RawRSAPssSignature (6.0 API Documentation)

java.lang.Object
- java.security.SignatureSpi
- - iaik.security.rsa.RSAPssSignature
  - - iaik.security.rsa.RawRSAPssSignature

```
public class RawRSAPssSignature
extends RSAPssSignature
```
This class represents a "raw" implementation of the RSA PKCS#1v2.1 RSASSA-PSS digital signature algorithm where the hash on the data to be signed has to be calculated by the application.
This class may be used in a similar way than parent class RSAPssSignature except that the message hash value has to be calculated by the application. All required parameters (hash algorithm, mask generation algorithm, salt length) have to be supplied as RSAPssParameterSpec. As defined for PSS the trailer field is fixed to 0xBC.
Generally the following steps have to be performed for calculating/verifying a PSS signature when using this "raw" signature engine:
- First an instance of the raw RSASSA-PSS signature engine has to be created using a proper getInstance method, e.g.:
```
 Signature pss = Signature.getInstance("RawRSASSA-PSS");
 
```
- Second, the Signature object just created has to be properly initialized for signing a message respectively verifying a signature using a RSA private respectively RSA public key, e.g.:
  - Initialize for Signing: pss.initSign(rsaPrivateKey);
  - Initialize for Verifying: pss.initVerify(rsaPublicKey);
- Third, supply the required parameters (hash algorithm, mask generation function, salt length -- trailer field is fixed) as RSAPssParameterSpec, e.g.:
```
 // hash algorithm
 AlgorithmID hashID = (AlgorithmID)AlgorithmID.ripeMd160.clone();
 // mask generation function ID
 AlgorithmID mgfID = (AlgorithmID)AlgorithmID.mgf1.clone();
 mgfID.setParameter(hashID.toASN1Object());
 // salt length
 int saltLength = 20;
 // create a RSAPssParameterSpec
 RSAPssParameterSpec pssParamSpec = new RSAPssParameterSpec(hashID, mgfID, saltLength);
 // optionally set hash and mgf engines
 MessageDigest hashEngine = MessageDigest.getInstance("SHA-1");
 pssParamSpec.setHashEngine(hashEngine);
 MaskGenerationAlgorithm mgfEngine = MaskGenerationAlgorithm.getInstance("MGF1");
 MGF1ParameterSpec mgf1Spec = new MGF1ParameterSpec(hashID);
 mgf1Spec.setHashEngine(hashEngine);
 mgfEngine.setParameters(mgf1Spec);
 pssParamSpec.setMGFEngine(mgfEngine);
 // set parameters
 pss.setParameter(pssParamSpec); 
 
```
- Finally, if the Signature object has been initialized for signing, the (already calculated) message hash value is supplied by calling an update method and subsequently the signature is created by calling the sign method returning the signature as byte array. Otherwise, if the Signature object has been initialized for verifying, first again the message hash value is supplied by calling an update method is supplied to the Signature object, and subsequently the signature is verified by calling the verify method, supplied with the byte array holding the corresponding signature value:
  - Calculate and supply the message hash value to be signed/verified:
    MessageDigest hashEngine = hashID.getMessageDigestInstance(); byte[] rawHash = hashEngine.digest(data); pss.update(rawHash);
  - Sign the message:
    byte[] signature = pss.sign();
  - Respectively verify the signature:
    System.out.println("Signature " + (pss.verify(signature) ? "correct!" : "not correct!"));
Please note that in step 3) above when supplying the parameters it would not make sense to also set a hash engine since the message hash has to be calculated outside the engine by the calling application. This does not apply to the mask generation function which may be based on a hash algorithm (like MGF1). Any required hash operation except calculating the message hash may be done by the signature engine itself.
Please note that it is the entire responsibility of the application to take care to provide a proper hash value when calling an update method; no check is performed if the supplied hash value corresponds to the hash algorithm in use (e.g. has the correct length).
Please note that in contrast to PKCS1v1.5 -- where attacks that are based on hash algorithm compromise ("hash function substitution") are caught by including the hash algorithm id in the DigestInfo encoding -- no such mechanism is used by the PSS signature scheme. So hash function substitution has to be addressed by other means when using PSS. One possible solution is to use the same hash function for message hashing and any hash operations done by the mask generation function (if based on a hash algorithm). This is ensured for all JCA based hash engines where the hash algorithm(s) to be used are already given by the implementing class: SHA1withRSAandMGF1, for instance, uses the SHA-1 algorithm for both message hashing and MGF1 hash operations. When using this general RSASSA-PSS signature engine, hash algorithm and mask generation function have to be supplied by the calling application. In this case it is the responsibility of the application to take care of hash function substitution issues - if desired. This may be done by, for instance, setting the same hash algorithm parameter for message hashing and MGF hashing, or, for instance, using one and only hash algorithm in any case, or following any other suitable strategy.

Version:: File Revision 12
See Also:: RSAPssSignature

Field Summary

Fields
Modifier and Type	Field and Description
`protected java.security.MessageDigest`	`hash` The MessageDigest engine used to hash the data; supplied with an instance of the desired MessageDigest algorithm by any extending subclass.

Fields inherited from class java.security.SignatureSpi
appRandom

Constructor Summary

Constructors
Constructor and Description

RawRSAPssSignature()
Default constructor.

