iaik.pkcs.pkcs1

Class RSAPssParameters

java.lang.Object

java.security.AlgorithmParametersSpi

iaik.pkcs.pkcs1.PKCS1AlgorithmParameters

iaik.pkcs.pkcs1.RSAPssParameters

public class RSAPssParameters
extends PKCS1AlgorithmParameters

Algorithm parameters for the PKCS#1 RSASSA-PSS signature scheme.

PKCS#1v2.1 defines the following parameters for the PSS signature scheme:

 RSASSA-PSS-params :: = SEQUENCE {
      hashAlgorithm            [0] HashAlgorithm     DEFAULT sha1,
      maskGenerationAlgorithm  [1] MaskGenAlgorithm  DEFAULT mgf1SHA1,
      saltLength               [2] INTEGER           DEFAULT 20,
      trailerField             [3] TrailerField      DEFAULT trailerFieldBC
 }
 
 HashAlgorithm ::= Algorithmidentifier { {OAEP-PSSDigestAlgorithms} }
 
 MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} }
 
 TrailerField ::= INTEGER { trailerFieldBC(1) }
 

By default PSS uses SHA-1 as hash function, MGF1 (with SHA-1 as hash function parameter) as mask generation algorithm, 20 as salt length, and 1 as trailer field indicating a trailer value of 0xBC.

RSAPssParameters can be generated provider independently by calling one of the AlgorithmParameters.getInstance methods. Subsequently the new AlgorithmParameters object must be initialized with a proper RSA-PSS parameter specification or a DER encoded byte array, e.g.:

 RSAPssParameterSpec pssParamSpec = ...;
 AlgorithmParameters params = AlgorithmParameters.getInstance("RSASSA-PSS", "IAIK");
 params.init(pssParamSpec);
 

respectively:

 byte[] encodedPssParams = ...;
 AlgorithmParameters params = AlgorithmParameters.getInstance("RSASSA-PSS", "IAIK");
 params.init(encodedPssParams);
 

For obtaining PSS parameters in transparent representation from an opaque RSAPssParameters object, the getParameterSpec method can be used; for obtaining the parameters as DER encoded ASN.1 object, use getEncoded:

 RSAPssParameterSpec pssParamSpec = (RSAPssParameterSpec) params
     .getParameterSpec(RSAPssParameterSpec.class);
 

respectively

 byte[] encodedPssParams = params.getEncoded();
 

RSAPssParameters also may be initialized with a java.security.spec.PSSParameterSpec:

 java.security.spec.PSSParameterSpec pssParamSpec = ...;
 AlgorithmParameters params = AlgorithmParameters.getInstance("RSASSA-PSS", "IAIK");
 params.init(pssParamSpec);
 

When calling method getParameterSpec method also a java.security.spec.PSSParameterSpec maybe requested:

 java.security.spec.PSSParameterSpec pssParamSpec = (java.security.spec.PSSParameterSpec) params
     .getParameterSpec(java.security.spec.PSSParameterSpec.class);
 

Version:

File Revision 20

See Also:

RSAPssParameterSpec, AlgorithmParameters

Constructor Summary

Constructors

Constructor and Description
RSAPssParameters() The default constructor.

Method Summary

Methods

Modifier and Type	Method and Description
void	decode(ASN1Object asn1Params) Initializes this RSAPssParameters object from the given ASN1Object.
protected byte[]	engineGetEncoded() Returns the parameters as DER byte array.
protected byte[]	engineGetEncoded(java.lang.String format) Returns the parameters as a DER byte array.
protected java.security.spec.AlgorithmParameterSpec	engineGetParameterSpec(java.lang.Class paramSpec) Returns the RSA-PSS parameters as transparent parameter specification of the given class type.
protected void	engineInit(java.security.spec.AlgorithmParameterSpec paramSpec) Initializes this RSAPssParameters from the given RSAPssParameterSpec.
protected void	engineInit(byte[] params) Initializes this RSAPssParameters object from the given DER encoded byte array.
protected void	engineInit(byte[] params, java.lang.String format) Inits the parameters from an DER encoded byte array.
protected java.lang.String	engineToString() Returns a String representation of this object.
static boolean	getEncodeDefaultValues() This method shows if parameter values should be encoded even if they have the default values; e.g.
static void	setEncodeDefaultValues(boolean encode) With this method, the application can define that parameter values should be encoded even if they have the default values; e.g.
ASN1Object	toASN1Object() Gets an ASN.1 representation of this RSA PSS parameters.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RSAPssParameters

public RSAPssParameters()

The default constructor. Only internally used for creating a RSAPssParameters object. Applications shall use one of the AlgorithmParameters.getInstance factory methods for obtaining RSAPssParameters.

