iaik.cms
Class PasswordRecipientInfo

java.lang.Object
  extended by iaik.cms.RecipientInfo
      extended by iaik.cms.PasswordRecipientInfo
All Implemented Interfaces:
ASN1Type

public class PasswordRecipientInfo
extends RecipientInfo

This class implements the CMS PasswordRecipientInfo type.

The RFC 3211 (Password-based Encryption for CMS) specifies the PasswordRecipientInfo type as RecipientInfo choice for encrypting the secret content-encryption key with a key encryption key derived from a password:

 PasswordRecipientInfo ::= SEQUENCE {
   version CMSVersion,   -- Always set to 0
   keyDerivationAlgorithm
      [0] KeyDerivationAlgorithmIdentifier OPTIONAL,
   keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
   encryptedKey EncryptedKey }
 

The keyDerivationAlgorithm field specifies the algorithm to be used for deriving the key encryption key (kek) from a password. The reference key derivation algorithm is PBKDF2 as specified by RFC 2898 (PKCS#5). If no key derivation algorithm is specified the kek may be not derived from a password; rather it may be supplied by other means (e.g. by a smartcard). The keyEncryptionAlgorithm field identifies the key encryption algorithm (e.g. PWRI-KEK, see RFC 3211) used for encrypting the randomly generated content-encryption key with a secret key encryption key. The encrypted content-encryption key (used for encrypting the content) is stored in the encryptedKey field.


This class provides several constructors and methods for creating a PasswordRecipientInfo object, obtaining the component values, and encrypting (respectively decrypting) the content-encryption key.

When creating a new PasswordRecipientInfo you may supply the password, key derivation function and key encryption algorithm and any associated parameters to be used, e.g.:

 // the password:
 char[] password = ...;
 // use PBKDF2 as key derivation function for deriving the kek from a password:
 AlgorithmID pbkdf2 = (AlgorithmID)AlgorithmID.pbkdf2.clone();
 // PBKDF2 parameters
 int kekLen = 24;  // we use TripleDES as kek algorithm
 int iterationCount = ...; 
 byte[] salt = ...;
 PBEKeyAndParameterSpec pbkdf2ParamSpec =
   new PBEKeyAndParameterSpec(UTF8String.getUTF8EncodingFromCharArray(password),
                              salt,
                              iterationCount,
                              kekLen); 
 // use PWRI-KEK for encrypting (wrapping) the content encryption key:
 AlgorithmID pwriKek = (CMSAlgorithmID)CMSAlgorithmID.pwri_kek.clone();
 // for PWRI-KEK set the kek encryption algorithm parameter
 AlgorithmID kekEncryptionAlg = (AlgorithmID)AlgorithmID.des_EDE3_CBC.clone();
 pwriKek.setParameter(kekEncryptionAlg.toASN1Object());
 // create the PasswordRecipientInfo:
 PasswordRecipientInfo recipient = new PasswordRecipientInfo(password, pbkdf2, pbkdf2ParamSpec, pwriKek, null);
 
The following example shows the typical usage for including a PasswordRecipientInfo into a EnvelopedData object, encoding it, decoding it at the recipient side and decrypt the content (we use the stream-based EnvelopedData implementation for this sample):
 // the password:
 char[] password = ...;
 // use PBKDF2 as key derivation function for deriving the kek from a password:
 AlgorithmID pbkdf2 = (AlgorithmID)AlgorithmID.pbkdf2.clone();
 // use PWRI-KEK for encrypting (wrapping) the content encryption key:
 AlgorithmID pwriKek = (CMSAlgorithmID)CMSAlgorithmID.pwri_kek.clone();
 // create the PasswordRecipientInfo:
 PasswordRecipientInfo recipient = new PasswordRecipientInfo(password, pwriKek, null, pwriKek, null);
 // create an EnvelopedData for the content to be encrypted:
 EnvelopedDataStream envelopedData = new EnvelopedDataStream(is, (AlgorithmID)AlgorithmID.des_EDE3_CBC.clone());
 // add the recipient information:
 envelopedData.addRecipientInfo(recipient);
 // write the EnvelopedData to a stream thereby performing the content encryption:
 int blockSize = ...;
 OutputStream encoded_stream = ...;
 envelopedData.writeTo(encoded_stream, blockSize);
 ...
 // on the recipient side decode the EnvelopedData:
 InputStream encodedStream = ...;
 EnvelopedDataStream envelopedData = new EnvelopedData(encodedStream);
 // Get information about the inherent EncryptedContentInfo:
 EncryptedContentInfoStream eci = (EncryptedContentInfoStream)enveloped_data.getEncryptedContentInfo();
 System.out.println("Content type: "+eci.getContentType().getName());
 System.out.println("Content encryption algorithm: "+eci.getContentEncryptionAlgorithm().getName());
 // get the PasswordRecipientInfo:
 PasswordRecipientInfo recipient = (PasswordRecipientInfo)envelopedData.getRecipientInfos()[0];
 // decrypt the encrypted cek:
 String cekAlgName = "DESede";
 SecretKey cek = recipient.decryptKey(password, cekAlgName); 
 // setup the cipher for decryption:
 envelopedData.setupCipher(cek);
 // read the content thereby performing the content decryption:
 InputStream data_is = enveloped_data.getInputStream();
 byte[] buf = new byte[1024];
 int r;
 while ((r = data_is.read(buf)) > 0) {
   // do something useful
 }
 

