iaik.security.rsa
Class RawRSAPkcs1v15Signature

java.lang.Object
  |
  +--java.security.SignatureSpi
        |
        +--java.security.Signature
              |
              +--iaik.security.rsa.RSAPkcs1Signature
                    |
                    +--iaik.security.rsa.RSASignature
                          |
                          +--iaik.security.rsa.RawRSAPkcs1v15Signature

public class RawRSAPkcs1v15Signature

extends RSASignature

This class represents a "raw" implemention of the RSA PKCS#1v1.5 digital signature algorithm (RSASSA-PKCS1-v1_5) where the hash on the data to be signed has to be calculated by the application.

In contrast to the RawRSASignature engine class where the application has to do both hash calculation and DigestInfo wrapping, this class only expects that the hash value is supplied to one of its update methods and does the DigestInfo wrapping/unwrapping itself. Since building the DigestInfo requires the knowledge of the hash algorithm in use, the calling application has to supply the corresponding algorithm id as RSASSAPkcs1v15ParameterSpec:

 AlgorithmID hashAlgorithm = AlgorithmID.sha1; 
 RSASSAPkcs1v15ParameterSpec params = new RSASSAPkcs1v15ParameterSpec(hashAlgorithm);
 

Generally an application wishing to sign some message or to verify some signature, generally has to perform four steps (in the following example, HASH has to be replaced by the name of the desired hash algorithm):

• First, an instance of the desired signature algorithm has to be created using a proper getInstance method, e.g.:

   Signature rawRsaSignatureEngine = Signature.getInstance("RSAPkcs15", "IAIK");
   

• Second, the Signature object just created has to be properly initialized for signing a message respectively verifying a signature using a RSA private respectively RSA public key, e.g.:
  • Initialize for Signing: rawRsaSignatureEngine.initSign(rsaPrivateKey);
  • Initialize for Verifying: rawRsaSignatureEngine.initVerify(rsaPublicKey);

• Third, the hash algorithm has to be supplied as parameters spec, e.g.:

   AlgorithmID hashAlgorithm = AlgorithmID.HASH; // e.g. AlgorithmID.sha1
   RSASSAPkcs1v15ParameterSpec params = new RSASSAPkcs1v15ParameterSpec(hashAlgorithm);
   rawRsaSignatureEngine.setParameter(null, params);
   

• Finally, if the Signature object has been initialized for signing, the prepared hash to be signed is supplied to it and subsequently the signature is created by calling the sign method returning the signature as byte array. Otherwise, if the Signature object has been initialized for verifying, first the prepared hash to be verified is supplied to the Signature object, and subsequently the signature is verified by calling the verify method, supplied with the byte array holding the corresponding signature value:
  • Supply the prepared hash to be signed, and subsequently sign it:

     rawRsaSignatureEngine.update(preparedHash);
     byte[] signature = rawRsaSignatureEngine.sign();
     

  • Supply the prepared hash to be verified, and verify the signature:

     rawRsaSignatureEngine.update(preparedHash);
     System.out.println("Signature " + (rawRsaSignatureEngine.verify(signature) ? "correct!" : "incorrect!"));
     

Please note that it is the entire responsibility of the application to take care to provide a proper hash value when calling an update method; no check is performed if the supplied hash value corresponds to the hash algorithm in use (e.g. has the correct length).

Version:

File Revision 11

See Also:

Signature

Fields inherited from class iaik.security.rsa.RSASignature

hash

Fields inherited from class java.security.Signature

SIGN, state, UNINITIALIZED, VERIFY

Fields inherited from class java.security.SignatureSpi

appRandom

Constructor Summary

RawRSAPkcs1v15Signature()
Default constructor.

Method Summary

protected Object	engineGetParameter(String param) Returns the hash algorithm parameter used by this PKCS#1.5 signature engine.
protected AlgorithmParameters	engineGetParameters() Returns the hash algorithm parameter used by this PKCS#1.5 signature engine.
protected void	engineSetParameter(AlgorithmParameterSpec params) Sets the hash algorithm parameter to be used by this PKCS#1.5 signature engine.
protected void	engineSetParameter(String param, Object value) Sets the hash algorithm parameter to be used by this PKCS#1.5 signature engine.

Methods inherited from class iaik.security.rsa.RSASignature

engineInitSign, engineInitSign, engineInitVerify, engineSign, engineUpdate, engineUpdate, engineVerify

Methods inherited from class java.security.Signature

clone, getAlgorithm, getInstance, getInstance, getParameter, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, verify

Methods inherited from class java.security.SignatureSpi

engineSign

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

RawRSAPkcs1v15Signature

public RawRSAPkcs1v15Signature()

Default constructor.

Applications use

 Signature.getInstance("RSAPkcs15");
 

for creating a Signature object.

Method Detail

engineSetParameter

protected void engineSetParameter(String param,
                                  Object value)
                           throws InvalidParameterException

Sets the hash algorithm parameter to be used by this PKCS#1.5 signature engine. In contrast to the RawRSASignature engine class where the application has to do both hash calculation and DigestInfo wrapping, this class only expects that the hash value is supplied to one of its update methods and does the DigestInfo wrapping/unwrapping itself. Since building the DigestInfo requires the knowledge of the hash algorithm in use, the calling application has to supply the corresponding algorithm id as RSASSAPkcs1v15ParameterSpec:

 AlgorithmID hashAlgorithm = AlgorithmID.sha1; 
 RSASSAPkcs1v15ParameterSpec params = new RSASSAPkcs1v15ParameterSpec(hashAlgorithm);
 rawRsaSignatureEngine.setParameter(null, params);
 

Overrides:

engineSetParameter in class iaik.security.rsa.RSAPkcs1Signature

Parameters:

param - ignored

value - the hash algorithm supplied as RSASSAPkcs1v15ParameterSpec

Throws:

InvalidParameterException - if the hash algorithm is not supplied as RSASSAPkcs1v15ParameterSpec

engineSetParameter

protected void engineSetParameter(AlgorithmParameterSpec params)
                           throws InvalidAlgorithmParameterException

Sets the hash algorithm parameter to be used by this PKCS#1.5 signature engine. In contrast to the RawRSASignature engine class where the application has to do both hash calculation and DigestInfo wrapping, this class only expects that the hash value is supplied to one of its update methods and does the DigestInfo wrapping/unwrapping itself. Since building the DigestInfo requires the knowledge of the hash algorithm in use, the calling application has to supply the corresponding algorithm id as RSASSAPkcs1v15ParameterSpec:

 AlgorithmID hashAlgorithm = AlgorithmID.sha1; 
 RSASSAPkcs1v15ParameterSpec params = new RSASSAPkcs1v15ParameterSpec(hashAlgorithm);
 rawRsaSignatureEngine.setParameter(null, params);
 

Overrides:

engineSetParameter in class iaik.security.rsa.RSAPkcs1Signature

Throws:

InvalidParameterException - if the hash algorithm is not supplied as RSASSAPkcs1v15ParameterSpec

engineGetParameter

protected Object engineGetParameter(String param)
                             throws InvalidParameterException

Returns the hash algorithm parameter used by this PKCS#1.5 signature engine.

Overrides:

engineGetParameter in class iaik.security.rsa.RSAPkcs1Signature

Returns:

the hash algorithm as RSASSAPkcs1v15Parameters

Throws:

InvalidParameterException - should not occur

engineGetParameters

protected AlgorithmParameters engineGetParameters()

Returns the hash algorithm parameter used by this PKCS#1.5 signature engine.

Returns:

the hash algorithm as RSASSAPkcs1v15Parameters