demo.cms.envelopedData
Class ExplicitEnvelopedDataDemo

java.lang.Object
  demo.cms.envelopedData.ExplicitEnvelopedDataDemo

Direct Known Subclasses:

ExplicitAESEnvelopedDataDemo

public class ExplicitEnvelopedDataDemo
extends java.lang.Object

Demonstrates the usage of class EnvelopedDataStream and EnvelopedData for encrypting data using the CMS type EnvelopedData where the encrypted data is not included in the EncryptedContentInfo (transferred by other means).

This demo creates an EnvelopedData object and subsequently shows several ways that may be used for decrypting the content for some particular recipient.

Keys and certificates are retrieved from the demo KeyStore ("cms.keystore") which has to be located in your current working directory and may be created by running the SetupCMSKeyStore program.

This demo uses TripleDES which has been deprecated by S/MIMEv4 (RFC 8551), see ExplicitAESEnvelopedDataDemo for an AES based demo.

See Also:

EnvelopedDataStream, EnvelopedData, RecipientInfo, KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo

Constructor Summary

ExplicitEnvelopedDataDemo()
Creates an EnvelopedDataDemo and setups the demo certificates.

ExplicitEnvelopedDataDemo(iaik.asn1.structures.AlgorithmID contentEncAlg, iaik.asn1.structures.AlgorithmID keyWrapAlg, iaik.asn1.structures.AlgorithmID kekAlg, int keyLength)
Creates an EnvelopedDataDemo and setups the demo certificates.

ExplicitEnvelopedDataDemo(iaik.asn1.structures.AlgorithmID contentEncAlg, iaik.asn1.structures.AlgorithmID keyWrapAlg, int keyLength)
Creates an EnvelopedDataDemo and setups the demo certificates.

Method Summary

demo.cms.envelopedData.ExplicitEnvelopedDataDemo.EnvelopedDataAndEncryptedContent	createEnvelopedData(byte[] message) Creates a CMS EnvelopedData message.
demo.cms.envelopedData.ExplicitEnvelopedDataDemo.EnvelopedDataAndEncryptedContent	createEnvelopedDataStream(byte[] message) Creates a CMS EnvelopedDataStream message.
iaik.cms.RecipientInfo[]	createRecipients() Creates the RecipientInfos.
byte[]	getEnvelopedData(byte[] enc, byte[] encryptedContent, java.security.Key key, int recipientInfoIndex) Decrypts the encrypted content of the given EnvelopedData object for the recipient identified by its index into the recipientInfos field.
byte[]	getEnvelopedData(byte[] enc, byte[] encryptedContent, java.security.Key key, iaik.cms.KeyIdentifier recipientID) Decrypts the encrypted content of the given EnvelopedData object for the recipient identified by recipient identifier.
byte[]	getEnvelopedData(byte[] enc, byte[] encryptedContent, java.security.Key key, iaik.x509.X509Certificate recipientCert, byte[] kekID) Decrypts the encrypted content of the given EnvelopedData object for the recipient identified by its recipient certificate or keyID.
byte[]	getEnvelopedDataStream(byte[] encoding, byte[] encryptedContent, java.security.Key key, int recipientInfoIndex) Decrypts the encrypted content of the given EnvelopedData object for the recipient identified by its index into the recipientInfos field.
byte[]	getEnvelopedDataStream(byte[] encoding, byte[] encryptedContent, java.security.Key key, iaik.cms.KeyIdentifier recipientID) Decrypts the encrypted content of the given EnvelopedData object for the recipient identified by recipient identifier.
byte[]	getEnvelopedDataStream(byte[] encoding, byte[] encryptedContent, java.security.Key key, iaik.x509.X509Certificate recipientCert, byte[] kekID) Decrypts the encrypted content of the given EnvelopedData object for the recipient identified by its recipient certificate or kekID.
static void	main(java.lang.String[] argv) Main method.
void	parseEnvelopedDataWithRecipientCertOrKEKId(boolean stream, byte[] message, byte[] encodedEnvelopedData, byte[] encryptedContent) Parses an EnvelopedData and decrypts the content for all test recipients using their recipient certificate (for RecipientInfos of type KeyTransRecipientInfo or KeyAgreeRecipientInfo) or key id (for RecipientInfos of type KEKRecipientInfo) for identifying the recipient.
void	parseEnvelopedDataWithRecipientIdentifier(boolean stream, byte[] message, byte[] encodedEnvelopedData, byte[] encryptedContent) Parses an EnvelopedData and decrypts the content for all test recipients using their recipient identifiers for identifying the recipient.
void	parseEnvelopedDataWithRecipientInfoIndex(boolean stream, byte[] message, byte[] encodedEnvelopedData, byte[] encryptedContent) Parses an EnvelopedData and decrypts the content for all test recipients using the index into the recipientInfos field for identifying the recipient.
void	start() Starts the test.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ExplicitEnvelopedDataDemo

