iaik.iso.iso9796

Class ISO9796P2S2S3ParameterSpec

java.lang.Object

iaik.iso.iso9796.ISO9796P2ParameterSpec

iaik.iso.iso9796.ISO9796P2S2S3ParameterSpec

All Implemented Interfaces:

java.security.spec.AlgorithmParameterSpec

Direct Known Subclasses:

RawISO9796P2S2S3ParameterSpec

public class ISO9796P2S2S3ParameterSpec
extends ISO9796P2ParameterSpec

ParameterSpec for the ISO9796-2 Signature schemes S2 and S3.

ISO 9796-2 specifies three signature schemes (S1, S2, S3) that are based on message recovery. This class extends class ISO9796P2ParameterSpec for specifying additional parameters (salt value, salt length, mask generation function, cMinus value) for the two signature schemes S2 and S3.

Generally the ISO 9796-2 Signature schemes do not use parameters in that sense that they are transmitted with the signature to tell the verifier some information that is required for verifying the signature. Any information that is not included in the signature itself (like, for instance, which of the schemes S1, S2, S3, or which of the underlying signature production functions have been used, or what is the length of salt value used by signature scheme S2 or S3) has to be agreed by other means. In addition to the parameters specified by parent class ISO9796P2ParameterSpec, any of the following parameters can be supplied to an ISO 9796-2 S2S3 Signature engine as ISO9796P2S2S3ParameterSpec object (note that these parameters only can be set to the engine, but not get from it; parameters that are got from the engine represent the recovered part of the message):

• Salt length and/or Salt value: The salt value used for signature scheme S2 is created at random. By default the length of the salt value is the length of the hash value produced by the hash algorithm that is used by the Signature engine. The, for instance, "SHA1andMGF1/RSA-ISO9796-2-2-3" Signature engine uses a salt value of 20 bytes as this is the length of the hash value produced by the SHA-1 hash algorithm. The default salt length value can be changed by using a ISO9796P2S2S3ParameterSpec object, e.g.:

          // create parameter spec
          ISO9796P2S2S3ParameterSpec paramSpec = new ISO9796P2S2S3ParameterSpec();
          // set salt length:
          int saltLength = ...;
          paramSpec.setSaltLength(saltLength);
          // create Signature engine
          Signature signatureEngine = Signature.getInstance("SHA1andMGF1/RSA-ISO9796-2-2-3", "IAIK");
          // set parameter
          signatureEngine.setParameter(paramSpec);
   

  If no SecureRandom has been explicitly specified via parameterSpec, a default SecureRandom is used for creating random numbers when required by the Signature engine.
  Signature scheme S3 uses a fixed salt value which can be supplied as parameter, e.g.:

          // create parameter spec
          ISO9796P2S2S3ParameterSpec paramSpec = new ISO9796P2S2S3ParameterSpec();
          // set salt value:
          byte[] salt = ...;
          paramSpec.setSalt(salt);
          // create Signature engine
          Signature signatureEngine = Signature.getInstance("SHA1andMGF1/RSA-ISO9796-2-2-3", "IAIK");
          // set parameter
          signatureEngine.setParameter(paramSpec);
   

  As seen from the examples above the signature engine for both signature schemes S2 and S3 are instantiated by the same implementation name ("SHA1andMGF1/RSA-ISO9796-2-2-3"). That is quite correct, both schemes (S2 and S3) are implemented by the same class. By default a random salt is used as required for signature scheme S2. When specifying a fixed salt value via parameter the scheme that is actually used switches from S2 to S3 (which only differ in the usage of random or fixed salt value, respectively).

• Mask generation function: this parameter may be used to specify another mask generation engine than the default one ( MGF1), e.g.:

          // create parameter spec
          ISO9796P2S2S3ParameterSpec paramSpec = new ISO9796P2S2S3ParameterSpec();
          // set the alternative mask generation algorithm:
          MaskGenerationAlgorithm mga = ...;
          paramSpec.setMGFEngine(mga);
          // create Signature engine
          Signature signatureEngine = Signature.getInstance("RSA-ISO9796-2-2-3", "IAIK");
          // set parameter
          signatureEngine.setParameter(paramSpec);
   

• cMinus value: this parameter may be used to specify the number of bits that shall be subtracted from the capacity (max length of recovered part of the message) of the signature scheme to give the actual length of the recovered part of the message. By the default, cMinus is 0 to make the recovered part of the message as long es possible. The default cMinus value can be changed by using a ISO9796P2S2S3ParameterSpec object, e.g.:

          // create parameter spec
          ISO9796P2S2S3ParameterSpec paramSpec = new ISO9796P2S2S3ParameterSpec();
          // set the CMinus value
          int cMinus = ...;
          paramSpec.setCMinus(cMinus);
          // create Signature engine
          Signature signatureEngine = Signature.getInstance("SHA1andMGF1/RSA-ISO9796-2-2-3", "IAIK");
          // set parameter
   signatureEngine.setParameter(paramSpec);
   