See Also:
RecipientInfo, EnvelopedDataStream, EnvelopedData

Field Summary
 
Fields inherited from class iaik.cms.RecipientInfo
KEK_RECIPIENT_INFO, KEY_AGREE_RECIPIENT_INFO, KEY_TRANSPORT_RECIPIENT_INFO, keyEncryptionAlgorithm_, OTHER_RECIPIENT_INFO, PASSWORD_RECIPIENT_INFO, securityProvider_, version_
 
Constructor Summary
PasswordRecipientInfo()
          Default Constructor.
PasswordRecipientInfo(AlgorithmID keyDerivationAlg, AlgorithmID keyEncrAlg, byte[] encryptedKey)
          Creates a PasswordRecipientInfo object for the given key derivation function, key-encryption algorithm, and already encrypted content encryption key.
PasswordRecipientInfo(AlgorithmID keyEncrAlg, byte[] encryptedKey)
          Creates a PasswordRecipientInfo object for the given key-encryption algorithm, and already encrypted content encryption key.
PasswordRecipientInfo(AlgorithmID keyEncrAlg, java.security.Key kek)
          Creates a PasswordRecipientInfo object for the given key-encryption algorithm and key encryption key.
PasswordRecipientInfo(AlgorithmID keyEncrAlg, java.security.Key kek, java.security.AlgorithmParameters params)
          Creates a PasswordRecipientInfo object for the given key-encryption algorithm and key encryption key.
PasswordRecipientInfo(ASN1Object obj)
          Creates a PasswordRecipientInfo from an ASN1Object.
PasswordRecipientInfo(ASN1Object obj, SecurityProvider securityProvider)
          Creates a PasswordRecipientInfo from an ASN1Object.
PasswordRecipientInfo(char[] password, AlgorithmID keyDerivationAlg, java.security.spec.AlgorithmParameterSpec keyDerivatoinParamSpec, AlgorithmID keyEncrAlg, java.security.AlgorithmParameters keyEncrParams)
          Creates a PasswordRecipientInfo object for deriving key encryption key (kek) from the supplied password.
PasswordRecipientInfo(char[] password, AlgorithmID keyDerivationAlg, java.security.spec.AlgorithmParameterSpec keyDerivatoinParamSpec, AlgorithmID keyEncrAlg, java.security.AlgorithmParameters keyEncrParams, SecurityProvider securityProvider)
          Creates a PasswordRecipientInfo object for deriving key encryption key (kek) from the supplied password.
 
