iaik.pkcs.pkcs7

Class RSACipherProvider

java.lang.Object

iaik.pkcs.pkcs7.RSACipherProvider

public class RSACipherProvider
extends java.lang.Object

A RSA cipher provider that may be used by an application to control RSA cipher operations used by SignerInfos and RecipientInfos.

The RSACipherProvider allows an application to control the RSA cipher encryption/decryption operations during signature creation/verification for SignerInfo objects and the RSA cipher encryption/decryption (content encryption key encryption/decryption) operations for RecipientInfo objects.

To, for instance, use the IAIK PKCS#11 provider for RSA cipher private key based encryption during SignerInfo signature creation only, but the first installed provider for RSA cipher public key based decryption during signature verification you may set the PKCS#11 provider as RSA encryption provider for your SignerInfo object:

 IAIKPkcs11 pkcs11Provider = new IAIKPkcs11();
 Security.addProvider(pkcs11Provider);
 ...
 RSACipherProvider rsaProv = new RSACipherProvider(pkcs11Provider.getName(), null);
 ...
 SignerInfo signerInfo = ...;
 ...
 signerInfo.setRSACipherProvider(rsaProv);
 

To, for instance, use the IAIK PKCS#11 provider for ReceipientInfo decryption (RSA cipher private key decryption) only, but the first installed provider for encryption (RSA cipher public encryption) you may set the PKCS#11 provider as RSA decryption provider for your RecipientInfo object:

 IAIKPkcs11 pkcs11Provider = new IAIKPkcs11();
 Security.addProvider(pkcs11Provider);
 ...
 RSACipherProvider rsaProv = new RSACipherProvider(null, pkcs11Provider.getName());
 ...
 ReceipientInfo recipientInfo = ...;
 ...
 recipientInfo.setRSACipherProvider(rsaProv);
 

In overriding method cipher you even can take more influence on the ciphering process.

The default RSACipherProvider uses the first installed RSA capable crypto provider for RSA en/deciphering.

Version:

File Revision 6

Field Summary

Fields

Modifier and Type	Field and Description
protected java.lang.String	cipherDecryptProvider_ Name of the crypto provider to be used for RSA decryption.
protected java.lang.String	cipherEncryptProvider_ Name of the crypto provider to be used for RSA encryption.
static int	DECRYPT_MODE Cipher decrypt mode.
static int	ENCRYPT_MODE Cipher encrypt mode.

Constructor Summary

Constructors

Constructor and Description
RSACipherProvider() Default constructor.
RSACipherProvider(java.security.Provider cipherEncryptProvider, java.security.Provider cipherDecryptProvider) Creates a new RSACipherProvider for the given RSA cipher en/decryption providers.
RSACipherProvider(java.lang.String cipherEncryptProvider, java.lang.String cipherDecryptProvider) Creates a new RSACipherProvider for the given RSA cipher en/decryption providers.

Method Summary

Methods

Modifier and Type	Method and Description
protected byte[]	cipher(int mode, java.security.Key key, byte[] data) Performs an RSA cipher operation on the supplied data.
static RSACipherProvider	getDefault() Gets the default RSACipherProvider.
void	setCipherProvider(int cipherMode, java.security.Provider provider) Sets the crypto provider to be used for RSA cipher en/decryption providers.
void	setCipherProvider(int cipherMode, java.lang.String providerName) Sets the crypto provider to be used for RSA cipher en/decryption providers.
static void	setDefault(RSACipherProvider rsaCipherProvider) Sets the default RSACipherProvider to be used.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ENCRYPT_MODE

public static final int ENCRYPT_MODE

Cipher encrypt mode.

See Also:

Constant Field Values

DECRYPT_MODE

public static final int DECRYPT_MODE

Cipher decrypt mode.

