iaik.cms
Class PasswordRecipientInfo

java.lang.Object
  iaik.cms.RecipientInfo
      iaik.cms.PasswordRecipientInfo

All Implemented Interfaces:

ASN1Type

public class PasswordRecipientInfo
extends RecipientInfo

This class implements the CMS PasswordRecipientInfo type.

The RFC 3211 (Password-based Encryption for CMS) specifies the PasswordRecipientInfo type as RecipientInfo choice for encrypting the secret content-encryption key with a key encryption key derived from a password:

 PasswordRecipientInfo ::= SEQUENCE {
   version CMSVersion,   -- Always set to 0
   keyDerivationAlgorithm
      [0] KeyDerivationAlgorithmIdentifier OPTIONAL,
   keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
   encryptedKey EncryptedKey }
 

The keyDerivationAlgorithm field specifies the algorithm to be used for deriving the key encryption key (kek) from a password. The reference key derivation algorithm is PBKDF2 as specified by RFC 2898 (PKCS#5). If no key derivation algorithm is specified the kek may be not derived from a password; rather it may be supplied by other means (e.g. by a smartcard). The keyEncryptionAlgorithm field identifies the key encryption algorithm (e.g. PWRI-KEK, see RFC 3211) used for encrypting the randomly generated content-encryption key with a secret key encryption key. The encrypted content-encryption key (used for encrypting the content) is stored in the encryptedKey field.

This class provides several constructors and methods for creating a PasswordRecipientInfo object, obtaining the component values, and encrypting (respectively decrypting) the content-encryption key.

When creating a new PasswordRecipientInfo you may supply the password, key derivation function and key encryption algorithm and any associated parameters to be used, e.g.:

 // the password:
 char[] password = ...;
 // use PBKDF2 as key derivation function for deriving the kek from a password:
 AlgorithmID pbkdf2 = (AlgorithmID)AlgorithmID.pbkdf2.clone();
 // PBKDF2 parameters
 int kekLen = 32;  // we use AES as kek algorithm
 int iterationCount = ...; 
 byte[] salt = ...;
 PBEKeyAndParameterSpec pbkdf2ParamSpec =
   new PBEKeyAndParameterSpec(UTF8String.getUTF8EncodingFromCharArray(password),
                              salt,
                              iterationCount,
                              kekLen); 
 // use PWRI-KEK for encrypting (wrapping) the content encryption key:
 AlgorithmID pwriKek = (CMSAlgorithmID)CMSAlgorithmID.pwri_kek.clone();
 // for PWRI-KEK set the kek encryption algorithm parameter
 AlgorithmID kekEncryptionAlg = (AlgorithmID)AlgorithmID.aes256_CBC.clone();
 pwriKek.setParameter(kekEncryptionAlg.toASN1Object());
 // create the PasswordRecipientInfo:
 PasswordRecipientInfo recipient = new PasswordRecipientInfo(password, pbkdf2, pbkdf2ParamSpec, pwriKek, null);
 

The following example shows the typical usage for including a PasswordRecipientInfo into a EnvelopedData object, encoding it, decoding it at the recipient side and decrypt the content (we use the stream-based EnvelopedData implementation for this sample):

 // the password:
 char[] password = ...;
 // use PBKDF2 as key derivation function for deriving the kek from a password:
 AlgorithmID pbkdf2 = (AlgorithmID)AlgorithmID.pbkdf2.clone();
 // use PWRI-KEK for encrypting (wrapping) the content encryption key:
 AlgorithmID pwriKek = (CMSAlgorithmID)CMSAlgorithmID.pwri_kek.clone();
 // create the PasswordRecipientInfo:
 PasswordRecipientInfo recipient = new PasswordRecipientInfo(password, pwriKek, null, pwriKek, null);
 // create an EnvelopedData for the content to be encrypted:
 EnvelopedDataStream envelopedData = new EnvelopedDataStream(is, (AlgorithmID)AlgorithmID.aes256_CBC.clone());
 // add the recipient information:
 envelopedData.addRecipientInfo(recipient);
 // write the EnvelopedData to a stream thereby performing the content encryption:
 int blockSize = ...;
 OutputStream encoded_stream = ...;
 envelopedData.writeTo(encoded_stream, blockSize);
 ...
 // on the recipient side decode the EnvelopedData:
 InputStream encodedStream = ...;
 EnvelopedDataStream envelopedData = new EnvelopedData(encodedStream);
 // Get information about the inherent EncryptedContentInfo:
 EncryptedContentInfoStream eci = (EncryptedContentInfoStream)enveloped_data.getEncryptedContentInfo();
 System.out.println("Content type: "+eci.getContentType().getName());
 System.out.println("Content encryption algorithm: "+eci.getContentEncryptionAlgorithm().getName());
 // get the PasswordRecipientInfo:
 PasswordRecipientInfo recipient = (PasswordRecipientInfo)envelopedData.getRecipientInfos()[0];
 // decrypt the encrypted cek:
 String cekAlgName = "AES-256";
 SecretKey cek = recipient.decryptKey(password, cekAlgName); 
 // setup the cipher for decryption:
 envelopedData.setupCipher(cek);
 // read the content thereby performing the content decryption:
 InputStream data_is = enveloped_data.getInputStream();
 byte[] buf = new byte[2048];
 int r;
 while ((r = data_is.read(buf)) > 0) {
   // do something useful
 }
 