Method Summary
 void decode(ASN1Object obj)
          Decodes the given ASN.1 PasswordRecipientInfo object for parsing the internal structure.
 javax.crypto.SecretKey decryptKey(char[] password)
          Derives a key encryption key from the given password to decrypt (unwrap) the encrypted (wrapped) content-encryption key.
 javax.crypto.SecretKey decryptKey(char[] password, AlgorithmID keyDerivationAlg, java.security.spec.AlgorithmParameterSpec keyDerivatoinParamSpec, java.lang.String cekAlgName)
          Derives a key encryption key from the given password to decrypt (unwrap) the encrypted (wrapped) content-encryption key.
 javax.crypto.SecretKey decryptKey(char[] password, java.lang.String cekAlgName)
          Derives a key encryption key from the given password to decrypt (unwrap) the encrypted (wrapped) content-encryption key.
 javax.crypto.SecretKey decryptKey(java.security.Key kek, KeyIdentifier recipientIdentifier, java.lang.String cekAlgName)
          Uses the given key encryption key to decrypt (unwrap) the encrypted (wrapped) content-encryption key.
 void encryptKey(javax.crypto.SecretKey cek)
          Encrypts (wraps) the given secret content-encryption key.
 byte[] getEncryptedKey()
          Returns the encrypted content-encryption key.
 byte[] getEncryptedKey(KeyIdentifier recipientIdentifier)
          Returns the encrypted content-encryption key.
 AlgorithmID getKeyDerivationAlgorithm()
          Returns the key derivation algorithm used for deriving the key encryption key (kek) from a password.
 KeyIdentifier[] getRecipientIdentifiers()
          Returns an empty KeyIdentifier array.
 boolean isRecipientInfoFor(KeyIdentifier recipientIdentifier)
          Always returns false indicating that a PasswordRecipientInfo does not use certificates.
 CertificateIdentifier isRecipientInfoFor(X509Certificate recipientCertificate)
          Always returns null indicating that a PasswordRecipientInfo does not use certificates.
 ASN1Object toASN1Object()
          Returns this PasswordRecipientInfo as ASN1Object.
 java.lang.String toString()
          Returns a string giving some information about this PasswordRecipientInfo object.
 
Methods inherited from class iaik.cms.RecipientInfo
createRecipientInfos, decryptKey, decryptKey, decryptKey, getKeyEncryptionAlgorithm, getRecipientInfoType, getSecurityProvider, getVersion, parseRecipientInfo, parseRecipientInfo, parseRecipientInfo, parseRecipientInfo, parseRecipientInfos, parseRecipientInfos, setSecurityProvider
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

PasswordRecipientInfo

public PasswordRecipientInfo()
Default Constructor. Creates an empty PasswordRecipientInfo object and sets the version number to 0.
Only used for dynamic object creation. Shall not be used by an application.


PasswordRecipientInfo

public PasswordRecipientInfo(AlgorithmID keyEncrAlg,
                             byte[] encryptedKey)
Creates a PasswordRecipientInfo object for the given key-encryption algorithm, and already encrypted content encryption key. The already encrypted secret key is supplied as byte array and has been encrypted using the given key-encryption algorithm.
Note: this constructor internally creates a clone of the supplied key-encryption AlgorithmID.

Parameters:
keyEncrAlg - the ID of the key-encryption (key-wrap) algorithm that has been used for encrypting the content-encryption key
encryptedKey - the already encrypted secret content-encryption key

PasswordRecipientInfo

public PasswordRecipientInfo(AlgorithmID keyDerivationAlg,
                             AlgorithmID keyEncrAlg,
                             byte[] encryptedKey)
Creates a PasswordRecipientInfo object for the given key derivation function, key-encryption algorithm, and already encrypted content encryption key. The already encrypted secret key is supplied as byte array and has been encrypted using the given key-encryption algorithm with a key encryption key (kek) that has been derived from a password according to the given key derivation algorithm.
Note: this constructor internally creates clones of the supplied Algorithm IDs.

Parameters:
keyDerivationAlg - the key derivation algorithm (may be null if the kek has not been derived from a password)
keyEncrAlg - the ID of the key-encryption (key-wrap) algorithm that has been used for encrypting the content-encryption key
encryptedKey - the already encrypted secret content-encryption key

PasswordRecipientInfo

public PasswordRecipientInfo(AlgorithmID keyEncrAlg,
                             java.security.Key kek,
                             java.security.AlgorithmParameters params)
Creates a PasswordRecipientInfo object for the given key-encryption algorithm and key encryption key. When later calling encryptKey the supplied kek and parameters are used to encrypt the content encryption key (cek).

Note: this constructor internally creates a clone of the supplied key-encryption AlgorithmID.

Parameters:
keyEncrAlg - the ID of the key-encryption (key-wrap) algorithm to be used for encrypting the content-encryption key
kek - the secret key encryption key to be used for encrypting the content-encryption key
params - any algorithm parameters to be used for intializing the key wrap cipher

PasswordRecipientInfo

public PasswordRecipientInfo(AlgorithmID keyEncrAlg,
                             java.security.Key kek)
Creates a PasswordRecipientInfo object for the given key-encryption algorithm and key encryption key. When later calling encryptKey the supplied kek is used to encrypt the content encryption key (cek).

