|
IAIK High-Level API version 1.1 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object iaik.hlapi.SignerEncrypter iaik.hlapi.CMSSignerEncrypter
public class CMSSignerEncrypter
This SignerEncrypter
implementation creates CMS signed and encrypted
data. It employs SignedData and EnvelopedData structures.
To the signature, it automatically adds the certificate chain and signed attributes, which are: content type, signing time, message digest and signing certificate according to ETSI CAdES v1.7.3. The signature is a CAdES-BES signature. Moreover, it selects a signature algorithm automatically depending on the given signature key. If the given key is a RSA key, it will select a suitable hash algorithm depending on the key length.
The output is a DER encoded CMS ContentInfo structure.
Using setIncludeData(boolean)
, the application can specify if the
signed data is included in the result. Per default, it is included.
Notice, if the data is excluded, an encryption will only cover the signature.
Constructor Summary | |
---|---|
CMSSignerEncrypter()
Construct a new signer/encrypter. |
Method Summary | |
---|---|
void |
addRecipient(X509Certificate recipientCert)
Add one recipient of the encrypted data. |
void |
clearRecipients()
Clear the list of recipients. |
void |
dropSigningKey()
Release all references to any previously set signing key. |
OutputStream |
process(OutputStream out)
This method returns an OutputStream . |
void |
setIncludeData(boolean includeData)
Specify if the signed data is included in the result. |
void |
setSigningKey(KeyAndCertificate signingKey)
Set the signing key. |
Methods inherited from class iaik.hlapi.SignerEncrypter |
---|
process |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public CMSSignerEncrypter()
Method Detail |
---|
public void setSigningKey(KeyAndCertificate signingKey) throws HlApiException
SignerEncrypter
setSigningKey
in class SignerEncrypter
signingKey
- The signing key with the certificate chain.
HlApiException
- If handling the certificate fails.public void dropSigningKey()
SignerEncrypter
dropSigningKey
in class SignerEncrypter
public void addRecipient(X509Certificate recipientCert) throws HlApiException
The certificate must contain a public key which is applicable for encryption (key wrapping to be more precise). The implementation may also require that the certificate has the required key-usage bits set.
Call clearRecipients()
to clear all recipients which have been
added so far. An encryption operation does not clear this list.
addRecipient
in class SignerEncrypter
recipientCert
- The X.509 certificate of the recipient.
HlApiException
- If the certificate is invalid for encryption.clearRecipients()
public void clearRecipients()
clearRecipients
in class SignerEncrypter
addRecipient(X509Certificate)
public OutputStream process(OutputStream out) throws IOException, HlApiException
SignerEncrypter
OutputStream
.
The application can write to this stream all data that it wants to sign
and/or encrypt.
The application finishes writing data by closing the stream.
The method will write the signed and/or encrypted data to out
.
Note that the application must set a signing key in advance using
SignerEncrypter.setSigningKey(KeyAndCertificate)
to sign the data.
To encrypt the data, it must have set one or more recipient certificates.
process
in class SignerEncrypter
out
- The stream which receives the signed and/or encrypted data.
OutputStream
to which the application writes the
data to be signed and/or encrypted.
IOException
- If writing to the given stream fails.
HlApiException
- If signing fails.public void setIncludeData(boolean includeData)
true
(included).
includeData
- true
to include data,
false
to exclude it.
|
IAIK High-Level API version 1.1 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Copyright © 2007,
IAIK, Graz University of Technology Copyright © 2007, Stiftung SIC |