iaik.cms
Class EncryptedContentInfo

java.lang.Object
  iaik.cms.EncryptedContentInfoStream
      iaik.cms.EncryptedContentInfo

public class EncryptedContentInfo
extends EncryptedContentInfoStream

This class implements the CMS EncryptedContentInfo type.

The Cryptographic Message Syntax (CMS) (RFC 5652) defines the EncryptedContentInfo type for specifying the content type, the content encryption algorithm and the encrypted content of an EnvelopedData, or EncryptedData structure:

 EncryptedContentInfo ::= SEQUENCE {
   contentType                 ContentType,
   contentEncryptionAlgorithm  ContentEncryptionAlgorithmIdentifier,
   encryptedContent            [0] IMPLICIT EncryptedContent OPTIONAL }
 

 EncryptedContent ::= OCTET STRING
 

This class provides several constructors and methods for creating an EncryptedContentInfo, encrypting its content (thereby optionally creating a secret content-encryption key in accordance with the specified content-encryption algorithm), and "re-decrypting" the encrypted content again.

This class - as in common with all IAIK CMS content type implementations - provides mechanisms for encoding the inherent encrypted content data as indefinite primitive octet string instead of using the default primitive definite encoding scheme:

 0x24 0x80
           0x04 <blocksize> <first encrypted content block>
           0x04 <blocksize> <second encrypted content block>
           0x04 <blocksize> <third encrypted content block>
                ...
 0x00 0x00
 

instead of:

 0x04 <length> <encrypted content>
 

For enabling an indefinite constructed encoding of the inherent encrypted content, method setBlockSize has to be used for defining the length of each primitive definite encoded octet string component before actually performing the encoding by means of the getEncoded method, e.g.:

 //create a EncryptedContentInfo for the data to be encrypted, supplied as byte array:
 byte[] data = ...;
 EncryptedContentInfo eci = new EncryptedContentInfo(ObjectID.cms_data, data);
 //generate secret key and set up the cipher for encryption:
 SecretKey key = eci.setupCipher((AlgorithmID)AlgorithmID.aes256_CBC.clone());
 //optionally set the block size for splitting the encoding:
 eci.setBlockSize(2048);
 //transform the EncryptedContentInfo into an ASN1Object or immediately
 //perform the DER encoding:
 ASN1Object obj = eci.toASN1Object(); //respectively: byte[]encoding = eci.getEncoded();
 

Note: in contrast to the equivalent stream supporting EncryptedContentInfoStream parent class, where the setupCipher method only initializes the cipher and the content encryption actually is done during the encoding by piping the data through a cipher stream, in this class whole the content encryption already is performed inside the setupCipher method.

When parsing an already existing EncryptedContentInfo object a proper setupCipher method has to be used for initializing the cipher and decrypting the encrypted content:

 //create an EncryptedContentInfo from the given EncryptedContentInfo ASN1Object:
 //(if the EncryptedContentInfo is supplied as DER encoding first decode it to an ASN1Objet)
 ASN1Object obj = DerCoder.decode(encoding);
 EncryptedContentInfo eci = new EncryptedContentInfo(obj);
 //setup the cipher with the right secret key and decrypt the encrypted content:
 eci.setupCipher(key);
 //get the recovered raw data:
 byte[] data = eci.getContent();
 

See Also:

EnvelopedData, EncryptedData, EncryptedContentInfoStream

Field Summary

Fields inherited from class iaik.cms.EncryptedContentInfoStream

blockSize_, cipher_, contentEncryptionAlgorithm_, contentType_, EXPLICIT, IMPLICIT, securityProvider_

Constructor Summary

protected	EncryptedContentInfo() Default constructor.
	EncryptedContentInfo(ASN1Object obj) Creates an EncryptedContentInfo from an ASN1Object.
	EncryptedContentInfo(java.io.InputStream is) Creates a new EncryptedContentInfo where the DER encoded data is read from the given InputStream.
	EncryptedContentInfo(ObjectID contentType, AlgorithmID contentEncAlg) Creates an EncryptedContentInfo with given content type and content-encryption algorithm ID.
	EncryptedContentInfo(ObjectID contentType, byte[] content) Creates a new EncryptedContentInfo for the given content type.

Method Summary

void	decode(ASN1Object obj) Decodes the EncryptedContentInfo supplied as ASN1Object.
byte[]	getContent() Returns the content.
byte[]	getEncoded() Returns the DER encoding of this EncryptedContentInfo in a byte array.
java.io.InputStream	getInputStream() Returns an InputStream for reading the content.
boolean	hasContent() Returns true if there is a content.
void	setContent(byte[] content) Sets the content data to be en/decrypted.
void	setInputStream(java.io.InputStream is) Sets the input stream that supplies the content data to be en/decrypted.
void	setupCipher(AlgorithmID contentEA, java.security.Key key, java.security.AlgorithmParameters params) Setups the cipher and encrypts the content.
void	setupCipher(AlgorithmID contentEA, java.security.Key key, java.security.spec.AlgorithmParameterSpec params) Setups the cipher and encrypts the content.
void	setupCipher(java.security.Key key, java.security.AlgorithmParameters params) Uses the specified key and paramters for setting up the cipher and decrypting the content.
void	setupCipher(java.security.Key key, java.security.spec.AlgorithmParameterSpec params) Uses the specified key and paramters for setting up the cipher and decrypting the content.
ASN1Object	toASN1Object() Returns this EncryptedContentInfo as ASN1Object.
java.lang.String	toString() Returns a string giving some information about this EncryptedContentInfo object.

