iaik.cms.SecurityProvider
iaik.cms.IaikProvider
iaik.cms.ecc.IaikEccProvider
|
IAIK CMS/SMIME Toolkit API Documentation
Version 6.1 |
||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
Install.html)
public class IaikEccProvider
This class implements a CMS SecurityProvider for the (deprecated) IAIK-ECC cryptographic provider "IAIK_ECC", version 2.0 or later.
This CMS SecurityProvider implements some methods that are required for supporting Ephemeral-Static ECDH according to RFC 3278.
To install this security provider call:
// register IAIK-ECC provider iaik.security.ecc.provider.ECCProvider.addAsProvider(); // install security provider SecurityProvider.setSecurityProvider(new IaikEccProvider());
SecurityProvider,
IaikProvider| Field Summary | |
|---|---|
static iaik.asn1.structures.AlgorithmID |
ecka_eg_X963KDF_SHA256
Deprecated. AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 using ANSI X9.63 KDF with SHA-256. |
static iaik.asn1.structures.AlgorithmID |
ecka_eg_X963KDF_SHA384
Deprecated. AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 using ANSI X9.63 KDF with SHA-384. |
static iaik.asn1.structures.AlgorithmID |
ecka_eg_X963KDF_SHA512
Deprecated. AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 sing ANSI X9.63 KDF with SHA-512. |
| Fields inherited from class iaik.cms.IaikProvider |
|---|
ALG_SIGNATURE_RAWRSA, ALG_SIGNATURE_RAWRSASSA_PKCS1_V15 |
| Constructor Summary | |
|---|---|
IaikEccProvider()
Deprecated. Default Constructor. |
|
IaikEccProvider(boolean installProvider)
Deprecated. Creates an IaikEccProvider. |
|
| Method Summary | |
|---|---|
byte[] |
calculateSharedSecret(iaik.asn1.structures.AlgorithmID keyAgreementAlgorithm,
java.security.Key key,
java.security.Key otherKey,
java.security.spec.AlgorithmParameterSpec paramSpec)
Deprecated. This method uses the specified KeyAgreement algorithm to calculate a shared secret between the owners of the given private and public key. |
void |
checkDomainParameters(java.security.PrivateKey myKey,
java.security.PublicKey otherKey)
Deprecated. Checks if the given private and public key agreement keys have the same domain parameters. |
javax.crypto.SecretKey |
createSharedKeyEncryptionKey(iaik.asn1.structures.AlgorithmID keyAgreeAlg,
java.security.PrivateKey myKey,
java.security.PublicKey otherKey,
iaik.asn1.structures.AlgorithmID kea,
int kekLength,
byte[] ukm,
java.lang.String kekName)
Deprecated. Creates a shared secret key encryption key for the given key agreement algorithm. |
static void |
encodeX963KdfKeyEncryptionAlgorithmParametersAsNull(boolean encodeParameterAsNull)
Deprecated. Whether to encode the parameters field of the key-encryption algorithm as ASN.1 NULL (if no parameters are present) when creating the ECC-CMS-SharedInfo for the ASN1-X9.63-KDF key derivation function. |
java.security.KeyPair |
generateKeyAgreementKeyPair(iaik.asn1.structures.AlgorithmID keyAgreeAlgorithm,
java.security.PublicKey otherKey)
Deprecated. Generates a ECDH key pair with same domain parameters of the given ECDH public key for the ECDH key agreement method. |
iaik.asn1.ASN1Object |
getASN1OriginatorPublicKey(java.security.PublicKey originatorPublicKey)
Deprecated. Gets an ASN.1 representation of the provided originator ECDH public key. |
java.security.spec.AlgorithmParameterSpec |
getEllipticCurveParameterSpec(java.lang.String curveName)
Deprecated. Creates an EC AlgorithmParameterSpec for the given curve name. |
javax.crypto.KeyAgreement |
getKeyAgreement(iaik.asn1.structures.AlgorithmID keyAgreementAlgorithm,
java.security.Key key,
java.security.spec.AlgorithmParameterSpec paramSpec)
Deprecated. This method returns the desired KeyAgreement object. |
int |
getKeyLength(java.security.PrivateKey privKey)
Deprecated. Calculates the length of the given private key. |
int |
getKeyLength(java.security.PublicKey pubKey)
Deprecated. Calculates the length of the given public key. |
java.security.PublicKey |
getOriginatorPublicKey(iaik.asn1.ASN1Object obj)
