Package   Class  Use  Tree  Deprecated  Index  Help 
IAIK PKCS#11 Provider Micro Edition
version 1.0
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

iaik.pkcs.pkcs11.me
Class Signature

java.lang.Object
  extended byiaik.pkcs.pkcs11.me.Signature
public class Signature
extends java.lang.Object

A Signature object creates and verifies signature values and MAC values using the associated token.

The application must initiate a signature creation using the initSign(Key) method and a signature verification using the initVerify(Key) method. Thereafter, it feeds in the input data (i.e. the data to be signed, or the signed data) using update(byte[]). To finish the operation, the application calls sign() to create the signature value or verify(byte[]) to verify a signature value. The application should always finish each operation, otherwise resources may be bound until the operation gets finished.

A typical piece of code using this class may look like this. 

  Token token = ... // get token from module
  long algorithm = Signature.ALGORITHM_SHA1WithRSA;
  if (!token.supportsAlgorithm(algorithm)) {
    ... // token does not support this signature algorithm
  }
 
  // login user first to be able to see private key objects on the token
  char[] pin = ... // e.g. prompt the PIN from the user
  token.loginUser(pin);
 
  // get a key store view of the keys and certificates on the token
  KeyStore keyStore = token.getKeyStore();
  String alias = ... // select a key from the key store
  Key key = keyStore.getKey(alias);
  if (!key.canBeUsedFor(Key.USAGE_SIGNATURE_CREATION)) {
    ... // this key cannot be used for signature creation
  }
  
  // also get the DER encoded certificate for the key 
  byte[] certificate = keyStore.getCertificate(alias);
 
  Signature signature = token.getSignature(algorithm);
  signature.initSign(key);
  byte[] dataToBeSigned = ... // assign data
  signature.update(dataToBeSigned);
  byte[] signatureValue = signature.sign();
The variable signatureValue will hold the signature value; e.g. 128 bytes (1024 bit) for a 1024 bit RSA signature.

This class is not thread safe.

See Also:
Token, Token.getSignature(long), Token.supportsAlgorithm(long, int), Key.canBeUsedFor(long)

Field Summary
static long ALGORITHM_HmacMD2
          The algorithm code constant for a MD2 HMAC according to RFC 2104
This corresponds to HmacMD2 in the JCE.
static long ALGORITHM_HmacMD5
          The algorithm code constant for a MD5 HMAC according to RFC 2104
This corresponds to HmacMD5 in the JCE.
static long ALGORITHM_HmacRipeMd128
          The algorithm code constant for a RIPEMD 128 HMAC according to RFC 2104
This corresponds to HmacRipeMd128 in the JCE.
static long ALGORITHM_HmacRipeMd160
          The algorithm code constant for a RIPEMD 160 HMAC according to RFC 2104
This corresponds to HmacRipeMd160 in the JCE.
static long ALGORITHM_HmacSHA1
          The algorithm code constant for a SHA-1 HMAC according to RFC 2104
This corresponds to HmacSHA1 in the JCE.
static long ALGORITHM_HmacSHA256
          The algorithm code constant for a SHA-256 HMAC according to RFC 2104
This corresponds to HmacSHA256 in the JCE.
static long ALGORITHM_HmacSHA384
          The algorithm code constant for a SHA-384 HMAC according to RFC 2104
This corresponds to HmacSHA384 in the JCE.
static long ALGORITHM_HmacSHA512
          The algorithm code constant for a SHA-512 HMAC according to RFC 2104
This corresponds to HmacSHA512 in the JCE.
static long ALGORITHM_MD2WithRSA
          The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated MD2 hashing.
static long ALGORITHM_MD5WithRSA
          The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated MD5 hashing.
static long ALGORITHM_RawRSA
          The algorithm code constant for RSA signature according to PKCS#1 version 1.5 without hashing; i.e. the application must provide the encoded digest info structure of the hash value.
static long ALGORITHM_RIPEMD128WithRSA
          The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated RIPEMD-128 hashing.
static long ALGORITHM_RIPEMD160WithRSA
          The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated RIPEMD-160 hashing.
static long ALGORITHM_SHA1WithRSA
          The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated SHA-1 hashing.
static long ALGORITHM_SHA1WithRSAandMGF1
          The algorithm code constant for RSA PSS signature according to PKCS#1 version 2.0.
static long ALGORITHM_SHA256WithRSA
          The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated SHA-256 hashing.
static long ALGORITHM_SHA256WithRSAandMGF1
          The algorithm code constant for RSA PSS signature according to PKCS#1 version 2.0.
static long ALGORITHM_SHA384WithRSA
          The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated SHA-384 hashing.
static long ALGORITHM_SHA384WithRSAandMGF1
          The algorithm code constant for RSA PSS signature according to PKCS#1 version 2.0.
static long ALGORITHM_SHA512WithRSA
          The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated SHA-512 hashing.
static long ALGORITHM_SHA512WithRSAandMGF1
          The algorithm code constant for RSA PSS signature according to PKCS#1 version 2.0.
 
