iaik.cms
Class EncryptedDataStream

java.lang.Object
  extended by iaik.cms.EncryptedDataStream
All Implemented Interfaces:
ContentStream, EOFListener, java.util.EventListener
Direct Known Subclasses:
EncryptedData

public class EncryptedDataStream
extends java.lang.Object
implements ContentStream, EOFListener

This class represents the stream-supporting implementation of the CMS EncryptedData type.

Each CMS content type is associated with a specific object identifier, derived from:

 pkcs-7 OBJECT IDENTIFIER ::=
   { iso(1) member-body(2) US(840) rsadsi(113549)
       pkcs(1) 7 }
 

The object identifier for the EncryptedData content type is defined as:

encryptedData OBJECT IDENTIFIER ::= { pkcs-7 6 }

which corresponds to the OID string "1.2.840.113549.1.7.6".

The Cryptographic Message Syntax (CMS) ( RFC 5652) specifies the EncryptedData content type for providing a syntax for building encrypted contents. The encrypted-data content type consists of encrypted content of any type:

 EncryptedData ::= SEQUENCE {
    version CMSVersion,
    encryptedContentInfo EncryptedContentInfo 
    unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
 

The encryptedContentInfo field specifies the type of the content being encrypted, the content-encryption algorithm used for encrypting the content, and the result of the content encryption. If the encrypted content value is not present in the encryptedContent field, it has to be supplied by other means:

 EncryptedContentInfo ::= SEQUENCE {
   contentType                 ContentType,
   contentEncryptionAlgorithm  ContentEncryptionAlgorithmIdentifier,
   encryptedContent            [0] IMPLICIT EncryptedContent OPTIONAL }
 
EncryptedContent ::= OCTET STRING

The key that is used for encrypting the content is not included in the EncryptedData structure, it is assumed to be managed by other means.

If unprotected attributes are present, the version number is 2; otherwise 0:

 UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
 


When creating a new EncryptedDataStream instance the encrypted content has to be supplied as EncryptedContentInfoStream object.

Example:

 //create a EncryptedContentInfoStream for the data to be encrypted, supplied from an input stream:
 InputStream dataStream = ...;
 EncryptedContentInfoStream eci = new EncryptedContentInfoStream(ObjectID.cms_data, dataStream);
 //generate secret key and set up the cipher for encryption:
 SecretKey key = eci.setupCipher((AlgorithmID)AlgorithmID.des_EDE3_CBC.clone());
 //create an EncryptedDataStream for the EncryptedContentInfoStream:
 EncryptedDataStream encrypted_data = new EncryptedDataStream(eci);
 //DER encode the EncryptedDataStream structure and write the encoding to an
 //output stream:
 OutputStream encoded_stream = ...;
 int blockSize = ...;
 encrypted_data.writeTo(encoded_stream, blockSize);
 
If a positive blocksize is specified, the encrypted content of the inherent EncryptedContentInfoStream will be encoded as indefinite primitive octet string instead of using the default primitive definite encoding scheme:
 0x24 0x80
           0x04 <blocksize> <first encrypted content block>
           0x04 <blocksize> <second encrypted content block>
           0x04 <blocksize> <third encrypted content block>
                ...
 0x00 0x00
 
instead of:
 0x04 <length> <encrypted content>
 
The indefinte constrcuted encoding scheme may be preferable for properly handling large amounts of data.