Deprecated. Decodes the OriginatorPublicKey from the given ASN1Object. |
java.lang.String |
getProviderName()
Deprecated. Gets the name of the underlying cryptographic provider. |
java.security.Signature |
getSignature(iaik.asn1.structures.AlgorithmID signatureAlgorithm,
int mode,
java.security.Key key,
java.security.spec.AlgorithmParameterSpec paramSpec)
Deprecated. This method returns the desired Signature object. |
java.security.Signature |
getSignature(java.lang.String signatureAlgorithm,
int mode,
java.security.Key key,
java.security.spec.AlgorithmParameterSpec paramSpec)
Deprecated. This method returns the desired Signature object. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final iaik.asn1.structures.AlgorithmID ecka_eg_X963KDF_SHA256
public static final iaik.asn1.structures.AlgorithmID ecka_eg_X963KDF_SHA384
public static final iaik.asn1.structures.AlgorithmID ecka_eg_X963KDF_SHA512
| Constructor Detail |
|---|
public IaikEccProvider()
public IaikEccProvider(boolean installProvider)
installProvider - whether to install the IAIK and IAIK-ECC providers
within the JCA framework or to use them without
installing them within the JCA framework| Method Detail |
|---|
public static final void encodeX963KdfKeyEncryptionAlgorithmParametersAsNull(boolean encodeParameterAsNull)
RFC 3278 has required to encode missing parameters as NULL:
ECC-CMS-SharedInfo ::= SEQUENCE {
keyInfo AlgorithmIdentifier,
entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
suppPubInfo [2] EXPLICIT OCTET STRING }
where keyInfo is the key encryption algorithm with NULL parameters...
However, the successor of RFC 3278, RFC 5753 has changed this requirement to
make the encoding of absent parameters dependent of the key-encryption algorithm
in use:
ECC-CMS-SharedInfo ::= SEQUENCE {
keyInfo AlgorithmIdentifier,
entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
suppPubInfo [2] EXPLICIT OCTET STRING }
The fields of ECC-CMS-SharedInfo are as follows:
keyInfo contains the object identifier of the key-encryption
algorithm (used to wrap the CEK) and associated parameters. In
this specification, 3DES wrap has NULL parameters while the AES
wraps have absent parameters.
If required to be compatible with RFC 3278 this method can be called to enforce
to encode missing parameters of the key-encryption algorithm as NULL when creating the
ECC-CMS-SharedInfo for the ASN1-X9.63-KDF key derivation function.
encodeParameterAsNull - whether to encode absent key encryption algorithm parameters
as NULL when creating the ECC-CMS-SharedInfo for the
ASN1-X9.63-KDF key derivation function (default: false).public java.lang.String getProviderName()
getProviderName in class SecurityProvider
public java.security.Signature getSignature(iaik.asn1.structures.AlgorithmID signatureAlgorithm,
int mode,
java.security.Key key,
java.security.spec.AlgorithmParameterSpec paramSpec)
throws java.security.InvalidKeyException,
java.security.NoSuchAlgorithmException
SIGNATURE_SIGN or
SIGNATURE_VERIFY the signature object is to be
initialized with the provided key in the respective mode.
If algorithm parameters are specified they are set for the
Signature engine.
getSignature in class SecurityProvidersignatureAlgorithm - the AlgorithmID of the Signature algorithmmode - the mode indicating if the engine has to be initializedkey - the key for initializing the Signature engineparamSpec - any parameters to be set for the Signature engine, if not null
java.security.InvalidKeyException - if the key is not valid
java.security.NoSuchAlgorithmException - if no Signature engine is
available for the requested algorithm
public java.security.Signature getSignature(java.lang.String signatureAlgorithm,
int mode,
java.security.Key key,
java.security.spec.AlgorithmParameterSpec paramSpec)
throws java.security.InvalidKeyException,
java.security.NoSuchAlgorithmException
SIGNATURE_SIGN or
SIGNATURE_VERIFY the signature object is to be
initialized with the provided key in the respective mode.