public ExplicitEnvelopedDataDemo()
                          throws java.io.IOException,
                                 java.security.NoSuchAlgorithmException

Creates an EnvelopedDataDemo and setups the demo certificates.
Keys and certificates are retrieved from the demo KeyStore ("cms.keystore") file which has to be located in your current working directory and may be created by running SetupCMSKeyStore.
TripleDES and TripleDES KeyWrap are used for content encryption and content encryption key wrapping.

Throws:

java.io.IOException - if an file read error occurs

java.security.NoSuchAlgorithmException - if the requested TripleDES or TripleDES KeyWrap algorithms are not supported

ExplicitEnvelopedDataDemo

public ExplicitEnvelopedDataDemo(iaik.asn1.structures.AlgorithmID contentEncAlg,
                                 iaik.asn1.structures.AlgorithmID keyWrapAlg,
                                 int keyLength)
                          throws java.io.IOException,
                                 java.security.NoSuchAlgorithmException

Creates an EnvelopedDataDemo and setups the demo certificates.
Keys and certificates are retrieved from the demo KeyStore ("cms.keystore") file which has to be located in your current working directory and may be created by running SetupCMSKeyStore.

Parameters:

contentEncAlg - the content encryption algorithm to be used

keyWrapAlg - the key wrap algorithm to be used for wrapping the content encryption key (for KeyAgreeRecipientInfos)

keyLength - the key length to be used (same for content encryption key and key encryption key) (for KeyAgreeRecipientInfos and KEKRecipientInfos)

Throws:

java.io.IOException - if an file read error occurs

java.security.NoSuchAlgorithmException - if the requested algorithms are not supported

ExplicitEnvelopedDataDemo

public ExplicitEnvelopedDataDemo(iaik.asn1.structures.AlgorithmID contentEncAlg,
                                 iaik.asn1.structures.AlgorithmID keyWrapAlg,
                                 iaik.asn1.structures.AlgorithmID kekAlg,
                                 int keyLength)
                          throws java.io.IOException,
                                 java.security.NoSuchAlgorithmException

Creates an EnvelopedDataDemo and setups the demo certificates.
Keys and certificates are retrieved from the demo KeyStore ("cms.keystore") file which has to be located in your current working directory and may be created by running SetupCMSKeyStore.

Parameters:

contentEncAlg - the content encryption algorithm to be used

keyWrapAlg - the key wrap algorithm to be used for wrapping the content encryption key (for KeyAgreeRecipientInfos)

kekAlg - the name of the key encryption key algorithm to be used (for KEKRecipientInfos)

keyLength - the key length to be used (same for content encryption key and key encryption key) (for KeyAgreeRecipientInfos and KEKRecipientInfos)

Throws:

java.io.IOException - if an file read error occurs

java.security.NoSuchAlgorithmException - if the requested algorithms are not supported

Method Detail

createEnvelopedDataStream

public demo.cms.envelopedData.ExplicitEnvelopedDataDemo.EnvelopedDataAndEncryptedContent createEnvelopedDataStream(byte[] message)
                                                                                                            throws iaik.cms.CMSException,
                                                                                                                   java.io.IOException

Creates a CMS EnvelopedDataStream message.

Parameters:

message - the message to be enveloped, as byte representation

Returns:

the DER encoding of the EnvelopedData object just created

Throws:

iaik.cms.CMSException - if the EnvelopedData object cannot be created

java.io.IOException - if an I/O error occurs

getEnvelopedDataStream

public byte[] getEnvelopedDataStream(byte[] encoding,
                                     byte[] encryptedContent,
                                     java.security.Key key,
                                     int recipientInfoIndex)
                              throws iaik.cms.CMSException,
                                     java.io.IOException

Decrypts the encrypted content of the given EnvelopedData object for the recipient identified by its index into the recipientInfos field.