Decrypting goes the reverse way: From the DER encoded encryptedData a new EncryptedDataStream is created and parsed for the inherent EncryptedContentInfoStream. From the EncryptedContentInfoStream the encrypted content is obtained and decrypted using the same secret key:

 EncryptedDataStream encryptedData = new EncryptedDataStream(encoded_stream);
 EncryptedContentInfoStream eci =  (EncryptedContentInfoStream)encryptedData.getEncryptedContentInfo();
 //setup the cipher for decryption using the right secret key:
 eci.setupCipher(key);
 //get and read the data thereby actually performing the decryption
 InputStream data_is = eci.getInputStream();
 byte[] buf = new byte[1024];
 int r;
 while ((r = data_is.read(buf)) > 0) {
   // do something useful
 }
 


This class additonally supports specific constructors and methods allowing to easily use the EncryptedData content type for password based encrypting data -- the intended usage of CMS EncryptedData. Please remark that the following proceeding only may be used when doing a password based encryption. In all other situations you have to follow the way described above. However, you also may create your own EncryptedContentInfoStream even when doing a PBE encryption.

If you want to use PBE encryption but not creating an EncryptedContentInfoStream by yourself you first have to supply the data to be read from an inputstream, subsequently setup the cipher for PBE-encryption and finally call a writeTo method for encoding the EncryptedData object to a stream:

  1. Use the EncryptedDataStream(InputStream is, int blockSize) constructor for creating a new EncryptedDataStream object and supplying the data to be encrypted from an inputstream. You optionally may define a particular blockSize value for splitting the encoding of the encrypted content:
         //the data to be encrypted supplied from an input stream:
         InputStream dataStream = ...;
         // the block size:
         int blockSize = ...;
         EncryptedDataStream encrypted_data = new EncryptedDataStream(dataStream, blockSize);
         
  2. Setup the cipher for encryption by calling method setupCipher(AlgorithmID contentEA, char[] password) thereby specifying the PBE-algorithm to be used and the password, e.g.:
         AlgorithmID pbeAlgorithm = (AlgorithmID)AlgorithmID.pbeWithSHAAnd3_KeyTripleDES_CBC.clone();
         char[] password = ...;
         encrypted_data.setupCipher(pbeAlgorithm, password);
         
  3. Use a proper writeTo method for BER encoding the EncryptedData object and writing it to an output stream. If not yet done you optionally may specify a particular block size for splitting the encoding of encrypted content.
         int blockSize = ...;
         OutputStream encoded_stream = ...;
         encrypted_data.writeTo(encoded_stream, blockSize);
         
    respectively
         encryptped_data.writeTo(encoded_stream);
         
    It is recommended to use a positive block size value, because it is the intended purpose of this stream-supporting EncryptedData implementation to handle large amounts of data. When no block size is specified whole the encrypted content is encoded as primitive definite octet string, which advantageously may be done when using the non-stream supporting EncryptedData implementation. When a positve block size is specified for encoding the EncryptedData to a stream, the encrypted content is BER encoded as indefinite constructed octet string being composed of a series of definite primitive encoded octet strings of blockSize length.
For parsing the EncryptedData object and recovering the original content, first use the EncryptedDataStream(InputStream is) constructor to parse the internal structure. Before reading the recovered content by means of the getInputStream method, the cipher has to be initialized for decryption with the password by calling the setupCipher(char[] password) method:
  1. Create an EncryptedData structure from the input stream supplying the BER encoded EncryptedData:
         InputStream encoded_stream = ...;
         EncryptedDataStream encrypted_data = new EncryptedData(encoded_stream);
         
  2. Get information about the inherent EncryptedContentInfo:
         EncryptedContentInfoStream eci = encrypted_data.getEncryptedContentInfo();
         System.out.println("Content type: "+eci.getContentType().getName());
         System.out.println("Content encryption algorithm: "+eci.getContentEncryptionAlgorithm().getName());
         
  3. Specify the passord for initializing the cipher for encrypted-content decryption:
         char[] password = ...;
         encrypted_data.setupCipher(password);
         
    Unlike the non-stream supporting EncryptedData class where the encrypted-content decryption already is performed inside the setupCipher method, the cipher will be only initialized for decryption in this class. The encrypted-content decryption actually is done during reading the data obtained by calling the getInputStream method. So do not call getInputStream before setting up the cipher!

