RSACipher (6.0 API Documentation)

java.lang.Object
- javax.crypto.CipherSpi
- - iaik.pkcs.pkcs1.RSACipher

Direct Known Subclasses:

RSA
```
public class RSACipher
extends javax.crypto.CipherSpi
```
This class implements the RSA algorithm through the Cipher interface.
An application can use this class to encrypt or decrypt data with RSA public and private keys.
The RSA (Rivest Shamir Adleman) algorithm is one of the most famous public-key algorithms used for data encryption or digital signing based on modulo multiplications. For data encryption, messages are encrypted using the public key (modulus n, public exponent e) of some entity. Since only this entity holds the corresponding private key (private exponent d), nobody else would be able to decrypt the encrypted message. The public key (n,e) is derived by first choosing two random large primes, p and q, from which the modulus is calculated by doing n=pq. The public exponent e must be chosen to be relatively prime to (p-1)(q-1). The corresponding private exponent d yields from the prediction that ed has to be congruent to 1 mod(p-1)(q-1). Encrypting some message m (of size less than n) is done by the continued modulo multiplication c =m^e(mod n), decrypting uses the formula m =c^d(mod n). (see "Applied Cryptography", Bruce Schneier, ISBN 0-471-59756-2).
This class follows the methods described in PKCS#1 (Version 2.1) for RSA en/decrypting some data, and supports both PKCS#1v1.2 encryption schemes, RSAES-OAEP and RSAES-PKCS1-v1_5. PKCS#1v1.5 en/decryption also may be used for PKCS#1v1.5 based signature calculation/verification. but also supports the OAEP encryption scheme of PKCS#1 (Version 2.1).
The encryption process encrypts a given octet string to an encrypted octet string using two integer values as parameters, denoting the modulus (n) and the exponent (c), which either will represent the public exponent (e) or the private exponent (d), depending on whether to perform a public-key or a private-key operation. The decryption process decrypts a given encrypted octet string to an octet string, again using two integer values as parameters, denoting the modulus (n) and the exponent (c), which either will represent the public exponent (e) or the private exponent (d), depending on whether to perform a public-key or a private-key operation. Both encryption and decryption process first convert the given octet-string data input to an integer, which is transformed back to give the octet string output after doing the RSA computation. Before (respectively after) doing initial octet-string-to-integer (respectively final integer-to-octet-string) conversation, padding (unpadding) may be performed according to PKCS#1.
To en/decrypt data without any padding (encryption block formatting) an application may call
```
 Cipher.getInstance("RSA/ECB/NoPadding");
 
```
or
```
 Cipher.getInstance("RSA/NONE/NoPadding");
 
```
However, this is not recommended. Rather PKCS#1 (v1.5 or OAEP) padding should be used. The default padding scheme is PKCS#1v1.5. It may be explicitly requested by by specifying "PKCS1Padding" when instantiating a RSA Cipher object, or by omitting mode and padding name from the transformation string:
```
 Cipher.getInstance("RSA/ECB/PKCS1Padding");
 
```
or
```
 Cipher.getInstance("RSA/NONE/PKCS1Padding");
 
```
is equivalent to:
```
 Cipher.getInstance("RSA");
 
```
The padding block type will automatically be selected as 2 for public key encryption/ private key decryption and 1 for private key encryption/ public key decryption. You can also explicitly specify the desired block type using Cipher.getInstance("RSA/n/PKCS1Padding") where n is the padding type (0, 1, or 2).
Code example:
```
 Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
 rsa.init(Cipher.ENCRYPT_MODE, RSAPrivateKey); // auto selects block type 1
 
```
or
```
 rsa.init(Cipher.ENCRYPT_MODE, RSAPublicKey); // auto selects block type 2
 crypted = rsa.doFinal(data);
 
```
If you want to use OAEP encryption scheme you have to specify "OAEP" as padding scheme when instantiating the cipher object:
```
 Cipher rsa = Cipher.getInstance("RSA/ECB/OAEP");
 
```
OAEP may be parameterized by hash function, mask generation function, and PSourceAlgorithm, (see PKCS#1v2.1:
```
 RSASES-OAEP-params :: = SEQUENCE {
      hashAlgorithm            [0] HashAlgorithm     DEFAULT sha1,
      maskGenerationAlgorithm  [1] MaskGenAlgorithm  DEFAULT mgf1SHA1,
      pSourceAlgorithm         [2] PSourceAlgorithm  DEFAULT pSpecifiedEmpty,
 }
 
 HashAlgorithm ::= Algorithmidentifier { {OAEP-PSSDigestAlgorithms} }
 
 MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} }
 
 PSourceAlgorithm ::= AlgorithmIdentifier { {PKCS1PSourceAlgorithms} }
 
