RSAOaepKeyPairGenerator (6.0 API Documentation)

java.lang.Object
- java.security.KeyPairGeneratorSpi
- - java.security.KeyPairGenerator
  - - iaik.security.rsa.RSAKeyPairGenerator
    - - iaik.security.rsa.RSAOaepKeyPairGenerator

All Implemented Interfaces:

OaepKeyPairGenerator
```
public class RSAOaepKeyPairGenerator
extends RSAKeyPairGenerator
implements OaepKeyPairGenerator
```
KeyPairGenerator for generating RSAES-OAEP keys according to RFC 4055.
If no initialize() method of this key pair generator is called, it defaults to initialize(2048).
The algorithm used for key generation is according IEEE P1363.
RSAES-OAEP keys (RSAOaepPublicKey, RSAOaepPrivateKey) differ from ordinary PKCS#1 RSA keys (RSAPublicKey, RSAPrivateKey) only in that RSAES-OAEP keys may contain OAEP parameters. If RSAES-OAEP keys do not contain parameters they may be used for OAEP based en/decryption with any OAEP parameters. However, if RSAES-OAEP keys contain OAEP parameters they must be only used with the hash algorithm and mask generation function that are specified by their parameters (see RFC 4055):
```
 RSAES-OAEP-params  ::=  SEQUENCE  {
   hashFunc          [0] AlgorithmIdentifier DEFAULT
                            sha1Identifier,
   maskGenFunc       [1] AlgorithmIdentifier DEFAULT
                            mgf1SHA1Identifier,
   pSourceFunc       [2] AlgorithmIdentifier DEFAULT
                            pSpecifiedEmptyIdentifier  }
 
 
  pSpecifiedEmptyIdentifier  AlgorithmIdentifier  ::=
                      { id-pSpecified, nullOctetString }
 
  nullOctetString  OCTET STRING (SIZE (0))  ::=  { ''H }
 
```
An application wishing to create a RSAES-OAEP key pair to be used for OAEP based encryption with the RSA algorithm, uses a proper getInstance method of the java.security.KeyPairGenerator class, which subsequently maybe casted to RSAOaepKeyPairGenerator for performing an algorithm-specific initialization with proper RSAES-OAEP parameters. If an algorithm-specific initialization is not required, the cast to RSAOaepKeyPairGenerator can be omitted (in this case no parameters will be included in the RSA-OAEP generated keys and they maybe used with any OAEP parameters).
Generally four steps have to be performed for creating a RSAES-OAEP KeyPair by using a proper KeyPairGenerator:
- First the KeyPairGenerator has to be instantiated thereby specifying "RSAES-OAEP" as algorithm name:
```
 KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSAES-OAEP", "IAIK");
 
```
- Second, the KeyPairGenerator just created may be initialized using a proper initialize method. For initializing the generator to create keys with a modulus length of, e.g., 2048 bits, this can be explicitly specified (when not initializing the generator explicitly, per default the modulus length is set to 2048 bits):
```
 keyGen.initialize(2048);
 
```
- Third the key pair is created by calling generateKeyPair():
```
 KeyPair keyPair = keyGen.generateKeyPair();
 
```
- And finally the keys have to be got from the key pair just created:
```
 RSAOaepPrivateKey privateKey = (RSAOaepPrivateKey) keyPair.getPrivate();
 RSAOaepPublicKey publicKey = (RSAOaepPublicKey) keyPair.getPublic();
 
```
For performing an algorithm-specific initialization with particular RSA OAEP parameters an explicit cast of the KeyPairGenerator may be necessary for obtaining a specific RSAOaepKeyPairGenerator to be initialized with the desired RSA-OAEP parameters which have to be supplied as RSAOaepParameterSpec object, e.g.:
```
 RSAOaepKeyPairGenerator rsaOaepkeyGen = (RSAOaepKeyPairGenerator) keyGen;
 // create OAEP parameters for specifying hash, mgf and pSource algorithms:
 // hash, mgf and pSource algorithm ids
 AlgorithmID hashID = (AlgorithmID) AlgorithmID.sha512.clone();
 AlgorithmID mgfID = (AlgorithmID) AlgorithmID.mgf1.clone();
 mgfID.setParameter(hashID.toASN1Object());
 AlgorithmID pSourceID = (AlgorithmID) AlgorithmID.pSpecified.clone();
 pSourceID.setParameter(new OCTET_STRING());
 // hash and mgf engines
 MessageDigest hashEngine = hashID.getMessageDigestInstance();
 MaskGenerationAlgorithm mgfEngine = mgfID.getMaskGenerationAlgorithmInstance();
 MGF1ParameterSpec mgf1ParamSpec = new MGF1ParameterSpec(hashID);
 mgf1ParamSpec.setHashEngine(hashEngine);
 mgfEngine.setParameters(mgf1ParamSpec);
 // create the RSAOaepParameterSpec
 RSAOaepParameterSpec oaepParamSpec = new RSAOaepParameterSpec(hashID, mgfID,
     pSourceID);
 // set engines
 oaepParamSpec.setHashEngine(hashEngine);
 oaepParamSpec.setMGFEngine(mgfEngine);
 // initialize key pair generator
 rsaOaepkeyGen.initialize(2048, oaepParamSpec);
 KeyPair keyPair = rsaOaepkeyGen.generateKeyPair();
 RSAOaepPublicKey publicKey = (RSAOaepPublicKey) keyPair.getPublic();
 RSAOaepPrivateKey privateKey = (RSAOaepPrivateKey) keyPair.getPrivate();
 