See Also:

RecipientInfo, EnvelopedDataStream, EnvelopedData

Field Summary

Fields inherited from class iaik.cms.RecipientInfo

KEK_RECIPIENT_INFO, KEY_AGREE_RECIPIENT_INFO, KEY_TRANSPORT_RECIPIENT_INFO, keyEncryptionAlgorithm_, OTHER_RECIPIENT_INFO, PASSWORD_RECIPIENT_INFO, securityProvider_, version_

Constructor Summary

PasswordRecipientInfo()
Default Constructor.

PasswordRecipientInfo(AlgorithmID keyDerivationAlg, AlgorithmID keyEncrAlg, byte[] encryptedKey)
Creates a PasswordRecipientInfo object for the given key derivation function, key-encryption algorithm, and already encrypted content encryption key.

PasswordRecipientInfo(AlgorithmID keyEncrAlg, byte[] encryptedKey)
Creates a PasswordRecipientInfo object for the given key-encryption algorithm, and already encrypted content encryption key.

PasswordRecipientInfo(AlgorithmID keyEncrAlg, java.security.Key kek)
Creates a PasswordRecipientInfo object for the given key-encryption algorithm and key encryption key.

PasswordRecipientInfo(AlgorithmID keyEncrAlg, java.security.Key kek, java.security.AlgorithmParameters params)
Creates a PasswordRecipientInfo object for the given key-encryption algorithm and key encryption key.

PasswordRecipientInfo(ASN1Object obj)
Creates a PasswordRecipientInfo from an ASN1Object.

PasswordRecipientInfo(ASN1Object obj, SecurityProvider securityProvider)
Creates a PasswordRecipientInfo from an ASN1Object.

PasswordRecipientInfo(char[] password, AlgorithmID keyDerivationAlg, java.security.spec.AlgorithmParameterSpec keyDerivatoinParamSpec, AlgorithmID keyEncrAlg, java.security.AlgorithmParameters keyEncrParams)
Creates a PasswordRecipientInfo object for deriving key encryption key (kek) from the supplied password.

PasswordRecipientInfo(char[] password, AlgorithmID keyDerivationAlg, java.security.spec.AlgorithmParameterSpec keyDerivatoinParamSpec, AlgorithmID keyEncrAlg, java.security.AlgorithmParameters keyEncrParams, SecurityProvider securityProvider)
Creates a PasswordRecipientInfo object for deriving key encryption key (kek) from the supplied password.