```
By default SHA-1 is used as hash function, MGF1 (with SHA-1 as hash function parameter) is used as mask generation algorithm, and id-pSpecified is used as PSourceAlgorithm (with an empty OCTET STRING as parameter). However, an application explicitly may supply parameters (as RSAOaepParameterSpec) when initializing a RSA Cipher object, e.g.:
```
 // hash, mgf and pSource algorithm ids
 AlgorithmID hashID = (AlgorithmID)AlgorithmID.sha256.clone();
 AlgorithmID mgfID = (AlgorithmID)AlgorithmID.mgf1.clone();
 mgfID.setParameter(hashID.toASN1Object());
 AlgorithmID pSourceID = (AlgorithmID)AlgorithmID.pSpecified.clone();
 byte[] label = ...;
 pSourceID.setParameter(new OCTET_STRING(label));
 // hash and mgf engines
 MessageDigest hashEngine = hashID.getMessageDigestInstance();
 MaskGenerationAlgorithm mgfEngine = mgfID.getMaskGenerationAlgorithmInstance();
 MGF1ParameterSpec mgf1ParamSpec = new MGF1ParameterSpec(hashID);
 mgf1ParamSpec.setHashEngine(hashEngine);
 mgfEngine.setParameters(mgf1ParamSpec);
 // create the RSAOaepParameterSpec
 RSAOaepParameterSpec oaepParamSpec = new RSAOaepParameterSpec(hashID, mgfID, pSourceID);
 // set engines
 oaepParamSpec.setHashEngine(hashEngine);
 oaepParamSpec.setMGFEngine(mgfEngine);
 // create an init a RSA Cipher object:
 Cipher rsa = Cipher.getInstance("RSA/ECB/OAEP");
 PublicKey publicKey = ...;
 rsa.init(Cipher.ENCRYPT_MODE, publicKey, oaepParamSpec);
 // encrypt some data
 byte[] data = ...;
 byte[] encrypted = rsa.doFinal(data);
 
```
If RSAES-OAEP keys (RSAOaepPublicKey, RSAOaepPrivateKey) are used for initializing this Cipher engine, they may contain OAEP parameters. In this case the parameters are taken from the keys, except for the application explicitly specifies parameters. If parameters are specified they may have to be validated against the parameters contained in the key (according to RFC 4055, an OAEP Cipher engine must be only used with the hash algorithm, mask generation function and trailer field parameters that are specified in the key). By default no such validation is performed since it may be the responsibility of the application to take care for proper parameters (or the application may wish to decrypt some encrypted data also if parameters are used that differ from the key parameters). Parameter validation can be turned on/off by calling static method setValidateAgainstOaepKeyParameters.
Alternatively to RSAOaepParameterSpec the OAEP parameters may be specified by means of a javax.ceypto.spec.OAEPParameterSpec object, e.g.:
```
 String hashAlg = "SHA-256";
 String mgfAlg = "MGF1";
 byte[] label = ...;
 java.security.spec.MGF1ParameterSpec mgfParameterSpec = 
   new java.security.spec.MGF1ParameterSpec(hashAlg);
 javax.crypto.spec.PSource.PSpecified pSpecified = null;
 if (label == null) {
   pSpecified = javax.crypto.spec.PSource.PSpecified.DEFAULT;
 } else {   
   pSpecified = new javax.crypto.spec.PSource.PSpecified(label); 
 }
 javax.crypto.spec.OAEPParameterSpec oaepParameterSpec = 
   new javax.crypto.spec.OAEPParameterSpec(hashAlg, mgfAlg, mgfParameterSpec, pSpecified);
 
```
Finally (as third alternative) hash algorithm and mask generation function may also specified directly in the OAEP padding name when instantiating a RSA Cipher engine, e.g.:
```
 Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
 rsa.init(Cipher.ENCRYPT_MODE, publicKey);
 byte[] encrypted = rsa.doFinal(data);
 
```
An OAEP padding scheme that implements the, for instance, "OAEPWithSHA-256AndMGF1Padding" (in general: OAEPWith<digest>And<mgf>Padding) has to use SHA-256 as hash- and MGF1 as mask generation algorithm. The IAIK provider supports OAEP padding for all implemented hash algorithms and the MGF1 mask generation function. The IAIK provider uses the hash algorithm specified in the padding name for both the RSAES-OAEP en/decryption scheme as well as the MGF1 mask generation function. However, the SunJCE provider anytime uses SHA-1 as hash algorithm for the MGF1 mask generation function regardless of which hash algorithm is specified in the padding scheme name. This means that -- when specifying the hash algorithm name in the padding scheme name -- IAIK and SunJCE provider are only compatible when using SHA-1 as hash algorithm:
```
 Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
 