Note: this constructor internally creates a clone of the supplied key-encryption AlgorithmID.

Parameters:
keyEncrAlg - the ID of the key-encryption (key-wrap) algorithm to be used for encrypting the content-encryption key
kek - the secret key encryption key to be used for encrypting the content-encryption key

PasswordRecipientInfo

public PasswordRecipientInfo(char[] password,
                             AlgorithmID keyDerivationAlg,
                             java.security.spec.AlgorithmParameterSpec keyDerivatoinParamSpec,
                             AlgorithmID keyEncrAlg,
                             java.security.AlgorithmParameters keyEncrParams)
                      throws java.security.NoSuchAlgorithmException,
                             java.security.InvalidAlgorithmParameterException
Creates a PasswordRecipientInfo object for deriving key encryption key (kek) from the supplied password. When later calling encryptKey the derived kek is used to encrypt the content encryption key (cek).

Note: this constructor internally creates cloned of the supplied Algorithm IDs.

Parameters:
password - the password from which to derive the key encryption key (kek)
keyDerivationAlg - the key derivation function to be used for deriving the kek
keyDerivatoinParamSpec - any parameters required by the key derivation function
keyEncrAlg - the ID of the key-encryption (key-wrap) algorithm to be used for encrypting the content-encryption key
keyEncrParams - any algorithm parameters to be used for intializing the key wrap cipher
Throws:
java.security.NoSuchAlgorithmException
java.security.InvalidAlgorithmParameterException

PasswordRecipientInfo

public PasswordRecipientInfo(char[] password,
                             AlgorithmID keyDerivationAlg,
                             java.security.spec.AlgorithmParameterSpec keyDerivatoinParamSpec,
                             AlgorithmID keyEncrAlg,
                             java.security.AlgorithmParameters keyEncrParams,
                             SecurityProvider securityProvider)
                      throws java.security.NoSuchAlgorithmException,
                             java.security.InvalidAlgorithmParameterException
Creates a PasswordRecipientInfo object for deriving key encryption key (kek) from the supplied password. When later calling encryptKey the derived kek is used to encrypt the content encryption key (cek).

Note: this constructor internally creates cloned of the supplied Algorithm IDs.

Parameters:
password - the password from which to derive the key encryption key (kek)
keyDerivationAlg - the key derivation function to be used for deriving the kek
keyDerivatoinParamSpec - any parameters required by the key derivation function
keyEncrAlg - the ID of the key-encryption (key-wrap) algorithm to be used for encrypting the content-encryption key
keyEncrParams - any algorithm parameters to be used for intializing the key wrap cipher
securityProvider - the SecurityProvider to be used
Throws:
java.security.NoSuchAlgorithmException
java.security.InvalidAlgorithmParameterException

PasswordRecipientInfo

public PasswordRecipientInfo(ASN1Object obj)
                      throws CodingException
Creates a PasswordRecipientInfo from an ASN1Object.

The ASN1Object supplied to this constructor represents an already exisiting PasswordRecipientInfo object that may have been created by calling toASN1Object.

Parameters:
obj - the PasswordRecipientInfo as ASN1Object
Throws:
CodingException - if the object can not be parsed

PasswordRecipientInfo

public PasswordRecipientInfo(ASN1Object obj,
                             SecurityProvider securityProvider)
                      throws CodingException
Creates a PasswordRecipientInfo from an ASN1Object.

The ASN1Object supplied to this constructor represents an already exisiting PasswordRecipientInfo object that may have been created by calling toASN1Object.

Parameters:
obj - the PasswordRecipientInfo as ASN1Object
securityProvider - the SecurityProvider to be used by this object, if null use the default system-wide installed SecurityProvider
Throws:
CodingException - if the object can not be parsed
Method Detail

decode

public void decode(ASN1Object obj)
            throws CodingException
Decodes the given ASN.1 PasswordRecipientInfo object for parsing the internal structure.

This method internally is called when creating a CMS PasswordRecipientInfo object from an already existing PasswordRecipientInfo object, supplied as ASN1Object.

Parameters:
obj - the CMS PasswordRecipientInfo as ASN1Object
Throws:
CodingException - if the object can not be parsed

toASN1Object

public ASN1Object toASN1Object()
Returns this PasswordRecipientInfo as ASN1Object.