```
RSAES-OAEP keys must be only used for en/decryption purposes with the RSAES-OAEP encryption scheme. For using a RSAOaepPublicKey with a Cipher engine, "OAEP" has to be specified as padding scheme when instantiating the Cipher object:
```
 Cipher rsaOaep = Cipher.getInstance("RSA/ECB/OAEP", "IAIK");
 
```
When now initializing the Cipher with an RSAES-OAEP key that contains OAEP parameters, the hash algorithm, mask generation function and pSource algorithm are taken from the public key parameters:
```
 rsaOaep.init(Cipher.ENCRYPT_MODE, publicKey); 
 // the data to be encrypted (e.g. secret key material):
 byte[] data = ...;
 // encrypt data  
 byte[] encrypted = rsaOaep.doFinal(data);
 
```
For decrypting the encrypted data you will have to use the right RSAES-OAEP RSAOaepPrivateKey:
```
 Cipher rsaOaep = Cipher.getInstance("RSA/ECB/OAEP", "IAIK");
 rsaOaep.init(Cipher.DECRYPT_MODE, privateKey); 
 // decrypt data  
 byte[] decrypted = rsaOaep.doFinal(encrypted);
```
Version:

File Revision 6

See Also:
RSAOaepPublicKey, RSAOaepPrivateKey, RSAOaepKeyFactory, RSAOaepParameterSpec, KeyPairGenerator, KeyPair

Field Summary
- Fields inherited from class iaik.security.rsa.RSAKeyPairGenerator
  initialized, keylen, public_exponent, random

Constructor Summary

Constructors
Constructor and Description

RSAOaepKeyPairGenerator()
Default constructor for creating a RSAOaepKeyPairGenerator object.

Constructors
Constructor and Description
`RSAOaepKeyPairGenerator()` Default constructor for creating a RSAOaepKeyPairGenerator object.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`initialize(java.security.spec.AlgorithmParameterSpec params)` Initializes the key pair generator using the specified OAEP parameters.
`void`	`initialize(java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)` Initializes the key pair generator using the specified OAEP parameters and random number generator.
`void`	`initialize(int strength, java.security.spec.AlgorithmParameterSpec params)` Initializes this key pair generator using the specified "strength" (desired key length in bits) and OAEP parameters.
`void`	`initialize(int strength, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom secureRandom)` Initializes this key pair generator using the specified "strength" (desired key length in bits), source of random bits, and OAEP parameters.
`void`	`initialize(int strength, java.math.BigInteger publicExponent, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom secureRandom)` Initializes this key pair generator using the specified "strength" (desired key length in bits), public exponent, source of random bits, and OAEP parameters.

Methods inherited from class iaik.security.rsa.RSAKeyPairGenerator
generateKeyPair, initialize, initialize, initialize

Methods inherited from class java.security.KeyPairGenerator
genKeyPair, getAlgorithm, getInstance, getInstance, getInstance, getProvider

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - RSAOaepKeyPairGenerator
```
public RSAOaepKeyPairGenerator()
```
    Default constructor for creating a RSAOaepKeyPairGenerator object. Required for dynamic object creation. An application typically will not use this constructor for creating a RSAOaepKeyPairGenerator. Rather it will use a proper KeyPairGenerator.getInstance method:
```
 KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSAES-OAEP", "IAIK");
 
```
    See Also:
    KeyPairGenerator
- Method Detail
  - initialize
```
public void initialize(java.security.spec.AlgorithmParameterSpec params)
                throws java.security.InvalidAlgorithmParameterException
```
    Initializes the key pair generator using the specified OAEP parameters.
    