```
In any other case (e.g. "OAEPWithSHA-256AndMGF1Padding") decrypting IAIK encrypted data with the SunJCE provider will fail (and vice verca). To solve the problem the parameters have to be explicitly specified at the en- or decryption side, e.g.:
Encryption:
```
 Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", "IAIK");
 PublicKey pubKey = ...;
 rsa.init(Cipher.ENCRYPT_MODE, pubKey);
 byte[] encrypted = rsa.doFinal(data);
 
```
Decryption:
```
 String hashAlg = "SHA-256";
 String mgfAlg = "MGF1";
 MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec(hashAlg);
 PSource.PSpecified pSpecified = PSource.PSpecified.DEFAULT;
 OAEPParameterSpec oaepParameterSpec = 
   new  OAEPParameterSpec(hashAlg, mgfAlg, mgfParameterSpec, pSpecified);
 Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPPadding", "SunJCE");
 PrivateKey privKey = ...;
 rsa.init(Cipher.DECRYPT_MODE, privKey, oaepParamSpec);
 byte[] decrypted = rsa.doFinal(encrypted);               
 
```
Alternatively you may use this method RSAOaepParameters#setUseSHA1ForMGF1WithJCAStandardName(boolean) to globally configure the IAIK provider to anytime use SHA-1 as hash algorithm for the mask generation function regardless of which hash algorithm is specified in the "OAEPWith<digest>And<mgf>Padding" padding scheme name:
```
 RsaOaepParameters.setUseSHA1ForMGF1WithJCAStandardName(true);
 
```
Of course this configuration setting will have no effect for Ciphers that are explicitly initialized with OAEP parameters.

This class uses blinding for private key operations per default. This is especially useful for protocol implementations like SSL/TLS. The performance decrease is below 10 percent in most cases if blinding is used, but it can grow up to double processing time if the public exponent of a key is randomly chosen and not a special value like 2^16 + 1. In practice almost any public key has such a special exponent that increases the performance.
An application can use the methods isUseBlinding() and setUseBlinding() to determine if blinding is used and to switch blinding on or off for this instance. The methods isUseBlindingDefault() and setUseBlindingDefault() determine and set the default.
Attention! Blinding can only be used if the public exponent is available. This is the case if a CRT private RSAPrivateCrtKey key is used. If an application uses an non-CRT private key and blinding is enabled, the private key operation is processed without blinding.
If the provided private key is a CRT key, the CRT components are used for the RSA operation. The private exponent is not used in this case. Please note that this implementation does not verify the correctness and consistency of the key components.
Version:

File Revision 62

See Also:
Cipher, CipherSpi, RSAPrivateKey, RSAPublicKey, MaskGenerationAlgorithm, MGF1, MGF1ParameterSpec, MGF1Parameters, RSAOaepParameterSpec, RSAOaepPSourceParameterSpec, RSAOaepParameters, RSAPublicKey, RSAPrivateKey, RSAOaepPublicKey, RSAOaepPrivateKey

Field Summary

Fields
Modifier and Type	Field and Description
`protected RSAPrivateKey`	`privKey` The private key; used for private key de/encryption (PKCS#1v1.5), or private key decryption (OAEP).
`protected RSAPublicKey`	`pubKey` The public key; used for public key en/decryption (PKCS#1v1.5), or public key encryption (OAEP).

Constructor Summary

Constructors
Constructor and Description

RSACipher()
Default Constructor for the RSA cipher.

Constructors
Constructor and Description
`RSACipher()` Default Constructor for the RSA cipher.