Method Detail

setEncodeDefaultValues

public static void setEncodeDefaultValues(boolean encode)

With this method, the application can define that parameter values should be encoded even if they have the default values; e.g. if the hashAlgorithm is sha1.

Note that the settings given by the RSAPssParameterSpec have higher priority.

Note that only a value of false results in a fully correct DER encoding, because DER encoding required default values to be omitted.

Parameters:

encode - true to encode default values, false to omit default values in the encoding.

See Also:

RSAPssParameterSpec.setEncodeDefaultValues(Boolean), RSAPssParameterSpec.getEncodeDefaultValues()

getEncodeDefaultValues

public static boolean getEncodeDefaultValues()

This method shows if parameter values should be encoded even if they have the default values; e.g. if the hashAlgorithm is sha1.

Note that the settings given by the RSAPssParameterSpec have higher priority.

Per default, this is false.

Note that only a value of false results in a fully correct DER encoding, because DER encoding required default values to be omitted.

Returns:

true if default values are encoded, false if default values are omitted.

See Also:

RSAPssParameterSpec.setEncodeDefaultValues(Boolean), RSAPssParameterSpec.getEncodeDefaultValues()

engineGetEncoded

protected byte[] engineGetEncoded()
                           throws java.io.IOException

Returns the parameters as DER byte array.

Specified by:

engineGetEncoded in class java.security.AlgorithmParametersSpi

Returns:

the DER encoded parameters

Throws:

java.io.IOException - if an encoding error occurs

engineGetEncoded

protected byte[] engineGetEncoded(java.lang.String format)
                           throws java.io.IOException

Returns the parameters as a DER byte array.

Format is ignored. Only DER encoding is supported. This method only calls engineGetEncoded(), regardless of what is specified in the format string.

Specified by:

engineGetEncoded in class java.security.AlgorithmParametersSpi

Parameters:

format - the encoding format; ignored

Returns:

the DER encoded parameters

Throws:

java.io.IOException - if an encoding error occurs

toASN1Object

public ASN1Object toASN1Object()

Gets an ASN.1 representation of this RSA PSS parameters.

Returns:

this RSA PSS parameters as ASN1Objet

engineGetParameterSpec

protected java.security.spec.AlgorithmParameterSpec engineGetParameterSpec(java.lang.Class paramSpec)
                                                                    throws java.security.spec.InvalidParameterSpecException

Returns the RSA-PSS parameters as transparent parameter specification of the given class type.

Specified by:

engineGetParameterSpec in class java.security.AlgorithmParametersSpi

Parameters:

paramSpec - the desired parameter specification class (RSAPssParameterSpec or java.security.spec.PSSParameterSpec)

Returns:

the parameters as RSAPssParameterSpec or java.security.spec.PSSParameterSpec

Throws:

java.security.spec.InvalidParameterSpecException - if the parameters cannot be converted to the desired parameter specification

engineInit

protected void engineInit(java.security.spec.AlgorithmParameterSpec paramSpec)
                   throws java.security.spec.InvalidParameterSpecException

Initializes this RSAPssParameters from the given RSAPssParameterSpec.

Overrides:

engineInit in class PKCS1AlgorithmParameters

Parameters:

paramSpec - the parameter specification, which has to be a RSAPssParameterSpec or java.security.spec.PSSParameterSpec

Throws:

java.security.spec.InvalidParameterSpecException - if the given parameter specification is invalid or not a RSAPssParameterSpec or java.security.spec.PSSParameterSpec

engineInit

protected void engineInit(byte[] params)
                   throws java.io.IOException

Initializes this RSAPssParameters object from the given DER encoded byte array.

Overrides:

engineInit in class PKCS1AlgorithmParameters

Parameters:

params - the DER encoded byte array

Throws:

java.io.IOException - if an error occurs when decoding the given byte array

decode

public void decode(ASN1Object asn1Params)
            throws CodingException

Initializes this RSAPssParameters object from the given ASN1Object.

Parameters:

asn1Params - the PSS parameters in ASN.1 representation

Throws:

CodingException - if an error occurs when parsing the parameters

engineInit

protected void engineInit(byte[] params,
              java.lang.String format)
                   throws java.io.IOException

Inits the parameters from an DER encoded byte array. Format is ignored. Only calls {engineInit(params) for initializing this RSAPssParameters object from the given DER encoded byte array, regardless of what is specified in the format string.

Specified by:

engineInit in class java.security.AlgorithmParametersSpi

Parameters:

params - the DER encoded byte array

format - the encoding format; ignored

Throws:

java.io.IOException - if an error occurs when decoding the given byte array

engineToString

protected java.lang.String engineToString()

Returns a String representation of this object.

Specified by:

engineToString in class java.security.AlgorithmParametersSpi

Returns:

a String representation this object