUpdate(byte[] partIn,
int offset,
int partInLen)
Digests the first |
| Methods inherited from class com.rsa.jsafe.JSAFE_Object |
clone, overwrite, overwrite |
| Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
public static final int NO_BLINDING
setBlinding()
and you wish to set the object to perform its operations without blinding.
This is also the return value of getBlinding() if the object
will perform its operations without blinding.
public static final int BLINDING
setBlinding()
and you wish to set the object to perform its operations with blinding.
This is also the return value of getBlinding() if the object
will perform its operations with blinding.
public static final int PERSISTENT_BLINDING
setBlinding() and you wish to set the object to perform its
operations with blinding using persistent blinding values. These values are
associated with a key, will be generated once and used each time the key is
used. This is in contrast to the normal blinding which generates different
blinding values each time the key is used.
This is also the return value of getBlinding() if the object
will perform its operations with persistent blinding.
| Constructor Detail |
public JSAFE_Signature()
| Method Detail |
public static JSAFE_Signature getInstance(byte[] berAlgID, int offset, String device) throws JSAFE_UnimplementedException, JSAFE_InvalidParameterException
berAlgID, beginning at
offset, using the specified device.
The value encoded in berAlgID must follow the definition below:
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
berAlgID - A byte array containing the BER of an algorithm ID.offset - The offset into berAlgID where the encoding
actually begins.device - A list of devices to use for building the object.
JSAFE_Signature object that performs the
transformation as described by the algorithm ID.
JSAFE_UnimplementedException - If the device or devices cannot
perform the designated algorithm, or the toolkit cannot decode the BER.
JSAFE_InvalidParameterException - If the BER contains parameters
that do not work.
public static int getNextBEROffset(byte[] berAlgID,
int offset)
throws JSAFE_UnimplementedException
berAlgID, the BER encoding of the algorithm ID,
beginning at offset, returns the index to the next
byte in the array.
berAlgID - A byte array containing the BER encoding
of an algorithm ID.offset - The offset into berAlgID where the encoding
begins.
berAlgID of the byte following the
algorithm ID.
JSAFE_UnimplementedException - If the toolkit cannot decode the
BER encoding.public static JSAFE_Signature getInstance(String transformation, String device) throws JSAFE_UnimplementedException, JSAFE_InvalidParameterException
transformation on the specified device.
The value of the algorithm must be one of the following:
algorithm Values
digest/RSA/padding
SHA1/X931RSA/X931Pad
digest/DSA
digest/RSA/PKCS1V2PSS-tfOption/mgf/mgfAlg
The value of digest when used with RSA must be one of the following:
RSA digest Values
Note: Cryptanalytic work has discovered a collision in MD2's internal compression
function, and there is a chance that the attack on MD2 may be extended to the full hash
function. RSA Security recommends not using MD2 except for backward compatibility.
Another attack has been applied to the compression function on MD5, though this has yet
to be extended to the full MD5. RSA Security recommends that before you use MD2 or MD5,
you should consult the RSA Laboratories Web site at http://www.rsasecurity.com/rsalabs/
to be sure your use is consistent with the latest information. Refer to the bulletin
Recent Results for MD2, MD4, and MD5 available at
http://www.rsasecurity.com/rsalabs/bulletins/.
The value of digest must be one of the following:
DSA digest values
The value of padding must be one of the following:
padding Values
Note: The X9.31 RSA algorithm works only with the SHA1 digest and X931Pad padding.
Currently, Crypto-J supports the following PSS supporting algorithms:
The tfOption is an integer that specifies whether to include the
hash function identifier in the signature: 1 indicates don't
include and 2 indicates include.
The mgf is the mask generating function.
The mgfAlg is the mask generating function's underlying algorithm.
transformation - The representation of the desired operation.device - A list of devices used to build the object.
JSAFE_Signature object that performs the
transformation as described by the algorithm ID.
JSAFE_UnimplementedException - If the device or devices cannot
perform the designated algorithm, or the toolkit cannot decode the BER
encoding.
