iaik.security.rsa

Class SSLRSASignature

java.lang.Object

java.security.SignatureSpi

iaik.security.rsa.SSLRSASignature

public class SSLRSASignature
extends java.security.SignatureSpi

THIS CLASS IS OUTDATED AND SHOULD NOT BE USED ANY LONGER. It was originally written for use by the iSaSiLk library, but it is not used for this purpose any longer. It will probably be removed in a future release, if you still need it please contact jce-sales@iaik.at.

This class implements a special form of a RSA Signature as used within the Secure Sockets Layer (SSL v3.0) protocol.

SSL handles digital signatures by either using the Digital Signature Algorithm (DSA) or a RSA based method. This class implements the RSA version od SSL digital signing, where the SHA and MD5 hash algorithms are used to form 36-byte structure, which subsequently is signed (encrypted with the RSA private key).

In contrast to Md5RSASignature and ShaRSASignature this class not only calls the superclass constructor specifying the hash algorithm to be used. This class overrides all the methods of the superclass according to the particular signature requirements of the SSLv3 protocol.

The general proceeding for signing a message (e.g. build up of client_hello_random + server_hello_random + params) or verifying a signature follows the common guidelines prescribing three steps to be performed:

• First an instance of the desired signature algorithm has to be created using a proper getInstance method, e.g.:

   Signature ssl_rsa = Signature.getInstance("SSL/RSA");
   

• Second, the Signature object just created has to be properly initialized for signing a message respectively verifying a signature using a RSA private respectively RSA public key, e.g.:
  • Initialize for Signing: ssl_rsa.initSign(rsaPrivateKey);
  • Initialize for Verifying: ssl_rsa.initVerify(rsaPublicKey);

• Finally, if the Signature object has been initialized for signing, the data to be signed is supplied to it and subsequently the signature is created by calling the sign method returning the signature as byte array. Otherwise, if the Signature object has been initialized for verifying, first the data to be verified is supplied to the Signature object, and subsequently the signature is verified by calling the verify method, supplied with the byte array holding the corresponding signature value:
  • Supply the data to be signed, and subsequently sign it:

     ssl_rsa.update(data);
     byte[] signature = ssl_rsa.sign();
     

  • Supply the data to be verified, and verify the signature:

     ssl_rsa.update(data);
     System.out.println("Signature " + (ssl_rsa.verify(signature) ? "correct!" : "not correct!"));
     

Version:

File Revision 20

See Also:

RSASignature, ShaRSASignature, Md5RSASignature, Signature, Md5, SHA

Field Summary

Fields inherited from class java.security.SignatureSpi

appRandom

Constructor Summary

Constructors

Constructor and Description
SSLRSASignature() The default constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected java.lang.Object	engineGetParameter(java.lang.String param) This method is not implemented and only throws an InvalidParameterException
protected void	engineInitSign(java.security.PrivateKey privateKey) SPI: Initializes this Signature object with the given RSA private key for going to sign some data.
protected void	engineInitSign(java.security.PrivateKey privateKey, java.security.SecureRandom random) SPI: Initializes this Signature object with the given RSA private key and the given SecureRandom generator for going to sign some data.
protected void	engineInitVerify(java.security.PublicKey pk) SPI: Initializes this signature object with the given RSA public key for performing a signature verification.
protected void	engineSetParameter(java.lang.String param, java.lang.Object value) This method is not implemented and only throws an InvalidParameterException
protected byte[]	engineSign() SPI: Returns a byte array holding the signature resulting from all already performed data update operations.
protected void	engineUpdate(byte b) SPI: Updates the data to be signed or verified with the specified byte.
protected void	engineUpdate(byte[] b, int off, int len) SPI: Updates the data to be signed or verified with the specified number of bytes, beginning at the specified offset within the given byte array.
protected boolean	engineVerify(byte[] sigBytes) Verifies the given signature of a message according to SSL v3.0.