  4. Get and read the recovered content:
         InputStream data_is = encrypted_data.getInputStream();
         byte[] buf = new byte[1024];
         int r;
         while ((r = data_is.read(buf)) > 0) {
            // do something useful
         }
         

See Also:
EncryptedContentInfoStream

Field Summary
protected  int blockSize_
          The block size for block oriented stream encoding.
protected  EncryptedContentInfoStream encryptedContentInfo_
          The inherent encrypted content info.
protected  SecurityProvider securityProvider_
          The SecurityProvider responsible for cryptographic operations.
protected  Attribute[] unprotectedAttrs_
          Optional unprotected attributes.
protected  int version_
          The CMS version number.
 
Constructor Summary
protected EncryptedDataStream()
          Default constructor for dynamic object creation in ContentInfoStream.
  EncryptedDataStream(EncryptedContentInfoStream encryptedContentInfo)
          Creates a CMS EncryptedDataStream from an EncryptedContentInfoStream.
  EncryptedDataStream(java.io.InputStream is)
          Creates a new EncryptedDataStream from a BER encoded EncryptedData which is read from the given InputStream.
  EncryptedDataStream(java.io.InputStream is, int blockSize)
          Creates a new CMS EncryptedDataStream object where the content to be encrypted is read from the supplied InputStream.
  EncryptedDataStream(ObjectID contentType, java.io.InputStream is, int blockSize)
          Creates a new CMS EncryptedDataStream object where the content to be encrypted is read from the supplied InputStream.
 
Method Summary
 void decode(java.io.InputStream is)
          Reads and decodes an encoded EncryptedDataStream from an input stream.
 int getBlockSize()
          Gets the block size defining the length of each definite primitive encoded octet string component.
 ObjectID getContentType()
          Returns the content type this class implements.
 EncryptedContentInfoStream getEncryptedContentInfo()
          Returns the encrypted content info of this EncryptedDataStream object.
 java.io.InputStream getInputStream()
          Returns an InputStream from where the decrypted data can be read.
 SecurityProvider getSecurityProvider()
          Gets the SecurityProvider installed for this EncryptedDataStream.
 Attribute getUnprotectedAttribute(ObjectID oid)
          Returns the first unprotected attribute matching to the given ObjectID, if included in this EncryptedData object.
 Attribute[] getUnprotectedAttributes()
          Gets the unprotected attributes included in this EnvelopedData.
 int getVersion()
          Returns the syntax version number.
 void notifyEOF()
          This method implements the EOFListener interface for performing the final decoding.
 void setBlockSize(int blockSize)
          Sets the block size for defining the length of each definite primitive encoded octet string component.
 void setInputStream(java.io.InputStream is)
          Sets the input stream that supplies the content data to be encrypted.
 void setSecurityProvider(SecurityProvider securityProvider)
          Sets the SecurityProvider for this EncryptedDataStream.
 void setUnprotectedAttributes(Attribute[] attributes)
          Sets a set of (unprotected) attributes.
 void setupCipher(AlgorithmID contentEA, char[] password)
          Setups the cipher for PBE-encrypting the content.
 void setupCipher(AlgorithmID contentEA, char[] password, int iterationCount)
          Setups the cipher for PBE-encrypting the content.
 void setupCipher(AlgorithmID contentEA, java.security.Key key, java.security.spec.AlgorithmParameterSpec paramSpec)
          Setups the cipher for encrypting the content with the given secret key.
 void setupCipher(char[] password)
          Uses the given password to setup the cipher for decrypting the content.
 void setupCipher(java.security.Key key)
          Uses the given key to setup the cipher for decrypting the content.
 ASN1Object toASN1Object()
          Returns this CMS EnvelopedDataStream as ASN1Object.
protected  ASN1Object toASN1Object(int blockSize)
          Returns this CMS EncryptedData as ASN1Object.
 java.lang.String toString()
          Returns a string giving some information about this EncryptedDataStream object.
 java.lang.String toString(boolean detailed)
          Returns a string giving some - if requested - detailed information about this EncryptedDataStream object.
 void writeTo(java.io.OutputStream os)
          BER encodes and writes this EnvelopedData to the supplied output stream.
 void writeTo(java.io.OutputStream os, int blockSize)
          Writes this EncryptedData encoded to the supplied output stream.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

version_

protected int version_
The CMS version number.


