AuthenticatedDataDemo (6.1 Demo API Documentation)

Overview

Package

Class

Tree

Deprecated

Index

Help

IAIK CMS/SMIME Toolkit Demo API Documentation
Version 6.1

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

demo.cms.authenticatedData
Class AuthenticatedDataDemo

java.lang.Object
  demo.cms.authenticatedData.AuthenticatedDataDemo

Direct Known Subclasses:: HMACwith3DESAuthenticatedDataDemo, HMACwithAESAuthenticatedDataDemo

public class AuthenticatedDataDemo
extends java.lang.Object
extends java.lang.Object

Demonstrates the usage of class AuthenticatedDataStream and AuthenticatedData for recipient-specific protecting the integrity of a message using the CMS type AuthenticatedData.

This demo requires that you have iaik_esdh.jar (or iaik_jce_full.jar) in your classpath. You can download it from https://sic.tech/products/core-crypto-toolkits/jca-jce/.

See Also:: AuthenticatedDataStream, AuthenticatedData

Constructor Summary
`AuthenticatedDataDemo()` Creates and AuthenticatedDataDemo object and setups the demo certificates.
`AuthenticatedDataDemo(iaik.asn1.structures.AlgorithmID keyWrapAlg, int kekLength)` Creates and AuthenticatedDataDemo object and setups the demo certificates.

Method Summary
`byte[]`	`createAuthenticatedData(byte[] message, iaik.asn1.structures.AlgorithmID macAlgorithm, int macKeyLength, iaik.asn1.structures.AlgorithmID digestAlgorithm, int mode)` Creates a CMS `AuthenticatedData` for the given message message.
`byte[]`	`createAuthenticatedDataStream(byte[] message, iaik.asn1.structures.AlgorithmID macAlgorithm, int macKeyLength, iaik.asn1.structures.AlgorithmID digestAlgorithm, int mode)` Creates a CMS `AuthenticatedDataStream` for the given message message.
`iaik.cms.RecipientInfo[]`	`createRecipients()` Creates the RecipientInfos.
`byte[]`	`getAuthenticatedData(byte[] encoding, byte[] message, java.security.Key key, int recipientInfoIndex)` Gets the content of the given `AuthenticatedData` object and verifies the mac for the recipient identified by its index into the recipientInfos field and uses the MAC key to verify the authenticated data.
`byte[]`	`getAuthenticatedData(byte[] encoding, byte[] message, java.security.Key key, iaik.cms.KeyIdentifier recipientID)` Gets the content of the given `AuthenticatedData` object and verifies the mac for the recipient identified by recipient identifier.
`byte[]`	`getAuthenticatedData(byte[] encoding, byte[] message, java.security.Key key, iaik.x509.X509Certificate recipientCert, byte[] kekID)` Gets the content of the given `AuthenticatedData` object and verifies the mac for the recipient identified by its recipient certificate or kekID.
`byte[]`	`getAuthenticatedDataStream(byte[] encoding, byte[] message, java.security.Key key, int recipientInfoIndex)` Decrypts the encrypted MAC key for the recipient identified by its index into the recipientInfos field and uses the MAC key to verify the authenticated data.
`byte[]`	`getAuthenticatedDataStream(byte[] encoding, byte[] message, java.security.Key key, iaik.cms.KeyIdentifier recipientID)` Decrypts the encrypted MAC key for the recipient identified by recipient identifier and uses the MAC key to verify the authenticated data.
`byte[]`	`getAuthenticatedDataStream(byte[] encoding, byte[] message, java.security.Key key, iaik.x509.X509Certificate recipientCert, byte[] kekID)` Decrypts the encrypted content of the given `AuthenticatedData` object for the recipient identified by its recipient certificate or kekID.
`static void`	`main(java.lang.String[] argv)` Main method.
`void`	`parseAuthenticatedDataWithRecipientCertOrKEKId(boolean stream, byte[] encodedAuthenticatedData, byte[] message)` Parses an AuthenticatedData and verifies the mac for all recipients identified by their recipient certificate (or kek).
`void`	`parseAuthenticatedDataWithRecipientIdentifier(boolean stream, byte[] encodedAuthenticatedData, byte[] message)` Parses an AuthenticatedData and verifies the mac for all recipients identified by their recipient identifiers.
`void`	`parseAuthenticatedDataWithRecipientInfoIndex(boolean stream, byte[] encodedAuthenticatedData, byte[] message)` Parses an AuthenticatedData and verifies the mac for all test recipients using the index into the recipientInfos field for identifying the recipient.
`void`	`start()` Starts the test.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

AuthenticatedDataDemo

public AuthenticatedDataDemo()
                      throws java.io.IOException,
                             java.security.NoSuchAlgorithmException

Creates and AuthenticatedDataDemo object and setups the demo certificates. Keys and certificate are retrieved from the demo KeyStore which has to be located in your current working directory and may be created by running SetupCMSKeyStore.