Method Summary
 void initSign(Key key)
          Initialize a signature creation operation.
 void initVerify(Key key)
          Initialize a signature verification operation.
 byte[] sign()
          Finish the current signature creation operation and return the final signature value.
 void update(byte[] data)
          Provide the input data for the current operation; i.e. data to be signed or the signed data.
 boolean verify(byte[] signature)
          Finish the current signature verification operation and return the verification result.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ALGORITHM_RawRSA

public static final long ALGORITHM_RawRSA
The algorithm code constant for RSA signature according to PKCS#1 version 1.5 without hashing; i.e. the application must provide the encoded digest info structure of the hash value. A typical code may look like this: 
  // prepare hash value
  byte[] hashValue = ... // 20 bytes of a SHA-1 hash value
  byte[] encodedDigestInfo = 
    MessageDigest.makeDigestInfo(hashValue, MessageDigest.ALGORITHM_SHA_1);
  
  // create RSA signature
  Signature signature = token.getSignature(Signature.ALGORITHM_RawRSA);
  signature.initSign(key);
  byte[] signatureValue = signature.sign(encodedDigestInfo);
Note that the PKCS#1 padding is done during the signature operation.

See Also:
MessageDigest.makeDigestInfo(byte[], long), Constant Field Values

ALGORITHM_SHA1WithRSA

public static final long ALGORITHM_SHA1WithRSA
The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated SHA-1 hashing.
This corresponds to SHA1withRSA in the JCA 1.2 and SHA-1/RSA in JCA 1.1.

See Also:
Constant Field Values

ALGORITHM_SHA256WithRSA

public static final long ALGORITHM_SHA256WithRSA
The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated SHA-256 hashing.
This corresponds to SHA256withRSA in the JCA 1.2 and SHA-256/RSA in JCA 1.1.

See Also:
Constant Field Values

ALGORITHM_SHA384WithRSA

public static final long ALGORITHM_SHA384WithRSA
The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated SHA-384 hashing.
This corresponds to SHA384withRSA in the JCA 1.2 and SHA-384/RSA in JCA 1.1.

See Also:
Constant Field Values

ALGORITHM_SHA512WithRSA

public static final long ALGORITHM_SHA512WithRSA
The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated SHA-512 hashing.
This corresponds to SHA512withRSA in the JCA 1.2 and SHA-512/RSA in JCA 1.1.

See Also:
Constant Field Values

ALGORITHM_MD2WithRSA

public static final long ALGORITHM_MD2WithRSA
The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated MD2 hashing.
This corresponds to MD2withRSA in the JCA 1.2 and MD2/RSA in JCA 1.1.

See Also:
Constant Field Values

ALGORITHM_MD5WithRSA

public static final long ALGORITHM_MD5WithRSA
The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated MD5 hashing.
This corresponds to MD5withRSA in the JCA 1.2 and MD5/RSA in JCA 1.1.

See Also:
Constant Field Values

ALGORITHM_RIPEMD128WithRSA

public static final long ALGORITHM_RIPEMD128WithRSA
The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated RIPEMD-128 hashing.
This corresponds to RIPEMD128withRSA in the JCA 1.2 and RIPEMD-128/RSA in JCA 1.1.

See Also:
Constant Field Values

ALGORITHM_RIPEMD160WithRSA

public static final long ALGORITHM_RIPEMD160WithRSA
The algorithm code constant for RSA signature according to PKCS#1 version 1.5 with integrated RIPEMD-160 hashing.
This corresponds to RIPEMD160withRSA in the JCA 1.2 and RIPEMD-160/RSA in JCA 1.1.

See Also:
Constant Field Values

ALGORITHM_SHA1WithRSAandMGF1

public static final long ALGORITHM_SHA1WithRSAandMGF1
The algorithm code constant for RSA PSS signature according to PKCS#1 version 2.0. with integrated SHA-1 hashing.
This corresponds to SHA1withRSAandMGF1 in the JCA.

See Also:
Constant Field Values

ALGORITHM_SHA256WithRSAandMGF1

public static final long ALGORITHM_SHA256WithRSAandMGF1
The algorithm code constant for RSA PSS signature according to PKCS#1 version 2.0. with integrated SHA-256 hashing.
This corresponds to SHA256withRSAandMGF1 in the JCA.

See Also:
Constant Field Values

ALGORITHM_SHA384WithRSAandMGF1

public static final long ALGORITHM_SHA384WithRSAandMGF1
The algorithm code constant for RSA PSS signature according to PKCS#1 version 2.0. with integrated SHA-384 hashing.
This corresponds to SHA384withRSAandMGF1 in the JCA.

See Also:
Constant Field Values

ALGORITHM_SHA512WithRSAandMGF1

public static final long ALGORITHM_SHA512WithRSAandMGF1
The algorithm code constant for RSA PSS signature according to PKCS#1 version 2.0. with integrated SHA-512 hashing.
This corresponds to SHA512withRSAandMGF1 in the JCA.