Methods inherited from class java.security.SignatureSpi

clone, engineGetParameters, engineSetParameter, engineSign, engineUpdate, engineVerify

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SSLRSASignature

public SSLRSASignature()
                throws java.security.NoSuchAlgorithmException

The default constructor. Creates a new SSL/RSA Signature object.

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for MD5 or SHA

Method Detail

engineInitVerify

protected void engineInitVerify(java.security.PublicKey pk)
                         throws java.security.InvalidKeyException

SPI: Initializes this signature object with the given RSA public key for performing a signature verification.

Specified by:

engineInitVerify in class java.security.SignatureSpi

Parameters:

pk - the RSA public key belonging to the RSA private key that has been used for signing.

Throws:

java.security.InvalidKeyException - if a key encoding error occurs

engineInitSign

protected void engineInitSign(java.security.PrivateKey privateKey)
                       throws java.security.InvalidKeyException

SPI: Initializes this Signature object with the given RSA private key for going to sign some data.

Specified by:

engineInitSign in class java.security.SignatureSpi

Parameters:

privateKey - the RSA private key to be used for signing.

Throws:

java.security.InvalidKeyException - if a key encoding error occurs

engineInitSign

protected void engineInitSign(java.security.PrivateKey privateKey,
                  java.security.SecureRandom random)
                       throws java.security.InvalidKeyException

SPI: Initializes this Signature object with the given RSA private key and the given SecureRandom generator for going to sign some data.

Overrides:

engineInitSign in class java.security.SignatureSpi

Parameters:

privateKey - the RSA private key to be used for signing.

random - the random number generator

Throws:

java.security.InvalidKeyException - if a key decoding error occurs

engineSign

protected byte[] engineSign()
                     throws java.security.SignatureException

SPI: Returns a byte array holding the signature resulting from all already performed data update operations. The signature is returned as defined in SSL v3.0.

According to SSLv3 the data is digested with both Md5 and SHA algorithms before encrypting the result using the RSA algorithm with PKCS#1 padding.

Specified by:

engineSign in class java.security.SignatureSpi

Returns:

a byte array holding the signature

Throws:

java.security.SignatureException - if an error occurs when creating the signature

engineVerify

protected boolean engineVerify(byte[] sigBytes)
                        throws java.security.SignatureException

Verifies the given signature of a message according to SSL v3.0.

According to SSLv3 the data is digested with both Md5 and SHA algorithms before decrypting it using the RSA algorithm.

Specified by:

engineVerify in class java.security.SignatureSpi

Parameters:

sigBytes - the signature bytes to be verified

Returns:

true if signature is OK, false if not

Throws:

java.security.SignatureException - if an error occurs when verifying the signature

engineUpdate

protected void engineUpdate(byte b)

SPI: Updates the data to be signed or verified with the specified byte.

Specified by:

engineUpdate in class java.security.SignatureSpi

Parameters:

b - the byte to update.

engineUpdate

protected void engineUpdate(byte[] b,
                int off,
                int len)

SPI: Updates the data to be signed or verified with the specified number of bytes, beginning at the specified offset within the given byte array.

Specified by:

engineUpdate in class java.security.SignatureSpi

Parameters:

b - the byte array holding the data to be used for this update operation.

off - the offset, indicating the start position within the given byte array.

len - the number of bytes to be obtained from the given byte array, starting at the given position.

engineSetParameter

protected void engineSetParameter(java.lang.String param,
                      java.lang.Object value)
                           throws java.security.InvalidParameterException

This method is not implemented and only throws an InvalidParameterException

Specified by:

engineSetParameter in class java.security.SignatureSpi

Throws:

java.security.InvalidParameterException - This Method is not supported

engineGetParameter

protected java.lang.Object engineGetParameter(java.lang.String param)
                                       throws java.security.InvalidParameterException

This method is not implemented and only throws an InvalidParameterException

Specified by:

engineGetParameter in class java.security.SignatureSpi

Throws:

java.security.InvalidParameterException - This Method is not supported