|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.security.SignatureSpi | +--java.security.Signature | +--iaik.security.rsa.RSAPkcs1Signature | +--iaik.security.rsa.RSAPssSignature | +--iaik.security.rsa.HASHwithRSAandMGFSignature | +--iaik.security.rsa.SHA256withRSAandMGF1Signature
This class implements PKCS#1v2.1 RSASSA-PSS signature scheme using SHA256 as hash algorithm, MGF1 (with SHA256) as mask generation function, 32 as salt length, and 1 as trailer field (which corresponds to the only trailer field byte -- 0xBC -- supported by PSS).
Although PKCS#1 (v.2.1) requires hash algorithm, mask generation algorithm, salt length and trailer field as parameters for the RSA PSS signature scheme:
RSASSA-PSS-params :: = SEQUENCE { hashAlgorithm [0] HashAlgorithm DEFAULT sha1, maskGenerationAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, saltLength [2] INTEGER DEFAULT 20, trailerField [3] TrailerField DEFAULT trailerFieldBC } HashAlgorithm ::= AlgorithmIdentifer { {OAEP-PSSDigestAlgorithms} } MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} } TrailerField ::= INTEGER { trailerFieldBC(1) }the Java Cryptography Architecture only allows to set the salt length as parameter and specifies all the other parameters by the algorithm standard name to be implemented by a corresponding PSS signature engine: A signature engine that implements the "SHA256withRSAandMGF1" (in general: <digest>with<encryption>and<mgf>) PSS signature algorithm has to use SHA256 as hash- and MGF1 as mask generation algorithm. The trailer field (0xBC) is fixed by the PKCS#1v2.1 standard and the salt length may be supplied as parameter; if not, a default salt length (32 for the SHA256 hash algorithm) will be used.
Because of the JDK1.1.x compatibility of IAIK-JCE there is no proper way to use the
java.security.spec.PSSParameterSpec
class for modelling the saltLength
parameter. The same functionality is provided by class RSAPssSaltParameterSpec
which may be used to supply the saltLength to this PSS based
signature engine; if no salt length is explicitly supplied, the defined default salt length
for the underlying signature engine will be used.
An application also may use a RSAPssSaltParameterSpec
or PKCS1AlgorithmParameterSpec
to provide a SecureRandom object for supplying any random numbers as required by the
PSS signature algorithm. JDK 1.2 (or later) based applications may prefer to use method
initSign(PrivateKey, SecureRandom)
to supply a SecureRandom object if required.
If a SecureRandom never has been supplied by the application, the signature engine will use
a default SecureRandom for generating random numbers.
Generally the following steps have to be performed for calculating/verifying a SHA256withRSAandMGF1 signature:
getInstance
method:
Signature pss = Signature.getInstance("SHA256withRSAandMGF1");
pss.initSign(rsaPrivateKey);
pss.initVerify(rsaPublicKey);
RSAPssSaltParameterSpec
:
int saltLength = ...; RSAPssSaltParameterSpec saltParamSpec = new RSAPssSaltParameterSpec(hashID, mgfID, saltLength); // set the paramters (for JDK 1.1 use pss.setParameter(null, saltParamSpec);) pss.setParameter(saltParamSpec);
sign
method returning the signature as byte array.
Otherwise, if the Signature object has been initialized for verifying, first the
data to be verified is supplied to the Signature object, and subsequently the
signature is verified by calling the verify
method, supplied with
the byte array holding the corresponding signature value:
pss.update(data); byte[] signature = pss.sign();
pss.update(data); System.out.println("Signature " + (pss.verify(signature) ? "correct!" : "not correct!"));
Signature
Fields inherited from class iaik.security.rsa.RSAPssSignature |
hash |
Fields inherited from class java.security.Signature |
SIGN, state, UNINITIALIZED, VERIFY |
Fields inherited from class java.security.SignatureSpi |
appRandom |
Constructor Summary | |
SHA256withRSAandMGF1Signature()
Default constructor. |
Method Summary | |
protected void |
engineSetParameter(AlgorithmParameterSpec params)
Sets the saltLength parameter for this RSA PSS signature engine. |
Methods inherited from class iaik.security.rsa.RSAPssSignature |
engineGetParameter, engineGetParameters, engineInitSign, engineInitSign, engineInitVerify, engineSetParameter, engineSign, engineUpdate, engineUpdate, engineVerify |
Methods inherited from class java.security.Signature |
clone, getAlgorithm, getInstance, getInstance, getParameter, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, verify |
Methods inherited from class java.security.SignatureSpi |
engineSign |
Methods inherited from class java.lang.Object |
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
public SHA256withRSAandMGF1Signature()
Applications use
Signature signature = Signature.getInstance("SHA256withRSAandMGF1");to get an instance of this PSS signature engine using SHA256 as hash- and MGF1 (with SHA256) as mask generation algorithm.
Method Detail |
protected void engineSetParameter(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException
Although PKCS#1 (v.2.1) requires hash algorithm, mask generation algorithm, salt length and trailer field as parameters for the RSA PSS signature scheme:
RSASSA-PSS-params :: = SEQUENCE { hashAlgorithm [0] HashAlgorithm DEFAULT sha1, maskGenerationAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, saltLength [2] INTEGER DEFAULT 20, trailerField [3] TrailerField DEFAULT trailerFieldBC } HashAlgorithm ::= AlgorithmIdentifer { {OAEP-PSSDigestAlgorithms} } MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} } TrailerField ::= INTEGER { trailerFieldBC(1) }the Java Cryptography Architecture only allows to set the salt length as parameter and specifies all the other parameters by the algorithm standard name to be implemented by a corresponding PSS signature engine: A signature engine that implements the, for instance, "SHA1withRSAandMGF1" (in general: <digest>with<encryption>and<mgf>) PSS signature algorithm has to use SHA-1 as hash- and MGF1 as mask generation algorithm. The trailer field (0xBC) is fixed by the PKCS#1v2.1 standard and the salt length may be supplied as parameter; if not, a default salt length (20 for the SHA-1 hash algorithm) will be used.
Because of the JDK1.1.x compatibility of IAIK-JCE there is no proper way to use the
java.security.spec.PSSParameterSpec
class for modelling the saltLength
parameter. The same functionality is provided by class RSAPssSaltParameterSpec
which may be used to supply the saltLength to this PSS based
signature engine; if no salt length is explicitly supplied, the defined default salt length
for the underlying signature engine will be used.
An application also may use a RSAPssSaltParameterSpec
or PKCS1AlgorithmParameterSpec
to provide a SecureRandom object for supplying any random numbers as required by the
PSS signature algorithm. JDK 1.2 (or later) based applications may prefer to use method
initSign(PrivateKey, SecureRandom)
to supply a SecureRandom object if required.
If a SecureRandom never has been supplied by the application, the signature engine will use
a default SecureRandom for generating random numbers.
engineSetParameter
in class RSAPssSignature
params
- the saltLength parameter supplied as RSAPssSaltParameterSpecInvalidParameterException
- if the parameters are not supplied as RSAPssSaltParameterSpec or
PKCS1AlgorithmParameterSpec
|
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |