demo.cms.ecc

Class ECDHAuthEnvelopedDataDemo

java.lang.Object

demo.cms.ecc.StaticStaticECDHDemo

demo.cms.ecc.ECDHAuthEnvelopedDataDemo

public class ECDHAuthEnvelopedDataDemo
extends StaticStaticECDHDemo

Demonstrates the usage of class AuthEnvelopedDataStream, AuthEnvelopedData and AuthEnvelopedDataOutputStream for authenticated encrypting data using the CMS type AuthEnvelopedData by using Static-Static ECDH according to 6278 as key agreement method.

Any keys/certificates required for this demo are read from a keystore file "cmsecc.keystore" located in your current working directory. If the keystore file does not exist you can create it by running the SetupCMSEccKeyStore program.

Additionally to iaik_cms.jar you also must have iaik_jce_(full).jar (IAIK-JCE, https://sic.tech/products/core-crypto-toolkits/jca-jce/), and iaik_eccelarate.jar (IAIK-ECCelerate^TM, https://sic.tech/products/core-crypto-toolkits/eccelerate/) in your classpath.

See Also:

AuthEnvelopedDataStream, AuthEnvelopedData, AuthEnvelopedDataOutputStream, RecipientInfo, KeyAgreeRecipientInfo, SetupCMSEccKeyStore

Constructor Summary

Constructors

Constructor and Description
ECDHAuthEnvelopedDataDemo() Setup the demo certificate chains.

Method Summary

Modifier and Type	Method and Description
byte[]	createAuthEnvelopedData(byte[] message, iaik.asn1.structures.AlgorithmID contentAuthEncAlg) Creates a CMS AuthEnvelopedData message.
byte[]	createAuthEnvelopedDataOutputStream(byte[] message, iaik.asn1.structures.AlgorithmID contentAuthEncAlg) Creates a CMS AuthEnvelopedData message using the AuthEnvelopedDataOutputStream class.
byte[]	createAuthEnvelopedDataStream(byte[] message, iaik.asn1.structures.AlgorithmID contentAuthEncAlg) Creates a CMS AuthEnvelopedDataStream message.
byte[]	getAuthEnvelopedData(byte[] enc, java.security.Key key, int recipientInfoIndex) Decrypts the encrypted content of the given AuthEnvelopedData object for the recipient identified by its index into the recipientInfos field.
byte[]	getAuthEnvelopedData(byte[] enc, java.security.Key key, iaik.cms.KeyIdentifier recipientID) Decrypts the encrypted content of the given AuthEnvelopedData object for the recipient identified by recipient identifier.
byte[]	getAuthEnvelopedData(byte[] enc, java.security.Key key, iaik.x509.X509Certificate recipientCert) Decrypts the encrypted content of the given AuthEnvelopedData object for the recipient identified by its recipient certificate.
byte[]	getAuthEnvelopedDataStream(byte[] encoding, java.security.Key key, int recipientInfoIndex) Decrypts the encrypted content of the given AuthEnvelopedData object for the recipient identified by its index into the recipientInfos field.
byte[]	getAuthEnvelopedDataStream(byte[] encoding, java.security.Key key, iaik.cms.KeyIdentifier recipientID) Decrypts the encrypted content of the given AuthEnvelopedData object for the recipient identified by recipient identifier.
static void	main(java.lang.String[] argv) Main method.
void	parseAuthEnvelopedDataWithRecipientIdentifier(boolean stream, byte[] encodedAuthEnvelopedData) Parses an AuthEnvelopedData and decrypts the content for all test recipients using their recipient identifiers for identifying the recipient.
void	parseAuthEnvelopedDataWithRecipientInfoIndex(boolean stream, byte[] encodedAuthEnvelopedData) Parses an AuthEnvelopedData and decrypts the content for all test recipients using the index into the recipientInfos field for identifying the recipient.
void	start() Starts the demo.
void	start(iaik.asn1.structures.AlgorithmID contentAuthEncAlg) Starts the demo for the given content-authenticated encryption algorithm.

Methods inherited from class demo.cms.ecc.StaticStaticECDHDemo

createRecipients

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ECDHAuthEnvelopedDataDemo

public ECDHAuthEnvelopedDataDemo()
                          throws java.io.IOException

Setup the demo certificate chains. Keys and certificates are retrieved from the demo keyStore file "cmsecc.keystore" located in your current working directory. If the keystore file does not exist you can create it by running the SetupCMSEccKeyStore program.

Throws:

java.io.IOException - if keys/certificates cannot be read from the keystore

Method Detail

createAuthEnvelopedDataStream

public byte[] createAuthEnvelopedDataStream(byte[] message,
                                            iaik.asn1.structures.AlgorithmID contentAuthEncAlg)
                                     throws iaik.cms.CMSException,
                                            java.io.IOException

Creates a CMS AuthEnvelopedDataStream message.

Parameters:

message - the message to be authenticated-enveloped, as byte representation

contentAuthEncAlg - the id of the content-authenticated encryption algorithm

Returns:

the encoding of the AuthEnvelopedData object just created

Throws:

iaik.cms.CMSException - if the AuthEnvelopedData object cannot be created

java.io.IOException - if an I/O error occurs

createAuthEnvelopedDataOutputStream

public byte[] createAuthEnvelopedDataOutputStream(byte[] message,
                                                  iaik.asn1.structures.AlgorithmID contentAuthEncAlg)
                                           throws iaik.cms.CMSException,
                                                  java.io.IOException

Creates a CMS AuthEnvelopedData message using the AuthEnvelopedDataOutputStream class.

