oracle.security.crypto.core
Class RSApkcs1

java.lang.Object
oracle.security.crypto.core.Coder
oracle.security.crypto.core.Cipher
oracle.security.crypto.core.RSApkcs1

public final class RSApkcs1

extends Cipher

An implementation of PKCS#1 v2.0 that supports the following encryption schemes: RSAES-OAEP, and RSAES-PKCS1-v1_5. According to the specification, RSAES-OAEP is recommended for new applications, and RSAES-PKCS1-v1_5 is included only for compatiblity with existing applications and protocols. The encryption schemes are used to combine RSA encryption and decryption primitives with an encoding method. Encryption and decryption can only be done through the methods encrypt(byte[]) and decrypt(byte[]).

RSApkcs1 relies on the RSA class to perform the raw encryption/decryption operation.

For greater security, it is considered a good practice to use a given key pair with only one encryption scheme, and use a different key pair if a second scheme is to be used in a different situation.

Since:

2.0

See Also:

OAEPAlgorithmIdentifier, RSA

Field Summary

Fields inherited from class oracle.security.crypto.core.Cipher

CBC, decryptionKey, ECB, encryptionKey, key, mode, NULL_PADDING, PKCS5_PADDING, rbs

Constructor Summary

RSApkcs1()
Creates an uninitialized RSApkcs1 instance.

RSApkcs1(AlgorithmIdentifier algID)
Deprecated. Use the no-argument constructor and an initialize method instead.

Method Summary

java.lang.String	algName() Returns the encryption scheme as a string.
int	blockSize() Deprecated. Use getBlockSize() instead.
byte[]	decrypt(byte[] input, int inOff, int len, boolean unpad) Decrypts a sequence of bytes of specified length.
void	decrypt(byte[] input, int inOff, int len, byte[] output, int outOff) Decrypts a sequence of bytes of specified length and places the original plaintext message in the given output buffer starting at the given offset.
void	decryptOp(byte[] in, int inOff, byte[] out, int outOff) Deprecated. Use a decrypt method instead.
byte[]	encrypt(byte[] input, int inOff, int len, boolean pad) Encrypts a sequence of bytes of specified length.
void	encrypt(byte[] input, int inOff, int len, byte[] output, int outOff) Encrypts a sequence of bytes of specified length and places the resulting ciphertext in the given output buffer starting at the given offset.
void	encryptOp(byte[] in, int inOff, byte[] out, int outOff) Deprecated. Use an encrypt method instead.
void	erase() Erases any sensitive information (such as buffers and subkey tables) stored in this cipher object.
AlgorithmIdentifier	getAlgID() Builds an AlgorithmIdentifier that is a "snapshot" of the Cipher's current configuration.
int	getBlockSize() Returns 0, because this is not a block cipher.
void	initialize(AlgorithmIdentifier algID, Key key) This method initializes the cipher with the given AlgorithmIdentifier and then configures itself with the given key.
void	initialize(AlgorithmIdentifier algID, Key key, RandomBitsSource rbs) This method initializes the cipher with the given AlgorithmIdentifier and then configures itself with the given key and RandomBitsSource.
void	setAlgID(AlgorithmIdentifier algID) Deprecated. Use an initialize method.
void	setDecryptionKey(Key key) Deprecated. Use an initialize method instead.
void	setEncryptionKey(Key key) Deprecated. Use an initialize method instead.
void	setKey(SymmetricKey key) Deprecated. Use an initialize method instead.

Methods inherited from class oracle.security.crypto.core.Cipher

assertDecryption, assertEncryption, cloneKey, decodeOp, decrypt, decrypt, decrypt, decryptOp, encodeOp, encrypt, encrypt, encrypt, encryptOp, getDecryptionKey, getEncryptionKey, getInstance, getInstance, getInstance, getInstance, getInstance, getIV, getKey, getMode, getPadding, getPaddingID, initialize, pad, releaseOp, setIV, setMode, setPadding, setRandomBitsSource, unpad

Methods inherited from class oracle.security.crypto.core.Coder

decode, decode, encode, encode, initialize

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RSApkcs1

public RSApkcs1()

Creates an uninitialized RSApkcs1 instance. To use the Cipher, it must be initialized with a Key and algorithm parameters, usually in the form of an AlgorithmIdentifier.

By default, the encoding method is PKCS #1 v1.5 for backwards compatability.

