|
Java Card 2.1 Platform Final Revision 1.0 |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--javacard.security.Signature
The Signature
class is the base class for Signature algorthims. Implementations of Signature
algorithms must extend this class and implement all the abstract methods.
The term "pad" is used in the public key signature algorithms below to refer to all the operations specified in the referenced scheme to transform the message digest into the encryption block size.
Field Summary | |
static byte |
ALG_DES_MAC4_ISO9797_M1
Signature algorithm ALG_DES_MAC4_ISO9797_M1 generates a 4 byte MAC
(most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode.
This algorithm uses outer CBC for triple DES.
Input data is padded according to the ISO 9797 method 1 scheme. |
static byte |
ALG_DES_MAC4_ISO9797_M2
Signature algorithm ALG_DES_MAC4_ISO9797_M2 generates a 4 byte MAC
(most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode.
This algorithm uses outer CBC for triple DES.
Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme. |
static byte |
ALG_DES_MAC4_NOPAD
Signature algorithm ALG_DES_MAC4_NOPAD generates a 4 byte MAC
(most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode.
This algorithm uses outer CBC for triple DES.
This algorithm does not pad input data. |
static byte |
ALG_DES_MAC4_PKCS5
Signature algorithm ALG_DES_MAC4_PKCS5 generates a 4 byte MAC
(most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode.
This algorithm uses outer CBC for triple DES.
Input data is padded according to the PKCS#5 scheme. |
static byte |
ALG_DES_MAC8_ISO9797_M1
Signature algorithm ALG_DES_MAC8_ISO9797_M1 generates a 8 byte MAC
using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES.
Input data is padded according to the ISO 9797 method 1 scheme. |
static byte |
ALG_DES_MAC8_ISO9797_M2
Signature algorithm ALG_DES_MAC8_ISO9797_M2 generates a 8 byte MAC
using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES.
Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme. |
static byte |
ALG_DES_MAC8_NOPAD
Signature algorithm ALG_DES_MAC_8_NOPAD generates a 8 byte MAC
using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES.
This algorithm does not pad input data. |
static byte |
ALG_DES_MAC8_PKCS5
Signature algorithm ALG_DES_MAC8_PKCS5 generates a 8 byte MAC using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the PKCS#5 scheme. |
static byte |
ALG_DSA_SHA
Signature algorithm ALG_DSA_SHA signs/verifies the 20 byte SHA digest using DSA. |
static byte |
ALG_RSA_MD5_PKCS1
Signature algorithm ALG_RSA_MD5_PKCS1 encrypts the 16 byte MD5 digest using RSA.
The digest is padded according to the PKCS#1 (v1.5) scheme. |
static byte |
ALG_RSA_MD5_RFC2409
Signature algorithm ALG_RSA_MD5_RFC2409 encrypts the 16 byte MD5 digest using RSA.
The digest is padded according to the RFC2409 scheme. |
static byte |
ALG_RSA_RIPEMD160_ISO9796
Signature algorithm ALG_RSA_RIPEMD160_ISO9796 encrypts the 20 byte RIPE MD-160 digest
using RSA. The digest is padded according to the ISO 9796 scheme. |
static byte |
ALG_RSA_RIPEMD160_PKCS1
Signature algorithm ALG_RSA_RIPEMD160_PKCS1 encrypts the 20 byte RIPE MD-160 digest
using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme. |
static byte |
ALG_RSA_SHA_ISO9796
Signature algorithm ALG_RSA_SHA_ISO9796 encrypts the 20 byte SHA digest using RSA.
The digest is padded according to the ISO 9796 (EMV'96) scheme. |
static byte |
ALG_RSA_SHA_PKCS1
Signature algorithm ALG_RSA_SHA_PKCS1 encrypts the 20 byte SHA digest using RSA.
The digest is padded according to the PKCS#1 (v1.5) scheme. |
static byte |
ALG_RSA_SHA_RFC2409
Signature algorithm ALG_RSA_SHA_RFC2409 encrypts the 20 byte SHA digest using RSA.
