iaik.me.security.rsa
Class RSA

java.lang.Object
  |
  +--iaik.me.security.Cipher
        |
        +--iaik.me.security.rsa.RSA

public class RSA

extends Cipher

This class implements the RSA algorithm through the Cipher interface.

An application can use this class to encrypt or decrypt data with RSA public and private keys.

The RSA (Rivest Shamir Adleman) algorithm is one of the most famous public-key algortihms used for data encryption or digital signing based on modulo multiplications. For data encryption, messages are encrypted using the public key (modulus n, public exponent e) of some entity. Since only this entity holds the corresponding private key (private exponent d), nobody else would be able to decrypt the encrypted message. The public key (n,e) is derived by first chosing two random large primes, p and q, from which the modulus is calculated by doing n=pq. The public exponent e must be chosen to be relatively prime to (p-1)(q-1). The corresponding private exponent d yields from the prediction that ed has to be congruent to 1 mod(p-1)(q-1). Encrypting some message m (of size less than n) is done by the continued modulo multiplication c =me(mod n), decrypting uses the formula m =cd(mod n). (see "Applied Cryptography", Bruce Schneier, ISBN 0-471-59756-2). For digital signing, the RSA algorithm may be featured by a certain hash algorithm for first building the message digest of the data to be signed and subsequently signing it (encrypting it with an entity´s RSA private key). Signature verifying uses the corresponding RSA public key (see iaik.security.rsa.RSASignature).

PKCS#1 defines a data encryption method (rsaEncryption) based on the RSA public-key algorithm to be used for generating digital signatures and digital envelopes, as described in PKCS#7. Furthermore this standard describes a syntax for RSA public keys (to be used in certificates) and RSA private keys (for use in PKCS#8 private-key information). For effeciency reasons, in PKCS#1 the RSA private key is treated not only to consist of modulus n and private exponent d. Rather it is extended by a certain set of parameter values (see iaik.security.rsa.RSAPrivateKey). PKCS#1 supports compatibility to X.509 and PEM (see http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/).

This class follows the method described in PKCS#1 (Version 1.5) for RSA en/decrypting some data. The encryption process encrypts a given octet string to an encrypted octet string using two integer values as parameters, denoting the modulus (n) and the exponent (c), which either will represent the public exponent (e) or the private exponent (d), depending on whether to perform a public-key or a private-key operation. The decryption process decrypts a given encrypted octet string to an octet string, again using two integer values as parameters, denoting the modulus (n) and the exponent (c), which either will represent the public exponent (e) or the private exponent (d), depending on whether to perform a public-key or a private-key operation. Both encryption and decryption process first convert the given octet-string data input to an integer, which is transformed back to give the octet string output after doing the RSA computation. Before (respectively after) doing initial octet-string-to-integer (respectively final integer-to-octet-string) conversation, padding (unpadding) may be performed according to PKCS#1.

To en/decrypt data without any padding (encryption block formatting) use Cipher.getInstance("RSA/ECB/NoPadding"), however, this is not recommended.

You should use PKCS#1 padding, (Cipher.getInstance("RSA")), which is equivalent to RSA/ECB/PKCS1Padding). The padding block type will automatically be selected as 2 for public key encryption/ private key decryption and 1 for private key encryption/ public key decryption. You can also explicitly specify the desiged block type using Cipher.getInstance("RSA/n/PKCS1Padding") where n is the padding type (0, 1, or 2).

Code example:

 Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
 rsa.init(Cipher.ENCRYPT_MODE, RSAPrivateKey); // auto selects block type 1
 

or

 rsa.init(Cipher.ENCRYPT_MODE, RSAPublicKey);  // auto selects block type 2
 crypted = rsa.doFinal(data);
 

See Also:

Cipher, iaik.me.security.CipherSpi, CryptoBag

Fields inherited from class iaik.me.security.Cipher

chainingMode, DECRYPT_MODE, ENCRYPT_MODE, iv, mode, MODE_CBC, MODE_ECB

Constructor Summary

RSA()
Default Constructor for the RSA cipher.

Method Summary

byte[]	doFinal(byte[] message) Performs a modulo exponentiation.
int	doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) Encrypt the given data performing final padding operations.
int[]	getKeyLength() Return the valid key lengths for this cipher.
void	init(int mode, CryptoBag key, Object params, SecureRandom random) Initializes this RSA cipher with the given key.
protected String	setMode(String mode) Sets the block mode of the encryption block according to PKCS#1.
protected String	setPadding(String padding) Sets the padding scheme of this cipher, which only can be "PKCS1Padding" or "NoPadding".
int	update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) Encrypt the input data storing it in the output array.