The ASN1Object returned by this method represents the ASN.1 structure of a PasswordRecipientInfo according to RFC 3211 (Password-based Encryption for CMS):

 PasswordRecipientInfo ::= SEQUENCE {
     version CMSVersion,   -- Always set to 0
     keyDerivationAlgorithm
        [0] KeyDerivationAlgorithmIdentifier OPTIONAL,
    keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
    encryptedKey EncryptedKey }
 

Returns:
this PasswordRecipientInfo as ASN1Object.

decryptKey

public javax.crypto.SecretKey decryptKey(java.security.Key kek,
                                         KeyIdentifier recipientIdentifier,
                                         java.lang.String cekAlgName)
                                  throws CMSException,
                                         java.security.InvalidKeyException
Uses the given key encryption key to decrypt (unwrap) the encrypted (wrapped) content-encryption key. The recovered key is returned as SecretKey.

This method implements the same named method of the abstract parent RecipientInfo class. Since a PasswordRecipientInfo does not contain recipient identification information, any supplied recipientIdentifier is ignored.

Specified by:
decryptKey in class RecipientInfo
Parameters:
kek - the secret key encryption key to be used for decrypting (unwrapping) the encrypted (wrapped) content-encryption key.
recipientIdentifier - recipient identification information; ignored
cekAlgName - the name of the content encryption key (e.g. "DESede") to be set for the SecretKey object created by this method
Returns:
the recovered (decrypted) content encryption key as SecretKey
Throws:
CMSException - if the key-decryption process fails for some reason (e.g. the key-encryption algorithm used by this PasswordRecipientInfo is not implemented, a padding error occurs,...)
java.security.InvalidKeyException - if the specified key encryption key (kek) is not valid

decryptKey

public javax.crypto.SecretKey decryptKey(char[] password,
                                         AlgorithmID keyDerivationAlg,
                                         java.security.spec.AlgorithmParameterSpec keyDerivatoinParamSpec,
                                         java.lang.String cekAlgName)
                                  throws CMSException,
                                         java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException,
                                         java.security.InvalidAlgorithmParameterException
Derives a key encryption key from the given password to decrypt (unwrap) the encrypted (wrapped) content-encryption key. The recovered key is returned as SecretKey.

Parameters:
password - the password from which to derive the key encryption key used for decrypting (unwrapping) the encrypted (wrapped) content-encryption key.
keyDerivationAlg - the key derivation algorithm to be used for deriving the key encryption key from the given password
keyDerivatoinParamSpec - any paramters required by the key derivation algorithm
cekAlgName - the name of the content encryption key (e.g. "DESede") to be set for the SecretKey object created by this method
Returns:
the recovered (decrypted) content encryption key as SecretKey
Throws:
CMSException - if the key-decryption process fails for some reason (e.g. the requested key derivation algorithm or the key-encryption algorithm used by this PasswordRecipientInfo is not implemented, a padding error occurs,...)
java.security.InvalidKeyException - if the key encryption key (kek) cannot be derived or is not valid
java.security.NoSuchAlgorithmException - if the requested key derivation function is not supported
java.security.InvalidAlgorithmParameterException - if the key derivation parameters are invalid

decryptKey

public javax.crypto.SecretKey decryptKey(char[] password)
                                  throws CMSException,
                                         java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException,
                                         java.security.InvalidAlgorithmParameterException
Derives a key encryption key from the given password to decrypt (unwrap) the encrypted (wrapped) content-encryption key. The recovered key is returned as SecretKey.

Parameters:
password - the password from which to derive the key encryption key used for decrypting (unwrapping) the encrypted (wrapped) content-encryption key.
Returns:
the recovered (decrypted) content encryption key as SecretKey
Throws:
CMSException - if the key-decryption process fails for some reason (e.g. the key derivation algorithm or key-encryption algorithm used by this PasswordRecipientInfo is not implemented, a padding error occurs,...)
java.security.InvalidKeyException - if the key encryption key (kek) cannot be derived or is not valid
java.security.NoSuchAlgorithmException - if the requested key derivation function is not supported
java.security.InvalidAlgorithmParameterException - if the key derivation parameters are invalid

decryptKey

public javax.crypto.SecretKey decryptKey(char[] password,
                                         java.lang.String cekAlgName)
                                  throws CMSException,
                                         java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException,
                                         java.security.InvalidAlgorithmParameterException
Derives a key encryption key from the given password to decrypt (unwrap) the encrypted (wrapped) content-encryption key. The recovered key is returned as SecretKey.

