IAIK High-Level API
version 1.1

Package iaik.hlapi

This is the main package and contains classes for managing keys and certificates, signature creation and encryption , decryption and signature verification, and certificate validation.


Class Summary
CertValidator Objects of this class validate X.509 certificate chains.
CMSDecrypterVerifier This class decrypts CMS enveloped data objects and verifies CMS signed data objects.
CMSSignerEncrypter This SignerEncrypter implementation creates CMS signed and encrypted data.
DecrypterVerifier Objects of this class decrypt encrypted data and/or verify signatures.
KeyAndCertificate This class serves as a container for a private key and the corresponding certificate or the complete certificate chain.
PkixCertValidator This is an implementation of a CertValidator that validates certificate chains according to the PKIX standard RFC 3280.
SignerEncrypter Objects of this class sign and/or encrypt arbitrary data.
SMimeDecrypterVerifier This is a combined class for decrypting and verifying S/MIME messages.
SMimeSignerEncrypter This SignerEncrypter implementation creates S/MIME messages according to RFC 3851.
XMLDecrypterVerifier This class verifies XML signatures that were created using the XMLSignerEncrypter of this package or with software creating compatible XML signatures.
XMLSignerEncrypter This SignerEncrypter implementation creates XML signatures.

Exception Summary
CertificateValidationException This exception signals that the validation of a certificate failed.
HlApiException This is a generic checked exception of this package.
HlApiRuntimeException Classes of this package use this class to signal runtime exceptions.
NoKeyException This exception signals that there was an attempt to invoke an operation for which there is no (suitable) key available.
SignatureVerificationException This exception signals that the cryptographic verification of a signature value failed.

Package iaik.hlapi Description

This is the main package and contains classes for managing keys and certificates, signature creation and encryption , decryption and signature verification, and certificate validation.

It also contains the KeyAndCertificate class that provides methods for reading PKCS#12 files, keystores and certificates. For example, an application may simply read the private key and certificate chain from a PKCS#12 or PFX file, using

    KeyAndCertificate keyAndCert = 
        KeyAndCertificate.readPkcs12(new FileInputStream(pkcs12file), password);

To sign and encrypt data, use a SignerEncrypter. This may look like this:

    SignerEncrypter signerEncrypter = new CMSSignerEncrypter();
    OutputStream dataStream = signerEncrypter.process(out);
The result will be a CMS SignedData that is enveloped in a CMS EnveopedData, i.e. the data is signed first, then encrypted.

A DecrypterVerifier works similar.

    DecrypterVerifier decrypterVerifier = new CMSDecrypterVerifier();
    InputStream dataStream = decrypterVerifier.process(signedAndEncryptedDataStream);
    // ... read content data from dataStream until end-of-file
    CertValidator certValidator = new PkixCertValidator();

    X509Certificate[] signerCertChain = decrypterVerifier.verify(certValidator);
Please note that the DecrypterVerifier validates the signer certificate chain using the provided CertValidator.

IAIK High-Level API
version 1.1

Copyright © 2007, IAIK, Graz University of Technology
Copyright © 2007, Stiftung SIC