iaik.cms
Class EncryptedContentInfo

java.lang.Object
  extended by iaik.cms.EncryptedContentInfoStream
      extended by iaik.cms.EncryptedContentInfo

public class EncryptedContentInfo
extends EncryptedContentInfoStream

This class implements the CMS EncryptedContentInfo type.

The Cryptographic Message Syntax (CMS) ( RFC 5652) defines the EncryptedContentInfo type for specifying the content type, the content encryption algorithm and the encrypted content of an EnvelopedData, or EncryptedData structure:

 EncryptedContentInfo ::= SEQUENCE {
   contentType                 ContentType,
   contentEncryptionAlgorithm  ContentEncryptionAlgorithmIdentifier,
   encryptedContent            [0] IMPLICIT EncryptedContent OPTIONAL }
 
EncryptedContent ::= OCTET STRING

This class provides several constructors and methods for creating an EncryptedContentInfo, encrypting its content (thereby optionally creating a secret content-encryption key in accordance with the specified content-encryption algorithm), and "re-decrypting" the encrypted content again.

This class - as in common with all IAIK CMS content type implementations - provides mechanims for encoding the inherent encrypted content data as indefinite primitive octet string instead of using the default primitive definite encoding scheme:

 0x24 0x80
           0x04 <blocksize> <first encrypted content block>
           0x04 <blocksize> <second encrypted content block>
           0x04 <blocksize> <third encrypted content block>
                ...
 0x00 0x00
 
instead of:
 0x04 <length> <encrypted content>
 

For enabling an indefinte constructed encoding of the inherent encrypted content, method setBlockSize has to be used for defining the length of each primitive definite encoded octet string component before actually performing the encoding by means of the getEncoded method, e.g.:
 //create a EncryptedContentInfo for the data to be encrypted, supplied as byte array:
 byte[] data = ...;
 EncryptedContentInfo eci = new EncryptedContentInfo(ObjectID.cms_data, data);
 //generate secret key and set up the cipher for encryption:
 SecretKey key = eci.setupCipher((AlgorithmID)AlgorithmID.des_EDE3_CBC.clone());
 //optionally set the block size for splitting the encoding:
 eci.setBlockSize(1024);
 //transform the EncryptedContentInfo into an ASN1Object or immediately
 //perform the DER encoding:
 ASN1Object obj = eci.toASN1Object(); //respectively: byte[]encoding = eci.getEncoded();
 
Note: in contrast to the equivalent stream supporting EncryptedContentInfoStream parent class, where the setupCipher method only initializes the cipher and the content encryption actually is done during the encoding by piping the data through a cipher stream, in this class whole the content encryption already is performed inside the setupCipher method.

When parsing an already existing EncryptedContentInfo object a proper setupCipher method has to be used for initializing the cipher and decrypting the encrypted content:

 //create an EncryptedContentInfo from the given EncryptedContentInfo ASN1Object:
 //(if the EncryptedContentInfo is supplied as DER encoding first decode it to an ASN1Objet)
 ASN1Object obj = DerCoder.decode(encoding);
 EncryptedContentInfo eci = new EncryptedContentInfo(obj);
 //setup the cipher with the right secret key and decrypt the encrypted content:
 eci.setupCipher(key);
 //get the recovered raw data:
 byte[] data = eci.getContent();
 

See Also:
EnvelopedData, EncryptedData, EncryptedContentInfoStream

Field Summary
 
Fields inherited from class iaik.cms.EncryptedContentInfoStream
blockSize_, cipher_, contentEncryptionAlgorithm_, contentType_, EXPLICIT, IMPLICIT, securityProvider_
 
Constructor Summary
protected EncryptedContentInfo()
          Default constructor.
  EncryptedContentInfo(ASN1Object obj)
          Creates an EncryptedContentInfo from an ASN1Object.
  EncryptedContentInfo(java.io.InputStream is)
          Creates a new EncryptedContentInfo where the DER encoded data is read from the given InputStream.
  EncryptedContentInfo(ObjectID contentType, AlgorithmID contentEncAlg)
          Creates an EncryptedContentInfo with given content type and content-encryption algorithm ID.
  EncryptedContentInfo(ObjectID contentType, byte[] content)
          Creates a new EncryptedContentInfo for the given content type.
 
Method Summary
 void decode(ASN1Object obj)
          Decodes the EncryptedContentInfo supplied as ASN1Object.
 byte[] getContent()
          Returns the content.
 byte[] getEncoded()
          Returns the DER encoding of this EncryptedContentInfo in a byte array.
 java.io.InputStream getInputStream()
          Returns an InputStream for reading the content.
 boolean hasContent()
          Returns true if there is a content.
 void setContent(byte[] content)
          Sets the content data to be en/decrypted.
 void setInputStream(java.io.InputStream is)
          Sets the input stream that supplies the content data to be en/decrypted.
 void setupCipher(AlgorithmID contentEA, java.security.Key key, java.security.AlgorithmParameters params)
          Setups the cipher and encrypts the content.
 void setupCipher(AlgorithmID contentEA, java.security.Key key, java.security.spec.AlgorithmParameterSpec params)
          Setups the cipher and encrypts the content.
 void setupCipher(java.security.Key key, java.security.AlgorithmParameters params)
          Uses the specified key and paramters for setting up the cipher and decrypting the content.
 void setupCipher(java.security.Key key, java.security.spec.AlgorithmParameterSpec params)
          Uses the specified key and paramters for setting up the cipher and decrypting the content.
 ASN1Object toASN1Object()
          Returns this EncryptedContentInfo as ASN1Object.
 java.lang.String toString()
          Returns a string giving some information about this EncryptedContentInfo object.
 