See Also:

Constant Field Values

cipherEncryptProvider_

protected java.lang.String cipherEncryptProvider_

Name of the crypto provider to be used for RSA encryption.

cipherDecryptProvider_

protected java.lang.String cipherDecryptProvider_

Name of the crypto provider to be used for RSA decryption.

Constructor Detail

RSACipherProvider

public RSACipherProvider()

Default constructor.

RSACipherProvider

public RSACipherProvider(java.lang.String cipherEncryptProvider,
                 java.lang.String cipherDecryptProvider)

Creates a new RSACipherProvider for the given RSA cipher en/decryption providers.

Parameters:

cipherEncryptProvider - the name of the crypto provider to be used for RSA encryption

cipherDecryptProvider - the name of the crypto provider to be used for RSA decryption

RSACipherProvider

public RSACipherProvider(java.security.Provider cipherEncryptProvider,
                 java.security.Provider cipherDecryptProvider)

Creates a new RSACipherProvider for the given RSA cipher en/decryption providers.

Parameters:

cipherEncryptProvider - the crypto provider to be used for RSA encryption

cipherDecryptProvider - the crypto provider to be used for RSA decryption

Method Detail

setDefault

public static void setDefault(RSACipherProvider rsaCipherProvider)

Sets the default RSACipherProvider to be used.

Parameters:

rsaCipherProvider - the RSACipherProvider to be set as default

getDefault

public static RSACipherProvider getDefault()

Gets the default RSACipherProvider.

Returns:

the default RSACipherProvider

setCipherProvider

public void setCipherProvider(int cipherMode,
                     java.lang.String providerName)
                       throws java.lang.IllegalArgumentException

Sets the crypto provider to be used for RSA cipher en/decryption providers.

Parameters:

cipherMode - the mode -- ENCRYPT (1) or DECRYPT (2) -- for which to use the given crypto provider

providerName - the name of the crypto provider to be used for RSA cipher operations according to the requested mode

Throws:

java.lang.IllegalArgumentException - if the supplied mode is invalid (only ENCRYPT (1) or DECRYPT (2) are allowed

setCipherProvider

public void setCipherProvider(int cipherMode,
                     java.security.Provider provider)
                       throws java.lang.IllegalArgumentException

Sets the crypto provider to be used for RSA cipher en/decryption providers.

Parameters:

cipherMode - the mode -- ENCRYPT (1) or DECRYPT (2) -- for which to use the given crypto provider

provider - the crypto provider to be used for RSA cipher operations according to the requested mode

Throws:

java.lang.IllegalArgumentException - if the supplied mode is invalid (only ENCRYPT (1) or DECRYPT (2) are allowed

cipher

protected byte[] cipher(int mode,
            java.security.Key key,
            byte[] data)
                 throws java.security.NoSuchProviderException,
                        java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.GeneralSecurityException

Performs an RSA cipher operation on the supplied data.

Parameters:

mode - the cipher mode, either ENCRYPT (1) or DECRYPT (2)

key - the key to be used

data - the data to be en/deciphered:

• for SignerInfo signature creation: the encoded RSA DigestInfo to be encrypted
• for SignerInfo signature verification: the encryptedDigest value
• for RecipientInfo cek encryption: the raw content encryption key
• for RecipientInfo cek decryption: the encrypted content encryption key

Returns:

the en/deciphered data:

• for SignerInfo signature creation: the encrypted RSA DigestInfo encoding (= encryptedDigest value)
• for SignerInfo signature verification: the decrypted encryptedDigest value (= DigestInfo encoding)
• for RecipientInfo cek encryption: the encrypted content encryption key
• for RecipientInfo cek decryption: the raw (decrypted) content encryption key

Throws:

java.security.NoSuchProviderException - if any of the crypto providers of this RSACipherProvider is not suitable for requested operation

java.security.NoSuchAlgorithmException - if RSA ciphering is not supported

java.security.InvalidKeyException - if the supplied key is invalid

java.security.GeneralSecurityException - if a general security problem occurs