JSAFE_InvalidParameterException - If the BER encoding contains
parameters that do not work.
public byte[] getDERAlgorithmID()
throws JSAFE_UnimplementedException
byte array containing the DER encoding of the
algorithm ID of the algorithm in this object.
byte array that contains the algorithm ID.
JSAFE_UnimplementedException - If the algorithm has no OID,
or there is not enough information to build the algorithm ID.public byte[] getDERAlgorithmID(String format, boolean includeParams) throws JSAFE_UnimplementedException
format parameter, and
includes the system parameters (if there are any) based on
the boolean includeParams argument.
The possible values for format are:
RSAwithSHA1PKCS
RSAwithSHA1ISO_OIW
RSAwithSHA1X937
DSAwithSHA1X930
DSAwithSHA1X957
getDERAlgorithmID() method that does not
take arguments.
Takes in arguments to further define the algorithm ID. The
first, format, indicates which standard to follow. The second,
includeParams, tells whether the system parameters (if there
are any) should be part of the encoding.
format - The standard to follow
(for example, "DSAWithSHA1X957" or "RSAWithSHA1ISO_OIW").includeParams - If true, the system parameters are part
of the algorithm ID; if false, they are not.
byte array that contains the algorithm ID.
JSAFE_UnimplementedException - If the algorithm has no OID,
or there is not enough information to build the algorithm ID.public String getDevice()
public String[] getDeviceList()
String array that describes all the
devices used to execute the transformation. Because
a transformation often consists of component
algorithms, the implementation can consist of several component
objects. A device can perform one or more of the algorithms,
but it may let Java or another device perform one or more. For
example, because padding is not time-consuming, a device might
let the Crypto-J implementation perform padding.
Returns the names of the devices used by each component.
String array, that describes the device used for a
specific component.public abstract String getSignatureAlgorithm()
String that describes the signature algorithm.public abstract String getDigestAlgorithm()
String that describes the digest algorithm.public abstract String getPaddingScheme()
String that describes the padding algorithm.public int getMaxInputLen()
-1. It is generally unnecessary
to call this method unless performing NoDigest signatures.
int that is the maximum allowed input length.
If -1, there is no logical limit.public int getSignatureSize()
signInit(); otherwise, the return value
can be 0.
Returns the size of the signature output.
int that is the output signature size.public abstract void setBlinding(int blindingLevel)
JSAFE_Signature.NO_BLINDING
JSAFE_Signature.BLINDING
JSAFE_Signature.PERSISTENT_BLINDING
The default is persistent blinding. That is, if you do not call this method,
the object will perform blinding using persistent blinding values.
The current BLINDING algorithm will do the following.
m = message -- the block to sign r = random value -- from a seed of block to sign and private key rInv = (r ^ -1) mod modulus b = (r ^ pubExpo) mod modulus mPrime = (b * m) mod modulus sPrime = RSA(mPrime) signature = (rInv * sPrime) mod modulus
This method should be used before an Init call.
Use the method getBlinding() to see what level of blinding is
being employed.
Not all algorithms or situations will have blinding available. For example, there is no blinding for DSA or verification of any algorithm. It will not be possible to blind if creating an RSA signature using only the private exponent and modulus (instead of the CRT info).
blindingLevel - The desired level of blinding.public abstract int getBlinding()
JSAFE_Signature.NO_BLINDING
JSAFE_Signature.BLINDING
JSAFE_Signature.PERSISTENT_BLINDING
Call this routine only after a call to an Init method.
That is, if you call this method before an Init call,
it will return an answer, but it may not be the correct answer.
int, the level of blinding.public void signInit(JSAFE_PrivateKey key, SecureRandom random) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException
key. If the signature algorithm or padding scheme needs
random bytes, the object gets them from random.
If the algorithm does not need random bytes, pass in a null.
The JSAFE_SecureRandom object is a subclass of
java.security.SecureRandom, so an object of that class is
valid input for random.