Methods inherited from class iaik.cms.EncryptedContentInfoStream

decode, getBlockSize, getContentEncryptionAlgorithm, getContentType, getMode, getSecurityProvider, setAdditionalAuthData, setAuthEnveloped, setBlockSize, setMode, setSecurityProvider, setupCipher, setupCipher, setupCipher, setupCipher, setupCipher, writeTo

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

EncryptedContentInfo

protected EncryptedContentInfo()

Default constructor. The block size is set to -1 to enforce definite primitive encoding.

EncryptedContentInfo

public EncryptedContentInfo(ObjectID contentType,
                            byte[] content)

Creates a new EncryptedContentInfo for the given content type. The content data to be encrypted is supplied as a byte array.

Parameters:

contentType - the type of the content to be encrypted

content - the byte array holding the content data to encrypt

EncryptedContentInfo

public EncryptedContentInfo(ObjectID contentType,
                            AlgorithmID contentEncAlg)

Creates an EncryptedContentInfo with given content type and content-encryption algorithm ID. The encrypted data must be supplied by other means.

Parameters:

contentType - the type of the content to be encrypted

contentEncAlg - the algorithm used to encrypt the content

EncryptedContentInfo

public EncryptedContentInfo(ASN1Object obj)
                     throws CMSParsingException

Creates an EncryptedContentInfo from an ASN1Object.

The ASN1Object supplied to this constructor represents an already exisiting EncryptedContentInfo object that may have been created by calling toASN1Object.

Use the EncryptedContentInfo(ObjectID contentType, byte[] content) constructor for supplying the content to be encrypted when creating an EncryptedContentInfo object.

Parameters:

obj - the ASN1Object of ASN.1 type EncryptedContentInfo

Throws:

CMSParsingException - if the ASN.1 object could not be parsed

EncryptedContentInfo

public EncryptedContentInfo(java.io.InputStream is)
                     throws java.io.IOException,
                            CMSParsingException

Creates a new EncryptedContentInfo where the DER encoded data is read from the given InputStream.

Parameters:

is - the InputStream holding a DER encoded EncryptedContentInfo object

Throws:

java.io.IOException - if an I/O error occurs during reading from the InputStream

CMSParsingException - if an error occurs while parsing the object

Method Detail

decode

public void decode(ASN1Object obj)
            throws CMSParsingException

Decodes the EncryptedContentInfo supplied as ASN1Object.

Parameters:

obj - the CMS EncryptedContentInfo as ASN1Object

Throws:

CMSParsingException - if an error occurs while parsing the object

setupCipher

public void setupCipher(AlgorithmID contentEA,
                        java.security.Key key,
                        java.security.spec.AlgorithmParameterSpec params)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException

Setups the cipher and encrypts the content.

In contrast to the same-name method of the parent EncryptedContentInfoStream class, where the cipher only is initialized, in this class this method already performs the content encryption.

Note: This method internaly creates a clone of the supplied AlgorithmID. If parameters are supplied they are used for initializing the Cipher engine. After initializing the Cipher engine, method Cipher.getParameters() is called to get (back) the parameters the Cipher has been initialized with (respectively the Cipher has created itsself) for including them into the AlgorithmID to be sent to the recipient. This may override any parameters that have been included in the AlgorithmID by the user. So, if you have included parameters in the AlgorithmID, take care to supply them as params for initializing the Cipher, too. If params is null, the Cipher will create and use (and send in the AlgorithmID) its own parameters.

Overrides:

setupCipher in class EncryptedContentInfoStream

Parameters:

contentEA - the algorithm to use for encrypting the content

key - the key to use

params - the parameters for the specified algorithm

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm

java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm

java.security.InvalidAlgorithmParameterException - if the provided parameters are not appropriate for the algorithm

setupCipher

public void setupCipher(AlgorithmID contentEA,
                        java.security.Key key,
                        java.security.AlgorithmParameters params)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException

Setups the cipher and encrypts the content.

In contrast to the same-name method of the parent EncryptedContentInfoStream class, where the cipher only is initialized, in this class this method already performs the content encryption.

Note: This method internaly creates a clone of the supplied AlgorithmID. If parameters are supplied they are used for initializing the Cipher engine. After initializing the Cipher engine, method Cipher.getParameters() is called to get (back) the parameters the Cipher has been initialized with (respectively the Cipher has created itsself) for including them into the AlgorithmID to be sent to the recipient. This may override any parameters that have been included in the AlgorithmID by the user. So, if you have included parameters in the AlgorithmID, take care to supply them as params for initializing the Cipher, too. If params is null, the Cipher will create and use (and send in the AlgorithmID) its own parameters.