This way of decrypting the content may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo), but requires to know at what index of the recipientInfo field the RecipientInfo for the particular recipient in mind can be found. If the recipient in mind uses a RecipientInfo of type KeyAgreeRecipientInfo some processing overhead may take place because a KeyAgreeRecipientInfo may contain encrypted content-encryption keys for more than only one recipient; since the recipientInfoIndex only specifies the RecipientInfo but not the encrypted content encryption key -- if there are more than only one -- repeated decryption runs may be required as long as the decryption process completes successfully.

Parameters:

encoding - the EnvelopedData object as DER encoded byte array

key - the key to decrypt the message

recipientInfoIndex - the index into the RecipientInfo array to which the specified key belongs

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException - if a stream read/write error occurs

getEnvelopedDataStream

public byte[] getEnvelopedDataStream(byte[] encoding,
                                     byte[] encryptedContent,
                                     java.security.Key key,
                                     iaik.cms.KeyIdentifier recipientID)
                              throws iaik.cms.CMSException,
                                     java.io.IOException

Decrypts the encrypted content of the given EnvelopedData object for the recipient identified by recipient identifier.

This way of decrypting the content may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo). The recipient in mind is identified by its recipient identifier.

Parameters:

encoding - the EnvelopedData object as DER encoded byte array

key - the key to decrypt the message

recipientID - the recipient identifier uniquely identifying the key of the recipient

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException - if a stream read/write error occurs

getEnvelopedDataStream

public byte[] getEnvelopedDataStream(byte[] encoding,
                                     byte[] encryptedContent,
                                     java.security.Key key,
                                     iaik.x509.X509Certificate recipientCert,
                                     byte[] kekID)
                              throws iaik.cms.CMSException,
                                     java.io.IOException

Decrypts the encrypted content of the given EnvelopedData object for the recipient identified by its recipient certificate or kekID.

Since recipient certificates only may be used for for RecipientInfos of type KeyTransRecipientInfo or KeyAgreeRecipientInfo, a key id has to be supplied for decrypting the content for a recipient using a KEKRecipientInfo.

Parameters:

encoding - the EnvelopedData object as DER encoded byte array

key - the key to decrypt the message

recipientCert - the certificate of the recipient having a RecipientInfo of type KeyTransRecipientInfo or KeyAgreeRecipientInfo

kekID - the kekID identifying the recipient key when using a RecipientInfo of type KEKRecipientInfo

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException - if a stream read/write error occurs

createEnvelopedData

public demo.cms.envelopedData.ExplicitEnvelopedDataDemo.EnvelopedDataAndEncryptedContent createEnvelopedData(byte[] message)
                                                                                                      throws iaik.cms.CMSException

Creates a CMS EnvelopedData message.

Parameters:

message - the message to be enveloped, as byte representation

Returns:

the encoded EnvelopedData, as byte array

Throws:

iaik.cms.CMSException - if the EnvelopedData object cannot be created

getEnvelopedData

public byte[] getEnvelopedData(byte[] enc,
                               byte[] encryptedContent,
                               java.security.Key key,
                               int recipientInfoIndex)
                        throws iaik.cms.CMSException,
                               java.io.IOException

Decrypts the encrypted content of the given EnvelopedData object for the recipient identified by its index into the recipientInfos field.

This way of decrypting the content may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo), but requires to know at what index of the recipientInfo field the RecipientInfo for the particular recipient in mind can be found. If the recipient in mind uses a RecipientInfo of type KeyAgreeRecipientInfo some processing overhead may take place because a KeyAgreeRecipientInfo may contain encrypted content-encryption keys for more than only one recipient; since the recipientInfoIndex only specifies the RecipientInfo but not the encrypted content encryption key -- if there are more than only one -- repeated decryption runs may be required as long as the decryption process completes successfully.

Parameters:

enc - the encoded EnvelopedData

key - the key to decrypt the message

recipientInfoIndex - the index into the RecipientInfo array to which the specified key belongs

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException - if an I/O error occurs

getEnvelopedData

public byte[] getEnvelopedData(byte[] enc,
                               byte[] encryptedContent,
                               java.security.Key key,
                               iaik.cms.KeyIdentifier recipientID)
                        throws iaik.cms.CMSException,
                               java.io.IOException

Decrypts the encrypted content of the given EnvelopedData object for the recipient identified by recipient identifier.