An object that is initialized for signing is not able to verify.
key - A JSAFE_PrivateKey that is used to sign.random - A SecureRandom object random bytes are drawn
from, if necessary.
JSAFE_InvalidUseException - If the object cannot be initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it is a different algorithm or different
device).public void signInit(JSAFE_PrivateKey key, JSAFE_Parameters systemParameters, SecureRandom random) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException, JSAFE_InvalidParameterException
key and the systemParameters
(if the system parameters are not part of the key).
If the signature algorithm or padding scheme needs random bytes, the
object gets them from random. If the algorithm does not need
random bytes, pass in a null.
JSAFE_SecureRandom is a subclass of
java.security.SecureRandom, so an object of that class is
valid input for random.
An object that is initialized for signing is not able to verify.
key - A JSAFE_PrivateKey object that is used to sign.systemParameters - A JSAFE_Parameters object that
contains the system parameters that are used to sign.random - A SecureRandom object random bytes are drawn
from, if necessary.
JSAFE_InvalidUseException - If the object cannot be initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it is a different algorithm or different
device).
JSAFE_InvalidParameterException - If the system parameters
do not match the key.public void signInit(JSAFE_PrivateKey key, JSAFE_Parameters systemParameters, SecureRandom random, JSAFE_Session[] sessions) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException, JSAFE_InvalidParameterException
key, systemParameters
(if the system parameters are not part of the key) and
sessions.
If this object ever needs random bytes, use random.
The sessions argument is an array of hardware sessions.
key - A JSAFE_PrivateKey object that is used to sign.systemParameters - A JSAFE_Parameters object that
contains the system parameters that are used to sign.random - A SecureRandom object random bytes are drawn
from, if necessary.sessions - An array of JSAFE_Session objects from which a
device is sought that performs the operation.
JSAFE_InvalidUseException - If the object cannot
be initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, a different algorithm or different device).
JSAFE_InvalidParameterException - If the system parameters
do not match the key.
public void signReInit()
throws JSAFE_InvalidUseException
signInit(). An object that is initialized
for signing is not able to verify. This method re-initializes an object
to perform signatures.
JSAFE_InvalidUseException - If the object is not initialized
for signing.
public void signUpdate(byte[] partIn,
int offset,
int partInLen)
throws JSAFE_InvalidUseException,
JSAFE_InputException
NoDigest is specified,
it will save the input data in an internal buffer.
This method digests the first partInLen bytes fo the array
partIn, beginning at offset.
partIn - The data to sign.offset - The offset into partIn where the data begins.partInLen - The length of the data to sign.
JSAFE_InvalidUseException - If the object is not
initialized to sign.
JSAFE_InputException - If the input exceeds the maximum length.
public byte[] signFinal()
throws JSAFE_InvalidUseException,
JSAFE_InputException,
JSAFE_PaddingException
byte array.
The format of the signature depends on the underlying signature scheme.
Call a Final method before using an object to sign or verify
with a new key.
byte array containing the signature.
JSAFE_InvalidUseException - If the object is not
initialized to sign.
JSAFE_InputException - If the input exceeds the maximum length.
JSAFE_PaddingException - If the padding algorithm cannot be
executed.
public int signFinal(byte[] signature,
int offset)
throws JSAFE_InvalidUseException,
JSAFE_InputException,
JSAFE_PaddingException
byte array
signature, beginning at offset.
This method returns the resulting length of the signature,
which is the number of bytes placed in the output buffer.
Call a Final method before using an object to sign or verify
with a new key.
signature - The buffer where the output is placed.offset - The offset into signature where the writing
begins.
JSAFE_InvalidUseException - If the object is not
initialized to sign.
JSAFE_InputException - If the input exceeds the maximum length.
JSAFE_PaddingException - If the padding algorithm cannot
be executed.public void verifyInit(JSAFE_PublicKey key, SecureRandom random) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException
key.
If this object ever needs random bytes, use random. If an
algorithm does not need random bytes, pass in null.