Method Summary

Methods
Modifier and Type	Method and Description
`protected byte[]`	`engineDoFinal(byte[] in, int inOff, int inLen)` En/decrypts the given data.
`protected int`	`engineDoFinal(byte[] in, int inOff, int inLen, byte[] out, int outOff)` En/decrypts the given data.
`protected int`	`engineGetBlockSize()` This method return 0, because this is not a block cipher.
`protected byte[]`	`engineGetIV()` This method return `null`, because this cipher does not use an IV.
`protected int`	`engineGetKeySize(java.security.Key key)` Returns the size of the given RSA key.
`protected int`	`engineGetOutputSize(int inputLen)` Returns `0`.
`protected java.security.AlgorithmParameters`	`engineGetParameters()` Returns the algorithm parameters, if OAEP padding is used.
`protected void`	`engineInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)` Initializes this RSA cipher with given key and algorithm parameters.
`protected void`	`engineInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)` Initializes this RSA cipher with given key and parameters (if specified).
`protected void`	`engineInit(int opmode, java.security.Key key, java.security.SecureRandom random)` Initializes this RSA cipher with the given key.
`protected void`	`engineSetMode(java.lang.String mode)` Sets the transformation mode.
`protected void`	`engineSetPadding(java.lang.String padding)` Sets the padding scheme of this cipher, which only can be "PKCS1Padding", "NoPadding", "PKCS1PaddingSSL2", or "OAEP", or OAEPWith<digest>And<mgf>Padding (e.g.
`protected java.security.Key`	`engineUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)` Unwraps (RSA decrypts) the given wrapped key.
`protected byte[]`	`engineUpdate(byte[] in, int inOff, int inLen)` Updates this Cipher with the given bytes.
`protected int`	`engineUpdate(byte[] in, int inOff, int inLen, byte[] out, int outOff)` Updates this Cipher with the given bytes.
`protected byte[]`	`engineWrap(java.security.Key key)` Wraps (RSA encrypts) the given key.
`protected java.security.SecureRandom`	`getSecureRandom()` Gets the SecureRandom used by this Signature engine.
`boolean`	`isUseBlinding()` Check if blinding is switched on.
`static boolean`	`isUseBlindingDefault()` Check if blinding is switched on per default.
`protected byte[]`	`rawCrypt(byte[] message)` RSA encrypts or decrypts the given message.
`java.math.BigInteger`	`rawPrivateRSA(java.math.BigInteger message, java.security.interfaces.RSAPrivateKey privateKey, java.util.Random random)` Process a raw RSA operation; i.e.
`java.math.BigInteger`	`rawPublicRSA(java.math.BigInteger message, java.security.interfaces.RSAPublicKey publicKey)` Process a raw RSA operation; i.e.
`static void`	`setDoVerifyCRTSignature(boolean doVerify)` Decides whether to verify an RSA signature immediately after having been created with a CRT key.
`protected void`	`setSecureRandom(java.security.SecureRandom random)` Sets the SecureRandom to be used by this Signature engine.
`boolean`	`setUseBlinding(boolean useBlinding)` Switch blinding on or off.
`static boolean`	`setUseBlindingDefault(boolean useBlindingDefault)` Switch blinding on or off by default.
`static void`	`setValidateAgainstOaepKeyParameters(boolean validate)` Decides whether parameters that are explicitly supplied shall be validated against parameters that maybe contained in RSAES-OAEP keys (if OAEP padding is used with this Cipher engine).

Methods inherited from class javax.crypto.CipherSpi
engineDoFinal, engineUpdate, engineUpdateAAD, engineUpdateAAD

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - privKey
```
protected RSAPrivateKey privKey
```
    The private key; used for private key de/encryption (PKCS#1v1.5), or private key decryption (OAEP).
  - pubKey
```
protected RSAPublicKey pubKey
```
    The public key; used for public key en/decryption (PKCS#1v1.5), or public key encryption (OAEP).
- Constructor Detail
  - RSACipher
```
public RSACipher()
```
    Default Constructor for the RSA cipher. Sets the Padding scheme to "PKCS1Padding" and turns on blinding for private key operations.
    This constructor only internally is used for initializing a RSA Cipher. Applications should not call this constructor to get a RSA Cipher; they should call one of the Cipher.getInstance factory methods instead.
    
    See Also:
    Cipher.getInstance(java.lang.String)
- Method Detail
  - setValidateAgainstOaepKeyParameters
```
public static void setValidateAgainstOaepKeyParameters(boolean validate)
```
    Decides whether parameters that are explicitly supplied shall be validated against parameters that maybe contained in RSAES-OAEP keys (if OAEP padding is used with this Cipher engine). If RSAES-OAEP keys are used for initializing the Cipher engine, they may contain OAEP parameters. In this case, according to RFC 4055, the Cipher engine must be only used with the hash algorithm and mask generation function parameters that are specified in the key. However, an application may want to explicitly specify the parameters to be used by the Cipher engine. When doing so it may be required to validate the given parameters (hash algorithm, mask generation function) against the parameters contained in the RSA-OAEP key. By default no such validation is performed since it may be the responsibility of the application to take care for proper parameters (or the application may wish to decrypt the encrypted data even if parameters are used that differ from the key parameters).
    This method maybe called for generally turning on/off validation against key parameters:
```
 RSACipher.setValidateAgainstOaepKeyParameters(true);
 
```
    Parameters:
    validate - whether to validate against OAEP key parameters or not
  - setDoVerifyCRTSignature
```
public static void setDoVerifyCRTSignature(boolean doVerify)
```
    Decides whether to verify an RSA signature immediately after having been created with a CRT key.
    Verification of an RSA signature maybe appropriate as countermeasure against RSA CRT key leaks (Florian Weimer sept 2015: "Factoring RSA Keys With TLS Perfect Forward Secrecy"). If this RSACipher is used with a private CRT key for signature creation the signature is verified by default immediately after the signature has been calculated.
    This flag does not apply to PSS signatures which are not deterministic and therefore do not need a final signature verification step.
    