The digest is padded according to the RFC2409 scheme. |
static byte |
MODE_SIGN
Used in init() methods to indicate signature sign mode. |
static byte |
MODE_VERIFY
Used in init() methods to indicate signature verify mode. |
Constructor Summary | |
protected |
Signature()
Protected Constructor |
Method Summary | |
abstract byte |
getAlgorithm()
Gets the Signature algorithm. |
static Signature |
getInstance(byte algorithm,
boolean externalAccess)
Creates a Signature object instance of the selected algorithm. |
abstract short |
getLength()
Returns the byte length of the signature data. |
abstract void |
init(Key theKey,
byte theMode)
Initializes the Signature object with the appropriate Key . |
abstract void |
init(Key theKey,
byte theMode,
byte[] bArray,
short bOff,
short bLen)
Initializes the Signature object with the appropriate Key and algorithm specific
parameters. |
abstract short |
sign(byte[] inBuff,
short inOffset,
short inLength,
byte[] sigBuff,
short sigOffset)
Generates the signature of all/last input data. |
abstract void |
update(byte[] inBuff,
short inOffset,
short inLength)
Accumulates a signature of the input data. |
abstract boolean |
verify(byte[] inBuff,
short inOffset,
short inLength,
byte[] sigBuff,
short sigOffset,
short sigLength)
Verifies the signature of all/last input data against the passed in signature. |
Methods inherited from class java.lang.Object |
equals |
Field Detail |
public static final byte ALG_DES_MAC4_NOPAD
ALG_DES_MAC4_NOPAD
generates a 4 byte MAC
(most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode.
This algorithm uses outer CBC for triple DES.
This algorithm does not pad input data.
If the input data is not (8 byte) block aligned it throws CryptoExeption
with the reason code ILLEGAL_USE
.public static final byte ALG_DES_MAC8_NOPAD
ALG_DES_MAC_8_NOPAD
generates a 8 byte MAC
using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES.
This algorithm does not pad input data.
If the input data is not (8 byte) block aligned it throws CryptoExeption
with the reason code ILLEGAL_USE
.
Note:
public static final byte ALG_DES_MAC4_ISO9797_M1
ALG_DES_MAC4_ISO9797_M1
generates a 4 byte MAC
(most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode.
This algorithm uses outer CBC for triple DES.
Input data is padded according to the ISO 9797 method 1 scheme.public static final byte ALG_DES_MAC8_ISO9797_M1
ALG_DES_MAC8_ISO9797_M1
generates a 8 byte MAC
using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES.
Input data is padded according to the ISO 9797 method 1 scheme.
Note:
public static final byte ALG_DES_MAC4_ISO9797_M2
ALG_DES_MAC4_ISO9797_M2
generates a 4 byte MAC
(most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode.
This algorithm uses outer CBC for triple DES.
Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.public static final byte ALG_DES_MAC8_ISO9797_M2
ALG_DES_MAC8_ISO9797_M2
generates a 8 byte MAC
using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES.
Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.
Note:
public static final byte ALG_DES_MAC4_PKCS5
ALG_DES_MAC4_PKCS5
generates a 4 byte MAC
(most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode.
This algorithm uses outer CBC for triple DES.
Input data is padded according to the PKCS#5 scheme.public static final byte ALG_DES_MAC8_PKCS5
Note:
public static final byte ALG_RSA_SHA_ISO9796
ALG_RSA_SHA_ISO9796
encrypts the 20 byte SHA digest using RSA.
The digest is padded according to the ISO 9796 (EMV'96) scheme.public static final byte ALG_RSA_SHA_PKCS1
ALG_RSA_SHA_PKCS1
encrypts the 20 byte SHA digest using RSA.
The digest is padded according to the PKCS#1 (v1.5) scheme.public static final byte ALG_RSA_MD5_PKCS1
ALG_RSA_MD5_PKCS1
encrypts the 16 byte MD5 digest using RSA.
The digest is padded according to the PKCS#1 (v1.5) scheme.public static final byte ALG_RSA_RIPEMD160_ISO9796
ALG_RSA_RIPEMD160_ISO9796
encrypts the 20 byte RIPE MD-160 digest
using RSA. The digest is padded according to the ISO 9796 scheme.public static final byte ALG_RSA_RIPEMD160_PKCS1
ALG_RSA_RIPEMD160_PKCS1
encrypts the 20 byte RIPE MD-160 digest
using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme.public static final byte ALG_DSA_SHA
ALG_DSA_SHA
signs/verifies the 20 byte SHA digest using DSA.public static final byte ALG_RSA_SHA_RFC2409
ALG_RSA_SHA_RFC2409
encrypts the 20 byte SHA digest using RSA.