Method Summary

void	decode(ASN1Object obj) Decodes the given ASN.1 PasswordRecipientInfo object for parsing the internal structure.
javax.crypto.SecretKey	decryptKey(char[] password) Derives a key encryption key from the given password to decrypt (unwrap) the encrypted (wrapped) content-encryption key.
javax.crypto.SecretKey	decryptKey(char[] password, AlgorithmID keyDerivationAlg, java.security.spec.AlgorithmParameterSpec keyDerivatoinParamSpec, java.lang.String cekAlgName) Derives a key encryption key from the given password to decrypt (unwrap) the encrypted (wrapped) content-encryption key.
javax.crypto.SecretKey	decryptKey(char[] password, java.lang.String cekAlgName) Derives a key encryption key from the given password to decrypt (unwrap) the encrypted (wrapped) content-encryption key.
javax.crypto.SecretKey	decryptKey(java.security.Key kek, KeyIdentifier recipientIdentifier, java.lang.String cekAlgName) Uses the given key encryption key to decrypt (unwrap) the encrypted (wrapped) content-encryption key.
void	encryptKey(javax.crypto.SecretKey cek) Encrypts (wraps) the given secret content-encryption key.
byte[]	getEncryptedKey() Returns the encrypted content-encryption key.
byte[]	getEncryptedKey(KeyIdentifier recipientIdentifier) Returns the encrypted content-encryption key.
AlgorithmID	getKeyDerivationAlgorithm() Returns the key derivation algorithm used for deriving the key encryption key (kek) from a password.
KeyIdentifier[]	getRecipientIdentifiers() Returns an empty KeyIdentifier array.
boolean	isRecipientInfoFor(KeyIdentifier recipientIdentifier) Always returns false indicating that a PasswordRecipientInfo does not use certificates.
CertificateIdentifier	isRecipientInfoFor(X509Certificate recipientCertificate) Always returns null indicating that a PasswordRecipientInfo does not use certificates.
ASN1Object	toASN1Object() Returns this PasswordRecipientInfo as ASN1Object.
java.lang.String	toString() Returns a string giving some information about this PasswordRecipientInfo object.

Methods inherited from class iaik.cms.RecipientInfo

createRecipientInfos, decryptKey, decryptKey, decryptKey, getKeyEncryptionAlgorithm, getRecipientInfoType, getSecurityProvider, getVersion, parseRecipientInfo, parseRecipientInfo, parseRecipientInfo, parseRecipientInfo, parseRecipientInfos, parseRecipientInfos, setSecurityProvider

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

PasswordRecipientInfo

public PasswordRecipientInfo()

Default Constructor. Creates an empty PasswordRecipientInfo object and sets the version number to 0.
Only used for dynamic object creation. Shall not be used by an application.

PasswordRecipientInfo

public PasswordRecipientInfo(AlgorithmID keyEncrAlg,
                             byte[] encryptedKey)

Creates a PasswordRecipientInfo object for the given key-encryption algorithm, and already encrypted content encryption key. The already encrypted secret key is supplied as byte array and has been encrypted using the given key-encryption algorithm.
Note: this constructor internally creates a clone of the supplied key-encryption AlgorithmID.

Parameters:

keyEncrAlg - the ID of the key-encryption (key-wrap) algorithm that has been used for encrypting the content-encryption key

encryptedKey - the already encrypted secret content-encryption key

PasswordRecipientInfo

public PasswordRecipientInfo(AlgorithmID keyDerivationAlg,
                             AlgorithmID keyEncrAlg,
                             byte[] encryptedKey)

Creates a PasswordRecipientInfo object for the given key derivation function, key-encryption algorithm, and already encrypted content encryption key. The already encrypted secret key is supplied as byte array and has been encrypted using the given key-encryption algorithm with a key encryption key (kek) that has been derived from a password according to the given key derivation algorithm.
Note: this constructor internally creates clones of the supplied Algorithm IDs.

Parameters:

keyDerivationAlg - the key derivation algorithm (may be null if the kek has not been derived from a password)

keyEncrAlg - the ID of the key-encryption (key-wrap) algorithm that has been used for encrypting the content-encryption key

encryptedKey - the already encrypted secret content-encryption key

PasswordRecipientInfo

public PasswordRecipientInfo(AlgorithmID keyEncrAlg,
                             java.security.Key kek,
                             java.security.AlgorithmParameters params)

Creates a PasswordRecipientInfo object for the given key-encryption algorithm and key encryption key. When later calling encryptKey the supplied kek and parameters are used to encrypt the content encryption key (cek).

Note: this constructor internally creates a clone of the supplied key-encryption AlgorithmID.

Parameters:

keyEncrAlg - the ID of the key-encryption (key-wrap) algorithm to be used for encrypting the content-encryption key

kek - the secret key encryption key to be used for encrypting the content-encryption key

params - any algorithm parameters to be used for intializing the key wrap cipher

PasswordRecipientInfo

public PasswordRecipientInfo(AlgorithmID keyEncrAlg,
                             java.security.Key kek)

Creates a PasswordRecipientInfo object for the given key-encryption algorithm and key encryption key. When later calling encryptKey the supplied kek is used to encrypt the content encryption key (cek).

