demo.cms.ecc

Class EdDSASignedDataDemo

java.lang.Object

demo.cms.ecc.EdDSASignedDataDemo

public class EdDSASignedDataDemo
extends java.lang.Object

This class demonstrates the IAIK-CMS SignedData(Stream) implementation with the EdDSA (Ed25519, Ed448) signature algorithm.

Any keys/certificates required for this demo are read from a keystore file "cmsecc.keystore" located in your current working directory. If the keystore file does not exist you can create it by running the SetupCMSEccKeyStore program.

Additionally to iaik_cms.jar you also must have iaik_jce_(full).jar (IAIK-JCE, https://sic.tech/products/core-crypto-toolkits/jca-jce/), and iaik_eccelarate.jar (IAIK-ECCelerate^TM, https://sic.tech/products/core-crypto-toolkits/eccelerate/) in your classpath.

Constructor Summary

Constructors

Constructor and Description
EdDSASignedDataDemo() Default Constructor.

Method Summary

Modifier and Type	Method and Description
byte[]	createSignedData(byte[] message, int mode, iaik.asn1.structures.AlgorithmID hashAlgorithm, iaik.asn1.structures.AlgorithmID signatureAlgorithm, java.security.PrivateKey signerKey, iaik.x509.X509Certificate[] certificates) Creates an EdDSA signed CMS SignedData object and wraps it by a CMS ContentInfo object.
byte[]	createSignedDataStream(byte[] message, int mode, iaik.asn1.structures.AlgorithmID hashAlgorithm, iaik.asn1.structures.AlgorithmID signatureAlgorithm, java.security.PrivateKey signerKey, iaik.x509.X509Certificate[] certificates) Creates an EdDSA signed CMS SignedDataStream object and wraps it by a CMS ContentInfoStream.
byte[]	getSignedData(byte[] signedData, byte[] message, iaik.x509.X509Certificate[] certificates) Parses a CMS ContentInfo holding a SignedData object and verifies the signature.
byte[]	getSignedDataStream(byte[] signedData, byte[] message, iaik.x509.X509Certificate[] certificates) Parses a CMS ContentInfo object holding a SignedData object and verifies the signature.
static void	main(java.lang.String[] argv) Starts the demo.
void	runDemo(byte[] message, iaik.asn1.structures.AlgorithmID hashAlgorithm, iaik.asn1.structures.AlgorithmID signatureAlgorithm, iaik.utils.KeyAndCertificate signerKeyAndCert) Runs the signing - verifying demo.
void	start() Tests the CMS SignedData implementation with the ECDSA signature algorithm and several hash algorithms.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EdDSASignedDataDemo

public EdDSASignedDataDemo()
                    throws java.lang.Exception

Default Constructor.

Throws:

java.lang.Exception

Method Detail

createSignedDataStream

public byte[] createSignedDataStream(byte[] message,
                                     int mode,
                                     iaik.asn1.structures.AlgorithmID hashAlgorithm,
                                     iaik.asn1.structures.AlgorithmID signatureAlgorithm,
                                     java.security.PrivateKey signerKey,
                                     iaik.x509.X509Certificate[] certificates)
                              throws iaik.cms.CMSException,
                                     java.io.IOException

Creates an EdDSA signed CMS SignedDataStream object and wraps it by a CMS ContentInfoStream.

Parameters:

message - the message to be signed, as byte representation

mode - the transmission mode, either IMPLICIT or EXPLICIT

hashAlgorithm - the hash algorithm to be used

signatureAlgorithm - the signature algorithm to be used

signerKey - the private key of the signer

certificates - the certificate chain of the signer

Returns:

the DER encoding of the ContentInfo object just created

Throws:

iaik.cms.CMSException - if the SignedData, ContentInfo object cannot be created

java.io.IOException - if an I/O related error occurs

getSignedDataStream

public byte[] getSignedDataStream(byte[] signedData,
                                  byte[] message,
                                  iaik.x509.X509Certificate[] certificates)
                           throws iaik.cms.CMSException,
                                  java.io.IOException

Parses a CMS ContentInfo object holding a SignedData object and verifies the signature.

Parameters:

signedData - the ContentInfo holding the SignedData object as BER encoded byte array

message - the the message which was transmitted out-of-band (explicit signed)

certificates - the certificate of the signer (used for alternative signature verification)

Returns:

the inherent message as byte array

Throws:

iaik.cms.CMSException - if any signature does not verify

java.io.IOException - if an I/O related error occurs

createSignedData

public byte[] createSignedData(byte[] message,
                               int mode,
                               iaik.asn1.structures.AlgorithmID hashAlgorithm,
                               iaik.asn1.structures.AlgorithmID signatureAlgorithm,
                               java.security.PrivateKey signerKey,
                               iaik.x509.X509Certificate[] certificates)
                        throws iaik.cms.CMSException,
                               java.io.IOException

Creates an EdDSA signed CMS SignedData object and wraps it by a CMS ContentInfo object.

Parameters:

message - the message to be signed, as byte representation

mode - the mode, either SignedData.IMPLICIT or SignedData.EXPLICIT

hashAlgorithm - the hash algorithm to be used

signatureAlgorithm - the signature algorithm to be used

signerKey - the private key of the signer

certificates - the certificate chain of the signer

Returns:

the DER encoded SignedData-ContentInfo object

Throws:

iaik.cms.CMSException - if the SignedData-ContentInfo object cannot be created

java.io.IOException - if an I/O related error occurs

getSignedData

public byte[] getSignedData(byte[] signedData,
                            byte[] message,
                            iaik.x509.X509Certificate[] certificates)
                     throws iaik.cms.CMSException,
                            java.io.IOException

Parses a CMS ContentInfo holding a SignedData object and verifies the signature.

Parameters:

signedData - the ContentInfo holding the SignedData object as DER encoded byte array

message - the message which was transmitted out-of-band (explicit signed)

certificates - the certificate of the signer (used for alternative signature verification)

Returns:

the inherent message as byte array

Throws:

iaik.cms.CMSException - if any signature does not verify

java.io.IOException - if an I/O related error occurs

runDemo

public void runDemo(byte[] message,
                    iaik.asn1.structures.AlgorithmID hashAlgorithm,
                    iaik.asn1.structures.AlgorithmID signatureAlgorithm,
                    iaik.utils.KeyAndCertificate signerKeyAndCert)
             throws java.lang.Exception

Runs the signing - verifying demo.

Parameters:

message - the message to be signed

hashAlgorithm - the hash algorithm to be used

signatureAlgorithm - the signature algorithm to be used

signerKeyAndCert - private key and certificate chain of the signer

Throws:

java.lang.Exception

start

public void start()
           throws java.lang.Exception

Tests the CMS SignedData implementation with the ECDSA signature algorithm and several hash algorithms.

Throws:

java.lang.Exception

main

public static void main(java.lang.String[] argv)
                 throws java.lang.Exception

Starts the demo.

Throws:

java.lang.Exception - if an error occurs