CMS-AES256-Wrap is used as key wrap algorithm.

Throws:: java.io.IOException - if an file read error occurs; java.security.NoSuchAlgorithmException - if no implementation for the requested key wrap algorithm is available

AuthenticatedDataDemo

public AuthenticatedDataDemo(iaik.asn1.structures.AlgorithmID keyWrapAlg,
                             int kekLength)
                      throws java.io.IOException,
                             java.security.NoSuchAlgorithmException

Parameters:: keyWrapAlg - the key wrap algorithm to be used; kekLength - the length of the key encryption key
Throws:: java.io.IOException - if an file read error occurs; java.security.NoSuchAlgorithmException - if no implementation for the requested key wrap algorithm is available

Method Detail

createAuthenticatedDataStream

public byte[] createAuthenticatedDataStream(byte[] message,
                                            iaik.asn1.structures.AlgorithmID macAlgorithm,
                                            int macKeyLength,
                                            iaik.asn1.structures.AlgorithmID digestAlgorithm,
                                            int mode)
                                     throws iaik.cms.CMSException,
                                            java.io.IOException

Creates a CMS AuthenticatedDataStream for the given message message.

Parameters:: message - the message to be authenticated, as byte representation; macAlgorithm - the mac algorithm to be used; macKeyLength - the length of the temporary MAC key to be generated; digestAlgorithm - the digest algorithm to be used to calculate a digest from the content if authenticated attributes should be included; mode - whether to include the content into the AuthenticatedData (implicit) or to not include it (explicit)
Returns:: the BER encoding of the AuthenticatedData object just created
Throws:: iaik.cms.CMSException - if the AuthenticatedData object cannot be created; java.io.IOException - if an I/O error occurs

getAuthenticatedDataStream

public byte[] getAuthenticatedDataStream(byte[] encoding,
                                         byte[] message,
                                         java.security.Key key,
                                         int recipientInfoIndex)
                                  throws iaik.cms.CMSException,
                                         java.io.IOException

Decrypts the encrypted MAC key for the recipient identified by its index into the recipientInfos field and uses the MAC key to verify the authenticated data.

This way of decrypting the MAC key and verifying the content may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo, PasswordRecipeintInfo, OtherRecipientInfo), but requires to know at what index of the recipientInfos field the RecipientInfo for the particular recipient in mind can be found. If the recipient in mind uses a RecipientInfo of type KeyAgreeRecipientInfo some processing overhead may take place because a KeyAgreeRecipientInfo may contain encrypted mac keys for more than only one recipient; since the recipientInfoIndex only specifies the RecipientInfo but not the encrypted mac key -- if there are more than only one -- repeated decryption runs may be required as long as the decryption process completes successfully.

Parameters:: encoding - the AuthenticatedData object as BER encoded byte array; message - the content message, if transmitted by other means (explicit mode); key - the key to decrypt the mac key; recipientInfoIndex - the index of the right RecipientInfo to which the given key belongs
Returns:: the verified message, as byte array
Throws:: iaik.cms.CMSException - if the authenticated data cannot be verified; java.io.IOException - if a stream read/write error occurs

getAuthenticatedDataStream

public byte[] getAuthenticatedDataStream(byte[] encoding,
                                         byte[] message,
                                         java.security.Key key,
                                         iaik.cms.KeyIdentifier recipientID)
                                  throws iaik.cms.CMSException,
                                         java.io.IOException

Decrypts the encrypted MAC key for the recipient identified by recipient identifier and uses the MAC key to verify the authenticated data.

This way of decrypting the mac key may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo). The recipient in mind is identified by its recipient identifier.