Overrides:

setupCipher in class EncryptedContentInfoStream

Parameters:

contentEA - the algorithm to use for encrypting the content

key - the key to use

params - the parameters for the specified algorithm

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm

java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm

java.security.InvalidAlgorithmParameterException - if the provided parameters are not appropriate for the algorithm

setupCipher

public void setupCipher(java.security.Key key,
                        java.security.spec.AlgorithmParameterSpec params)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException

Uses the specified key and paramters for setting up the cipher and decrypting the content.

In contrast to the same-name method of the parent EncryptedContentInfoStream class, where the cipher only is initialized, in this class this method already decrypts the encrypted content.

Overrides:

setupCipher in class EncryptedContentInfoStream

Parameters:

key - the (secret) key to decrypt the content

params - the algorithm parameters needed to decrypt the content

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the content-encryption-algorithm to be used

java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm

java.security.InvalidAlgorithmParameterException - if the provided parameters are not appropriate for the created cipher

setupCipher

public void setupCipher(java.security.Key key,
                        java.security.AlgorithmParameters params)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException

Uses the specified key and paramters for setting up the cipher and decrypting the content.

In contrast to the same-name method of the parent EncryptedContentInfoStream class, where the cipher only is initialized, in this class this method already decrypts the encrypted content.

Overrides:

setupCipher in class EncryptedContentInfoStream

Parameters:

key - the (secret) key to decrypt the content

params - the algorithm parameters needed to decrypt the content

Throws:

java.security.NoSuchAlgorithmException - if there is no implementation for the content-encryption-algorithm to be used

java.security.InvalidKeyException - if the key is inappropriate for the content-encryption algorithm

java.security.InvalidAlgorithmParameterException - if the provided parameters are not appropriate for the created cipher

toASN1Object

public ASN1Object toASN1Object()
                        throws CMSException

Returns this EncryptedContentInfo as ASN1Object. The ASN1Object returned by this method may be used as parameter value when creating a EncryptedContentInfo object using the EncryptedContentInfo(ASN1Object obj) constructor.

Overrides:

toASN1Object in class EncryptedContentInfoStream

Returns:

this EncryptedContentInfo as ASN1Object.

Throws:

CMSException

getContent

public byte[] getContent()

Returns the content.

The returned content depends on whether creating a new EncryptedContentInfo or parsing an existing one:

• When creating a new EncryptedContentInfo:
  If the content yet has not been encrypted, the plain content is returned
• When parsing an existing EncryptedContentInfo:
  If the content yet has not been decrypted, the encrypted content is returned

Returns:

a byte array holding the content or null if there is no content

getInputStream

public java.io.InputStream getInputStream()

Returns an InputStream for reading the content.

The returned content depends on whether creating a new EncryptedContentInfo or parsing an existing one:

• When creating a new EncryptedContentInfo:
  If the content yet has not been encrypted, the plain content is returned
• When parsing an existing EncryptedContentInfo:
  If the content yet has not been decrypted, the encryptet content is returned

This method only overrides the corresponding getInputStream method of the parent EncryptedContentInfoStream class for returning the content of this EncryptedContentInfo object. There should be no real necessity for using this method since the content immediately can be obtained by the getContent method. However, in contrast to the equivalent getInputStream method of the parent EncryptedContentInfoStream class, this method may be called arbitrarly often; it only returns a ByteArrayInputStream that is initialized with the content bytes.

Overrides:

getInputStream in class EncryptedContentInfoStream

Returns:

an InputStream holding the content or null if there is no content

setInputStream

public void setInputStream(java.io.InputStream is)

Sets the input stream that supplies the content data to be en/decrypted. This method reads the data from the stream.

Overrides:

setInputStream in class EncryptedContentInfoStream

Parameters:

is - the input stream holding the content data to en/decrypt

setContent

public void setContent(byte[] content)

Sets the content data to be en/decrypted.

Parameters:

content - the content data to en/decrypt

hasContent

public boolean hasContent()

Returns true if there is a content.

Overrides:

hasContent in class EncryptedContentInfoStream

Returns:

true if there is a content

getEncoded

public byte[] getEncoded()
                  throws CMSException

Returns the DER encoding of this EncryptedContentInfo in a byte array.

If the setBlockSize method of the parent EncryptedContentInfoStream class has been utilized for defining a positive blockSize value, the encrypted content is encoded as indefinite constructed octet string being composed of a certain number of definite primitive encoded octet strings of blockSize length:

 0x24 0x80
           0x04 <blocksize> <first encrypted content block>
           0x04 <blocksize> <second encrypted content block>
           0x04 <blocksize> <third encrypted content block>
                ...
 0x00 0x00
 

Otherwise, whole the encrypted content is encoded as definite primitive octet string:

  0x04 <length> <encrypted content>
 

Returns:

a byte array holding the DER encoding of this EncryptedContentInfo

Throws:

CMSException

toString

public java.lang.String toString()

Returns a string giving some information about this EncryptedContentInfo object.

Overrides:

toString in class EncryptedContentInfoStream

Returns:

the string representation