Overview  Package   Class  Tree  Deprecated  Index  Help 
IAIK CMS/SMIME Toolkit Demo API Documentation
Version 6.1
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

demo.cms.authenticatedData
Class AuthenticatedDataOutputStreamDemo

java.lang.Object
  extended by demo.cms.authenticatedData.AuthenticatedDataOutputStreamDemo

public class AuthenticatedDataOutputStreamDemo
extends java.lang.Object

Demonstrates the usage of class AuthenticatedDataOutputStream and AuthenticatedDataOutputStream for recipient-specific protecting the integrity of message using the CMS type AuthenticatedData.

Attention: This demo uses Static-Static Diffie-Hellman as key management technique for providing origin authentication.

This demo requires that you have iaik_esdh.jar (or iaik_jce_full.jar) in your classpath. You can download it from https://sic.tech/products/core-crypto-toolkits/jca-jce/.

See Also:
AuthenticatedDataStream, AuthenticatedDataOutputStream

Constructor Summary
AuthenticatedDataOutputStreamDemo()
          Setup the demo certificate chains.
 
Method Summary
 byte[] createAuthenticatedDataStream(byte[] message, iaik.asn1.structures.AlgorithmID macAlgorithm, int macKeyLength, iaik.asn1.structures.AlgorithmID digestAlgorithm, int mode)
          Creates a CMS AuthenticatedDataOutputStream for the given message message.
 iaik.cms.RecipientInfo[] createRecipients()
          Creates the RecipientInfos.
 byte[] getAuthenticatedDataStream(byte[] encoding, byte[] message, java.security.Key key, int recipientInfoIndex)
          Decrypts the encrypted MAC key for the recipient identified by its index into the recipientInfos field and uses the MAC key to verify the authenticated data.
 byte[] getAuthenticatedDataStream(byte[] encoding, byte[] message, java.security.Key key, iaik.cms.KeyIdentifier recipientID)
          Decrypts the encrypted MAC key for the recipient identified by recipient identifier and uses the MAC key to verify the authenticated data.
 byte[] getAuthenticatedDataStream(byte[] encoding, byte[] message, java.security.Key key, iaik.x509.X509Certificate recipientCert, byte[] kekID)
          Decrypts the encrypted content of the given AuthenticatedData object for the recipient identified by its recipient certificate or kekID.
static void main(java.lang.String[] argv)
          Main method.
 void parseAuthenticatedDataWithRecipientCertOrKEKId(byte[] encodedAuthenticatedData, byte[] message)
          Parses an AuthenticatedData, decrypts the encrypted mac keys for all test recipients using their recipient certificate (or KEK id) for identifying the recipient and verifies the content mac.
 void parseAuthenticatedDataWithRecipientIdentifier(byte[] encodedAuthenticatedData, byte[] message)
          Parses an AuthenticatedData, decrypts the mac keys for all test recipients using their recipient identifiers for identifying the recipient and verifies the content mac.
 void parseAuthenticatedDataWithRecipientInfoIndex(byte[] encodedAuthenticatedData, byte[] message)
          Parses an AuthenticatedData, decrypts the mac keys for all test recipients using the index into the recipientInfos field for identifying the recipient and verifies the content mac.
 void start()
          Starts the test.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AuthenticatedDataOutputStreamDemo

public AuthenticatedDataOutputStreamDemo()
                                  throws java.io.IOException
Setup the demo certificate chains. Keys and certificate are retrieved from the demo KeyStore which has to be located in your current working directory and may be created by running SetupCMSKeyStore.

Throws:
java.io.IOException - if an file read error occurs
Method Detail

createAuthenticatedDataStream

public byte[] createAuthenticatedDataStream(byte[] message,
                                            iaik.asn1.structures.AlgorithmID macAlgorithm,
                                            int macKeyLength,
                                            iaik.asn1.structures.AlgorithmID digestAlgorithm,
                                            int mode)
                                     throws iaik.cms.CMSException,
                                            java.io.IOException
Creates a CMS AuthenticatedDataOutputStream for the given message message.

Parameters:
message - the message to be authenticated, as byte representation
macAlgorithm - the mac algorithm to be used
macKeyLength - the length of the temporary MAC key to be generated
digestAlgorithm - the digest algorithm to be used to calculate a digest from the content if authenticated attributes should be included
mode - whether to include the content into the AuthenticatedData (implicit) or to not include it (explicit)
Returns:
the BER encoding of the AuthenticatedData object just created, wrapped into a ContentInfo
Throws:
iaik.cms.CMSException - if the AuthenticatedData object cannot be created
java.io.IOException - if an I/O error occurs

getAuthenticatedDataStream

public byte[] getAuthenticatedDataStream(byte[] encoding,
                                         byte[] message,
                                         java.security.Key key,
                                         int recipientInfoIndex)
                                  throws iaik.cms.CMSException,
                                         java.io.IOException
Decrypts the encrypted MAC key for the recipient identified by its index into the recipientInfos field and uses the MAC key to verify the authenticated data.