Parameters:: encoding - the AuthenticatedData object as BER encoded byte array; message - the content message, if transmitted by other means (explicit mode); key - the key to decrypt the encrypted mac key; recipientID - the recipient identifier uniquely identifying the key of the recipient
Returns:: the verified message, as byte array
Throws:: iaik.cms.CMSException - if the authenticated data cannot be verified; java.io.IOException - if a stream read/write error occurs

getAuthenticatedDataStream

public byte[] getAuthenticatedDataStream(byte[] encoding,
                                         byte[] message,
                                         java.security.Key key,
                                         iaik.x509.X509Certificate recipientCert,
                                         byte[] kekID)
                                  throws iaik.cms.CMSException,
                                         java.io.IOException

Decrypts the encrypted content of the given AuthenticatedData object for the recipient identified by its recipient certificate or kekID.

Parameters:: encoding - the AuthenticatedData object as DER encoded byte array; message - the content message, if transmitted by other means (explicit mode); key - the key to decrypt the message; recipientCert - the certificate of the recipient having a RecipientInfo of type KeyTransRecipientInfo or KeyAgreeRecipientInfo; kekID - the kekID identifying the recipient key when using a RecipientInfo of type KEKRecipientInfo
Returns:: the recovered message, as byte array
Throws:: iaik.cms.CMSException - if the message cannot be recovered; java.io.IOException - if a stream read/write error occurs

createAuthenticatedData

public byte[] createAuthenticatedData(byte[] message,
                                      iaik.asn1.structures.AlgorithmID macAlgorithm,
                                      int macKeyLength,
                                      iaik.asn1.structures.AlgorithmID digestAlgorithm,
                                      int mode)
                               throws iaik.cms.CMSException

Creates a CMS AuthenticatedData for the given message message.

Parameters:: message - the message to be authenticated, as byte representation; macAlgorithm - the mac algorithm to be used; macKeyLength - the length of the temporary MAC key to be generated; digestAlgorithm - the digest algorithm to be used to calculate a digest from the content if authenticated attributes should be included; mode - whether to include the content into the AuthenticatedData (implicit) or to not include it (explicit)
Returns:: the BER encoding of the AuthenticatedData object just created
Throws:: iaik.cms.CMSException - if the AuthenticatedData object cannot be created

getAuthenticatedData

public byte[] getAuthenticatedData(byte[] encoding,
                                   byte[] message,
                                   java.security.Key key,
                                   int recipientInfoIndex)
                            throws iaik.cms.CMSException,
                                   java.io.IOException

Gets the content of the given AuthenticatedData object and verifies the mac for the recipient identified by its index into the recipientInfos field and uses the MAC key to verify the authenticated data.

This way of decrypting the MAC key and verifying the content may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo), but requires to know at what index of the recipientInfos field the RecipientInfo for the particular recipient in mind can be found. If the recipient in mind uses a RecipientInfo of type KeyAgreeRecipientInfo some processing overhead may take place because a KeyAgreeRecipientInfo may contain encrypted mac keys for more than only one recipient; since the recipientInfoIndex only specifies the RecipientInfo but not the encrypted mac key -- if there are more than only one -- repeated decryption runs may be required as long as the decryption process completes successfully.

Parameters:: encoding - the AuthenticatedData object as BER encoded byte array; message - the content message, if transmitted by other means (explicit mode); key - the key to decrypt the mac key; recipientInfoIndex - the index of the right RecipientInfo to which the given key belongs
Returns:: the verified message, as byte array
Throws:: iaik.cms.CMSException - if the authenticated data cannot be verified; java.io.IOException - if a IO read/write error occurs

getAuthenticatedData

public byte[] getAuthenticatedData(byte[] encoding,
                                   byte[] message,
                                   java.security.Key key,
                                   iaik.cms.KeyIdentifier recipientID)
                            throws iaik.cms.CMSException,
                                   java.io.IOException

Gets the content of the given AuthenticatedData object and verifies the mac for the recipient identified by recipient identifier.

This way of decrypting the content may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo). The recipient in mind is identified by its recipient identifier.