blockSize_

protected int blockSize_
The block size for block oriented stream encoding. (Default: 2048 to enforce indefinite constructed encoding).


encryptedContentInfo_

protected EncryptedContentInfoStream encryptedContentInfo_
The inherent encrypted content info.


unprotectedAttrs_

protected Attribute[] unprotectedAttrs_
Optional unprotected attributes.


securityProvider_

protected SecurityProvider securityProvider_
The SecurityProvider responsible for cryptographic operations.

Constructor Detail

EncryptedDataStream

protected EncryptedDataStream()
Default constructor for dynamic object creation in ContentInfoStream. The block size is set to 2048 to enforce indefinite constructed encoding.


EncryptedDataStream

public EncryptedDataStream(EncryptedContentInfoStream encryptedContentInfo)
Creates a CMS EncryptedDataStream from an EncryptedContentInfoStream.

Parameters:
encryptedContentInfo - the already created encrypted content info

EncryptedDataStream

public EncryptedDataStream(java.io.InputStream is,
                           int blockSize)
Creates a new CMS EncryptedDataStream object where the content to be encrypted is read from the supplied InputStream. The content type is set to CMS Data.

This constructor only shall be used when intending to PBE encrypt the data by subsequently calling method setupCipher thereby supplying PBE-algorithm and password to be used.
This constructor shall not be used in situations where the desired content encryption algorithm is not a PBE algorithm. In such cases the EncryptedDataStream(EncryptedContentInfoStream) constructor shall be used to be supplied with a precomputed EncryptedContentInfo. Consult the EncryptedContentInfoStream class documentation for more information about EncryptedContentInfo handling.

Parameters:
is - the InputStream containing the data to encrypt
blockSize - for defining the encoding scheme and setting the octet string component length, if positive

EncryptedDataStream

public EncryptedDataStream(ObjectID contentType,
                           java.io.InputStream is,
                           int blockSize)
Creates a new CMS EncryptedDataStream object where the content to be encrypted is read from the supplied InputStream. The content type is set to CMS Data.

This constructor only shall be used when intending to PBE encrypt the data by subsequently calling method setupCipher thereby supplying PBE-algorithm and password to be used.
This constructor shall not be used in situations where the desired content encryption algorithm is not a PBE algorithm. In such cases the EncryptedDataStream(EncryptedContentInfoStream) constructor shall be used to be supplied with a precomputed EncryptedContentInfo. Consult the EncryptedContentInfoStream class documentation for more information about EncryptedContentInfo handling.

Parameters:
contentType - the content type of the data to be encrypted
is - the InputStream containing the data to encrypt
blockSize - for defining the encoding scheme and setting the octet string component length, if positive

EncryptedDataStream

public EncryptedDataStream(java.io.InputStream is)
                    throws java.io.IOException,
                           CMSParsingException
Creates a new EncryptedDataStream from a BER encoded EncryptedData which is read from the given InputStream. The encoded EncryptedData may (or may not) be wrapped into a ContentInfo.

Parameters:
is - the InputStream holding a BER encoded EncryptedDataStream object
Throws:
java.io.IOException - if an I/O error occurs during reading from the InputStream
CMSParsingException - if an error occurs while parsing the object
Method Detail

setSecurityProvider

public void setSecurityProvider(SecurityProvider securityProvider)
Sets the SecurityProvider for this EncryptedDataStream.