This way of decrypting the content may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo). The recipient in mind is identified by its recipient identifier.

Parameters:

enc - the DER encoded EnvelopedData ASN.1 object

key - the key to decrypt the message

recipientID - the recipient identifier uniquely identifying the key of the recipient

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException - if an I/O error occurs

getEnvelopedData

public byte[] getEnvelopedData(byte[] enc,
                               byte[] encryptedContent,
                               java.security.Key key,
                               iaik.x509.X509Certificate recipientCert,
                               byte[] kekID)
                        throws iaik.cms.CMSException,
                               java.io.IOException

Decrypts the encrypted content of the given EnvelopedData object for the recipient identified by its recipient certificate or keyID.

Since recipient certificates only may be used for for RecipientInfos of type KeyTransRecipientInfo or KeyAgreeRecipientInfo, a key id has to be supplied for decrypting the content for a recipient using a KEKRecipientInfo.

Parameters:

enc - the DER encoded EnvelopedData ASN.1 object

key - the key to decrypt the message

recipientCert - the certificate of the recipient having a RecipientInfo of type KeyTransRecipientInfo or KeyAgreeRecipientInfo

kekID - the kekID identifying the recipient key when using a RecipientInfo of type KEKRecipientInfo

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException

createRecipients

public iaik.cms.RecipientInfo[] createRecipients()
                                          throws iaik.cms.CMSException

Creates the RecipientInfos.

Returns:

the RecipientInfos created, two KeyTransRecipientInfos, one KeyAgreeRecipientInfo (for two recipients with same domain parameters), and one KEKRecipientInfo

Throws:

iaik.cms.CMSException - if an error occurs when creating the recipient infos

parseEnvelopedDataWithRecipientInfoIndex

public void parseEnvelopedDataWithRecipientInfoIndex(boolean stream,
                                                     byte[] message,
                                                     byte[] encodedEnvelopedData,
                                                     byte[] encryptedContent)
                                              throws java.lang.Exception

Parses an EnvelopedData and decrypts the content for all test recipients using the index into the recipientInfos field for identifying the recipient.

Parameters:

stream - whether to use EnvelopedDataStream or EnvelopedData

message - the original message (to be compared to the decryption result)

encodedEnvelopedData - the encoded EnvelopedData object

Throws:

java.lang.Exception - if some error occurs during decoding/decryption

parseEnvelopedDataWithRecipientIdentifier

public void parseEnvelopedDataWithRecipientIdentifier(boolean stream,
                                                      byte[] message,
                                                      byte[] encodedEnvelopedData,
                                                      byte[] encryptedContent)
                                               throws java.lang.Exception

Parses an EnvelopedData and decrypts the content for all test recipients using their recipient identifiers for identifying the recipient.

Parameters:

stream - whether to use EnvelopedDataStream or EnvelopedData

message - the original message (to be compared to the decryption result)

encodedEnvelopedData - the encoded EnvelopedData object

Throws:

java.lang.Exception - if some error occurs during decoding/decryption

parseEnvelopedDataWithRecipientCertOrKEKId

public void parseEnvelopedDataWithRecipientCertOrKEKId(boolean stream,
                                                       byte[] message,
                                                       byte[] encodedEnvelopedData,
                                                       byte[] encryptedContent)
                                                throws java.lang.Exception

Parses an EnvelopedData and decrypts the content for all test recipients using their recipient certificate (for RecipientInfos of type KeyTransRecipientInfo or KeyAgreeRecipientInfo) or key id (for RecipientInfos of type KEKRecipientInfo) for identifying the recipient.

Parameters:

stream - whether to use EnvelopedDataStream or EnvelopedData

message - the original message (to be compared to the decryption result)

encodedEnvelopedData - the encoded EnvelopedData object

Throws:

java.lang.Exception - if some error occurs during decoding/decryption

start

public void start()

Starts the test.

main

public static void main(java.lang.String[] argv)
                 throws java.lang.Exception

Main method.

Throws:

java.io.IOException - if an I/O error occurs when reading required keys and certificates from files

java.lang.Exception