|
IAIK High-Level API version 1.1 |
|||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |
managing keys and certificates
, signature creation and encryption
, decryption and signature verification
, and
certificate validation
.
See:
Description
Class Summary | |
---|---|
CertValidator | Objects of this class validate X.509 certificate chains. |
CMSDecrypterVerifier | This class decrypts CMS enveloped data objects and verifies CMS signed data objects. |
CMSSignerEncrypter | This SignerEncrypter implementation creates CMS signed and encrypted
data. |
DecrypterVerifier | Objects of this class decrypt encrypted data and/or verify signatures. |
KeyAndCertificate | This class serves as a container for a private key and the corresponding certificate or the complete certificate chain. |
PkixCertValidator | This is an implementation of a CertValidator that validates
certificate chains according to the PKIX standard RFC 3280. |
SignerEncrypter | Objects of this class sign and/or encrypt arbitrary data. |
SMimeDecrypterVerifier | This is a combined class for decrypting and verifying S/MIME messages. |
SMimeSignerEncrypter | This SignerEncrypter implementation creates S/MIME messages
according to RFC 3851. |
XMLDecrypterVerifier | This class verifies XML signatures that were created using the
XMLSignerEncrypter of this package or with software creating
compatible XML signatures. |
XMLSignerEncrypter | This SignerEncrypter implementation creates XML signatures. |
Exception Summary | |
---|---|
CertificateValidationException | This exception signals that the validation of a certificate failed. |
HlApiException | This is a generic checked exception of this package. |
HlApiRuntimeException | Classes of this package use this class to signal runtime exceptions. |
NoKeyException | This exception signals that there was an attempt to invoke an operation for which there is no (suitable) key available. |
SignatureVerificationException | This exception signals that the cryptographic verification of a signature value failed. |
This is the main package and contains classes for managing keys and certificates
, signature creation and encryption
, decryption and signature verification
, and
certificate validation
.
It also contains the KeyAndCertificate
class
that provides methods for reading PKCS#12 files, keystores and
certificates. For example, an application may simply read the private
key and certificate chain from a PKCS#12 or PFX file, using
KeyAndCertificate keyAndCert = KeyAndCertificate.readPkcs12(new FileInputStream(pkcs12file), password);
To sign and encrypt data, use a SignerEncrypter
. This may look like this:
SignerEncrypter signerEncrypter = new CMSSignerEncrypter(); signerEncrypter.setSigningKey(signingKey); signerEncrypter.addRecipient(recipientCertificate); OutputStream dataStream = signerEncrypter.process(out); dataStream.write(contentData); dataStream.close();The result will be a CMS
SignedData
that is enveloped in a CMS
EnveopedData
, i.e. the data is signed first, then encrypted.
A DecrypterVerifier
works similar.
DecrypterVerifier decrypterVerifier = new CMSDecrypterVerifier(); decrypterVerifier.registerDecryptionKey(decryptionKey); InputStream dataStream = decrypterVerifier.process(signedAndEncryptedDataStream); // ... read content data from dataStream until end-of-file CertValidator certValidator = new PkixCertValidator(); certValidator.addTrustedCertificate(trustedRootCert1); certValidator.addTrustedCertificate(trustedRootCert2); X509Certificate[] signerCertChain = decrypterVerifier.verify(certValidator);Please note that the
DecrypterVerifier
validates the
signer certificate chain using the provided CertValidator
.
|
IAIK High-Level API version 1.1 |
|||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |
Copyright © 2007,
IAIK, Graz University of Technology Copyright © 2007, Stiftung SIC |