public class IaikCCProvider extends IaikProvider
To install this security provider call:
SecurityProvider.setSecurityProvider(new IaikCCProvider());
SecurityProvider
,
IaikProvider
ALG_SIGNATURE_RAWRSA, ALG_SIGNATURE_RAWRSASSA_PKCS1_V15
ALG_CIPHER_RSA, ALG_CIPHER_RSA_DECRYPT, ALG_CIPHER_RSA_ENCRYPT, ALG_CIPHER_RSA_SIGN, ALG_CIPHER_RSA_VERIFY, ALG_DIGEST_MD5, ALG_DIGEST_SHA, ALG_HMAC_MD5, ALG_HMAC_SHA, ALG_KEYEX_DH, ALG_KEYEX_ESDH, ALG_KEYEX_SSDH, ALG_SIGNATURE_RAWDSA, ALG_SIGNATURE_RAWECDSA, ALG_SIGNATURE_RAWECDSA_PLAIN, ALG_SIGNATURE_RAWRSAPSS, ALG_SIGNATURE_SHADSA, CIPHER_DECRYPT, CIPHER_ENCRYPT, CIPHER_NONE, CIPHER_UNWRAP, CIPHER_WRAP, COMPRESS, DECOMPRESS, IMPLEMENTATION_NAME_DSA, IMPLEMENTATION_NAME_ECDSA, IMPLEMENTATION_NAME_ECDSA_PLAIN, IMPLEMENTATION_NAME_PBKDF2, IMPLEMENTATION_NAME_PWRI_KEK, IMPLEMENTATION_NAME_RSA, IMPLEMENTATION_NAME_RSA_OAEP, IMPLEMENTATION_NAME_RSA_PSS, provider_, providerName_, random_, SIGNATURE_NONE, SIGNATURE_SIGN, SIGNATURE_VERIFY
Constructor and Description |
---|
IaikCCProvider()
Default Constructor.
|
IaikCCProvider(boolean installProvider)
Creates an IaikCCProvider.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
calculateSignatureFromHash(iaik.asn1.structures.AlgorithmID signatureAlgorithm,
iaik.asn1.structures.AlgorithmID digestAlgorithm,
java.security.PrivateKey privateKey,
byte[] digest)
Calculates the signature value for a CMS SignerInfo over the given digest
value with the given algorithm using the supplied private key.
|
boolean |
verifySignatureFromHash(iaik.asn1.structures.AlgorithmID signatureAlgorithm,
iaik.asn1.structures.AlgorithmID digestAlgorithm,
java.security.PublicKey publicKey,
byte[] digest,
byte[] signatureValue)
Verifies the signature value of a CMS SignerInfo object with the given algorithm
using the supplied public key.
|
calculateSignatureFromSignedAttributes, checkDomainParameters, createSharedKeyEncryptionKey, decryptKey, deriveKey, generateAEADParamSpec, generateAEADParamSpec, generateKey, generateKeyAgreementKeyPair, getAlgorithmParameterSpec, getASN1OriginatorPublicKey, getPBEKey, getSecureRandom, setAEADMac, setIv, turnOffIAIKProviderVersionCheck, unwrapKey, verifySignatureFromSignedAttributes, wrapKey
calculateMac, calculateSharedSecret, compress, convertCipherMode, decryptKey, encryptKey, generateGCMParamSpec, generateKey, getAlgorithmParameters, getAlgorithmParameters, getAlgorithmParameters, getAuthCipherEngine, getAuthCipherEngine, getByteArrayAuthCipherEngine, getByteArrayAuthCipherEngine, getByteArrayCipherEngine, getByteArrayCipherEngine, getCipher, getCipher, getCipher, getCipher, getEllipticCurveParameterSpec, getHash, getInputStreamAuthCipherEngine, getInputStreamAuthCipherEngine, getInputStreamCipherEngine, getInputStreamCipherEngine, getInputStreamCompressEngine, getInputStreamHashEngine, getInputStreamMacEngine, getKeyAgreement, getKeyAlgorithmID, getKeyFactory, getKeyGenerator, getKeyGenerator, getKeyGenerator, getKeyLength, getKeyLength, getKeyLength, getKeyPairGenerator, getKeyStore, getMac, getMac, getMaskGenerationAlgorithm, getMessageDigest, getMessageDigest, getMicAlgs, getOriginatorPublicKey, getOutputStreamCompressEngine, getOutputStreamHashEngine, getOutputStreamMacEngine, getProviderName, getSecretKeyFactory, getSecretKeyFactory, getSecurityProvider, getSignature, getSignature, getSignature, getSignature, getSignatureParameters, setSecureRandom, setSecurityProvider, setSignatureParameters, validateDHPublicKey, validateKeyAgreementKey
public IaikCCProvider()
public IaikCCProvider(boolean installProvider)
installProvider
- whether to install the IAIK provider within
the JCA framework or to use it without
installing it within the JCE frameworkpublic byte[] calculateSignatureFromHash(iaik.asn1.structures.AlgorithmID signatureAlgorithm, iaik.asn1.structures.AlgorithmID digestAlgorithm, java.security.PrivateKey privateKey, byte[] digest) throws java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.SignatureException
Each SignerInfo
included in a CMS SignedData
object may calculate the signature value differently depending on the
presence of signed attributes:
SignerInfo
for
calculating the signature when no signed attributes are present. Since
the data to be signed may be of arbitrary size this method expects the
already hashed data to only calculate the signature value on it (for
instance, by doing the digest encrypting when using RSA for signing).