Parameters:
password - the password from which to derive the key encryption key used for decrypting (unwrapping) the encrypted (wrapped) content-encryption key.
Returns:
the recovered (decrypted) content encryption key as SecretKey
Throws:
CMSException - if the key-decryption process fails for some reason (e.g. the key derivation algorithm or key-encryption algorithm used by this PasswordRecipientInfo is not implemented, a padding error occurs,...)
java.security.InvalidKeyException - if the key encryption key (kek) cannot be derived or is not valid
java.security.NoSuchAlgorithmException - if the requested key derivation function is not supported
java.security.InvalidAlgorithmParameterException - if the key derivation parameters are invalid

encryptKey

public void encryptKey(javax.crypto.SecretKey cek)
                throws CMSException
Encrypts (wraps) the given secret content-encryption key.

All required information (key encryption algorithm, key encryption key (or password from which to derive the kek),...) has been supplied when creating this PasswordRecipientInfo object.

Specified by:
encryptKey in class RecipientInfo
Parameters:
cek - the symmetric content-encryption key to encrypt
Throws:
CMSException - if the key encryption process fails for some reason (e.g. the key-encryption algortihm used by this PasswordRecipientInfo is not implemented, the key encryption key is invalid, a padding error occurs,...)

getRecipientIdentifiers

public KeyIdentifier[] getRecipientIdentifiers()
Returns an empty KeyIdentifier array.

This method only implements the same-name abstract method of the parent abstract class RecipientInfo. Since a PasswordRecipientInfo generally does not contain recipient identification information this method always return an empty KeyIdentifier array indicating that there are no KeyIdentifiers used.

Specified by:
getRecipientIdentifiers in class RecipientInfo
Returns:
an empty KeyIdentifier array

isRecipientInfoFor

public boolean isRecipientInfoFor(KeyIdentifier recipientIdentifier)
Always returns false indicating that a PasswordRecipientInfo does not use certificates.

This method only implements the same-name abstract method of the parent abstract class RecipientInfo. Since a PasswordRecipientInfo generally does not contain recipient identification information this method always return false indicating that this PasswordRecipientInfo may not belong to the recipient with the given recipient identifier.

Specified by:
isRecipientInfoFor in class RecipientInfo
Parameters:
recipientIdentifier - the key identifier belonging to the recipient we are searching for
Returns:
false indicating that this PasswordRecipientInfo may not belong to the recipient with the given id

isRecipientInfoFor

public CertificateIdentifier isRecipientInfoFor(X509Certificate recipientCertificate)
Always returns null indicating that a PasswordRecipientInfo does not use certificates.

This method only implements the same-name abstract method of the parent abstract class RecipientInfo. Since a PasswordRecipientInfo generally does not contain recipient identification information this method always return null indicating that this PasswordRecipientInfo may not belong to the recipient with the given recipient certificate.

Specified by:
isRecipientInfoFor in class RecipientInfo
Parameters:
recipientCertificate - the certificate of the recipient in mind
Returns:
null indicating that this PasswordRecipientInfo may not belong to the recipient with the given certificate

getKeyDerivationAlgorithm

public AlgorithmID getKeyDerivationAlgorithm()
Returns the key derivation algorithm used for deriving the key encryption key (kek) from a password.

Returns:
the key derivation algorithm AlgorithmID, or null if PBE is not used

getEncryptedKey

public byte[] getEncryptedKey()
Returns the encrypted content-encryption key.

Returns:
the encrypted content-encryption key

getEncryptedKey

public byte[] getEncryptedKey(KeyIdentifier recipientIdentifier)
                       throws CMSException
Returns the encrypted content-encryption key.

Since a PasswordRecipientInfo only represents one single recipient the supplied recipientIdentifier is ignored.

Specified by:
getEncryptedKey in class RecipientInfo
Parameters:
recipientIdentifier - recipient identification information; ignored
Returns:
the encrypted content-encryption key
Throws:
CMSException - never thrown

toString

public java.lang.String toString()
Returns a string giving some information about this PasswordRecipientInfo object.

Specified by:
toString in class RecipientInfo
Returns:
the string representation

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

IAIK-CMS 5.1, (c) 2002 IAIK, (c) 2003 - 2010 SIC