Methods inherited from class iaik.me.security.Cipher

cryptBlock, extractIV, getBlockSize, getInstance, getIV, init, register, toString, updateInternal

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

RSA

public RSA()

Default Constructor for the RSA cipher.

This constructor only internally is used for initializing a RSA Cipher. Applications should not call this constructor to get a RSA Cipher; they should call one of the Cipher.getInstance factory methods instead.

See Also:

Cipher.getInstance(java.lang.String)

Method Detail

getKeyLength

public int[] getKeyLength()

Description copied from class: Cipher

Return the valid key lengths for this cipher. The array will always have four elements, key lengths are specified in bytes. The values identify the length of the key in bytes, not the entropy, i.e. DES returns 8 instead of 7.
[0] is the minimum allowable length (e.g. 1 byte (8 bit) for ARCFOUR).
[1] is the recommended default length (e.g. 16 byte (128 bit) for ARCFOUR).
[2] is the maximum allowable length (e.g. 128 byte (1024 bit) for ARCFOUR).
[3] is increment between key length (e.g. 1 byte (8 bit) for ARCFOUR), 4 byte (32 bit) for AES.
It is assumed that keys are always a integral number of bytes.

Overrides:

getKeyLength in class Cipher

update

public int update(byte[] input,
                  int inputOffset,
                  int inputLen,
                  byte[] output,
                  int outputOffset)
           throws CryptoException

Description copied from class: Cipher

Encrypt the input data storing it in the output array.

Overrides:

update in class Cipher

doFinal

public int doFinal(byte[] input,
                   int inputOffset,
                   int inputLen,
                   byte[] output,
                   int outputOffset)
            throws CryptoException

Description copied from class: Cipher

Encrypt the given data performing final padding operations.

Overrides:

doFinal in class Cipher

init

public void init(int mode,
                 CryptoBag key,
                 Object params,
                 SecureRandom random)
          throws CryptoException

Initializes this RSA cipher with the given key.

Before a cipher object is ready for data processing, it has to be initialized according to the desired cryptographic operation, which is specified by the opmode parameter (either ENCRYPT_MODE or DECRYPT_MODE).

The key either will be a RSAPrivateKey or a RSAPublicKey, depending on the specific cryptographic operation to be performed. This class supports keys represented by IAIK specific classes as well as java.security.spec.RSA*KeySpec, java.security.interfaces.RSA*Key, as well as java.security.PublicKey and java.security.PrivateKey that ASN.1 code themselves as RSA keys.

Applications shall use the corresponding init method of iaik.me.security.Cipher for provider independently initializing a RSA cipher.

Overrides:

init in class Cipher

Parameters:

opmode - Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE

key - an instance of a RSA PublicKey or RSA PrivateKey

random - source of randomness

Throws:

InvalidKeyException - if the RSA key cannot be created

doFinal

public byte[] doFinal(byte[] message)
               throws CryptoException

Performs a modulo exponentiation.

Applications shall use the corresponding doFinal method of iaik.me.security.Cipher for provider independently doing the data en/decryption.

The data to be processed is given in an input byte array. Beginning at inputOffset, only the first inputLen bytes are en/decrypted. The result is returned as an output byte array.

Overrides:

doFinal in class Cipher

Parameters:

in - the byte array holding the data to be processed

inOff - the offset indicating the start position within the input byte array

inLen - the number of bytes to be processed

Returns:

the byte array containing the en/decrypted data

Throws:

CryptoException - if the decrypted data is not bounded by the proper padding bytes after data decryption including (un)padding

See Also:

Cipher.doFinal(byte[], int, int, byte[], int), iaik.me.security.CipherSpi#engineDoFinal

setPadding

protected String setPadding(String padding)
                     throws CryptoException

Sets the padding scheme of this cipher, which only can be "PKCS1Padding" or "NoPadding".

Overrides:

setPadding in class Cipher

Parameters:

padding - the padding scheme for this RSA cipher

Throws:

NoSuchPaddingException - if padding algorithm is not "PKCS1Padding"

setMode

protected String setMode(String mode)
                  throws CryptoException

Sets the block mode of the encryption block according to PKCS#1. The block mode shall be 0 or 1 for a private key operation, and 2 for a public key operation.

Overrides:

setMode in class Cipher

Parameters:

the - block type (0,1 or 2)

Throws:

NoSuchAlgorithmException - if the block type is not 0,1 or 2