Methods inherited from class iaik.cms.EncryptedContentInfoStream
decode, getBlockSize, getContentEncryptionAlgorithm, getContentType, getMode, getSecurityProvider, setBlockSize, setMode, setSecurityProvider, setupCipher, setupCipher, setupCipher, setupCipher, setupCipher, writeTo
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

EncryptedContentInfo

protected EncryptedContentInfo()
Default constructor. The block size is set to -1 to enforce definite primitive encoding.


EncryptedContentInfo

public EncryptedContentInfo(ObjectID contentType,
                            byte[] content)
Creates a new EncryptedContentInfo for the given content type. The content data to be encrypted is supplied as a byte array.

Parameters:
contentType - the type of the content to be encrypted
content - the byte array holding the content data to encrypt

EncryptedContentInfo

public EncryptedContentInfo(ObjectID contentType,
                            AlgorithmID contentEncAlg)
Creates an EncryptedContentInfo with given content type and content-encryption algorithm ID. The encrypted data must be supplied by other means.

Parameters:
contentType - the type of the content to be encrypted
contentEncAlg - the algorithm used to encrypt the content

EncryptedContentInfo

public EncryptedContentInfo(ASN1Object obj)
                     throws CMSParsingException
Creates an EncryptedContentInfo from an ASN1Object.

The ASN1Object supplied to this constructor represents an already exisiting EncryptedContentInfo object that may have been created by calling toASN1Object.

Use the EncryptedContentInfo(ObjectID contentType, byte[] content) constructor for supplying the content to be encrypted when creating an EncryptedContentInfo object.

Parameters:
obj - the ASN1Object of ASN.1 type EncryptedContentInfo
Throws:
CMSParsingException - if the ASN.1 object could not be parsed

EncryptedContentInfo

public EncryptedContentInfo(java.io.InputStream is)
                     throws java.io.IOException,
                            CMSParsingException
Creates a new EncryptedContentInfo where the DER encoded data is read from the given InputStream.

Parameters:
is - the InputStream holding a DER encoded EncryptedContentInfo object
Throws:
java.io.IOException - if an I/O error occurs during reading from the InputStream
CMSParsingException - if an error occurs while parsing the object
Method Detail

decode

public void decode(ASN1Object obj)
            throws CMSParsingException
Decodes the EncryptedContentInfo supplied as ASN1Object.

Parameters:
obj - the CMS EncryptedContentInfo as ASN1Object
Throws:
CMSParsingException - if an error occurs while parsing the object

setupCipher

public void setupCipher(AlgorithmID contentEA,
                        java.security.Key key,
                        java.security.spec.AlgorithmParameterSpec params)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException
Setups the cipher and encrypts the content.

In contrast to the same-name method of the parent EncryptedContentInfoStream class, where the cipher only is initialized, in this class this method already performs the content encryption.

Note: This method internaly creates a clone of the supplied AlgorithmID. If parameters are supplied they are used for initializing the Cipher engine. After initializing the Cipher engine, method Cipher.getParameters() is called to get (back) the parameters the Cipher has been initialized with (respectively the Cipher has created itsself) for including them into the AlgorithmID to be sent to the recipient. This may override any parameters that have been included in the AlgorithmID by the user. So, if you have included parameters in the AlgorithmID, take care to supply them as params for initializing the Cipher, too. If params is null, the Cipher will create and use (and send in the AlgorithmID) its own parameters.

Overrides:
setupCipher in class EncryptedContentInfoStream
Parameters:
contentEA - the algorithm to use for encrypting the content
key - the key to use
params - the parameters for the specified algorithm
Throws:
java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm
java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm
java.security.InvalidAlgorithmParameterException - if the provided parameters are not appropriate for the algorithm

setupCipher

public void setupCipher(AlgorithmID contentEA,
                        java.security.Key key,
                        java.security.AlgorithmParameters params)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException
Setups the cipher and encrypts the content.

In contrast to the same-name method of the parent EncryptedContentInfoStream class, where the cipher only is initialized, in this class this method already performs the content encryption.

Note: This method internaly creates a clone of the supplied AlgorithmID. If parameters are supplied they are used for initializing the Cipher engine. After initializing the Cipher engine, method Cipher.getParameters() is called to get (back) the parameters the Cipher has been initialized with (respectively the Cipher has created itsself) for including them into the AlgorithmID to be sent to the recipient. This may override any parameters that have been included in the AlgorithmID by the user. So, if you have included parameters in the AlgorithmID, take care to supply them as params for initializing the Cipher, too. If params is null, the Cipher will create and use (and send in the AlgorithmID) its own parameters.

