iaik.pkcs.pkcs7
Class RSACipherProvider

java.lang.Object
  |
  +--iaik.pkcs.pkcs7.RSACipherProvider

Direct Known Subclasses:

RSACipherProviderOAEP

public class RSACipherProvider

extends Object

A RSA cipher provider that may be used by an application to control RSA cipher operations used by SignerInfos and RecipientInfos.

The RSACipherProvider allows an application to control the RSA cipher encryption/decryption operations during signature creation/verification for SignerInfo objects and the RSA cipher encryption/decryption (content encryption key encryption/decryption) operations for SignerInfo objects.

To, for instance, use the IAIK PKCS#11 provider for RSA cipher private key based encryption during SignerInfo signature creation only, but the first installed provider for RSA cipher public key based decryption during signature verification you may set the PKCS#11 provider as RSA encryption provider for your SignerInfo object:

 IAIKPkcs11 pkcs11Provider = new IAIKPkcs11();
 Security.addProvider(pkcs11Provider);
 ...
 RSACipherProvider rsaProv = new RSACipherProvider(pkcs11Provider.getName(), null);
 ...
 SignerInfo signerInfo = ...;
 ...
 signerInfo.setRSACipherProvider(rsaProv, null);
 

To, for instance, use the IAIK PKCS#11 provider for ReceipientInfo decryption (RSA cipher private key decryption) only, but the first installed provider for encryption (RSA cipher public encryption) you may set the PKCS#11 provider as RSA decryption provider for your RecipientInfo object:

 IAIKPkcs11 pkcs11Provider = new IAIKPkcs11();
 Security.addProvider(pkcs11Provider);
 ...
 RSACipherProvider rsaProv = new RSACipherProvider(null, pkcs11Provider.getName());
 ...
 ReceipientInfo signerInfo = ...;
 ...
 recipientInfo.setRSACipherProvider(rsaProv, null);
 

In overriding method cipher you even can take more influence on the ciphering process.

The default RSACipherProvider uses the first installed RSA capable crypto provider for RSA en/deciphering.

Version:

File Revision 7

Field Summary

protected String	cipherDecryptProvider_ Name of the crypto provider to be used for RSA decryption.
protected String	cipherEncryptProvider_ Name of the crypto provider to be used for RSA encryption.
static int	DECRYPT_MODE Cipher decrypt mode.
static int	ENCRYPT_MODE Cipher encrypt mode.

Constructor Summary

RSACipherProvider()
Default constructor.

RSACipherProvider(String cipherEncryptProvider, String cipherDecryptProvider)
Creates a new RSACipherProvider for the given RSA cipher en/decryption providers.

Method Summary

protected byte[]	cipher(int mode, Key key, byte[] data) Performs an RSA cipher operation on the supplied data.
void	setCipherProvider(int cipherMode, String providerName) Sets the crypto provider to be used for RSA cipher en/decryption providers.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ENCRYPT_MODE

public static final int ENCRYPT_MODE

Cipher encrypt mode.

DECRYPT_MODE

public static final int DECRYPT_MODE

Cipher decrypt mode.

cipherEncryptProvider_

protected String cipherEncryptProvider_

Name of the crypto provider to be used for RSA encryption.

cipherDecryptProvider_

protected String cipherDecryptProvider_

Name of the crypto provider to be used for RSA decryption.

Constructor Detail

RSACipherProvider

public RSACipherProvider()

Default constructor.

RSACipherProvider

public RSACipherProvider(String cipherEncryptProvider,
                         String cipherDecryptProvider)

Creates a new RSACipherProvider for the given RSA cipher en/decryption providers.

Parameters:

cipherEncryptProvider - the name of the crypto provider to be used for RSA encryption

cipherDecryptProvider - the name of the crypto provider to be used for RSA encryption

Method Detail

setCipherProvider

public void setCipherProvider(int cipherMode,
                              String providerName)
                       throws IllegalArgumentException

Sets the crypto provider to be used for RSA cipher en/decryption providers.

Parameters:

cipherMode - the mode -- ENCRYPT (1) or DECRYPT (2) -- for which to use the given crypto provider

providerName - the name of the crypto provider to be used for RSA cipher operations according to the requested mode

Throws:

IllegalArgumentException - if the supplied mode is invalid (only ENCRYPT (1) or DECRYPT (2) are allowed

cipher

protected byte[] cipher(int mode,
                        Key key,
                        byte[] data)
                 throws NoSuchProviderException,
                        NoSuchAlgorithmException,
                        InvalidKeyException,
                        GeneralSecurityException

Performs an RSA cipher operation on the supplied data.

Parameters:

mode - the cipher mode, either ENCRYPT (1) or DECRYPT (2)

key - the key to be used

data - the data to be en/deciphered:

• for SignerInfo signature creation: the encoded RSA DigestInfo to be encrypted
• for SignerInfo signature verification: the encryptedDigest value
• for RecipientInfo cek encryption: the raw content encryption key
• for RecipientInfo cek decryption: the encrypted content encryption key

Returns:

the en/deciphered data:

• for SignerInfo signature creation: the encrypted RSA DigestInfo encoding (= encryptedDigest value)
• for SignerInfo signature verification: the decrypted encryptedDigest value (= DigestInfo encoding)
• for RecipientInfo cek encryption: the encrypted content encryption key
• for RecipientInfo cek decryption: the raw (decrypted) content encryption key

Throws:

NoSuchProviderException - if any of the crypto providers of this RSACipherProvider is not suitable for requested operation

NoSuchAlgorithmException - if RSA ciphering is not supported

InvalidKeyException - if the supplied key is invalid

GeneralSecurityException - if a general security problem occurs