The JSAFE_SecureRandom object is a subclass of
java.security.SecureRandom, so an object of that class is
valid input for random.
An object that is initialized for verifying is not able to sign.
key - A JSAFE_PublicKey object that is used to verify.random - A SecureRandom object random bytes are drawn
from, if necessary.
JSAFE_InvalidUseException - If the object cannot be initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it is a different algorithm or different device).public void verifyInit(JSAFE_PublicKey key, JSAFE_Parameters systemParameters, SecureRandom random) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException, JSAFE_InvalidParameterException
key and the
systemParameters (if the system parameters are not part of the
key). If this object ever needs random bytes, use
random.
If an algorithm does not need system parameters, or
if they are contained within the key, pass in a
null for systemParameters or use the previous
verifyInit() method.
key - A JSAFE_PublicKey object that is used to verify.systemParameters - A JSAFE_Parameters object that
contains the system parameters used to verify.random - A SecureRandom object this object draws random
bytes from, if necessary.
JSAFE_InvalidUseException - If the object cannot be initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for instance, if it is a different algorithm or
different device).
JSAFE_InvalidParameterException - If the system parameters
do not match the key.public void verifyInit(JSAFE_PublicKey key, JSAFE_Parameters systemParameters, SecureRandom random, JSAFE_Session[] sessions) throws JSAFE_InvalidUseException, JSAFE_InvalidKeyException, JSAFE_InvalidParameterException
key and the systemParameters (if the system
parameters are not part of the key).
If this object ever needs random bytes, use random.
If an algorithm does not need system parameters, or if they are contained
within the key, pass in a null for
systemParameters or use the previous verifyInit()
method.
JSAFE_SecureRandom is a subclass of
java.security.SecureRandom, so an object of that class is
valid input for random.
An object that is initialized for verifying is not able to sign.
The sessions argument is an array of hardware sessions.
key - A JSAFE_PublicKey object that is used to verify.systemParameters - A JSAFE_Parameters object that
contains the system parameters that is used to verify.random - A SecureRandom object random bytes are drawn
from, if necessary.sessions - An array of JSAFE_Session objects that search
for one device that will perform the operation.
JSAFE_InvalidUseException - If the object cannot be initialized.
JSAFE_InvalidKeyException - If the key object does not match
this object (for example, if it is a different algorithm or
different device).
JSAFE_InvalidParameterException - If the system parameters
do not match the key.
public void verifyReInit()
throws JSAFE_InvalidUseException
verifyInit().
An object that is initialized for verifying is not able to sign.
JSAFE_InvalidUseException - If the object is not initialized
to verify.
public void verifyUpdate(byte[] partIn,
int offset,
int partInLen)
throws JSAFE_InvalidUseException,
JSAFE_InputException
partInLen bytes of the array
partIn, beginning at offset. If the object
is performing NoDigest signatures, the input data is stored in an
internal buffer.
partIn - The data to be verified.offset - The offset into partIn where the data begins.partInLen - The length of the data to be verified.
JSAFE_InvalidUseException - If the object is not
initialized to verify.
JSAFE_InputException - If the input exceeds the maximum length.
public boolean verifyFinal(byte[] signature,
int offset,
int signatureLen)
throws JSAFE_InvalidUseException,
JSAFE_InputException,
JSAFE_PaddingException
signature
to the value determined in the verification process. The
return value is true if the signature verifies, and
false if it does not.
Call a Final method before using an object to
verify with a new key.
signature - The signature to compare to the previously determined
value.offset - The offset into signature where the data
to verify begins.signatureLen - The length, in bytes, of the signature to verify.
boolean. Returns true if the signature
verifies, false if not.
JSAFE_InvalidUseException - If the object is not
initialized to verify.
JSAFE_InputException - If the input exceeds the maximum length.
JSAFE_PaddingException - If the padding algorithm cannot execute.public void clearSensitiveData()
clearSensitiveData(),
an Init (not a ReInit) method is
called to perform other operations with the object.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||