Overrides:
setupCipher in class EncryptedContentInfoStream
Parameters:
contentEA - the algorithm to use for encrypting the content
key - the key to use
params - the parameters for the specified algorithm
Throws:
java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm
java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm
java.security.InvalidAlgorithmParameterException - if the provided parameters are not appropriate for the algorithm

setupCipher

public void setupCipher(java.security.Key key,
                        java.security.spec.AlgorithmParameterSpec params)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException
Uses the specified key and paramters for setting up the cipher and decrypting the content.

In contrast to the same-name method of the parent EncryptedContentInfoStream class, where the cipher only is initialized, in this class this method already decrypts the encrypted content.

Overrides:
setupCipher in class EncryptedContentInfoStream
Parameters:
key - the (secret) key to decrypt the content
params - the algorithm parameters needed to decrypt the content
Throws:
java.security.NoSuchAlgorithmException - if there is no implementation for the content-encryption-algorithm to be used
java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm
java.security.InvalidAlgorithmParameterException - if the provided parameters are not appropriate for the created cipher

setupCipher

public void setupCipher(java.security.Key key,
                        java.security.AlgorithmParameters params)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException
Uses the specified key and paramters for setting up the cipher and decrypting the content.

In contrast to the same-name method of the parent EncryptedContentInfoStream class, where the cipher only is initialized, in this class this method already decrypts the encrypted content.

Overrides:
setupCipher in class EncryptedContentInfoStream
Parameters:
key - the (secret) key to decrypt the content
params - the algorithm parameters needed to decrypt the content
Throws:
java.security.NoSuchAlgorithmException - if there is no implementation for the content-encryption-algorithm to be used
java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm
java.security.InvalidAlgorithmParameterException - if the provided parameters are not appropriate for the created cipher

toASN1Object

public ASN1Object toASN1Object()
                        throws CMSException
Returns this EncryptedContentInfo as ASN1Object. The ASN1Object returned by this method may be used as parameter value when creating a EncryptedContentInfo object using the EncryptedContentInfo(ASN1Object obj) constructor.

Overrides:
toASN1Object in class EncryptedContentInfoStream
Returns:
this EncryptedContentInfo as ASN1Object.
Throws:
CMSException

getContent

public byte[] getContent()
Returns the content.

The returned content depends on whether creating a new EncryptedContentInfo or parsing an existing one:

Returns:
a byte array holding the content or null if there is no content

getInputStream

public java.io.InputStream getInputStream()
Returns an InputStream for reading the content.

The returned content depends on whether creating a new EncryptedContentInfo or parsing an existing one:

This method only overrides the corresponding getInputStream method of the parent EncryptedContentInfoStream class for returning the content of this EncryptedContentInfo object. There should be no real necessity for using this method since the content immediately can be obtained by the getContent method. However, in contrast to the equivalent getInputStream method of the parent EncryptedContentInfoStream class, this method may be called arbitrarly often; it only returns a ByteArrayInputStream that is initialized with the content bytes.

Overrides:
getInputStream in class EncryptedContentInfoStream
Returns:
an InputStream holding the content or null if there is no content

setInputStream

public void setInputStream(java.io.InputStream is)
Sets the input stream that supplies the content data to be en/decrypted. This method reads the data from the stream.

Overrides:
setInputStream in class EncryptedContentInfoStream
Parameters:
is - the input stream holding the content data to en/decrypt

setContent

public void setContent(byte[] content)
Sets the content data to be en/decrypted.

Parameters:
content - the content data to en/decrypt

hasContent

public boolean hasContent()
Returns true if there is a content.

Overrides:
hasContent in class EncryptedContentInfoStream
Returns:
true if there is a content

getEncoded

public byte[] getEncoded()
                  throws CMSException
Returns the DER encoding of this EncryptedContentInfo in a byte array.

If the setBlockSize method of the parent EncryptedContentInfoStream class has been utilized for defining a positive blockSize value, the encrypted content is encoded as indefinite constructed octet string being composed of a certain number of definite primitive encoded octet strings of blockSize length:

 0x24 0x80
           0x04 <blocksize> <first encrypted content block>
           0x04 <blocksize> <second encrypted content block>
           0x04 <blocksize> <third encrypted content block>
                ...
 0x00 0x00
 
Otherwise, whole the encrypted content is encoded as definite primitive octet string:
  0x04 <length> <encrypted content>
 

Returns:
a byte array holding the DER encoding of this EncryptedContentInfo
Throws:
CMSException

toString

public java.lang.String toString()
Returns a string giving some information about this EncryptedContentInfo object.

Overrides:
toString in class EncryptedContentInfoStream
Returns:
the string representation

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

IAIK-CMS 5.1, (c) 2002 IAIK, (c) 2003 - 2010 SIC