iaik.pkcs.pkcs11.provider.signatures.ecdsa

Class EcdsaSignature

java.lang.Object

java.security.SignatureSpi

iaik.pkcs.pkcs11.provider.signatures.PKCS11Signature

iaik.pkcs.pkcs11.provider.signatures.PKCS11BufferingSignature

iaik.pkcs.pkcs11.provider.signatures.ecdsa.UnwrappedEcdsaSignature

iaik.pkcs.pkcs11.provider.signatures.ecdsa.EcdsaSignature

All Implemented Interfaces:

PKCS11EngineClass

public class EcdsaSignature
extends UnwrappedEcdsaSignature

This is an implementation of a Signature class that uses the IAIK PKCS#11 wrapper to access the token. It only works with IAIKPKCS11PrivateKey and IAIKPKCS11PublicKey. This version uses the CKM_ECDSA mechanism to create the signature; i.e. it calculates a raw ECDSA without hashing. The application must already provide the hash as input data to this algorithm. e.g.:

 byte[] data = ...;
 IAIKPKCS11PrivateKey privateKey = ...;
 IAIKPkcs11 pkcs11Prov = ...;
 // calculate the hash outside the Signature engine:
 MessageDigest md = MessageDigest.getInstance("SHA-256");
 md.update(data);
 byte[] digest = md.digest();
 // calculate the signature
 Signature ecdsa = Signature.getInstance("RawECDSA", pkcs11Prov);
 ecdsa.initSign(privKey);
 ecdsa.update(digest);
 byte[] sigVal = signature = ecdsa.sign();
 

The signature value (r || s) calculated on the token is wrapped into an ASN.1 SEQUENCE according to ANSI X9.62.

Author:

Karl Scheibelhofer

Field Summary

Fields

Modifier and Type	Field and Description
protected static java.lang.String	SIGNATURE_ALGORITHM_NAME The JCA standard name of this signature algorithm.

Fields inherited from class iaik.pkcs.pkcs11.provider.signatures.PKCS11BufferingSignature

buffer_

Fields inherited from class iaik.pkcs.pkcs11.provider.signatures.PKCS11Signature

currentKeyIsSoftwareKey_, initialized_, operationState_, pkcs11OperationInitialized_, privateKey_, publicKey_, session_, SIGN, softwareDelegate_, tokenManager_, usedMechanismInfos_, usedMechanisms_, VERIFY

Fields inherited from class java.security.SignatureSpi

appRandom

Constructor Summary

Constructors

Constructor and Description
EcdsaSignature() Public default constructor to enable instantiation via Class.forName(String).

Method Summary

Modifier and Type	Method and Description
protected java.lang.String	getAlgorithmName() Get the JCA standard name of this signautre algorithm.
protected byte[]	pkcs11Sign() Create the signature value (ANSI X9.62, same as X.509 format).
protected boolean	pkcs11Verify(byte[] signature) Verifies the given signature (ANSI X9.62, same as X.509 format).

Methods inherited from class iaik.pkcs.pkcs11.provider.signatures.ecdsa.UnwrappedEcdsaSignature

getMechanism

Methods inherited from class iaik.pkcs.pkcs11.provider.signatures.PKCS11BufferingSignature

pkcs11InitSign, pkcs11InitVerify, pkcs11Update

Methods inherited from class iaik.pkcs.pkcs11.provider.signatures.PKCS11Signature

engineGetParameter, engineInitSign, engineInitVerify, engineSetParameter, engineSetParameter, engineSign, engineUpdate, engineUpdate, engineVerify, finalize, finalizePkcs11Operation, getUsedMechanismFeatures, getUsedMechanisms, initializePkcs11Operation, initializeSession, initializeSoftwareDelegate, isSupportedBy, pkcs11GetParameter, pkcs11SetParameter, pkcs11SetParameter, pkcs11Update

Methods inherited from class java.security.SignatureSpi

clone, engineGetParameters, engineInitSign, engineSign, engineUpdate, engineVerify

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SIGNATURE_ALGORITHM_NAME

protected static java.lang.String SIGNATURE_ALGORITHM_NAME

The JCA standard name of this signature algorithm.

Constructor Detail

EcdsaSignature

public EcdsaSignature()

Public default constructor to enable instantiation via Class.forName(String).

Method Detail

getAlgorithmName

protected java.lang.String getAlgorithmName()

Get the JCA standard name of this signautre algorithm.

Overrides:

getAlgorithmName in class UnwrappedEcdsaSignature

Returns:

The JCA standard name of this signautre algorithm.

Postconditions:

(result <> null)

pkcs11Sign

protected byte[] pkcs11Sign()
                     throws java.security.SignatureException

Create the signature value (ANSI X9.62, same as X.509 format).

Overrides:

pkcs11Sign in class UnwrappedEcdsaSignature

Returns:

A byte array holding the signature.

Throws:

java.security.SignatureException - If an error occurs when creating the signature.

Preconditions:

(operationState_ == SIGN) and (initialized_ == true)

pkcs11Verify

protected boolean pkcs11Verify(byte[] signature)
                        throws java.security.SignatureException

Verifies the given signature (ANSI X9.62, same as X.509 format).

Overrides:

pkcs11Verify in class UnwrappedEcdsaSignature

Parameters:

signature - The signature bytes to be verified.

Returns:

true if signature is OK, false otherwise.

Throws:

java.security.SignatureException - If an error occurs when verifying the signature.

Preconditions:

(operationState_ == VERIFY) and (initialized_ == true)