    Parameters:
    doVerify - true if RSA signatures shall be verified, false if they shall be not verified
  - isUseBlindingDefault
```
public static boolean isUseBlindingDefault()
```
    Check if blinding is switched on per default. Initially, blinding is switched on; i.e. the result is true.
    
    Returns:
    true, if blinding is used by default.
    See Also:
    setUseBlindingDefault(boolean), rawPrivateRSA(java.math.BigInteger, java.security.interfaces.RSAPrivateKey, java.util.Random), setUseBlinding(boolean), isUseBlinding()
  - setUseBlindingDefault
```
public static boolean setUseBlindingDefault(boolean useBlindingDefault)
```
    Switch blinding on or off by default.
    
    Parameters:
    useBlindingDefault - true to switch on blinding per default, false to switch it off.
    
    Returns:
    The default value of the blinding switch before the call to this method.
    See Also:
    isUseBlindingDefault(), rawPrivateRSA(java.math.BigInteger, java.security.interfaces.RSAPrivateKey, java.util.Random), setUseBlinding(boolean), isUseBlinding()
  - isUseBlinding
```
public boolean isUseBlinding()
```
    Check if blinding is switched on. Per default, blinding is switched on; i.e. the result is true.
    
    Returns:
    true, if blinding is used.
    See Also:
    setUseBlinding(boolean), rawPrivateRSA(java.math.BigInteger, java.security.interfaces.RSAPrivateKey, java.util.Random), setUseBlindingDefault(boolean), isUseBlindingDefault()
  - setUseBlinding
```
public boolean setUseBlinding(boolean useBlinding)
```
    Switch blinding on or off.
    
    Parameters:
    useBlinding - true to switch on blinding, false to switch it off.
    
    Returns:
    The value of the blinding switch before the call to this method.
    See Also:
    isUseBlinding(), rawPrivateRSA(java.math.BigInteger, java.security.interfaces.RSAPrivateKey, java.util.Random), setUseBlindingDefault(boolean), isUseBlindingDefault()
  - rawPrivateRSA
```
public java.math.BigInteger rawPrivateRSA(java.math.BigInteger message,
                                 java.security.interfaces.RSAPrivateKey privateKey,
                                 java.util.Random random)
```
    Process a raw RSA operation; i.e. a modulo exponentiation. If blinding is currently switched on and (!) the privateKey argument is a CRT key which contains the public exponent, this method performs blinding to counter timing attacks. This is especially useful for protocol implementations like SSL/TLS. If the blinding argument is provided (i.e. it is not null), this random object is used to generate the blinding factor. If it is null, the current default random (@see iaik.security.random.SecRandom) will be used.
    
    Parameters:
    message - The message to be decrypted.
    privateKey - The private key providing the key parameters. This must be a CRT key which provides the public exponent to support blinding.
    random - The random object to be used for generating the blinding factor. If null, the current default random is used.
    
    Returns:
    The decrypted message.
    See Also:
    isUseBlinding(), setUseBlinding(boolean), SecRandom.getDefault()
  - rawPublicRSA
```
public java.math.BigInteger rawPublicRSA(java.math.BigInteger message,
                                java.security.interfaces.RSAPublicKey publicKey)
```
    Process a raw RSA operation; i.e. a simple modulo exponentiation.
    
    Parameters:
    message - The message to encrypt.
    publicKey - The public key providing the public exponent and modulus.
    
    Returns:
    The encrypted message.
  - engineInit
```
protected void engineInit(int opmode,
              java.security.Key key,
              java.security.SecureRandom random)
                   throws java.security.InvalidKeyException
```
    Initializes this RSA cipher with the given key.
    Before a cipher object is ready for data processing, it has to be initialized according to the desired cryptographic operation, which is specified by the opmode parameter (either ENCRYPT_MODE or DECRYPT_MODE, or WRAP_MODE or UNWRAP_MODE).
    The key either will be a RSAPrivateKey or a RSAPublicKey, depending on the specific cryptographic operation to be performed. Please note that for RSA ciphers that use OAEP padding a private key only is allowed for decryption and a public key only is allowed for encryption since OAEP does not support signature creation/verification.
    Applications shall use the corresponding init method of javax.crypto.Cipher for provider independently initializing a RSA cipher.
    