Note: this constructor internally creates a clone of the supplied key-encryption AlgorithmID.

Parameters:

keyEncrAlg - the ID of the key-encryption (key-wrap) algorithm to be used for encrypting the content-encryption key

kek - the secret key encryption key to be used for encrypting the content-encryption key

PasswordRecipientInfo

public PasswordRecipientInfo(char[] password,
                             AlgorithmID keyDerivationAlg,
                             java.security.spec.AlgorithmParameterSpec keyDerivatoinParamSpec,
                             AlgorithmID keyEncrAlg,
                             java.security.AlgorithmParameters keyEncrParams)
                      throws java.security.NoSuchAlgorithmException,
                             java.security.InvalidAlgorithmParameterException

Creates a PasswordRecipientInfo object for deriving key encryption key (kek) from the supplied password. When later calling encryptKey the derived kek is used to encrypt the content encryption key (cek).

Note: this constructor internally creates cloned of the supplied Algorithm IDs.

Parameters:

password - the password from which to derive the key encryption key (kek)

keyDerivationAlg - the key derivation function to be used for deriving the kek

keyDerivatoinParamSpec - any parameters required by the key derivation function

keyEncrAlg - the ID of the key-encryption (key-wrap) algorithm to be used for encrypting the content-encryption key

keyEncrParams - any algorithm parameters to be used for intializing the key wrap cipher

Throws:

java.security.NoSuchAlgorithmException

java.security.InvalidAlgorithmParameterException

PasswordRecipientInfo

public PasswordRecipientInfo(char[] password,
                             AlgorithmID keyDerivationAlg,
                             java.security.spec.AlgorithmParameterSpec keyDerivatoinParamSpec,
                             AlgorithmID keyEncrAlg,
                             java.security.AlgorithmParameters keyEncrParams,
                             SecurityProvider securityProvider)
                      throws java.security.NoSuchAlgorithmException,
                             java.security.InvalidAlgorithmParameterException

Creates a PasswordRecipientInfo object for deriving key encryption key (kek) from the supplied password. When later calling encryptKey the derived kek is used to encrypt the content encryption key (cek).

Note: this constructor internally creates cloned of the supplied Algorithm IDs.

Parameters:

password - the password from which to derive the key encryption key (kek)

keyDerivationAlg - the key derivation function to be used for deriving the kek

keyDerivatoinParamSpec - any parameters required by the key derivation function

keyEncrAlg - the ID of the key-encryption (key-wrap) algorithm to be used for encrypting the content-encryption key

keyEncrParams - any algorithm parameters to be used for intializing the key wrap cipher

securityProvider - the SecurityProvider to be used

Throws:

java.security.NoSuchAlgorithmException

java.security.InvalidAlgorithmParameterException

PasswordRecipientInfo

public PasswordRecipientInfo(ASN1Object obj)
                      throws CodingException

Creates a PasswordRecipientInfo from an ASN1Object.

The ASN1Object supplied to this constructor represents an already exisiting PasswordRecipientInfo object that may have been created by calling toASN1Object.

Parameters:

obj - the PasswordRecipientInfo as ASN1Object

Throws:

CodingException - if the object can not be parsed

PasswordRecipientInfo

public PasswordRecipientInfo(ASN1Object obj,
                             SecurityProvider securityProvider)
                      throws CodingException

Creates a PasswordRecipientInfo from an ASN1Object.

The ASN1Object supplied to this constructor represents an already exisiting PasswordRecipientInfo object that may have been created by calling toASN1Object.

Parameters:

obj - the PasswordRecipientInfo as ASN1Object

securityProvider - the SecurityProvider to be used by this object, if null use the default system-wide installed SecurityProvider

Throws:

CodingException - if the object can not be parsed

Method Detail

decode

public void decode(ASN1Object obj)
            throws CodingException

Decodes the given ASN.1 PasswordRecipientInfo object for parsing the internal structure.

This method internally is called when creating a CMS PasswordRecipientInfo object from an already existing PasswordRecipientInfo object, supplied as ASN1Object.

Parameters:

obj - the CMS PasswordRecipientInfo as ASN1Object

Throws:

CodingException - if the object can not be parsed

toASN1Object

public ASN1Object toASN1Object()

Returns this PasswordRecipientInfo as ASN1Object.