Constructors
Constructor and Description
`RawRSAPssSignature()` Default constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`engineInitSign(java.security.PrivateKey pk)` SPI: Initializes this Signature object with the given RSA private key for going to sign some data.
`protected void`	`engineInitSign(java.security.PrivateKey pk, java.security.SecureRandom random)` SPI: Initializes this Signature object with the given RSA private key for going to sign some data.
`protected void`	`engineInitVerify(java.security.PublicKey pk)` SPI: Initializes this Signature object with the given RSA public key for performing a signature verification.
`protected void`	`engineSetParameter(java.lang.String param, java.lang.Object value)` Allows to supply a SecureRandom object if required by the underlying signature scheme (e.g.
`protected void`	`engineUpdate(byte b)` SPI: Updates the data to be signed or verified with the specified byte.
`protected void`	`engineUpdate(byte[] b, int off, int len)` SPI: Updates the data to be signed or verified with the specified number of bytes, beginning at the specified offset within the given byte array.

Methods inherited from class iaik.security.rsa.RSAPssSignature
engineGetParameter, engineGetParameters, engineSetParameter, engineSign, engineVerify, setValidateAgainstPssKeyParameters

Methods inherited from class java.security.SignatureSpi
clone, engineSign, engineUpdate, engineVerify

Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - hash
```
protected java.security.MessageDigest hash
```
    The MessageDigest engine used to hash the data; supplied with an instance of the desired MessageDigest algorithm by any extending subclass.
- Constructor Detail
  - RawRSAPssSignature
```
public RawRSAPssSignature()
```
    Default constructor.
    An application shall call
```
 Signature.getInstance("RawRSASSA-PSS");
 
```
    to get the required raw PSS signature engine.
- Method Detail
  - engineUpdate
```
protected void engineUpdate(byte b)
```
    SPI: Updates the data to be signed or verified with the specified byte. Only feeds the byte to the internal buffer.
    
    Parameters:
    b - the byte to be used for updating.
  - engineUpdate
```
protected void engineUpdate(byte[] b,
                int off,
                int len)
```
    SPI: Updates the data to be signed or verified with the specified number of bytes, beginning at the specified offset within the given byte array. Only feeds the bytes to the internal buffer.
    
    Parameters:
    b - the byte array holding the data to be used for this update operation.
    off - the offset, indicating the start position within the given byte array.
    len - the number of bytes to be obtained from the given byte array, starting at the given position.
  - engineInitSign
```
protected void engineInitSign(java.security.PrivateKey pk)
                       throws java.security.InvalidKeyException
```
    SPI: Initializes this Signature object with the given RSA private key for going to sign some data.
    If the given private key is a RSAPssPrivateKey that contains parameters, these key parameters (hash algorithm, mask generation function, salt (length), trailer field) are used for initializing this Signature engine.
    
    Overrides:
    
    engineInitSign in class RSAPssSignature
    
    Parameters:
    pk - the RSA private key to be used for signing.
    
    Throws:
    
    java.security.InvalidKeyException - if a key encoding error occurs or the given key is a RSAPssPrivateKey with invalid PSS parameters, or the application has set parameters by calling setParameter before initialization and these parameters cannot be validated against the parameters contained in the PSS key
  - engineInitVerify
```
protected void engineInitVerify(java.security.PublicKey pk)
                         throws java.security.InvalidKeyException
```
    SPI: Initializes this Signature object with the given RSA public key for performing a signature verification. If the given private key is a RSAPssPublicKey that contains parameters, these key parameters (hash algorithm, mask generation function, salt (length), trailer field) are used for initializing this Signature engine.
    
    Overrides:
    
    engineInitVerify in class RSAPssSignature
    
    Parameters:
    pk - the RSA public key belonging to the RSA private key that has been used for signing.
    
    Throws:
    
    java.security.InvalidKeyException - if a key encoding error occurs or the given key is a RSAPssPublicKey with invalid PSS parameters, or the application has set parameters by calling setParameter before initialization and these parameters cannot be validated against the parameters contained in the PSS key
  - engineInitSign
```
protected void engineInitSign(java.security.PrivateKey pk,
                  java.security.SecureRandom random)
                       throws java.security.InvalidKeyException
```
    SPI: Initializes this Signature object with the given RSA private key for going to sign some data. The supplied SecureRandom may be used by the signature engine if random numbers are required (e.g. PSS).
    If a SecureRandom never has been supplied by the application, the signature engine will use a default SecureRandom, if required.
    
    Overrides:
    
    engineInitSign in class java.security.SignatureSpi
    
    Parameters:
    pk - the RSA private key to be used for signing.
    random - the SecureRandom if random numbers are required by the signature engine (e.g. PSS)
    
    Throws:
    
    java.security.InvalidKeyException - if a key encoding error occurs
  - engineSetParameter
```
protected void engineSetParameter(java.lang.String param,
                      java.lang.Object value)
                           throws java.security.InvalidParameterException
```
    Allows to supply a SecureRandom object if required by the underlying signature scheme (e.g. PSS). When using JDK versions prior JDK 1.2 method initSign(PrivateKey, SecureRandom) is not available. If required by the underlying signature scheme (e.g. PSS) an application may supply a SecureRandom object as parameter. If a SecureRandom never has been supplied by the application, the signature engine will use a default SecureRandom, if required.
    
    Specified by:
    
    engineSetParameter in class java.security.SignatureSpi
    
    Parameters:
    param - ignored
    value - the SecureRandom supplied as PKCS1AlgorithmParameterSpec
    
    Throws:
    
    java.security.InvalidParameterException - if the SecureRandom is not supplied as PKCS1AlgorithmParameterSpec

Class RawRSAPssSignature

Field Summary

Fields inherited from class java.security.SignatureSpi

Constructor Summary

Method Summary

Methods inherited from class iaik.security.rsa.RSAPssSignature

Methods inherited from class java.security.SignatureSpi

Methods inherited from class java.lang.Object

Field Detail

hash

Constructor Detail

RawRSAPssSignature

Method Detail

engineUpdate

engineUpdate

engineInitSign

engineInitVerify

engineInitSign

engineSetParameter