This method allows to explicitly set a SecurityProvider for this EncryptedDataStream. If no explicit SecurityProvider is set, the default system wide installed SecurityProvider will be used for the required cryptographic operations.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

Parameters:
securityProvider - the SecurityProvider to be set

getSecurityProvider

public SecurityProvider getSecurityProvider()
Gets the SecurityProvider installed for this EncryptedDataStream.

This class uses the following method(s) of the SecurityProvider, which may be overriden by an application, if required:

If no explicit SecurityProvider has been set for this object, the default system wide installed SecurityProvider will be used for the required cryptographic operations. However, this method will return null if it does not have its own SecurityProvider.

Returns:
the SecurityProvider explicitly installed for this object, or null if this object does not have its own SecurityProvider

setBlockSize

public void setBlockSize(int blockSize)
Sets the block size for defining the length of each definite primitive encoded octet string component. If the value of blockSize is smaller or equal to zero the whole data is encoded as definite primitive octet string.

Specified by:
setBlockSize in interface ContentStream
Parameters:
blockSize - for defining the encoding scheme and setting the octet string component length, if positive

getBlockSize

public int getBlockSize()
Gets the block size defining the length of each definite primitive encoded octet string component. If the value of blockSize is smaller or equal to zero the whole data is encoded as definite primitive octet string.

Specified by:
getBlockSize in interface ContentStream
Returns:
blockSize defining the encoding scheme and setting the octet string component length, if positive

decode

public void decode(java.io.InputStream is)
            throws java.io.IOException,
                   CMSParsingException
Reads and decodes an encoded EncryptedDataStream from an input stream. The encoded EncryptedData may (or may not) be wrapped into a ContentInfo.

Specified by:
decode in interface ContentStream
Parameters:
is - the InputStream supplying an encoded EncryptedData object
Throws:
java.io.IOException - if an I/O error occurs during reading from the InputStream
CMSParsingException - if an error occurs while parsing the object

setupCipher

public void setupCipher(AlgorithmID contentEA,
                        char[] password)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException
Setups the cipher for PBE-encrypting the content.
This method may be used to setup the cipher for PBE-encrypting the content that has been supplied when creating the EncryptedDataStream object by means of the EncryptedDataStream(InputStream is, int blockSize) constructor. The content encryption actually is performed during the encoding when writing this EncyrptedData to a stream by calling the writeTo method. So it is important to setup the cipher before writing to the stream!
When using this method the iteration count used to derive the secret content encryption key from the password is set to 2000. If you want to use a different iteration count value, use method setupCipher(AlgorithmID, char[], int).

Parameters:
contentEA - the PBE-algorithm to be used
password - the password
Throws:
java.security.NoSuchAlgorithmException - if the algorithm is not supported
java.security.InvalidKeyException - if the key cannot be derived from the password

setupCipher

public void setupCipher(AlgorithmID contentEA,
                        char[] password,
                        int iterationCount)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException
Setups the cipher for PBE-encrypting the content.
This method may be used to setup the cipher for PBE-encrypting the content that has been supplied when creating the EncryptedDataStream object by means of the EncryptedDataStream(InputStream is, int blockSize) constructor. The content encryption actually is performed during the encoding when writing this EncyrptedData to a stream by calling the writeTo method. So it is important to setup the cipher before writing to the stream!

This method has an additional parameter: iterationCount. When deriving the symmetric key and the IV a hash is calculated iterationCount times on the password and on the salt for increasing the cost for breaking the cipher using brute force methods. The default iteration count value is 2000.

Parameters:
contentEA - the PBE-algorithm to be used
password - the password
iterationCount - the iteration count for key derivation
Throws:
java.security.NoSuchAlgorithmException - if the algorithm is not supported
java.security.InvalidKeyException - if the key cannot be derived from the password

setupCipher

public void setupCipher(AlgorithmID contentEA,
                        java.security.Key key,
                        java.security.spec.AlgorithmParameterSpec paramSpec)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException
Setups the cipher for encrypting the content with the given secret key.
This method may be used to setup the cipher for encrypting the content that has been supplied when creating the EncryptedDataStream object by means of the EncryptedDataStream(InputStream is, int blockSize) constructor. The content encryption actually is performed during the encoding when writing this EncyrptedData to a stream by calling the writeTo method. So it is important to setup the cipher before writing to the stream!

