SHA2withDSAParameterGenerator (6.0 API Documentation)

java.lang.Object
- java.security.AlgorithmParameterGeneratorSpi
- - iaik.security.dsa.SHA2withDSAParameterGenerator

Direct Known Subclasses:

SHA224withDSAParameterGenerator, SHA256withDSAParameterGenerator
```
public abstract class SHA2withDSAParameterGenerator
extends java.security.AlgorithmParameterGeneratorSpi
```
Base class for SHA-2 based DSA parameter generators.
This class represents a DSA parameter generator to be used with SHA-2 hash algorithms for generating DSA parameters p, q and g (prime modulus, prime divisor and generator, respectively) according to FIPS PUB 186-3, Digital Signature Standard (DSS), June 2009.
This generator may be initialized with the desired prime modulus and prime divisor length (L and N, respectively). Notice that FIPS 186-3 (June 2009) allows the following (L,N) pairs to may be used:
- L = 1024, N = 160
- L = 2048, N = 224
- L = 2048, N = 256
- L = 3072, N = 256
AlgorithmIdentfiers for DSA with SHA-224 and SHA-256 are specified in draft-ietf-pkix-sha2-dsa-ecdsa-06.txt. SHA-224 may be used with (1024,160) and (2048,224) L,N pairs only, SHA-256 may be used with any of the four L,N pairs.
If this generator is used without explicit initialization by default 2048 is used as the bit length of the prime modulus L. The default length of the prime divisor N is set to the output length of the hash algorithm (224 for SHA-224, and 256 for SHA-256).
For explictly specifying prime modulus and prime divisor length when initializing this DSA parameter generator use a SHA2withDSAGenParameterSpec object, e.g.:
```
 int L = 3072;
 int N = 256;
 SHA2withDSAGenParameterSpec genParamSpec = new SHA2withDSAGenParameterSpec(L, N);
 AlgorithmParameterGenerator generator = 
   AlgorithmParameterGenerator.getInstance("SHA256withDSA", "IAIK");
 SecureRandom random = ...;
 generator.init(genParamSpec, random);
 AlgortithmParameters params = generator.generateParameters();
 
```
Version:

File Revision 14

See Also:
SHA2withDSAGenParameterSpec, SHA224withDSAParameterGenerator, SHA256withDSAParameterGenerator

Method Summary

Methods
Modifier and Type	Method and Description
`protected java.security.AlgorithmParameters`	`engineGenerateParameters()` Generates the DSA AlgorithmParameters.
`protected void`	`engineInit(java.security.spec.AlgorithmParameterSpec genParamSpec, java.security.SecureRandom random)` Initializes this generator with given parameters and random seed.
`protected void`	`engineInit(int L, java.security.SecureRandom random)` Initializes the parameter generator with given prime modulus length L and random seed.
`static void`	`validateParameters(java.math.BigInteger p, java.math.BigInteger q, byte[] domainParamSeed, int counter, java.security.MessageDigest hashEngine, int outlen)` Validates the given DSA parameters.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - engineInit
```
protected void engineInit(int L,
              java.security.SecureRandom random)
```
    Initializes the parameter generator with given prime modulus length L and random seed.
    FIPS 186-3 (June 2009) allows the following prime modulus, prime divisor (L,N) pairs to may be used:
    - L = 1024, N = 160
    - L = 2048, N = 224
    - L = 2048, N = 256
    - L = 3072, N = 256
    This method sets N to 160 if L is 1024, N to 256 if L is 2048, and N to 256 if L is 3072.
    Specified by:
    
    engineInit in class java.security.AlgorithmParameterGeneratorSpi
    
    Parameters:
    L - the length L of the prime modulus in bits
    random - the random seed for this generator.
    
    Throws:
    
    java.lang.IllegalArgumentException - if the prime modulus length is not 1024, 2048 or 3072
  - engineInit
```
protected void engineInit(java.security.spec.AlgorithmParameterSpec genParamSpec,
              java.security.SecureRandom random)
                   throws java.security.InvalidAlgorithmParameterException
```
    Initializes this generator with given parameters and random seed.
    Applications shall call init(genParamSpec, random) for provider independent initialization, e.g.:
```
 int L = 3072;
 int N = 256;
 SHA2withDSAGenParameterSpec genParamSpec = new SHA2withDSAGenParameterSpec(L, N);
 AlgorithmParameterGenerator generator = 
   AlgorithmParameterGenerator.getInstance("SHA256withDSA", "IAIK");
 SecureRandom random = ...;
 generator.init(genParamSpec, random);
 AlgortithmParameters params = generator.generateParameters();
 
```
    Specified by:
    
    engineInit in class java.security.AlgorithmParameterGeneratorSpi
    
    Parameters:
    genParamSpec - the generation parameter specification; must be a SHA2withDSAGenParameterSpec
    random - the random seed to be used by this generator.
    
    Throws:
    
    java.security.InvalidAlgorithmParameterException - if the given parameter specification is not a SHA2withDSAGenParameterSpec, or the prime divisor length (N) of the given parameter specification is greater than the output length of the hash algorithm used by this generator (i.e. N = 256 can be only used with SHA-256 but not with SHA-224)
  - engineGenerateParameters
```
protected java.security.AlgorithmParameters engineGenerateParameters()
```
    Generates the DSA AlgorithmParameters.
    Applications shall call generatePrameters() for provider independently accessing this method.
    
    Specified by:
    
    engineGenerateParameters in class java.security.AlgorithmParameterGeneratorSpi
    
    Returns:
    the new created DSA AlgorithmParameters
  - validateParameters
```
public static void validateParameters(java.math.BigInteger p,
                      java.math.BigInteger q,
                      byte[] domainParamSeed,
                      int counter,
                      java.security.MessageDigest hashEngine,
                      int outlen)
                               throws java.security.InvalidAlgorithmParameterException
```
    Validates the given DSA parameters. This method implements the DSA parameter validation algorithm given in Appendix A.1.1.3 (p. 35ff) of FIPS PUB 186-3, Digital Signature Standard (DSS), June 2009: "Validation of the Probable Primes p and q that where generated Using an Approved Hash Function".
    
    Parameters:
    p - the prime modulus p.
    q - the prime divisor q.
    domainParamSeed - the domain parameter seed that has been used for parameter generation
    counter - the final counter value form the parameter generation procedure
    hashEngine - the MessageDigest engine to be used
    outlen - the length (in bits) of the hash function output,
    
    Throws:
    
    java.security.InvalidAlgorithmParameterException - if the parameter validation fails

Class SHA2withDSAParameterGenerator

Method Summary

Methods inherited from class java.lang.Object

Method Detail

engineInit

engineInit

engineGenerateParameters

validateParameters