For that reason, when writing your own SecurityProvider and overriding this method, you will need some kind of RAW signature (respectively digest encryption) mechanism only expecting the already hashed data (e.g. a "RawDSA" signature engine when using DSA repectively a Cipher engine when using RSA).
If you want to override this method for use with smartcards, please be sure
that your smartcard is able to do the signature (respectively digest
encryption) operation only. However, if your smartcard requires to supply
the whole data for doing the hash calcualtion itself, you may ensure that
your SignerInfo
contains signed attributes
and override method calculateSignatureFromSignedAttributes
for calculating the signature over
the DER encoding of the signed attributes (thereby doing the hash
computation, too).
calculateSignatureFromHash
in class IaikProvider
signatureAlgorithm
- signatureAlgorithm the signature algorithm to be
used, e.g. rsaEncryption, DSAdigestAlgorithm
- the digest algorithm used for hash computation (e.g.
SHA-1, ..., SHA-512); may be necessary for some signature schemes (e.g.
to be included as a DigestInfo in a PKCS#1 RSA signature)privateKey
- the private key of the signer (i.e. the one supplied when
creating a SignerInfo
object; may be
some kind of "dummy" key when used for smartcardsdigest
- the digest value over which the signature shall be calculatedjava.security.NoSuchAlgorithmException
- if any of the required algorithms is not supportedjava.security.InvalidKeyException
- if the key is not validjava.security.SignatureException
- if signature verification fails because of some crypto related errorpublic boolean verifySignatureFromHash(iaik.asn1.structures.AlgorithmID signatureAlgorithm, iaik.asn1.structures.AlgorithmID digestAlgorithm, java.security.PublicKey publicKey, byte[] digest, byte[] signatureValue) throws java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.SignatureException
Each SignerInfo
included in a CMS SignedData
object may calculate the signature value differently depending on the
presence of signed attributes:
SignerInfo
for
verifying the signature when no signed attributes are present. Since
the data to be verified may be of arbitrary size this method expects the
already hashed data to only be verified against the signature value.
For that reason, when writing your own SecurityProvider and overriding this method, you will need some kind of RAW signature (respectively "encrypted digest decryption") mechanism only expecting the already hashed data (e.g. a "RawDSA" signature engine when using DSA repectively a Cipher engine when using RSA).
Although generally for public key operations smartcards may not be used,
when overriding this method for use with smartcards, please be sure
that your smartcard is able to do the signature verification operation only.
However, if your smartcard requires to supply the whole data for doing the
hash calcualtion itself, you may ensure that your SignerInfo
contains signed attributes and override method verifySignatureFromSignedAttributes
for verifying the signature calculated from the DER encoding of the signed
attributes (thereby doing the hash computation, too).
verifySignatureFromHash
in class IaikProvider
signatureAlgorithm
- signatureAlgorithm the signature algorithm to be
used for verification, e.g. rsaEncryption, DSAdigestAlgorithm
- the digest algorithm that has been used for hash
computation (e.g. SHA-1, ..., SHA-512); may be necessary for some signature
schemes (e.g. to be check against a DigestInfo in a PKCS#1 RSA signature)publicKey
- the public key of the signerdigest
- the digest value to be verifiedsignatureValue
- the signatureValue the signature value to be verifiedtrue
if the signature is ok, false
if notjava.security.NoSuchAlgorithmException
- if any of the required algorithms is not supportedjava.security.InvalidKeyException
- if the key is not validjava.security.SignatureException
- if signature verification fails because
of some crypto related or parsing error