|
|||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||
java.lang.Object | +--ostore.security.RawNativeRSASignature_PKCS1_SHA1
A signature class not encumbered by the horrendous design decisions of the Java Signature interface. This class allows the person creating or verifying a signature to extract the result of the secure hash which is calculated along the way, a feat which is not possible under the Signature interface, AFAIK. It also can't inherit from SignatureSpi, since I want all of the engineXXX functions to be public, not protected. Silly Java engineers...
As with NativeRSASignature_PKCS1_SHA1, this class is totally copied from Cryptix. I would _LOVE_ to just extend the class RSASignature_PKCS1_SHA1 and overload only the engineSign and engineVerify methods, but the makePKCS1 function is private, so I have to copy the entire class. I'm talking with the Cryptix folks about having that remedied if possible.
| Constructor Summary | |
|---|---|
RawNativeRSASignature_PKCS1_SHA1()
Constructor for an Any_RSA_PKCS1Signature. |
|
| Method Summary | |
|---|---|
protected Object |
engineGetParameter(String param)
|
void |
engineInitSign(PrivateKey key)
Initializes this signature object for signing, using the given private key. |
void |
engineInitSign(PrivateKey privateKey,
SecureRandom random)
|
void |
engineInitVerify(PublicKey key)
Initializes this signature object for verification, using the given public key. |
protected void |
engineSetParameter(AlgorithmParameterSpec params)
|
protected void |
engineSetParameter(String param,
Object value)
|
byte[] |
engineSign(SecureHash digest)
Terminates the update process and returns the signature bytes of all the data signed so far. |
boolean |
engineVerify(byte[] signature,
SecureHash digest)
Terminates the update process and verifies that the passed signature equals that of a generated one based on the updated data so far. |
protected byte[] |
getAlgorithmEncoding()
|
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
public RawNativeRSASignature_PKCS1_SHA1()
| Method Detail |
protected byte[] getAlgorithmEncoding()
public void engineInitVerify(PublicKey key)
throws InvalidKeyException
key - the public key this signature is assumed to have been
generated with.
InvalidKeyException - If the key class does not implement
java.security.interfaces.RSAPrivateKey or if the size of the
minimal PKCS#1 frame generated by the engineSign() method will
be larger than the public key modulus.
public void engineInitSign(PrivateKey key)
throws InvalidKeyException
key - the private key to be used to generate signatures.
InvalidKeyException - If the key class does not implement
java.security.interfaces.RSAPrivateKey or
If the size of the minimal PKCS#1 frame generated by the
engineSign() method will be larger than the public key modulus.
public void engineInitSign(PrivateKey privateKey,
SecureRandom random)
throws InvalidKeyException
InvalidKeyException
public byte[] engineSign(SecureHash digest)
throws SignatureException
NOTES: Sun's documentation talks about the bytes returned being X.509-encoded. For this RSA/PKCS#1 implementation, they conform to PKCS#1 section 10. Practically, the return value will be formed by concatenating a leading NULL byte, a block type BT, a padding block PS, another NULLbyte, and finally a data block D; ie:
return = 0x00 || BT || PS || 0x00 || D.
For signing, PKCS#1 block type 01 encryption-block formatting
scheme is employed. The block type BT is a single byte valued
0x01 and the padding block PS is enough 0xFF bytes to make the
length of the complete RSA Multi Precision Integer equal to the length
of the public modulus. The data block D consists of the MIC --
Message Integrity Check, or message digest value-- and the MIC
algorithm ASN.1 encoded identifier. The formal syntax in ASN.1
notation is:
SEQUENCE {
digestAlgorithm AlgorithmIdentifier,
digest OCTET STRING
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
SignatureException - if the engine is not initialised properly.
public boolean engineVerify(byte[] signature,
SecureHash digest)
throws SignatureException
NOTES: Sun's documentation talks about the bytes received
being X.509-encoded. For this RSA/PKCS#1 implementation, the bytes
received are assumed to conform to PKCS#1 section 10, or have
been generated by a previous invocation of the engineSign
method.
signature - the signature bytes to be verified.
SignatureException - if the engine is not initialised
properly, the received signature data is improperly
encoded or of the wrong type, etc.
protected void engineSetParameter(String param,
Object value)
throws InvalidParameterException
InvalidParameterException
protected void engineSetParameter(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException
InvalidAlgorithmParameterException
protected Object engineGetParameter(String param)
throws InvalidParameterException
InvalidParameterException
|
|||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||