If algorithm parameters are specified they are set for the
Signature engine.
getSignature in class SecurityProvidersignatureAlgorithm - the name of the Signature algorithmmode - the mode indicating if the engine has to be initializedkey - the key for initializing the Signature engineparamSpec - any parameters to be set for the Signature engine, if not null
java.security.InvalidKeyException - if the key is not valid
java.security.NoSuchAlgorithmException - if no Signature engine is
available for the requested algorithmpublic int getKeyLength(java.security.PublicKey pubKey)
getKeyLength in class SecurityProviderpubKey - the public key for which to calculate the length
java.lang.IllegalArgumentException - if the public key algorithm is not supportedpublic int getKeyLength(java.security.PrivateKey privKey)
getKeyLength in class SecurityProviderprivKey - the public key for which to calculate the length
java.lang.IllegalArgumentException - if the private key algorithm is not supported
public java.security.KeyPair generateKeyAgreementKeyPair(iaik.asn1.structures.AlgorithmID keyAgreeAlgorithm,
java.security.PublicKey otherKey)
throws java.security.NoSuchAlgorithmException,
java.security.InvalidKeyException,
java.security.InvalidAlgorithmParameterException
This method is called by the library for creating the originator key pair if
the OriginatorPublicKey alternative is used
for representing the public key of the originator within a KeyAgreeRecipientInfo. The public key supplied
to this method is the one of the recipient and the key pair returned by this
method must have domain parameters matching to those of the given recipient public
key. According RFC 3278 the OriginatorPublicKey has to be used
for representing the public key of the originator if ECDH is used as key agreement
algorithm.
generateKeyAgreementKeyPair in class IaikProviderkeyAgreeAlgorithm - the key agreement algorithm to be usedotherKey - the public key of the other party
java.security.NoSuchAlgorithmException - if the requested algorithm is not available
java.security.InvalidKeyException - if the key is not appropriate for the key agreement algorithm
java.security.InvalidAlgorithmParameterException - if the parameters are invalid
public iaik.asn1.ASN1Object getASN1OriginatorPublicKey(java.security.PublicKey originatorPublicKey)
throws CMSException
Ephemeral-Static ECDH according to RFC 3278 requires that the originatorKey algorithm field
of a KeyAgreeRecipientInfo must
contain the id-ecPublicKey oid with NULL parameters, and the
originatorKey publicKey field must contain the DER
encoding of the sending agent's public key (ECPoint) value.
If the supplied key is an ECDH key this method returns an ASN.1 representation of
the ECDH originator public key. Otherwise it simply calls
super.getASN1OriginatorPublicKey.
getASN1OriginatorPublicKey in class IaikProvideroriginatorPublicKey - the originator public key from which to get an ASN.1 representation
CMSException - if the key cannot be ASN.1 represented
public java.security.PublicKey getOriginatorPublicKey(iaik.asn1.ASN1Object obj)
throws CMSException
Ephemeral-Static ECDH according to RFC 3278 requires that the originatorKey algorithm field
of a KeyAgreeRecipientInfo must
contain the id-ecPublicKey oid with NULL parameters, and the
originatorKey publicKey field must contain the DER
encoding of the sending agent's public key (ECPoint) value.
If the supplied ASN1Object represents an ECDH key this method returns an
internal ECPublicKey only containing the public key value (ECPoint) but
no parameters, otherwise this method calls super.getOriginatorPublicKey.
getOriginatorPublicKey in class SecurityProviderobj - the OriginatorPublicKey as ASN1Object
CMSException - if the ASN1Object cannot be decoded or
is invalid structured
public void checkDomainParameters(java.security.PrivateKey myKey,
java.security.PublicKey otherKey)
throws java.security.InvalidParameterException
If the supplied keys are ECDH keys the parameters are checked.