    Specified by:
    
    engineInit in class javax.crypto.CipherSpi
    
    Parameters:
    opmode - Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE or Cipher.WRAP_MODE or Cipher.UNWRAP_MODE
    key - an instance of a RSA PublicKey or RSA PrivateKey
    random - source of randomness
    
    Throws:
    
    java.security.InvalidKeyException - if the key is invalid (not a valid RSA key), or if PKCS1Padding is used and the key is not appropriate for the block type, or if OAEP padding is used and private key is tried to be used for an encryption operation or a public key is tried to be for a decryption operation
  - engineInit
```
protected void engineInit(int opmode,
              java.security.Key key,
              java.security.spec.AlgorithmParameterSpec params,
              java.security.SecureRandom random)
                   throws java.security.InvalidAlgorithmParameterException,
                          java.security.InvalidKeyException
```
    Initializes this RSA cipher with given key and algorithm parameters.
    Before a cipher object is ready for data processing, it has to be initialized according to the desired cryptographic operation, which is specified by the opmode parameter (either ENCRYPT_MODE or DECRYPT_MODE, or WRAP_MODE or UNWRAP_MODE).
    The key either will be a RSAPrivateKey or a RSAPublicKey, depending on the specific cryptographic operation to be performed. Please note that for RSA ciphers that use OAEP padding a private key only is allowed for decryption and a public key only is allowed for encryption since OAEP does not support signature creation/verification.
    Parameters (RSAOaepParameterSpec or RSAOaepPSourceParameterSpec are only allowed for OAEP padding. In this case, if the given key is a RSAOaepPublicKey or RSAOaepPrivateKey that contains OAEP parameters the parameters are taken from the key. However, if the application has explicitly specified parameters and wants to validate them against the key parameters, the hash algorithm id and mask generation function id are checked if can be used with the given OAEP key. According to RFC 4055, an OAEP Cipher engine must be only used with the hash algorithm and mask generation function parameters that are specified in the key (if OAEP keys are used that contain OAEP parameters).
    Applications shall use the corresponding init method of javax.crypto.Cipher for provider independently initializing a RSA cipher.
    
    Specified by:
    
    engineInit in class javax.crypto.CipherSpi
    
    Parameters:
    opmode - Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE or Cipher.WRAP_MODE or Cipher.UNWRAP_MODE
    key - an instance of a RSA PublicKey or RSA PrivateKey
    params - algorithm parameters that may be used for OAEP padding
    random - source of randomness
    
    Throws:
    
    java.security.InvalidAlgorithmParameterException - if OAEP padding is not used or the parameters are invalid (not a instance of RSAOaepParameterSpec or RSAOaepPSourceParameterSpec, or OAEP padding is used with an OAEP-key and the given parameters cannot be validated against the parameters contained the key
    
    java.security.InvalidKeyException - if the key is invalid (not a valid RSA key), or if PKCS1Padding is used and the key is not appropriate for the block type, or if OAEP padding is used and private key is tried to be used for an encryption operation or a public key is tried to be for a decryption operation
  - engineInit
```
protected void engineInit(int opmode,
              java.security.Key key,
              java.security.AlgorithmParameters params,
              java.security.SecureRandom random)
                   throws java.security.InvalidAlgorithmParameterException,
                          java.security.InvalidKeyException
```
    Initializes this RSA cipher with given key and parameters (if specified).
    Before a cipher object is ready for data processing, it has to be initialized according to the desired cryptographic operation, which is specified by the opmode parameter (either ENCRYPT_MODE or DECRYPT_MODE, or WRAP_MODE or UNWRAP_MODE).
    The key either will be a RSAPrivateKey or a RSAPublicKey, depending on the specific cryptographic operation to be performed. Please note that for RSA ciphers that use OAEP padding a private key only is allowed for decryption and a public key only is allowed for encryption since OAEP does not support signature creation/verification.
    Parameters are only allowed for OAEP padding. In this case, if the given key is a RSAOaepPublicKey or RSAOaepPrivateKey that contains OAEP parameters the parameters are taken from the key. However, if the application has explicitly specified parameters and wants to validate them against the key parameters, the hash algorithm id and mask generation function id are checked if can be used with the given OAEP key. According to RFC 4055, an OAEP Cipher engine must be only used with the hash algorithm and mask generation function parameters that are specified in the key (if OAEP keys are used that contain OAEP parameters).
    Applications shall use the corresponding init method of javax.crypto.Cipher for provider independently initializing a RSA cipher.
    
    Specified by:
    
    engineInit in class javax.crypto.CipherSpi
    
    Parameters:
    opmode - Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE or Cipher.WRAP_MODE or Cipher.UNWRAP_MODE
    key - an instance of a RSA PublicKey or RSA PrivateKey
    params - algorithm parameters that may be used for OAEP padding
    random - source of randomness
    
    Throws:
    
    java.security.InvalidAlgorithmParameterException - if OAEP padding is not used or the parameters are invalid (not usable for OAEP padding), or OAEP padding is used with an OAEP-key and the given parameters cannot be validated against the parameters contained the key
    
    java.security.InvalidKeyException - if the key is invalid (not a valid RSA key), or if PKCS1Padding is used and the key is not appropriate for the block type, or if OAEP padding is used and private key is tried to be used for an encryption operation or a public key is tried to be for a decryption operation
  - engineGetParameters
```
protected java.security.AlgorithmParameters engineGetParameters()
```
    Returns the algorithm parameters, if OAEP padding is used.
    