Parameters:
contentEA - the content encryption algorithm to be used
key - the content encryption key to be used
paramSpec - any required parameters (maybe null if no parameters are required or you want to let the cipher create the paramters (e.g. iv)
Throws:
java.security.NoSuchAlgorithmException - if the algorithm is not supported
java.security.InvalidKeyException - if the key cannot be derived from the password

setupCipher

public void setupCipher(char[] password)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidAlgorithmParameterException,
                        java.security.spec.InvalidParameterSpecException,
                        java.security.InvalidKeyException
Uses the given password to setup the cipher for decrypting the content.

Unlike the non-stream supporting EncryptedData class where the encrypted-content decryption already is performed inside the setupCipher method, the cipher will be only initialized for decrypting in this class. The encrypted-content decryption actually is done during reading the data obtained by calling the getInputStream method. So do not call getInputStream before setting up the cipher!

Attention! This method only can be used when the content has been encrypted using a PBE cipher. Otherwise the setupCipher(Key key, AlgorithmParameterSpec) method of the EncryptedContentInfoStream class has to be used to setup the cipher for content decryption.

Parameters:
password - the password
Throws:
java.security.NoSuchAlgorithmException - if the algorithm is not supported
java.security.InvalidKeyException - if the key cannot be derived from the password
java.security.InvalidAlgorithmParameterException - if the paramters cannot be retrieved from the algorithm ID
java.security.spec.InvalidParameterSpecException - if the paramters cannot be set up

setupCipher

public void setupCipher(java.security.Key key)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.InvalidKeyException
Uses the given key to setup the cipher for decrypting the content.

Unlike the non-stream supporting EncryptedData class where the encrypted-content decryption already is performed inside the setupCipher method, the cipher will be only initialized for decrypting in this method. The encrypted-content decryption actually is done during reading the data obtained by calling the getInputStream method. So do not call getInputStream before setting up the cipher!

Parameters:
key - the key to be used for decrypting the encrypted content
Throws:
java.security.NoSuchAlgorithmException - if the algorithm is not supported
java.security.InvalidKeyException - if the cipher cannot be setup for decryption with the given key

setUnprotectedAttributes

public void setUnprotectedAttributes(Attribute[] attributes)
Sets a set of (unprotected) attributes.

Parameters:
attributes - the unprotected attributes to be set

getContentType

public ObjectID getContentType()
Returns the content type this class implements.

Specified by:
getContentType in interface ContentStream
Returns:
ObjectID.cms_encryptedData

getVersion

public int getVersion()
Returns the syntax version number.

Returns:
the syntax version number

getUnprotectedAttributes

public Attribute[] getUnprotectedAttributes()
Gets the unprotected attributes included in this EnvelopedData.

Returns:
the unprotected attributes; if included

getUnprotectedAttribute

public Attribute getUnprotectedAttribute(ObjectID oid)
Returns the first unprotected attribute matching to the given ObjectID, if included in this EncryptedData object.

Returns:
the first unprotected attribute belonging to the given ObjectID or null if there is no attribute for the given OID.

getInputStream

public java.io.InputStream getInputStream()
Returns an InputStream from where the decrypted data can be read. Attention! The stream only may be read once.

When having created a new EncryptedDataStream object to be encoded to a stream, this method should not be utilized at all, since the stream automatically will be read during performing the encoding which is done when calling a writeTo method).
When having decoded and parsed a received EnvelopedDataStream object comimg from some stream, this method may be used for obtaining the raw (decrypted) data after having setup the cipher (if PBE-encryption is used).

