iaik.security.rsa
Class SHA256withRSAandMGF1Signature

java.lang.Object
  |
  +--java.security.SignatureSpi
        |
        +--java.security.Signature
              |
              +--iaik.security.rsa.RSAPkcs1Signature
                    |
                    +--iaik.security.rsa.RSAPssSignature
                          |
                          +--iaik.security.rsa.HASHwithRSAandMGFSignature
                                |
                                +--iaik.security.rsa.SHA256withRSAandMGF1Signature

public class SHA256withRSAandMGF1Signature
extends iaik.security.rsa.HASHwithRSAandMGFSignature

This class implements PKCS#1v2.1 RSASSA-PSS signature scheme using SHA256 as hash algorithm, MGF1 (with SHA256) as mask generation function, 32 as salt length, and 1 as trailer field (which corresponds to the only trailer field byte -- 0xBC -- supported by PSS).

Although PKCS#1 (v.2.1) requires hash algorithm, mask generation algorithm, salt length and trailer field as parameters for the RSA PSS signature scheme:

 RSASSA-PSS-params :: = SEQUENCE {
      hashAlgorithm            [0] HashAlgorithm     DEFAULT sha1,
      maskGenerationAlgorithm  [1] MaskGenAlgorithm  DEFAULT mgf1SHA1,
      saltLength               [2] INTEGER           DEFAULT 20,
      trailerField             [3] TrailerField      DEFAULT trailerFieldBC
 }

 HashAlgorithm ::= AlgorithmIdentifer { {OAEP-PSSDigestAlgorithms} }

 MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} }

 TrailerField ::= INTEGER { trailerFieldBC(1) }
 
the Java Cryptography Architecture only allows to set the salt length as parameter and specifies all the other parameters by the algorithm standard name to be implemented by a corresponding PSS signature engine: A signature engine that implements the "SHA256withRSAandMGF1" (in general: <digest>with<encryption>and<mgf>) PSS signature algorithm has to use SHA256 as hash- and MGF1 as mask generation algorithm. The trailer field (0xBC) is fixed by the PKCS#1v2.1 standard and the salt length may be supplied as parameter; if not, a default salt length (32 for the SHA256 hash algorithm) will be used.

Because of the JDK1.1.x compatibility of IAIK-JCE there is no proper way to use the java.security.spec.PSSParameterSpec class for modelling the saltLength parameter. The same functionality is provided by class RSAPssSaltParameterSpec which may be used to supply the saltLength to this PSS based signature engine; if no salt length is explicitly supplied, the defined default salt length for the underlying signature engine will be used.
An application also may use a RSAPssSaltParameterSpec or PKCS1AlgorithmParameterSpec to provide a SecureRandom object for supplying any random numbers as required by the PSS signature algorithm. JDK 1.2 (or later) based applications may prefer to use method initSign(PrivateKey, SecureRandom) to supply a SecureRandom object if required. If a SecureRandom never has been supplied by the application, the signature engine will use a default SecureRandom for generating random numbers.

Generally the following steps have to be performed for calculating/verifying a SHA256withRSAandMGF1 signature:

Version:
File Revision 12
See Also:
Signature

Fields inherited from class iaik.security.rsa.RSAPssSignature
hash
 
Fields inherited from class java.security.Signature
SIGN, state, UNINITIALIZED, VERIFY
 
Fields inherited from class java.security.SignatureSpi
appRandom
 
Constructor Summary
SHA256withRSAandMGF1Signature()
          Default constructor.
 
Method Summary
protected  void engineSetParameter(AlgorithmParameterSpec params)
          Sets the saltLength parameter for this RSA PSS signature engine.
 
Methods inherited from class iaik.security.rsa.RSAPssSignature
engineGetParameter, engineGetParameters, engineInitSign, engineInitSign, engineInitVerify, engineSetParameter, engineSign, engineUpdate, engineUpdate, engineVerify
 
Methods inherited from class java.security.Signature
clone, getAlgorithm, getInstance, getInstance, getParameter, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, verify
 
Methods inherited from class java.security.SignatureSpi
engineSign
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

SHA256withRSAandMGF1Signature

public SHA256withRSAandMGF1Signature()
Default constructor. Shall not be used by an application.

Applications use

 Signature signature = Signature.getInstance("SHA256withRSAandMGF1");
 
to get an instance of this PSS signature engine using SHA256 as hash- and MGF1 (with SHA256) as mask generation algorithm.
Method Detail

engineSetParameter

protected void engineSetParameter(AlgorithmParameterSpec params)
                           throws InvalidAlgorithmParameterException
Sets the saltLength parameter for this RSA PSS signature engine.

Although PKCS#1 (v.2.1) requires hash algorithm, mask generation algorithm, salt length and trailer field as parameters for the RSA PSS signature scheme:

 RSASSA-PSS-params :: = SEQUENCE {
      hashAlgorithm            [0] HashAlgorithm     DEFAULT sha1,
      maskGenerationAlgorithm  [1] MaskGenAlgorithm  DEFAULT mgf1SHA1,
      saltLength               [2] INTEGER           DEFAULT 20,
      trailerField             [3] TrailerField      DEFAULT trailerFieldBC
 }

 HashAlgorithm ::= AlgorithmIdentifer { {OAEP-PSSDigestAlgorithms} }

 MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} }

 TrailerField ::= INTEGER { trailerFieldBC(1) }
 
the Java Cryptography Architecture only allows to set the salt length as parameter and specifies all the other parameters by the algorithm standard name to be implemented by a corresponding PSS signature engine: A signature engine that implements the, for instance, "SHA1withRSAandMGF1" (in general: <digest>with<encryption>and<mgf>) PSS signature algorithm has to use SHA-1 as hash- and MGF1 as mask generation algorithm. The trailer field (0xBC) is fixed by the PKCS#1v2.1 standard and the salt length may be supplied as parameter; if not, a default salt length (20 for the SHA-1 hash algorithm) will be used.

Because of the JDK1.1.x compatibility of IAIK-JCE there is no proper way to use the java.security.spec.PSSParameterSpec class for modelling the saltLength parameter. The same functionality is provided by class RSAPssSaltParameterSpec which may be used to supply the saltLength to this PSS based signature engine; if no salt length is explicitly supplied, the defined default salt length for the underlying signature engine will be used.
An application also may use a RSAPssSaltParameterSpec or PKCS1AlgorithmParameterSpec to provide a SecureRandom object for supplying any random numbers as required by the PSS signature algorithm. JDK 1.2 (or later) based applications may prefer to use method initSign(PrivateKey, SecureRandom) to supply a SecureRandom object if required. If a SecureRandom never has been supplied by the application, the signature engine will use a default SecureRandom for generating random numbers.

Overrides:
engineSetParameter in class RSAPssSignature
Parameters:
params - the saltLength parameter supplied as RSAPssSaltParameterSpec
Throws:
InvalidParameterException - if the parameters are not supplied as RSAPssSaltParameterSpec or PKCS1AlgorithmParameterSpec

This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note).

IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK