iaik.cms.ecc
Class IaikEccProvider

java.lang.Object
  extended by iaik.cms.SecurityProvider
      extended by iaik.cms.IaikProvider
          extended by iaik.cms.ecc.IaikEccProvider

Deprecated. for ECC the new IAIK ECCelerateTM toolkit shall be used; see installation guidelines (Install.html)

public class IaikEccProvider
extends IaikProvider

This class implements a CMS SecurityProvider for the IAIK-ECC cryptographic provider "IAIK_ECC" (IAIK_ECC), version 2.0 or later.

This CMS SecurityProvider implements some methods that are required for supporting Ephemeral-Static ECDH according to RFC 3278.

To install this security provider call:

 // register IAIK-ECC provider 
 iaik.security.ecc.provider.ECCProvider.addAsProvider();
 // install security provider
 SecurityProvider.setSecurityProvider(new IaikEccProvider());
 

See Also:
SecurityProvider, IaikProvider

Field Summary
static AlgorithmID ecka_eg_X963KDF_SHA256
          Deprecated. AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 using ANSI X9.63 KDF with SHA-256.
static AlgorithmID ecka_eg_X963KDF_SHA384
          Deprecated. AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 using ANSI X9.63 KDF with SHA-384.
static AlgorithmID ecka_eg_X963KDF_SHA512
          Deprecated. AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 sing ANSI X9.63 KDF with SHA-512.
 
Fields inherited from class iaik.cms.IaikProvider
ALG_SIGNATURE_RAWRSA, ALG_SIGNATURE_RAWRSASSA_PKCS1_V15
 
Fields inherited from class iaik.cms.SecurityProvider
ALG_CIPHER_RSA, ALG_CIPHER_RSA_DECRYPT, ALG_CIPHER_RSA_ENCRYPT, ALG_CIPHER_RSA_SIGN, ALG_CIPHER_RSA_VERIFY, ALG_DIGEST_MD5, ALG_DIGEST_SHA, ALG_HMAC_MD5, ALG_HMAC_SHA, ALG_KEYEX_DH, ALG_KEYEX_ESDH, ALG_KEYEX_SSDH, ALG_SIGNATURE_RAWDSA, ALG_SIGNATURE_RAWECDSA, ALG_SIGNATURE_RAWECDSA_PLAIN, ALG_SIGNATURE_RAWRSAPSS, ALG_SIGNATURE_SHADSA, CIPHER_DECRYPT, CIPHER_ENCRYPT, CIPHER_NONE, CIPHER_UNWRAP, CIPHER_WRAP, COMPRESS, DECOMPRESS, IMPLEMENTATION_NAME_DSA, IMPLEMENTATION_NAME_ECDSA, IMPLEMENTATION_NAME_ECDSA_PLAIN, IMPLEMENTATION_NAME_PBKDF2, IMPLEMENTATION_NAME_PWRI_KEK, IMPLEMENTATION_NAME_RSA, IMPLEMENTATION_NAME_RSA_OAEP, IMPLEMENTATION_NAME_RSA_PSS, providerName_, random_, SIGNATURE_NONE, SIGNATURE_SIGN, SIGNATURE_VERIFY
 
Constructor Summary
IaikEccProvider()
          Deprecated. Default Constructor.
 
Method Summary
 byte[] calculateSharedSecret(AlgorithmID keyAgreementAlgorithm, java.security.Key key, java.security.Key otherKey, java.security.spec.AlgorithmParameterSpec paramSpec)
          Deprecated. This method uses the specified KeyAgreement algorithm to calculate a shared secret between the owners of the given private and public key.
 void checkDomainParameters(java.security.PrivateKey myKey, java.security.PublicKey otherKey)
          Deprecated. Checks if the given private and public key agreement keys have the same domain parameters.
 javax.crypto.SecretKey createSharedKeyEncryptionKey(AlgorithmID keyAgreeAlg, java.security.PrivateKey myKey, java.security.PublicKey otherKey, AlgorithmID kea, int kekLength, byte[] ukm, java.lang.String kekName)
          Deprecated. Creates a shared secret key encryption key for the given key agreement algorithm.
 java.security.KeyPair generateKeyAgreementKeyPair(AlgorithmID keyAgreeAlgorithm, java.security.PublicKey otherKey)
          Deprecated. Generates a ECDH key pair with same domain parameters of the given ECDH public key for the ECDH key agreement method.
 ASN1Object getASN1OriginatorPublicKey(java.security.PublicKey originatorPublicKey)
          Deprecated. Gets an ASN.1 representation of the provided originator ECDH public key.
 int getKeyLength(java.security.PrivateKey privKey)
          Deprecated. Calculates the length of the given private key.
 int getKeyLength(java.security.PublicKey pubKey)
          Deprecated. Calculates the length of the given public key.
 java.security.PublicKey getOriginatorPublicKey(ASN1Object obj)
          Deprecated. Decodes the OriginatorPublicKey from the given ASN1Object.
 
Methods inherited from class iaik.cms.IaikProvider
calculateSignatureFromHash, calculateSignatureFromSignedAttributes, decryptKey, deriveKey, generateKey, getAlgorithmParameterSpec, getPBEKey, getSecureRandom, setIv, turnOffIAIKProviderVersionCheck, unwrapKey, verifySignatureFromHash, verifySignatureFromSignedAttributes, wrapKey
 
Methods inherited from class iaik.cms.SecurityProvider
calculateMac, compress, convertCipherMode, decryptKey, encryptKey, generateKey, getAlgorithmParameters, getAlgorithmParameters, getAlgorithmParameters, getAuthCipherEngine, getAuthCipherEngine, getByteArrayAuthCipherEngine, getByteArrayAuthCipherEngine, getByteArrayCipherEngine, getByteArrayCipherEngine, getCipher, getCipher, getCipher, getCipher, getHash, getInputStreamAuthCipherEngine, getInputStreamAuthCipherEngine, getInputStreamCipherEngine, getInputStreamCipherEngine, getInputStreamCompressEngine, getInputStreamHashEngine, getInputStreamMacEngine, getKeyAgreement, getKeyFactory, getKeyGenerator, getKeyGenerator, getKeyLength, getKeyPairGenerator, getMac, getMac, getMessageDigest, getMessageDigest, getMicAlgs, getOutputStreamCompressEngine, getOutputStreamHashEngine, getOutputStreamMacEngine, getProviderName, getSecretKeyFactory, getSecurityProvider, getSignature, getSignature, getSignature, getSignature, getSignatureParameters, setSecureRandom, setSecurityProvider, setSignatureParameters
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ecka_eg_X963KDF_SHA256

public static final AlgorithmID ecka_eg_X963KDF_SHA256
Deprecated. 
AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 using ANSI X9.63 KDF with SHA-256.


ecka_eg_X963KDF_SHA384

public static final AlgorithmID ecka_eg_X963KDF_SHA384
Deprecated. 
AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 using ANSI X9.63 KDF with SHA-384.


ecka_eg_X963KDF_SHA512

public static final AlgorithmID ecka_eg_X963KDF_SHA512
Deprecated. 
AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 sing ANSI X9.63 KDF with SHA-512.

Constructor Detail

IaikEccProvider

public IaikEccProvider()
Deprecated. 
Default Constructor. Tries to add the IAIK-ECC provider.

Method Detail

getKeyLength

public int getKeyLength(java.security.PublicKey pubKey)
Deprecated. 
Calculates the length of the given public key.

Overrides:
getKeyLength in class SecurityProvider
Parameters:
pubKey - the public key for which to calculate the length
Returns:
the length (in bits) of the public key
Throws:
java.lang.IllegalArgumentException - if the public key algorithm is not supported

getKeyLength

public int getKeyLength(java.security.PrivateKey privKey)
Deprecated. 
Calculates the length of the given private key.

Overrides:
getKeyLength in class SecurityProvider
Parameters:
privKey - the public key for which to calculate the length
Returns:
the length (in bits) of the private key
Throws:
java.lang.IllegalArgumentException - if the private key algorithm is not supported

generateKeyAgreementKeyPair

public java.security.KeyPair generateKeyAgreementKeyPair(AlgorithmID keyAgreeAlgorithm,
                                                         java.security.PublicKey otherKey)
                                                  throws java.security.NoSuchAlgorithmException,
                                                         java.security.InvalidKeyException,
                                                         java.security.InvalidAlgorithmParameterException
Deprecated. 
Generates a ECDH key pair with same domain parameters of the given ECDH public key for the ECDH key agreement method.

This method is called by the library for creating the originator key pair if the OriginatorPublicKey alternative is used for representing the public key of the originator within a KeyAgreeRecipientInfo. The public key supplied to this method is the one of the recipient and the key pair returned by this method must have domain parameters matching to those of the given recipient public key. According RFC 3278 the OriginatorPublicKey has to be used for representing the public key of the originator if ECDH is used as key agreement algorithm.

Overrides:
generateKeyAgreementKeyPair in class IaikProvider
Parameters:
keyAgreeAlgorithm - the key agreement algorithm to be used
otherKey - the public key of the other party
Returns:
the originator key pair with domain parameters matching to those of the supplied key of the other party
Throws:
java.security.NoSuchAlgorithmException - if the requested algorithm is not available
java.security.InvalidKeyException - if the key is not appropriate for the key agreement algorithm
java.security.InvalidAlgorithmParameterException - if the parameters are invalid

getASN1OriginatorPublicKey

public ASN1Object getASN1OriginatorPublicKey(java.security.PublicKey originatorPublicKey)
                                      throws CMSException
Deprecated. 
Gets an ASN.1 representation of the provided originator ECDH public key.

Ephemeral-Static ECDH according to RFC 3278 requires that the originatorKey algorithm field of a KeyAgreeRecipientInfo must contain the id-ecPublicKey oid with NULL parameters, and the originatorKey publicKey field must contain the DER encoding of the sending agent's public key (ECPoint) value.

If the supplied key is an ECDH key this method returns an ASN.1 representation of the ECDH originator public key. Otherwise it simply calls super.getASN1OriginatorPublicKey.

Overrides:
getASN1OriginatorPublicKey in class IaikProvider
Parameters:
originatorPublicKey - the originator public key from which to get an ASN.1 representation
Returns:
the ASN.1 representation of the originator public key
Throws:
CMSException - if the key cannot be ASN.1 represented

getOriginatorPublicKey

public java.security.PublicKey getOriginatorPublicKey(ASN1Object obj)
                                               throws CMSException
Deprecated. 
Decodes the OriginatorPublicKey from the given ASN1Object.

Ephemeral-Static ECDH according to RFC 3278 requires that the originatorKey algorithm field of a KeyAgreeRecipientInfo must contain the id-ecPublicKey oid with NULL parameters, and the originatorKey publicKey field must contain the DER encoding of the sending agent's public key (ECPoint) value.

If the supplied ASN1Object represents an ECDH key this method returns an internal ECPublicKey only containing the public key value (ECPoint) but no parameters, otherwise this method calls super.getOriginatorPublicKey.

Overrides:
getOriginatorPublicKey in class SecurityProvider
Parameters:
obj - the OriginatorPublicKey as ASN1Object
Returns:
the originator public key
Throws:
CMSException - if the ASN1Object cannot be decoded or is invalid structured

checkDomainParameters

public void checkDomainParameters(java.security.PrivateKey myKey,
                                  java.security.PublicKey otherKey)
                           throws java.security.InvalidParameterException
Deprecated. 
Checks if the given private and public key agreement keys have the same domain parameters.

If the supplied keys are ECDH keys the parameters are checked. Otherwise super.checkDomainParameters is called.

Overrides:
checkDomainParameters in class IaikProvider
Parameters:
myKey - the private key of the first party
otherKey - the public key of the other party
Throws:
InvalidParameterEyception - if the domain parameters do not match
java.security.InvalidParameterException

calculateSharedSecret

public byte[] calculateSharedSecret(AlgorithmID keyAgreementAlgorithm,
                                    java.security.Key key,
                                    java.security.Key otherKey,
                                    java.security.spec.AlgorithmParameterSpec paramSpec)
                             throws java.security.InvalidKeyException,
                                    java.security.InvalidAlgorithmParameterException,
                                    java.security.NoSuchAlgorithmException
Deprecated. 
This method uses the specified KeyAgreement algorithm to calculate a shared secret between the owners of the given private and public key.

Overrides:
calculateSharedSecret in class SecurityProvider
Parameters:
keyAgreementAlgorithm - the algorithmID of the key agreement algorithm requested
key - the (private) key for initializing the KeyAgreement
otherKey - the (public) key from the other party
paramSpec - any parameters used for initializing the key agreement
Returns:
the shared secret
Throws:
java.security.InvalidKeyException - if the key is not valid
java.security.InvalidAlgorithmParameterException - if the parameters are not valid
java.security.NoSuchAlgorithmException - if no KeyAgreement engine is available for the requested algorithm

createSharedKeyEncryptionKey

public javax.crypto.SecretKey createSharedKeyEncryptionKey(AlgorithmID keyAgreeAlg,
                                                           java.security.PrivateKey myKey,
                                                           java.security.PublicKey otherKey,
                                                           AlgorithmID kea,
                                                           int kekLength,
                                                           byte[] ukm,
                                                           java.lang.String kekName)
                                                    throws java.security.NoSuchAlgorithmException,
                                                           java.security.InvalidKeyException,
                                                           java.security.InvalidAlgorithmParameterException
Deprecated. 
Creates a shared secret key encryption key for the given key agreement algorithm.

Creating a shared key encryption key is required when a key agreement algorithm is used as key management protocol for the recipient of an EnvelopedData or AuthenticatedData object. The shared key encryption key will be used by an KeyAgreeRecipientInfo to encrypt the secret content encryption key or Mac key.

This method only works for Ephemeral-Static ECDH according to RFC 3278. If another key agreement method is requested, this method simply calls super.createSharedKeyEncryptionKey.

Overrides:
createSharedKeyEncryptionKey in class IaikProvider
Parameters:
keyAgreeAlg - the key agreement algorithm
myKey - the private key agreement key of the one party
otherKey - the public key agreement key of the other party
kea - the key ancryption algorithm (may be required for kek generation)
kekLength - the length of the shared key encryption key to be generated
ukm - any user keying material that may be required for kek generation
kekName - the name of the key encryption algorithm
Returns:
the shared key encryption key generated
Throws:
java.security.NoSuchAlgorithmException - if the requested algorithm is not available
java.security.InvalidKeyException - if there is a key related problem
java.security.InvalidAlgorithmParameterException - if the parameters are invalid

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

IAIK-CMS 5.1, (c) 2002 IAIK, (c) 2003 - 2010 SIC