Otherwise super.checkDomainParameters is called.
checkDomainParameters in class IaikProvidermyKey - the private key of the first partyotherKey - the public key of the other party
java.security.InvalidParameterException - if the domain parameters do not match
public javax.crypto.KeyAgreement getKeyAgreement(iaik.asn1.structures.AlgorithmID keyAgreementAlgorithm,
java.security.Key key,
java.security.spec.AlgorithmParameterSpec paramSpec)
throws java.security.InvalidKeyException,
java.security.InvalidAlgorithmParameterException,
java.security.NoSuchAlgorithmException
getKeyAgreement in class SecurityProviderkeyAgreementAlgorithm - the algorithmID of the key agreement algorithm requestedkey - the (private) key for initializing the KeyAgreementparamSpec - any parameters used for intializing the key agreement
java.security.InvalidKeyException - if the key is not valid
java.security.InvalidAlgorithmParameterException - if the parameters are not valid
java.security.NoSuchAlgorithmException - if no KeyAgreement engine is available
for the requested algorithm
public byte[] calculateSharedSecret(iaik.asn1.structures.AlgorithmID keyAgreementAlgorithm,
java.security.Key key,
java.security.Key otherKey,
java.security.spec.AlgorithmParameterSpec paramSpec)
throws java.security.InvalidKeyException,
java.security.InvalidAlgorithmParameterException,
java.security.NoSuchAlgorithmException
calculateSharedSecret in class SecurityProviderkeyAgreementAlgorithm - the algorithmID of the key agreement algorithm requestedkey - the (private) key for initializing the KeyAgreementotherKey - the (public) key from the other partyparamSpec - any parameters used for initializing the key agreement
java.security.InvalidKeyException - if the key is not valid
java.security.InvalidAlgorithmParameterException - if the parameters are not valid
java.security.NoSuchAlgorithmException - if no KeyAgreement engine is available
for the requested algorithm
public javax.crypto.SecretKey createSharedKeyEncryptionKey(iaik.asn1.structures.AlgorithmID keyAgreeAlg,
java.security.PrivateKey myKey,
java.security.PublicKey otherKey,
iaik.asn1.structures.AlgorithmID kea,
int kekLength,
byte[] ukm,
java.lang.String kekName)
throws java.security.NoSuchAlgorithmException,
java.security.InvalidKeyException,
java.security.InvalidAlgorithmParameterException
Creating a shared key encryption key is required when a key agreement algorithm
is used as key management protocol for the recipient of an EnvelopedData or
AuthenticatedData object. The shared key encryption key will be used by an
KeyAgreeRecipientInfo to encrypt
the secret content encryption key or Mac key.
This method only works for Ephemeral-Static ECDH according to RFC 3278. If another
key agreement method is requested, this method simply calls
super.createSharedKeyEncryptionKey.
createSharedKeyEncryptionKey in class IaikProviderkeyAgreeAlg - the key agreement algorithmmyKey - the private key agreement key of the one partyotherKey - the public key agreement key of the other partykea - the key ancryption algorithm (may be required for kek generation)kekLength - the length of the shared key encryption key to be generatedukm - any user keying material that may be required for kek generationkekName - the name of the key encryption algorithm
java.security.NoSuchAlgorithmException - if the requested algorithm is not available
java.security.InvalidKeyException - if there is a key related problem
java.security.InvalidAlgorithmParameterException - if the parameters are invalid
public java.security.spec.AlgorithmParameterSpec getEllipticCurveParameterSpec(java.lang.String curveName)
throws java.security.spec.InvalidParameterSpecException
getEllipticCurveParameterSpec in class SecurityProvidercurveName - the name of the curve
java.security.spec.InvalidParameterSpecException - if no AlgorithmParameterSpec for the given curve name is
available or cannot be created
|
IAIK CMS/SMIME Toolkit API Documentation
Version 6.1 |
||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
|
v6.1 (c) 2002 IAIK, (c) 2003 - 2025 SIC |
|