    Specified by:
    
    initialize in interface OaepKeyPairGenerator
    
    Overrides:
    
    initialize in class RSAKeyPairGenerator
    
    Parameters:
    params - the OAEP parameters to be set for the RSAES-OAEP keys
    
    Throws:
    
    java.security.InvalidAlgorithmParameterException - if the supplied parameters do not represent OAEP parameters or java.security.spec.RSAKeyGenParameterSpec or the KeyPairGenerator cannot be initialized from the parameters
  - initialize
```
public void initialize(java.security.spec.AlgorithmParameterSpec params,
              java.security.SecureRandom random)
                throws java.security.InvalidAlgorithmParameterException
```
    Initializes the key pair generator using the specified OAEP parameters and random number generator.
    
    Specified by:
    
    initialize in interface OaepKeyPairGenerator
    
    Overrides:
    
    initialize in class RSAKeyPairGenerator
    
    Parameters:
    params - the OAEP parameters to be set for the RSAES-OAEP keys
    secureRandom - the random seed
    
    Throws:
    
    java.security.InvalidAlgorithmParameterException - if the supplied parameters do not represent OAEP parameters or java.security.spec.RSAKeyGenParameterSpec or the KeyPairGenerator cannot be initialized from the parameters
  - initialize
```
public void initialize(int strength,
              java.security.spec.AlgorithmParameterSpec params)
                throws java.security.InvalidParameterException
```
    Initializes this key pair generator using the specified "strength" (desired key length in bits) and OAEP parameters. When using this initialization method, an explicit cast to RSAOaepKeyPairGenerator is required:
```
 RSAOaepKeyPairGenerator keyGen = (RSAOaepKeyPairGenerator)KeyPairGenerator.getInstance("RSAES-OAEP", "IAIK");
 keyGen.initialize(strength, oaepParamSpec, secureRandom);
 ...
 
```
    Specified by:
    
    initialize in interface OaepKeyPairGenerator
    
    Parameters:
    strength - keyLength the length of the key in bits.
    params - the OAEP parameters to be set for the RSAES-OAEP keys
    
    Throws:
    
    java.security.InvalidParameterException - if the supplied parameters do not represent OAEP parameters or java.security.spec.RSAKeyGenParameterSpec or the KeyPairGenerator cannot be initialized from the parameters
  - initialize
```
public void initialize(int strength,
              java.security.spec.AlgorithmParameterSpec params,
              java.security.SecureRandom secureRandom)
                throws java.security.InvalidParameterException
```
    Initializes this key pair generator using the specified "strength" (desired key length in bits), source of random bits, and OAEP parameters. When using this initialization method, an explicit cast to RSAOaepKeyPairGenerator is required:
```
 RSAOaepKeyPairGenerator keyGen = (RSAOaepKeyPairGenerator)KeyPairGenerator.getInstance("RSAES-OAEP", "IAIK");
 keyGen.initialize(strength, oaepParamSpec, secureRandom);
 ...
 
```
    Specified by:
    
    initialize in interface OaepKeyPairGenerator
    
    Parameters:
    strength - keyLength the length of the key in bits.
    params - the OAEP parameters to be set for the RSAES-OAEP keys
    secureRandom - the random seed
    
    Throws:
    
    java.security.InvalidParameterException - if the supplied parameters do not represent OAEP parameters or java.security.spec.RSAKeyGenParameterSpec or the KeyPairGenerator cannot be initialized from the parameters
  - initialize
```
public void initialize(int strength,
              java.math.BigInteger publicExponent,
              java.security.spec.AlgorithmParameterSpec params,
              java.security.SecureRandom secureRandom)
                throws java.security.InvalidParameterException
```
    Initializes this key pair generator using the specified "strength" (desired key length in bits), public exponent, source of random bits, and OAEP parameters. When using this initialization method, an explicit cast to RSAOaepKeyPairGenerator is required:
```
 RSAOaepKeyPairGenerator keyGen = (RSAOaepKeyPairGenerator)KeyPairGenerator.getInstance("RSAES-OAEP", "IAIK");
 keyGen.initialize(strength, publicExponent, oaepParamSpec, secureRandom);
 ...
 
```
    Specified by:
    
    initialize in interface OaepKeyPairGenerator
    
    Parameters:
    strength - keyLength the length of the key in bits.
    publicExponent - the public exponent
    params - the OAEP parameters to be set for the RSAES-OAEP keys
    secureRandom - the random seed
    
    Throws:
    
    java.security.InvalidParameterException - if the supplied parameters do not represent OAEP parameters or java.security.spec.RSAKeyGenParameterSpec or the KeyPairGenerator cannot be initialized from the parameters

Class RSAOaepKeyPairGenerator

Field Summary

Fields inherited from class iaik.security.rsa.RSAKeyPairGenerator

Constructor Summary

Method Summary

Methods inherited from class iaik.security.rsa.RSAKeyPairGenerator

Methods inherited from class java.security.KeyPairGenerator

Methods inherited from class java.lang.Object

Constructor Detail

RSAOaepKeyPairGenerator

Method Detail

initialize

initialize

initialize

initialize

initialize