See Also:
Constant Field Values

ALGORITHM_HmacSHA1

public static final long ALGORITHM_HmacSHA1
The algorithm code constant for a SHA-1 HMAC according to RFC 2104
This corresponds to HmacSHA1 in the JCE.

See Also:
Constant Field Values

ALGORITHM_HmacSHA256

public static final long ALGORITHM_HmacSHA256
The algorithm code constant for a SHA-256 HMAC according to RFC 2104
This corresponds to HmacSHA256 in the JCE.

See Also:
Constant Field Values

ALGORITHM_HmacSHA384

public static final long ALGORITHM_HmacSHA384
The algorithm code constant for a SHA-384 HMAC according to RFC 2104
This corresponds to HmacSHA384 in the JCE.

See Also:
Constant Field Values

ALGORITHM_HmacSHA512

public static final long ALGORITHM_HmacSHA512
The algorithm code constant for a SHA-512 HMAC according to RFC 2104
This corresponds to HmacSHA512 in the JCE.

See Also:
Constant Field Values

ALGORITHM_HmacMD5

public static final long ALGORITHM_HmacMD5
The algorithm code constant for a MD5 HMAC according to RFC 2104
This corresponds to HmacMD5 in the JCE.

See Also:
Constant Field Values

ALGORITHM_HmacMD2

public static final long ALGORITHM_HmacMD2
The algorithm code constant for a MD2 HMAC according to RFC 2104
This corresponds to HmacMD2 in the JCE.

See Also:
Constant Field Values

ALGORITHM_HmacRipeMd128

public static final long ALGORITHM_HmacRipeMd128
The algorithm code constant for a RIPEMD 128 HMAC according to RFC 2104
This corresponds to HmacRipeMd128 in the JCE.

See Also:
Constant Field Values

ALGORITHM_HmacRipeMd160

public static final long ALGORITHM_HmacRipeMd160
The algorithm code constant for a RIPEMD 160 HMAC according to RFC 2104
This corresponds to HmacRipeMd160 in the JCE.

See Also:
Constant Field Values
Method Detail

initSign

public void initSign(Key key)
              throws PKCS11RuntimeException
Initialize a signature creation operation. The specified key must be valid for signature creation; i.e. key.canBeUsedFor(Key.USAGE_SIGNATURE_CREATION) must return true.

After this call, the application calls update(byte[]) one or more times. To finish the signature creation, the application calls sign().

Parameters:
key - The signature creation key.
Throws:
PKCS11RuntimeException - If the initialization of the signature operation fails.
See Also:
update(byte[]), sign(), Key.canBeUsedFor(long)

initVerify

public void initVerify(Key key)
                throws PKCS11RuntimeException
Initialize a signature verification operation. The specified key must be valid for signature creation; i.e. key.canBeUsedFor(Key.USAGE_SIGNATURE_VERIFICATION) must return true.

After this call, the application calls update(byte[]) one or more times. To finish the signature verification, the application calls verify(byte[]).

Parameters:
key - The signature verification key.
Throws:
PKCS11RuntimeException - If the initialization of the signature operation fails.
See Also:
update(byte[]), verify(byte[]), Key.canBeUsedFor(long)

update

public void update(byte[] data)
            throws PKCS11RuntimeException
Provide the input data for the current operation; i.e. data to be signed or the signed data.
The application may call this method one or more times after calling initSign(Key) or initVerify(Key).
After providing the last input data, the application calls sign() or verify(byte[]) to finish the current operation.

Parameters:
data - Input data; i.e. data to be signed or the signed data.
Throws:
PKCS11RuntimeException - If sending data to the token fails.
See Also:
initSign(Key), initVerify(Key), sign(), verify(byte[])

sign

public byte[] sign()
            throws PKCS11RuntimeException
Finish the current signature creation operation and return the final signature value.

After this call, this signature object is reset to the state in which it was right after the call to initSign(Key). The application can reuse it to create another signature; i.e. it can start with calling update(byte[]) without calling initSign(Key) first.

The application may also initialize the object again for other signature creation and verification operations.

Returns:
The signature value.
Throws:
PKCS11RuntimeException - If the signature creation fails.
See Also:
initSign(Key), update(byte[])

verify

public boolean verify(byte[] signature)
               throws PKCS11RuntimeException
Finish the current signature verification operation and return the verification result.

After this call, this signature object is reset to the state in which it was right after the call to initVerify(Key). The application can reuse it to verify another signature; i.e. it can start with calling update(byte[]) without calling initVerify(Key) first.

The application may also initialize the object again for other signature creation and verification operations.

Parameters:
signature - The signature to be verified.
Returns:
true if the signature is valid.
Throws:
PKCS11RuntimeException - If the signature verification fails.
See Also:
initVerify(Key), update(byte[])
Package   Class  Use  Tree  Deprecated  Index  Help 
IAIK PKCS#11 Provider Micro Edition
version 1.0
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
IAIK JavaSecurity Website http://jce.iaik.tugraz.at/

IAIK at Graz University of Technology, Austria, Europe
Copyright 2001-2005, IAIK, Graz University of Technology, Inffeldgasse 16a, 8010 Graz, Austria. All Rights Reserved. version 1.0