Returns:
an InputStream for reading the decrypted data

setInputStream

public void setInputStream(java.io.InputStream is)
Sets the input stream that supplies the content data to be encrypted.

Parameters:
is - the input stream holding the content data to encrypt

toASN1Object

public ASN1Object toASN1Object()
                        throws CMSException
Returns this CMS EnvelopedDataStream as ASN1Object.

Specified by:
toASN1Object in interface ContentStream
Returns:
this EnvelopedData as ASN1Object.
Throws:
CMSException - if the ASN1Object could not be created

toASN1Object

protected ASN1Object toASN1Object(int blockSize)
                           throws CMSException
Returns this CMS EncryptedData as ASN1Object.

Parameters:
blockSize - the block size defining the encoding scheme - and specifying the length of each primitive encoded octet string component, if positive
Returns:
this EncryptedData as ASN1Object
Throws:
CMSException - if the ASN1Object could not be created

writeTo

public void writeTo(java.io.OutputStream os)
             throws java.io.IOException
BER encodes and writes this EnvelopedData to the supplied output stream.

Parameters:
os - the output stream to which this EnvelopedData shall be written
Throws:
java.io.IOException

writeTo

public void writeTo(java.io.OutputStream os,
                    int blockSize)
             throws java.io.IOException
Writes this EncryptedData encoded to the supplied output stream. If a positive blocksize is specified, the encrypted content of the inherent EncryptedContentInfoStream will be encoded as indefinite primitive octet string instead of using the default primitive definite encoding scheme:
 0x24 0x80
           0x04 <blocksize> <first encrypted content block>
           0x04 <blocksize> <second encrypted content block>
           0x04 <blocksize> <third encrypted content block>
                ...
 0x00 0x00
 
instead of:
 0x04 <length> <encrypted content>
 
The indefinte constrcuted encoding scheme may be preferable for properly handling large amounts of data.

Parameters:
os - the output stream to which this SignedData shall be written
blockSize - the block size defining the encoding scheme - and specifying the length of each primitive encoded octet string component, if positive
Throws:
java.io.IOException - if an error occurs during writing the object

notifyEOF

public void notifyEOF()
               throws java.io.IOException
This method implements the EOFListener interface for performing the final decoding. Since unprotected attributes, if present, are located at the end of an EncryptedData structure, they only can be accessed after reading/decrypting the data included in the EncryptedContentInfo located before the unprotected attributes. For that reason, when starting the parsing of an EncryptedData message only version and EncryptedContentInfo fields can be parsed before reading/decrypting the data. Since the data is supplied from an input stream, a iaik.utils.NotifyEOFInputStream is wrapped around this content data stream for indicating that the parsing procedure is to be notified when the stream actually has been read. At that point, the programm exceuting automatically jumps to the notifyEOF method for finishing the decoding by parsing the remaining unprotected attributes, if present.
For any application it is strongly recommended recommended not to explicitly call this method. This method only is qualified as public method since it implements the IAIK-JCE iaik.utils.EOFListener interface.

Specified by:
notifyEOF in interface EOFListener
Throws:
java.io.IOException - if an error occurs while parsing the stream

getEncryptedContentInfo

public EncryptedContentInfoStream getEncryptedContentInfo()
Returns the encrypted content info of this EncryptedDataStream object.

Returns:
the inherent EncryptedContentInfoStream

toString

public java.lang.String toString()
Returns a string giving some information about this EncryptedDataStream object.

Overrides:
toString in class java.lang.Object
Returns:
the string representation

toString

public java.lang.String toString(boolean detailed)
Returns a string giving some - if requested - detailed information about this EncryptedDataStream object.

Specified by:
toString in interface ContentStream
Parameters:
detailed - - whether or not to give detailed information
Returns:
the string representation

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

IAIK-CMS 5.1, (c) 2002 IAIK, (c) 2003 - 2010 SIC