The digest is padded according to the RFC2409 scheme.public static final byte ALG_RSA_MD5_RFC2409
ALG_RSA_MD5_RFC2409
encrypts the 16 byte MD5 digest using RSA.
The digest is padded according to the RFC2409 scheme.public static final byte MODE_SIGN
init()
methods to indicate signature sign mode.public static final byte MODE_VERIFY
init()
methods to indicate signature verify mode.Constructor Detail |
protected Signature()
Method Detail |
public static final Signature getInstance(byte algorithm, boolean externalAccess) throws CryptoException
Signature
object instance of the selected algorithm.algorithm
- the desired Signature algorithm. See above.externalAccess
- if true
indicates that the instance will be shared among
multiple applet instances and that the Signature
instance will also be accessed (via a Shareable
interface) when the owner of the Signature
instance is not the currently selected applet.Signature
object instance of the requested algorithm.CryptoException.NO_SUCH_ALGORITHM
if the requested algorithm is not supported.public abstract void init(Key theKey, byte theMode) throws CryptoException
Signature
object with the appropriate Key
. This method should be used
for algorithms which do not need initialization parameters or use default parameter
values.
Note:
theKey
- the key object to use for signing or verifyingtheMode
- one of MODE_SIGN
or MODE_VERIFY
CryptoException.ILLEGAL_VALUE
if theMode
option is an undefined value or
if the Key
is inconsistent with theMode
or with the Signature
implementation.
public abstract void init(Key theKey, byte theMode, byte[] bArray, short bOff, short bLen) throws CryptoException
Signature
object with the appropriate Key
and algorithm specific
parameters.
Note:
bArray
.
CryptoException.ILLEGAL_VALUE
.
theKey
- the key object to use for signingtheMode
- one of MODE_SIGN
or MODE_VERIFY
bArray
- byte array containing algorithm specific initialization info.bOff
- offset withing bArray
where the algorithm specific data begins.bLen
- byte length of algorithm specific parameter dataCryptoException.ILLEGAL_VALUE
if theMode
option is an undefined value
or if a byte array parameter option is not supported by the algorithm or if
the bLen
is an incorrect byte length for the algorithm specific data or
if the Key
is inconsistent with theMode
or with the Signature
implementation.
public abstract byte getAlgorithm()
public abstract short getLength()
public abstract void update(byte[] inBuff, short inOffset, short inLength) throws CryptoException
sign()
or
verify()
method is recommended whenever possible.inBuff
- the input buffer of data to be signedinOffset
- the offset into the input buffer at which to begin signature generationinLength
- the byte length to signCryptoException.UNINITIALIZED_KEY
if key not initialized.sign(byte[], short, short, byte[], short)
,
verify(byte[], short, short, byte[], short, short)
public abstract short sign(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset) throws CryptoException
Signature
object to the state it was in
when previously initialized via a call to init()
.
That is, the object is reset and available to sign another message.
The input and output buffer data may overlap.
inBuff
- the input buffer of data to be signedinOffset
- the offset into the input buffer at which to begin signature generationinLength
- the byte length to signsigBuff
- the output buffer to store signature datasigOffset
- the offset into sigBuff at which to begin signature dataCryptoException.UNINITIALIZED_KEY
if key not initialized.
CryptoException.INVALID_INIT
if this Signature
object is
not initialized or initialized for signature verify mode.
CryptoException.ILLEGAL_USE
if this Signature
algorithm
does not pad the message and the message is not block aligned.
public abstract boolean verify(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset, short sigLength) throws CryptoException
Signature
object to the state it was in
when previously initialized via a call to init()
.
That is, the object is reset and available to verify another message.inBuff
- the input buffer of data to be verifiedinOffset
- the offset into the input buffer at which to begin signature generationinLength
- the byte length to signsigBuff
- the input buffer containing signature datasigOffset
- the offset into sigBuff where signature data begins.sigLength
- the byte length of the signature datatrue
if signature verifies false
otherwise.CryptoException.UNINITIALIZED_KEY
if key not initialized.
CryptoException.INVALID_INIT
if this Signature
object is
not initialized or initialized for signature sign mode.
CryptoException.ILLEGAL_USE
if this Signature
algorithm
does not pad the message and the message is not block aligned.
|
Submit a bug or feature Java and Java Card are trademarks or registered trademarks of Sun Microsystems, Inc. in the US and other countries. Copyright 1993-1999 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, California, 94303, U.S.A. All Rights Reserved. |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |