Skip navigation links

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle® Information Rights Management Server Java API Reference
11g Release 1 (11.1.1)
E12907-03
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.irm.engine.content.crypto
Interface CryptoSchema

public interface CryptoSchema

Sealed content cryptography schema. A cryptography schema is used to link a KeySet with the set of cryptography algorithms used when working with that key set. A cryptography schema must be specified when creating a key set. The schema defines what types of cryptography key are generated and what key sizes are used. The cryptography schema is also used (via the key set) when sealing or unsealing content. When performing operations such as sealing or unsealing the schema defines what algorithms are used for encrypting (and decrypting) the content, signing the content and calculating digests.

Creation

Instances of Crypto Schema objects can be created using the following factory style method(s).

CryptoSchema object = createCryptoSchema(id);

Collections

Collections for CryptoSchema objects can be created using the following factory method. This method creates the most appropriate collection implementation class for storing CryptoSchema elements.

 Collection<CryptoSchema> object = createCryptoSchemas();

Consult the Id property for more information on how this property can relate to CryptoSchema collections.

XML Serialization

Crypto Schema instances can be serialized as an XML document. This XML document can also be used to recreate a Crypto Schema object. The following XML document shows an example Crypto Schema in XML form.

<?xml version="1.0" encoding="UTF-8"?>
 <content:CryptoSchema xmlns:content="http://xmlns.oracle.com/irm/content">
    <id>AES128</id>
    <encryptionTransformation>AES/CTR/NoPadding</encryptionTransformation>
    <encryptionKeySize>128</encryptionKeySize>
    <sessionKeyEncryptionTransformation>AES/ECB/NoPadding</sessionKeyEncryptionTransformation>
    <sessionKeyEncryptionKeySize>128</sessionKeyEncryptionKeySize>
    <hmacSigningAlgorithm>HmacSHA256</hmacSigningAlgorithm>
    <hmacSigningKeySize>128</hmacSigningKeySize>
    <digestAlgorithm>SHA-256</digestAlgorithm>
    <useFips>false</useFips>
</content:CryptoSchema>

Crypto Schema instances can also be serialized by reference. A reference contains all the information needed to uniquely identify a Crypto Schema without needing to serialize the complete object. The reference form of the XML document can be seen below.

<?xml version="1.0" encoding="UTF-8"?>
 <content:CryptoSchemaRef xmlns:content="http://xmlns.oracle.com/irm/content">
    <id>AES128</id>
</content:CryptoSchemaRef>

Method Summary
 String getDigestAlgorithm()
          The message digest algorithm.
 String getEncryptionAlgorithm()
          The encryption algorithm name extracted from the encryption transformation.
 int getEncryptionBlockSize()
          The encryption algorithm block size.
 int getEncryptionKeySize()
          The encryption key size (in bits).
 String getEncryptionTransformation()
          The encryption transformation.
 String getHmacSigningAlgorithm()
          The signing algorithm specification.
 int getHmacSigningKeySize()
          The key size (in bits) for the HMAC operation.
 String getId()
          The identity of the schema.
 String getSessionKeyEncryptionAlgorithm()
          The session key encryption algorithm name extracted from the encryption transformation.
 int getSessionKeyEncryptionKeySize()
          The key size (in bits) for session key encryption.
 String getSessionKeyEncryptionTransformation()
          The session key encryption transformation.
 boolean getUseFips()
          If true, only FIPS-approved cryptography implementations should be used.

 

Method Detail

getId

String getId()
The identity of the schema. The identity must refer to a built-in engined defined cryptography schema.

Size

This property is limited to 50 characters in length.

Collections

This property value can be used to retrieve the object from a collection using getCryptoSchemaById.
Returns:
the value of the property. This method will never return null.

getEncryptionTransformation

String getEncryptionTransformation()
The encryption transformation. The encryption transformation is used to encrypt (and decrypt) the main body of the sealed content using the per content generated session key.

e.g. AES/CTR/NoPadding.
Returns:
the value of the property. This method will never return null.

getEncryptionAlgorithm

String getEncryptionAlgorithm()
The encryption algorithm name extracted from the encryption transformation. e.g. AES.

Transient

This property is transient and will not be serialized (e.g into XML, remote method calls).
Returns:
the value of the property. This method will never return null.

getEncryptionBlockSize

int getEncryptionBlockSize()
The encryption algorithm block size. The encryption algorithm block size, or if the algorithm is a stream cipher, 0.

Transient

This property is transient and will not be serialized (e.g into XML, remote method calls).
Returns:
the value of the property.

getEncryptionKeySize

int getEncryptionKeySize()
The encryption key size (in bits). This information is used with a key set is generated.
Returns:
the value of the property.

getHmacSigningAlgorithm

String getHmacSigningAlgorithm()
The signing algorithm specification. The signing algorithm is used to sign the public header of the sealed content to prevent tampering.

e.g. HmacSHA256.
Returns:
the value of the property. This method will never return null.

getHmacSigningKeySize

int getHmacSigningKeySize()
The key size (in bits) for the HMAC operation. This information is used with a key set is generated.
Returns:
the value of the property.

getDigestAlgorithm

String getDigestAlgorithm()
The message digest algorithm. The digest is used to check the cipher text block has not been altered.

e.g. SHA-256.
Returns:
the value of the property. This method will never return null.

getSessionKeyEncryptionTransformation

String getSessionKeyEncryptionTransformation()
The session key encryption transformation. The session key transformation is used to encrypt the session key before embedding it into sealed content.

e.g. AES/ECB/NoPadding.
Returns:
the value of the property. This method will never return null.

getSessionKeyEncryptionAlgorithm

String getSessionKeyEncryptionAlgorithm()
The session key encryption algorithm name extracted from the encryption transformation. e.g. AES.

Transient

This property is transient and will not be serialized (e.g into XML, remote method calls).
Returns:
the value of the property. This method will never return null.

getSessionKeyEncryptionKeySize

int getSessionKeyEncryptionKeySize()
The key size (in bits) for session key encryption. This information is used with a key set is generated.
Returns:
the value of the property.

getUseFips

boolean getUseFips()
If true, only FIPS-approved cryptography implementations should be used.
Returns:
the value of the property.

Skip navigation links

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle® Information Rights Management Server Java API Reference
11g Release 1 (11.1.1)
E12907-03
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2011, Oracle. All rights reserved.