This way of decrypting the MAC key and verifying the content may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo, PasswordRecipeintInfo, OtherRecipientInfo), but requires to know at what index of the recipientInfos field the RecipientInfo for the particular recipient in mind can be found. If the recipient in mind uses a RecipientInfo of type KeyAgreeRecipientInfo some processing overhead may take place because a KeyAgreeRecipientInfo may contain encrypted mac keys for more than only one recipient; since the recipientInfoIndex only specifies the RecipientInfo but not the encrypted mac key -- if there are more than only one -- repeated decryption runs may be required as long as the decryption process completes successfully.

Parameters:
encoding - the AuthenticatedData object as BER encoded byte array
message - the content message, if transmitted by other means (explicit mode)
key - the key to decrypt the mac key
recipientInfoIndex - the index of the right RecipientInfo to which the given key belongs
Returns:
the verified message, as byte array
Throws:
iaik.cms.CMSException - if the authenticated data cannot be verified
java.io.IOException - if a stream read/write error occurs

getAuthenticatedDataStream

public byte[] getAuthenticatedDataStream(byte[] encoding,
                                         byte[] message,
                                         java.security.Key key,
                                         iaik.cms.KeyIdentifier recipientID)
                                  throws iaik.cms.CMSException,
                                         java.io.IOException
Decrypts the encrypted MAC key for the recipient identified by recipient identifier and uses the MAC key to verify the authenticated data.

This way of decrypting the encrypted mac key may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo). The recipient in mind is identified by its recipient identifier.

Parameters:
encoding - the AuthenticatedData object as BER encoded byte array
key - the key to decrypt the encrypted mac key
recipientID - the recipient identifier uniquely identifying the key of the recipient
Returns:
the verified message, as byte array
Throws:
iaik.cms.CMSException - if the authenticated data cannot be verified
java.io.IOException - if a stream read/write error occurs

getAuthenticatedDataStream

public byte[] getAuthenticatedDataStream(byte[] encoding,
                                         byte[] message,
                                         java.security.Key key,
                                         iaik.x509.X509Certificate recipientCert,
                                         byte[] kekID)
                                  throws iaik.cms.CMSException,
                                         java.io.IOException
Decrypts the encrypted content of the given AuthenticatedData object for the recipient identified by its recipient certificate or kekID.

Parameters:
encoding - the AuthenticatedData object as DER encoded byte array
key - the key to decrypt the message
recipientCert - the certificate of the recipient having a RecipientInfo of type KeyTransRecipientInfo or KeyAgreeRecipientInfo
kekID - the kekID identifying the recipient key when using a RecipientInfo of type KEKRecipientInfo
Returns:
the verified message, as byte array
Throws:
iaik.cms.CMSException - if the authenticated data cannot be verified
java.io.IOException - if a stream read/write error occurs

createRecipients

public iaik.cms.RecipientInfo[] createRecipients()
                                          throws iaik.cms.CMSException
Creates the RecipientInfos.

Returns:
the RecipientInfos created
Throws:
iaik.cms.CMSException - if an error occurs when creating the recipient infos

parseAuthenticatedDataWithRecipientInfoIndex

public void parseAuthenticatedDataWithRecipientInfoIndex(byte[] encodedAuthenticatedData,
                                                         byte[] message)
                                                  throws java.lang.Exception
Parses an AuthenticatedData, decrypts the mac keys for all test recipients using the index into the recipientInfos field for identifying the recipient and verifies the content mac.

Parameters:
encodedAuthenticatedData - the encoded AuthenticatedData object
Throws:
java.lang.Exception - if some error occurs during mac key decryption / mac verification

parseAuthenticatedDataWithRecipientIdentifier

public void parseAuthenticatedDataWithRecipientIdentifier(byte[] encodedAuthenticatedData,
                                                          byte[] message)
                                                   throws java.lang.Exception
Parses an AuthenticatedData, decrypts the mac keys for all test recipients using their recipient identifiers for identifying the recipient and verifies the content mac.

Parameters:
encodedAuthenticatedData - the encoded AuthenticatedData object
Throws:
java.lang.Exception - if some error occurs during mac key decryption / mac verification

parseAuthenticatedDataWithRecipientCertOrKEKId

public void parseAuthenticatedDataWithRecipientCertOrKEKId(byte[] encodedAuthenticatedData,
                                                           byte[] message)
                                                    throws java.lang.Exception
Parses an AuthenticatedData, decrypts the encrypted mac keys for all test recipients using their recipient certificate (or KEK id) for identifying the recipient and verifies the content mac.

Parameters:
encodedAuthenticatedData - the encoded AuthenticatedData object
Throws:
java.lang.Exception - if some error occurs during mac key decryption / mac verification

start

public void start()
Starts the test.

main

public static void main(java.lang.String[] argv)
                 throws java.lang.Exception
Main method.

Throws:
java.io.IOException - if an I/O error occurs when reading required keys and certificates from files
java.lang.Exception
Overview  Package   Class  Tree  Deprecated  Index  Help 
IAIK CMS/SMIME Toolkit Demo API Documentation
Version 6.1
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
v6.1
(c) 2002 IAIK, (c) 2003 - 2025 SIC