RSApkcs1

public RSApkcs1(AlgorithmIdentifier algID)
         throws AlgorithmIdentifierException

Deprecated. Use the no-argument constructor and an initialize method instead.

Constructs a new RSApkcs1 instance based on the given AlgorithmIdentifier. AlgorithmIdentifiers supported include RSA Encryption and RSA Encryption with OAEP.

Note: When attempting to configure the cipher to use the OAEP encoding method, it is easiest to use the OAEPAlgorithmIdentifier class.

Parameters:

algID - is the AlgorithmIdentifier that can either represent RSA Ecnryption with the PKCS v1.5 encoding method or RSA Encryption with the OAEP encoding method.

Throws:

AlgorithmIdentifierException - is thrown if there is a problem configuring the cipher with the given AlgorithmIdentifier.

Method Detail

initialize

public void initialize(AlgorithmIdentifier algID,
                       Key key)
                throws AlgorithmIdentifierException,
                       InvalidKeyException

This method initializes the cipher with the given AlgorithmIdentifier and then configures itself with the given key.

Specified by:

initialize in class Cipher

Parameters:

algID - is the AlgorithmIdentifier whose params will be used to configure the cipher.

key - is the Key instance that will be cloned and used by the cipher internally. The internal instance will be erased when Cipher.erase() is called.

Throws:

AlgorithmIdentifierException - is thrown if the algID's OID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's OID.

InvalidKeyException - is thrown if there is a problem with the Key instance the Cipher is being initialized with.

initialize

public void initialize(AlgorithmIdentifier algID,
                       Key key,
                       RandomBitsSource rbs)
                throws AlgorithmIdentifierException,
                       InvalidKeyException

This method initializes the cipher with the given AlgorithmIdentifier and then configures itself with the given key and RandomBitsSource.

Parameters:

algID - is the AlgorithmIdentifier whose params will be used to configure the cipher.

key - is the Key instance that will be cloned and used by the cipher internally. The internal instance will be erased when Cipher.erase() is called.

rbs - is the RandomBitsSource that the Cipher uses during encryption operations. If null is provided, the Cipher will call RandomBitsSource.getDefault() when it is required.

Throws:

AlgorithmIdentifierException - is thrown if the algID's OID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's OID.

InvalidKeyException - is thrown if there is a problem with the Key instance the Cipher is being initialized with.

decrypt

public byte[] decrypt(byte[] input,
                      int inOff,
                      int len,
                      boolean unpad)
               throws CipherException

Decrypts a sequence of bytes of specified length.

Specified by:

decrypt in class Cipher

Parameters:

input - Buffer in which data to be decrypted is stored.

inOff - Offset within buffer of the start of data.

len - The length of the data

unpad - is an ignored parameter because encoding data is not optional in RSA Encryption.

Returns:

the decrypted bytes

Throws:

CipherException - if cipher not initialized, data is not a multiple of the block size and no padding is specified, etc.

decrypt

public void decrypt(byte[] input,
                    int inOff,
                    int len,
                    byte[] output,
                    int outOff)
             throws CipherException

Decrypts a sequence of bytes of specified length and places the original plaintext message in the given output buffer starting at the given offset. This method will not attempt to pad the input.

Specified by:

decrypt in class Cipher

Parameters:

input - array of bytes to decrypt

inOff - offset of the start of the data to decrypt

len - the length of the data to decrypt

output - array to place the decrypted bytes

outOff - offset of the start of the decrypted bytes

Throws:

CipherException - is thrown if there is a problem with the decryption process or if the cipher was initialized for encryption.

encrypt

public byte[] encrypt(byte[] input,
                      int inOff,
                      int len,
                      boolean pad)
               throws CipherException

Encrypts a sequence of bytes of specified length.

Specified by:

encrypt in class Cipher

Parameters:

input - buffer in which data to be encrypted is stored.

inOff - offset within buffer of the start of the data.

len - the length of the data.

pad - is an ignored parameter because encoding data is not optional in RSA Encryption.

Returns:

the encrypted bytes

Throws:

CipherException - if cipher not initialized, data is not a multiple of the block size and no padding is specified, etc.

encrypt

public void encrypt(byte[] input,
                    int inOff,
                    int len,
                    byte[] output,
                    int outOff)
             throws CipherException

Encrypts a sequence of bytes of specified length and places the resulting ciphertext in the given output buffer starting at the given offset. This method will not attempt to unpad the result.