The ASN1Object returned by this method represents the ASN.1 structure of a PasswordRecipientInfo according to RFC 3211 (Password-based Encryption for CMS):

 PasswordRecipientInfo ::= SEQUENCE {
     version CMSVersion,   -- Always set to 0
     keyDerivationAlgorithm
        [0] KeyDerivationAlgorithmIdentifier OPTIONAL,
    keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
    encryptedKey EncryptedKey }
 

Returns:

this PasswordRecipientInfo as ASN1Object.

decryptKey

public javax.crypto.SecretKey decryptKey(java.security.Key kek,
                                         KeyIdentifier recipientIdentifier,
                                         java.lang.String cekAlgName)
                                  throws CMSException,
                                         java.security.InvalidKeyException

Uses the given key encryption key to decrypt (unwrap) the encrypted (wrapped) content-encryption key. The recovered key is returned as SecretKey.

This method implements the same named method of the abstract parent RecipientInfo class. Since a PasswordRecipientInfo does not contain recipient identification information, any supplied recipientIdentifier is ignored.

Specified by:

decryptKey in class RecipientInfo

Parameters:

kek - the secret key encryption key to be used for decrypting (unwrapping) the encrypted (wrapped) content-encryption key.

recipientIdentifier - recipient identification information; ignored

cekAlgName - the name of the content encryption key (e.g. "AES") to be set for the SecretKey object created by this method

Returns:

the recovered (decrypted) content encryption key as SecretKey

Throws:

CMSException - if the key-decryption process fails for some reason (e.g. the key-encryption algorithm used by this PasswordRecipientInfo is not implemented, a padding error occurs,...)

java.security.InvalidKeyException - if the specified key encryption key (kek) is not valid

decryptKey

public javax.crypto.SecretKey decryptKey(char[] password,
                                         AlgorithmID keyDerivationAlg,
                                         java.security.spec.AlgorithmParameterSpec keyDerivatoinParamSpec,
                                         java.lang.String cekAlgName)
                                  throws CMSException,
                                         java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException,
                                         java.security.InvalidAlgorithmParameterException

Derives a key encryption key from the given password to decrypt (unwrap) the encrypted (wrapped) content-encryption key. The recovered key is returned as SecretKey.

Parameters:

password - the password from which to derive the key encryption key used for decrypting (unwrapping) the encrypted (wrapped) content-encryption key.

keyDerivationAlg - the key derivation algorithm to be used for deriving the key encryption key from the given password

keyDerivatoinParamSpec - any paramters required by the key derivation algorithm

cekAlgName - the name of the content encryption key (e.g. "AES") to be set for the SecretKey object created by this method

Returns:

the recovered (decrypted) content encryption key as SecretKey

Throws:

CMSException - if the key-decryption process fails for some reason (e.g. the requested key derivation algorithm or the key-encryption algorithm used by this PasswordRecipientInfo is not implemented, a padding error occurs,...)

java.security.InvalidKeyException - if the key encryption key (kek) cannot be derived or is not valid

java.security.NoSuchAlgorithmException - if the requested key derivation function is not supported

java.security.InvalidAlgorithmParameterException - if the key derivation parameters are invalid

decryptKey

public javax.crypto.SecretKey decryptKey(char[] password)
                                  throws CMSException,
                                         java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException,
                                         java.security.InvalidAlgorithmParameterException

Derives a key encryption key from the given password to decrypt (unwrap) the encrypted (wrapped) content-encryption key. The recovered key is returned as SecretKey.

Parameters:

password - the password from which to derive the key encryption key used for decrypting (unwrapping) the encrypted (wrapped) content-encryption key.

Returns:

the recovered (decrypted) content encryption key as SecretKey

Throws:

CMSException - if the key-decryption process fails for some reason (e.g. the key derivation algorithm or key-encryption algorithm used by this PasswordRecipientInfo is not implemented, a padding error occurs,...)

java.security.InvalidKeyException - if the key encryption key (kek) cannot be derived or is not valid

java.security.NoSuchAlgorithmException - if the requested key derivation function is not supported

java.security.InvalidAlgorithmParameterException - if the key derivation parameters are invalid

decryptKey

public javax.crypto.SecretKey decryptKey(char[] password,
                                         java.lang.String cekAlgName)
                                  throws CMSException,
                                         java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException,
                                         java.security.InvalidAlgorithmParameterException

Derives a key encryption key from the given password to decrypt (unwrap) the encrypted (wrapped) content-encryption key. The recovered key is returned as SecretKey.