   

Version:

File Revision 1

See Also:

ISO9796P2Signature, ISO9796P2S2S3Signature, ISO9796P2ParameterSpec, RawISO9796P2S2S3ParameterSpec, RecoveredMessage, RSAISO9796P2Signature, RSAISO9796P2S2S3Signature, SHAwithRSAISO9796P2Signature, SHA256withRSAISO9796P2Signature, SHA384withRSAISO9796P2Signature, SHA512withRSAISO9796P2Signature, RIPEMD128withRSAISO9796P2Signature, RIPEMD160withRSAISO9796P2Signature, SHAwithRSAISO9796P2S2S3andMGF1Signature, SHA256withRSAISO9796P2S2S3andMGF1Signature, SHA384withRSAISO9796P2S2S3andMGF1Signature, SHA512withRSAISO9796P2S2S3andMGF1Signature, RIPEMD128withRSAISO9796P2S2S3andMGF1Signature, RIPEMD160withRSAISO9796P2S2S3andMGF1Signature

Constructor Summary

Constructors

Constructor and Description
ISO9796P2S2S3ParameterSpec() Default constructor.

Method Summary

Modifier and Type	Method and Description
int	getCMinus() Gets the value that shall be subtracted from the capacity c (maximum bit length of the recovered message) to get the actual length c* of the recovered message.
MaskGenerationAlgorithm	getMGFEngine() Gets the MaskGenerationAlgorithm engine.
byte[]	getSalt() Gets the salt value, if set by the application.
int	getSaltLength() Gets the salt length.
void	setCMinus(int cMinus) Sets the value that shall be subtracted from the capacity c (maximum bit length of the recovered part of message) to get the actual length c* of the recovered part of message.
void	setMGFEngine(MaskGenerationAlgorithm mgfEngine) Sets the MaskGenerationAlgorithm engine to be used.
void	setSalt(byte[] salt) Sets the salt value.
void	setSaltLength(int saltLength) Sets the salt length.
java.lang.String	toString() Returns a String representation of this ParameterSpec.

Methods inherited from class iaik.iso.iso9796.ISO9796P2ParameterSpec

getHashEngine, getHashID, getHashLen, getSecureRandom, getUseAlternativeSignatureFunction, getUseExplicitTrailer, setHashEngine, setHashID, setSecureRandom, setUseAlternativeSignatureFunction, setUseExplicitTrailer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

ISO9796P2S2S3ParameterSpec

public ISO9796P2S2S3ParameterSpec()

Default constructor. Use any of the set* methods to fill this ParameterSpec object with values.

Method Detail

setSaltLength

public void setSaltLength(int saltLength)

Sets the salt length. The supplied salt length value may be zero (0) but not negative. If the value is zero, signature scheme 3 will be used by the Signature engine to which this parameters are supplied.

Parameters:

saltLength - the salt length value

Throws:

java.lang.IllegalArgumentException - if the supplied saltLength value is negative (< 0) or does not match to the length of the salt value that may have been set by calling method setSalt

getSaltLength

public int getSaltLength()

Gets the salt length.

Returns:

the salt length value

setSalt

public void setSalt(byte[] salt)

Sets the salt value.

Parameters:

salt - the salt value, maybe null

Throws:

java.lang.IllegalArgumentException - if the length of the given salt does not match to the saltLength that may have been set by calling method setSaltLength

getSalt

public byte[] getSalt()

Gets the salt value, if set by the application.

Returns:

the salt value, or null if not set by the application

setCMinus

public void setCMinus(int cMinus)

Sets the value that shall be subtracted from the capacity c (maximum bit length of the recovered part of message) to get the actual length c* of the recovered part of message.

Parameters:

cMinus - the number of bits that shall be subtracted from the capacity c (max length of the recovered part of the message) to get c* (actual length of the recovered part of the message); default: 0 (to make the recovered part of the message as long as possible)

Throws:

java.lang.IllegalArgumentException - if the provided value is negative

getCMinus

public int getCMinus()

Gets the value that shall be subtracted from the capacity c (maximum bit length of the recovered message) to get the actual length c* of the recovered message.

Returns:

the number of bits that shall be subtracted from the capacity c (max length of recovered message) to get c* (actual length of recovered message); default: 0 (to make the recovered part of the message as long as possible)

setMGFEngine

public void setMGFEngine(MaskGenerationAlgorithm mgfEngine)

Sets the MaskGenerationAlgorithm engine to be used.

Parameters:

mgfEngine - the MaskGenerationAlgorithm engine to be used

getMGFEngine

public MaskGenerationAlgorithm getMGFEngine()

Gets the MaskGenerationAlgorithm engine.

Returns:

the MGF engine to be used; or null if not set by the application

toString

public java.lang.String toString()

Returns a String representation of this ParameterSpec.

Overrides:

toString in class ISO9796P2ParameterSpec

Returns:

a String representation