Specified by:

encrypt in class Cipher

Parameters:

input - array of bytes to encrypt

inOff - offset of the start of data to encrypt

len - the length of the data to encrypt

output - array to place the encrypted bytes

outOff - offset of the start of the encrypted bytes

Throws:

CipherException - is thrown if there are problems with the encryption operation or if the Cipher was initialized for decryption.

getAlgID

public AlgorithmIdentifier getAlgID()

Builds an AlgorithmIdentifier that is a "snapshot" of the Cipher's current configuration.

Altering this AlgorithmIdentifier will have no effect on the state of the Cipher.

Specified by:

getAlgID in class Cipher

Returns:

An AlgorithmIdentifier that is a "snapshot" of the Cipher's current configuration.

algName

public java.lang.String algName()

Returns the encryption scheme as a string.

Specified by:

algName in class Coder

getBlockSize

public int getBlockSize()

Returns 0, because this is not a block cipher.

Specified by:

getBlockSize in class Cipher

Returns:

0 because this is not a block cipher.

erase

public void erase()

Description copied from class: Cipher

Erases any sensitive information (such as buffers and subkey tables) stored in this cipher object. Additionally, this will erase the Cipher's internal copies of any keys it holds.

Overrides:

erase in class Cipher

blockSize

public int blockSize()

Deprecated. Use getBlockSize() instead.

Returns 0, because this is not a block cipher.

Specified by:

blockSize in class Cipher

Returns:

0 because this is not a block cipher.

decryptOp

public void decryptOp(byte[] in,
                      int inOff,
                      byte[] out,
                      int outOff)
               throws CipherException

Deprecated. Use a decrypt method instead.

Not used. An exception is thrown if this method is called.

Specified by:

decryptOp in class Cipher

Parameters:

in - buffer in which data to be decrypted is stored.

inOff - offset within input buffer of the start of data.

out - buffer to place the decrypted bytes in

outOff - offset within output buffer where the encrypted bytes will be stored.

Throws:

CipherException - is thrown if the Cipher is not initialized, length of data is not equal to the block size, etc.

encryptOp

public void encryptOp(byte[] in,
                      int inOff,
                      byte[] out,
                      int outOff)
               throws CipherException

Deprecated. Use an encrypt method instead.

Not used. An exception is thrown if this method is called.

Specified by:

encryptOp in class Cipher

Parameters:

in - buffer in which data to be encrypted is stored

inOff - offset within input buffer of the start of data

out - buffer to place the encrypted bytes in

outOff - offset within output buffer where the encrypted bytes will be stored

Throws:

CipherException - is thrown if the Cipher is not initialized, length of data is not equal to the block size, etc.

setAlgID

public void setAlgID(AlgorithmIdentifier algID)
              throws AlgorithmIdentifierException

Deprecated. Use an initialize method.

Takes an AlgorithmIdentifier that describes either RSA Encryption with the v1.5 encoding method or the OAEP encoding method and sets the internal state of the object to that of the specified parameters.

Specified by:

setAlgID in class Cipher

Parameters:

algID - is the AlgorithmIdentifier that is used to configure the internal state of this instance.

Throws:

AlgorithmIdentifierException - is thrown if the algID parameter specifies any unsupported algorithms for this class.

setKey

public void setKey(SymmetricKey key)
            throws InvalidKeyException

Deprecated. Use an initialize method instead.

Clones the given key and sets it as the Cipher's key.

Overrides:

setKey in class Cipher

Throws:

InvalidKeyException - is thrown if the the key is not valid for the Cipher instance

setEncryptionKey

public void setEncryptionKey(Key key)
                      throws InvalidKeyException

Deprecated. Use an initialize method instead.

Clones the given key, sets it as the Cipher's key.

Overrides:

setEncryptionKey in class Cipher

Throws:

InvalidKeyException - is thrown if the the key is not valid for the Cipher instance

setDecryptionKey

public void setDecryptionKey(Key key)
                      throws InvalidKeyException

Deprecated. Use an initialize method instead.

Clones the given key, sets it as the Cipher's key.

Overrides:

setDecryptionKey in class Cipher

Throws:

InvalidKeyException - is thrown if the the key is not valid for the Cipher instance