Parameters:

password - the password from which to derive the key encryption key used for decrypting (unwrapping) the encrypted (wrapped) content-encryption key.

Returns:

the recovered (decrypted) content encryption key as SecretKey

Throws:

CMSException - if the key-decryption process fails for some reason (e.g. the key derivation algorithm or key-encryption algorithm used by this PasswordRecipientInfo is not implemented, a padding error occurs,...)

java.security.InvalidKeyException - if the key encryption key (kek) cannot be derived or is not valid

java.security.NoSuchAlgorithmException - if the requested key derivation function is not supported

java.security.InvalidAlgorithmParameterException - if the key derivation parameters are invalid

encryptKey

public void encryptKey(javax.crypto.SecretKey cek)
                throws CMSException

Encrypts (wraps) the given secret content-encryption key.

All required information (key encryption algorithm, key encryption key (or password from which to derive the kek),...) has been supplied when creating this PasswordRecipientInfo object.

Specified by:

encryptKey in class RecipientInfo

Parameters:

cek - the symmetric content-encryption key to encrypt

Throws:

CMSException - if the key encryption process fails for some reason (e.g. the key-encryption algortihm used by this PasswordRecipientInfo is not implemented, the key encryption key is invalid, a padding error occurs,...)

getRecipientIdentifiers

public KeyIdentifier[] getRecipientIdentifiers()

Returns an empty KeyIdentifier array.

This method only implements the same-name abstract method of the parent abstract class RecipientInfo. Since a PasswordRecipientInfo generally does not contain recipient identification information this method always return an empty KeyIdentifier array indicating that there are no KeyIdentifiers used.

Specified by:

getRecipientIdentifiers in class RecipientInfo

Returns:

an empty KeyIdentifier array

isRecipientInfoFor

public boolean isRecipientInfoFor(KeyIdentifier recipientIdentifier)

Always returns false indicating that a PasswordRecipientInfo does not use certificates.

This method only implements the same-name abstract method of the parent abstract class RecipientInfo. Since a PasswordRecipientInfo generally does not contain recipient identification information this method always return false indicating that this PasswordRecipientInfo may not belong to the recipient with the given recipient identifier.

Specified by:

isRecipientInfoFor in class RecipientInfo

Parameters:

recipientIdentifier - the key identifier belonging to the recipient we are searching for

Returns:

false indicating that this PasswordRecipientInfo may not belong to the recipient with the given id

isRecipientInfoFor

public CertificateIdentifier isRecipientInfoFor(X509Certificate recipientCertificate)

Always returns null indicating that a PasswordRecipientInfo does not use certificates.

This method only implements the same-name abstract method of the parent abstract class RecipientInfo. Since a PasswordRecipientInfo generally does not contain recipient identification information this method always return null indicating that this PasswordRecipientInfo may not belong to the recipient with the given recipient certificate.

Specified by:

isRecipientInfoFor in class RecipientInfo

Parameters:

recipientCertificate - the certificate of the recipient in mind

Returns:

null indicating that this PasswordRecipientInfo may not belong to the recipient with the given certificate

getKeyDerivationAlgorithm

public AlgorithmID getKeyDerivationAlgorithm()

Returns the key derivation algorithm used for deriving the key encryption key (kek) from a password.

Returns:

the key derivation algorithm AlgorithmID, or null if PBE is not used

getEncryptedKey

public byte[] getEncryptedKey()

Returns the encrypted content-encryption key.

Returns:

the encrypted content-encryption key

getEncryptedKey

public byte[] getEncryptedKey(KeyIdentifier recipientIdentifier)
                       throws CMSException

Returns the encrypted content-encryption key.

Since a PasswordRecipientInfo only represents one single recipient the supplied recipientIdentifier is ignored.

Specified by:

getEncryptedKey in class RecipientInfo

Parameters:

recipientIdentifier - recipient identification information; ignored

Returns:

the encrypted content-encryption key

Throws:

CMSException - never thrown

toString

public java.lang.String toString()

Returns a string giving some information about this PasswordRecipientInfo object.

Specified by:

toString in class RecipientInfo

Returns:

the string representation