Parameters:

message - the message to be authenticated-enveloped, as byte representation

contentAuthEncAlg - the id of the content-authenticated encryption algorithm

Returns:

the encoding of the AuthEnvelopedData object just created

Throws:

iaik.cms.CMSException - if the AuthEnvelopedData object cannot be created

java.io.IOException - if an I/O error occurs

getAuthEnvelopedDataStream

public byte[] getAuthEnvelopedDataStream(byte[] encoding,
                                         java.security.Key key,
                                         int recipientInfoIndex)
                                  throws iaik.cms.CMSException,
                                         java.io.IOException

Decrypts the encrypted content of the given AuthEnvelopedData object for the recipient identified by its index into the recipientInfos field.

Parameters:

encoding - the AuthEnvelopedData object as DER encoded byte array

key - the key to decrypt the message

recipientInfoIndex - the index into the RecipientInfo array to which the specified key belongs

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException - if a stream read/write error occurs

getAuthEnvelopedDataStream

public byte[] getAuthEnvelopedDataStream(byte[] encoding,
                                         java.security.Key key,
                                         iaik.cms.KeyIdentifier recipientID)
                                  throws iaik.cms.CMSException,
                                         java.io.IOException

Decrypts the encrypted content of the given AuthEnvelopedData object for the recipient identified by recipient identifier.

Parameters:

encoding - the AuthEnvelopedData object as DER encoded byte array

key - the key to decrypt the message

recipientID - the recipient identifier uniquely identifying the key of the recipient

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException - if a stream read/write error occurs

createAuthEnvelopedData

public byte[] createAuthEnvelopedData(byte[] message,
                                      iaik.asn1.structures.AlgorithmID contentAuthEncAlg)
                               throws iaik.cms.CMSException

Creates a CMS AuthEnvelopedData message.

Parameters:

message - the message to be authenticated-enveloped, as byte representation

contentAuthEncAlg - the id of the content-authenticated encryption algorithm

Returns:

the encoded AuthEnvelopedData, as byte array

Throws:

iaik.cms.CMSException - if the AuthEnvelopedData object cannot be created

getAuthEnvelopedData

public byte[] getAuthEnvelopedData(byte[] enc,
                                   java.security.Key key,
                                   int recipientInfoIndex)
                            throws iaik.cms.CMSException,
                                   java.io.IOException

Decrypts the encrypted content of the given AuthEnvelopedData object for the recipient identified by its index into the recipientInfos field.

Parameters:

enc - the encoded AuthEnvelopedData

key - the key to decrypt the message

recipientInfoIndex - the index into the RecipientInfo array to which the specified key belongs

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException - if an I/O error occurs

getAuthEnvelopedData

public byte[] getAuthEnvelopedData(byte[] enc,
                                   java.security.Key key,
                                   iaik.cms.KeyIdentifier recipientID)
                            throws iaik.cms.CMSException,
                                   java.io.IOException

Decrypts the encrypted content of the given AuthEnvelopedData object for the recipient identified by recipient identifier.

This way of decrypting the content may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo). The recipient in mind is identified by its recipient identifier.

Parameters:

enc - the encoded AuthenticatedData

key - the key to decrypt the message

recipientID - the recipient identifier uniquely identifying the key of the recipient

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException - if an I/O error occurs

getAuthEnvelopedData

public byte[] getAuthEnvelopedData(byte[] enc,
                                   java.security.Key key,
                                   iaik.x509.X509Certificate recipientCert)
                            throws iaik.cms.CMSException,
                                   java.io.IOException

Decrypts the encrypted content of the given AuthEnvelopedData object for the recipient identified by its recipient certificate.

Parameters:

enc - the encoded AuthEnvelopedData

key - the key to decrypt the message

recipientCert - the certificate of the recipient

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException

parseAuthEnvelopedDataWithRecipientInfoIndex

public void parseAuthEnvelopedDataWithRecipientInfoIndex(boolean stream,
                                                         byte[] encodedAuthEnvelopedData)
                                                  throws java.lang.Exception

Parses an AuthEnvelopedData and decrypts the content for all test recipients using the index into the recipientInfos field for identifying the recipient.

Parameters:

stream - whether to use AuthEnvelopedDataStream or AuthEnvelopedData

encodedAuthEnvelopedData - the encoded AuthEnvelopedData object

Throws:

java.lang.Exception - if some error occurs during decoding/decryption

parseAuthEnvelopedDataWithRecipientIdentifier

public void parseAuthEnvelopedDataWithRecipientIdentifier(boolean stream,
                                                          byte[] encodedAuthEnvelopedData)
                                                   throws java.lang.Exception

Parses an AuthEnvelopedData and decrypts the content for all test recipients using their recipient identifiers for identifying the recipient.

Parameters:

stream - whether to use AuthEnvelopedDataStream or AuthEnvelopedData

encodedAuthEnvelopedData - the encoded AuthEnvelopedData object

Throws:

java.lang.Exception - if some error occurs during decoding/decryption

start

public void start()

Starts the demo.

start

public void start(iaik.asn1.structures.AlgorithmID contentAuthEncAlg)

Starts the demo for the given content-authenticated encryption algorithm.

Parameters:

contentAuthEncAlg - the id of the content-authenticated encryption algorithm

main

public static void main(java.lang.String[] argv)
                 throws java.lang.Exception

Main method.

Throws:

java.io.IOException - if an I/O error occurs when reading required keys and certificates from the keystore file

java.lang.Exception