All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class cryptix.provider.rsa.Any_RSA_PKCS1Signature

java.lang.Object
   |
   +----java.security.Signature
           |
           +----cryptix.provider.rsa.Any_RSA_PKCS1Signature

public abstract class Any_RSA_PKCS1Signature
extends Signature
An abstract class to digest a message and sign/verify the resulting hash value, using any JCA MessageDigest algorithm with the RSA digital signature scheme, and the formatting and padding conventions defined by PKCS#1. These conventions are compatible with PEM (RFC-1423).

References:

  1. Bruce Schneier, "Section 19.3 RSA," Applied Cryptography, 2nd edition, John Wiley & Sons, 1996.

  2. PKCS#1 [need reference]

  3. RFC-1423 [need reference]

Copyright © 1997 Systemics Ltd on behalf of the Cryptix Development Team.
All rights reserved.

$Revision: 1.4 $

Author:
Raif S. Naffah, David Hopwood

Constructor Index

 o Any_RSA_PKCS1Signature(String)
Constructor for an Any_RSA_PKCS1Signature.

Method Index

 o engineGetParameter(String)
 o engineInitSign(PrivateKey)
SPI: Initializes this signature object for signing, using the given private key.
 o engineInitVerify(PublicKey)
SPI: Initializes this signature object for verification, using the given public key.
 o engineSetParameter(String, Object)
 o engineSign()
Terminates the update process and returns the signature bytes of all the data signed so far.
 o engineUpdate(byte)
Updates the data to be signed or verified, using one byte.
 o engineUpdate(byte[], int, int)
Updates the data to be signed or verified, using the specified sub-array of bytes, starting at the specified offset.
 o engineVerify(byte[])
Terminates the update process and verifies that the passed signature equals that of a generated one based on the updated data so far.
 o getAlgorithmEncoding()
Returns the ASN.1 bytes of the AlgorithmIdentifier token described in engineSign() method above.

Constructors

 o Any_RSA_PKCS1Signature
 protected Any_RSA_PKCS1Signature(String mdAlgorithm)
Constructor for an Any_RSA_PKCS1Signature.

Parameters:
mdAlgorithm - the standard JCA algorithm name of the message digest to be used.

Methods

 o engineInitSign
 protected void engineInitSign(PrivateKey key) throws InvalidKeyException
SPI: Initializes this signature object for signing, using the given private key.

Parameters:
key - the private key to be used to generate signatures.
Throws: InvalidKeyException
if the key class does not implement java.security.interfaces.RSAPrivateKey.
Overrides:
engineInitSign in class Signature
 o engineInitVerify
 protected void engineInitVerify(PublicKey key) throws InvalidKeyException
SPI: Initializes this signature object for verification, using the given public key.

Parameters:
key - the public key this signature is assumed to have been generated with.
Throws: InvalidKeyException
if the key class does not implement java.security.interfaces.RSAPublicKey.
Overrides:
engineInitVerify in class Signature
 o engineUpdate
 protected void engineUpdate(byte b) throws SignatureException
Updates the data to be signed or verified, using one byte.

Parameters:
b - the byte to use for the update process.
Throws: SignatureException
if the engine is not initialised properly.
Overrides:
engineUpdate in class Signature
 o engineUpdate
 protected void engineUpdate(byte in[],
                             int offset,
                             int length) throws SignatureException
Updates the data to be signed or verified, using the specified sub-array of bytes, starting at the specified offset.

Parameters:
in - the array of bytes.
offset - the offset to start from in in.
length - the number of bytes to use, starting at offset.
Throws: SignatureException
if the engine is not initialised properly.
Overrides:
engineUpdate in class Signature
 o engineSign
 protected byte[] engineSign() throws SignatureException
Terminates the update process and returns the signature bytes of all the data signed so far.

NOTES: Sun's documentation talks about the bytes returned being X.509-encoded. For this RSA/PKCS#1 implementation, they conform to PKCS#1 section 10. Practically, the return value will be formed by concatenating a leading NULL byte, a block type BT, a padding block PS, another NULLbyte, and finally a data block D; ie:

     return = 0x00 || BT || PS || 0x00 || D.
 
For signing, PKCS#1 block type 01 encryption-block formatting scheme is employed. The block type BT is a single byte valued 0x01 and the padding block PS is enough 0xFF bytes to make the length of the complete RSA Multi Precision Integer equal to the length of the public modulus. The data block D consists of the MIC -- Message Integrity Check, or message digest value-- and the MIC algorithm ASN.1 encoded identifier. The formal syntax in ASN.1 notation is:
   SEQUENCE {
     digestAlgorithm  AlgorithmIdentifier,
     digest           OCTET STRING
   }
   AlgorithmIdentifier ::= SEQUENCE {
     algorithm        OBJECT IDENTIFIER,
     parameters       ANY DEFINED BY algorithm OPTIONAL
   }
 

Returns:
the signature bytes of the signing operation's result.
Throws: SignatureException
if the engine is not initialised properly.
Overrides:
engineSign in class Signature
 o engineVerify
 protected boolean engineVerify(byte signature[]) throws SignatureException
Terminates the update process and verifies that the passed signature equals that of a generated one based on the updated data so far.

NOTES: Sun's documentation talks about the bytes received being X.509-encoded. For this RSA/PKCS#1 implementation, the bytes received are assumed to conform to PKCS#1 section 10, or have been generated by a previous invocation of the engineSign method.

Parameters:
signature - the signature bytes to be verified.
Returns:
true if the signature was verified successfully, false otherwise.
Throws: SignatureException
if the engine is not initialised properly, the received signature data is improperly encoded or of the wrong type, etc.
Overrides:
engineVerify in class Signature
 o engineSetParameter
 protected void engineSetParameter(String param,
                                   Object value) throws InvalidParameterException
Overrides:
engineSetParameter in class Signature
 o engineGetParameter
 protected Object engineGetParameter(String param) throws InvalidParameterException
Overrides:
engineGetParameter in class Signature
 o getAlgorithmEncoding
 protected abstract byte[] getAlgorithmEncoding()
Returns the ASN.1 bytes of the AlgorithmIdentifier token described in engineSign() method above.

Returns:
the AlgorithmIdentifier bytes.

All Packages  Class Hierarchy  This Package  Previous  Next  Index