    Specified by:
    
    engineGetParameters in class javax.crypto.CipherSpi
    
    Returns:
    the algorithm parameters if OAEP padding is used; null otherwise
  - engineSetPadding
```
protected void engineSetPadding(java.lang.String padding)
                         throws javax.crypto.NoSuchPaddingException
```
    Sets the padding scheme of this cipher, which only can be "PKCS1Padding", "NoPadding", "PKCS1PaddingSSL2", or "OAEP", or OAEPWith<digest>And<mgf>Padding (e.g. "OAEPWithSHA1AndMGF1Padding").
    
    Specified by:
    
    engineSetPadding in class javax.crypto.CipherSpi
    
    Parameters:
    padding - the padding scheme for this RSA cipher
    
    Throws:
    
    javax.crypto.NoSuchPaddingException - if the requested padding algorithm is not supported, or cannot be supported (because, for instance, required parameters are not available)
  - engineSetMode
```
protected void engineSetMode(java.lang.String mode)
```
    Sets the transformation mode.
    For PKCS#1v1.5 padding this might be "ECB" (automatic block type selection) or the padding block type ("0" or "1" for a private key operation, and "2" for a public key operation.
    For OAEP only the transformation mode is ignored (only "ECB" may be valid)
    
    Specified by:
    
    engineSetMode in class javax.crypto.CipherSpi
    
    Parameters:
    mode - the transformation mode ("ECB" or PKCS#1v1.5 block type ("0","1" or "2")
  - engineUpdate
```
protected byte[] engineUpdate(byte[] in,
                  int inOff,
                  int inLen)
```
    Updates this Cipher with the given bytes. This method only buffers the given bytes to be used for the final en/decrypting operation when method doFinal/ is called.
    
    Specified by:
    
    engineUpdate in class javax.crypto.CipherSpi
    
    Parameters:
    in - the input data as byte array
    inOff - the start position in the input array
    inLen - the number of bytes that should be processed, starting at inOff
    
    Returns:
    always null since no output is produced by this method
    See Also:
    CipherSpi.engineUpdate(byte[], int, int)
  - engineUpdate
```
protected int engineUpdate(byte[] in,
               int inOff,
               int inLen,
               byte[] out,
               int outOff)
```
    Updates this Cipher with the given bytes. This method only buffers the given bytes to be used for the final en/decrypting operation when method doFinal/ is called.
    
    Specified by:
    
    engineUpdate in class javax.crypto.CipherSpi
    
    Parameters:
    in - the input data as byte array
    inOff - the start position in the input array
    inLen - the number of bytes that should be processed, starting at inOff
    out - the byte array to which to write the result; ignored
    outOff - the start position in the output array; ignored
    
    Returns:
    always 0 since no output is produced by this method
    
    Throws:
    
    javax.crypto.ShortBufferException - never thrown
    See Also:
    CipherSpi.engineUpdate(byte[], int, int, byte[], int)
  - rawCrypt
```
protected byte[] rawCrypt(byte[] message)
```
    RSA encrypts or decrypts the given message. Simply performs a modulo exponentiation.
    
    Parameters:
    message - the message to en/decrypt
    
    Returns:
    the encrypted or decrypted message
  - engineGetOutputSize
```
protected int engineGetOutputSize(int inputLen)
```
    Returns 0.
    
    Specified by:
    
    engineGetOutputSize in class javax.crypto.CipherSpi
    
    Returns:
    0
  - engineGetIV
```
protected byte[] engineGetIV()
```
    This method return null, because this cipher does not use an IV.
    
    Specified by:
    
    engineGetIV in class javax.crypto.CipherSpi
    
    Returns:
    null.
  - engineGetBlockSize
```
protected int engineGetBlockSize()
```
    This method return 0, because this is not a block cipher.
    
    Specified by:
    
    engineGetBlockSize in class javax.crypto.CipherSpi
    
    Returns:
    0.
  - engineDoFinal
```
protected int engineDoFinal(byte[] in,
                int inOff,
                int inLen,
                byte[] out,
                int outOff)
                     throws javax.crypto.ShortBufferException,
                            javax.crypto.BadPaddingException
```
    En/decrypts the given data.
    Applications shall use the corresponding doFinal method of javax.crypto.Cipher for provider independent doing the data en/decryption.
    The data to be processed is given in an input byte array. Beginning at inputOffset, only the first inputLen bytes are en/decrypted. The result is stored in the given output byte array, beginning at outputOffset. The number of bytes stored in this byte array are returned.
    