Parameters:: encoding - the DER encoeded AuthenticatedData object#; message - the content message, if transmitted by other means (explicit mode); key - the key to decrypt the message; recipientID - the recipient identifier uniquely identifying the key of the recipient
Returns:: the recovered message, as byte array
Throws:: iaik.cms.CMSException - if the message cannot be recovered; java.io.IOException - if an I/O error occurs

getAuthenticatedData

public byte[] getAuthenticatedData(byte[] encoding,
                                   byte[] message,
                                   java.security.Key key,
                                   iaik.x509.X509Certificate recipientCert,
                                   byte[] kekID)
                            throws iaik.cms.CMSException,
                                   java.io.IOException

Gets the content of the given AuthenticatedData object and verifies the mac for the recipient identified by its recipient certificate or kekID.

Parameters:: encoding - the DER encoded AuthenticatedData ASN.1 object; message - the content message, if transmitted by other means (explicit mode); key - the key to decrypt the message; recipientCert - the certificate of the recipient having a RecipientInfo of type KeyTransRecipientInfo or KeyAgreeRecipientInfo; kekID - the kekID identifying the recipient key when using a RecipientInfo of type KEKRecipientInfo
Returns:: the recovered message, as byte array
Throws:: iaik.cms.CMSException - if the message cannot be recovered; java.io.IOException

createRecipients

public iaik.cms.RecipientInfo[] createRecipients()
                                          throws iaik.cms.CMSException

Creates the RecipientInfos.

Returns:: the RecipientInfos created
Throws:: iaik.cms.CMSException - if an error occurs when creating the recipient infos

parseAuthenticatedDataWithRecipientInfoIndex

public void parseAuthenticatedDataWithRecipientInfoIndex(boolean stream,
                                                         byte[] encodedAuthenticatedData,
                                                         byte[] message)
                                                  throws java.lang.Exception

Parses an AuthenticatedData and verifies the mac for all test recipients using the index into the recipientInfos field for identifying the recipient.

Parameters:: stream - whether to use AuthenticatedDataStream or AuthenticatedData; encodedAuthenticatedData - the encoded AuthenticatedData object; message - the content message, if transmitted by other means (explicit mode)
Throws:: java.lang.Exception - if some error occurs during mac key decryption / mac verification

parseAuthenticatedDataWithRecipientIdentifier

public void parseAuthenticatedDataWithRecipientIdentifier(boolean stream,
                                                          byte[] encodedAuthenticatedData,
                                                          byte[] message)
                                                   throws java.lang.Exception

Parses an AuthenticatedData and verifies the mac for all recipients identified by their recipient identifiers.

Parameters:: stream - whether to use AuthenticatedDataStream or AuthenticatedData; encodedAuthenticatedData - the encoded AuthenticatedData object; message - the content message, if transmitted by other means (explicit mode)
Throws:: java.lang.Exception - if some error occurs during mac key decryption / mac verification

parseAuthenticatedDataWithRecipientCertOrKEKId

public void parseAuthenticatedDataWithRecipientCertOrKEKId(boolean stream,
                                                           byte[] encodedAuthenticatedData,
                                                           byte[] message)
                                                    throws java.lang.Exception

Parses an AuthenticatedData and verifies the mac for all recipients identified by their recipient certificate (or kek).

Parameters:: stream - whether to use AuthenticatedDataStream or AuthenticatedData; encodedAuthenticatedData - the encoded AuthenticatedData object; message - the content message, if transmitted by other means (explicit mode)
Throws:: java.lang.Exception - if some error occurs during mac key decryption / mac verification

start

public void start()

Starts the test.

main

public static void main(java.lang.String[] argv)
                 throws java.lang.Exception

Main method.

Throws:: java.io.IOException - if an I/O error occurs when reading required keys and certificates from files; java.lang.Exception

Overview

Package

Class

Tree

Deprecated

Index

Help

IAIK CMS/SMIME Toolkit Demo API Documentation
Version 6.1

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

v6.1
(c) 2002 IAIK, (c) 2003 - 2025 SIC

demo.cms.authenticatedData Class AuthenticatedDataDemo

AuthenticatedDataDemo

AuthenticatedDataDemo

createAuthenticatedDataStream

getAuthenticatedDataStream

getAuthenticatedDataStream

getAuthenticatedDataStream

createAuthenticatedData

getAuthenticatedData

getAuthenticatedData

getAuthenticatedData

createRecipients

parseAuthenticatedDataWithRecipientInfoIndex

parseAuthenticatedDataWithRecipientIdentifier

parseAuthenticatedDataWithRecipientCertOrKEKId

start

main

demo.cms.authenticatedData
Class AuthenticatedDataDemo