    Specified by:
    
    engineDoFinal in class javax.crypto.CipherSpi
    
    Parameters:
    in - the byte array holding the data to be processed
    inOff - the offset indicating the start position within the input byte array
    inLen - the number of bytes to be processed
    out - the byte array for holding the result
    outOff - the offset indicating the start position within the output byte array to which the en/decrypted data is written
    
    Returns:
    the number of bytes stored in the output byte array
    
    Throws:
    
    javax.crypto.ShortBufferException - if the given output buffer is too small for holding the result
    
    javax.crypto.BadPaddingException - if a padding problem occurs
    See Also:
    Cipher.doFinal(), CipherSpi.engineDoFinal(byte[], int, int)
  - engineDoFinal
```
protected byte[] engineDoFinal(byte[] in,
                   int inOff,
                   int inLen)
                        throws javax.crypto.BadPaddingException
```
    En/decrypts the given data.
    Applications shall use the corresponding doFinal method of javax.crypto.Cipher for provider independently doing the data en/decryption.
    The data to be processed is given in an input byte array. Beginning at inputOffset, only the first inputLen bytes are en/decrypted. The result is returned as an output byte array.
    
    Specified by:
    
    engineDoFinal in class javax.crypto.CipherSpi
    
    Parameters:
    in - the byte array holding the data to be processed
    inOff - the offset indicating the start position within the input byte array
    inLen - the number of bytes to be processed
    
    Returns:
    the byte array containing the en/decrypted data
    
    Throws:
    
    javax.crypto.BadPaddingException - if a padding problem occurs
    See Also:
    Cipher.doFinal(), CipherSpi.engineDoFinal(byte[], int, int)
  - engineGetKeySize
```
protected int engineGetKeySize(java.security.Key key)
                        throws java.security.InvalidKeyException
```
    Returns the size of the given RSA key.
    
    Overrides:
    
    engineGetKeySize in class javax.crypto.CipherSpi
    
    Parameters:
    key - the key for which the size should be calculated
    
    Returns:
    the modulus length of the key
    
    Throws:
    
    java.security.InvalidKeyException - if the given key is not a RSA key
  - engineWrap
```
protected byte[] engineWrap(java.security.Key key)
                     throws java.security.InvalidKeyException
```
    Wraps (RSA encrypts) the given key.
    
    Overrides:
    
    engineWrap in class javax.crypto.CipherSpi
    
    Parameters:
    key - the key to be wrapped
    
    Returns:
    the wrapped key
    
    Throws:
    
    java.security.InvalidKeyException - if the key to be wrapped cannot be encoded or an problem occurs during wrapping the key
  - engineUnwrap
```
protected java.security.Key engineUnwrap(byte[] wrappedKey,
                             java.lang.String wrappedKeyAlgorithm,
                             int wrappedKeyType)
                                  throws java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException
```
    Unwraps (RSA decrypts) the given wrapped key.
    
    Overrides:
    
    engineUnwrap in class javax.crypto.CipherSpi
    
    Parameters:
    wrappedKey - the wrapped key to be unwrapped
    wrappedKeyAlgorithm - the algorithm name of the wrapped key
    wrappedKeyType - (SECRET_KEY, PRIVATE_KEY, or PUBLIC_KEY)
    
    Returns:
    the unwrapped key
    
    Throws:
    
    java.security.InvalidKeyException - if a problem occurs when unwrapping the wrapped key
    
    java.security.NoSuchAlgorithmException - if no KeyFactory for the requested wrappedKeyAlgorithm is available
  - setSecureRandom
```
protected void setSecureRandom(java.security.SecureRandom random)
```
    Sets the SecureRandom to be used by this Signature engine. Subclasses only may use this method to set the SecureRandom object, if required.
    
    Parameters:
    random - the SecureRandom to be used by this signature engine
  - getSecureRandom
```
protected java.security.SecureRandom getSecureRandom()
```
    Gets the SecureRandom used by this Signature engine. If no SecureRandom has been explicitly set, a default SecureRandom is created and returned.
    
    Returns:
    the SecureRandom used by this Signature engine
    See Also:
    SecRandom

Class RSACipher

Field Summary

Constructor Summary

Method Summary

Methods inherited from class javax.crypto.CipherSpi

Methods inherited from class java.lang.Object

Field Detail

privKey

pubKey

Constructor Detail

RSACipher

Method Detail

setValidateAgainstOaepKeyParameters

setDoVerifyCRTSignature

isUseBlindingDefault

setUseBlindingDefault

isUseBlinding

setUseBlinding

rawPrivateRSA

rawPublicRSA

engineInit

engineInit

engineInit

engineGetParameters

engineSetPadding

engineSetMode

engineUpdate

engineUpdate

rawCrypt

engineGetOutputSize

engineGetIV

engineGetBlockSize

engineDoFinal

engineDoFinal

engineGetKeySize

engineWrap

engineUnwrap

setSecureRandom

getSecureRandom