oracle.security.crypto.core

Class RSApkcs1

java.lang.Object

oracle.security.crypto.core.Coder

oracle.security.crypto.core.Cipher

oracle.security.crypto.core.RSApkcs1

public final class RSApkcs1
extends Cipher

An implementation of PKCS#1 v2.0 that supports the following encryption schemes: RSAES-OAEP, and RSAES-PKCS1-v1_5. According to the specification, RSAES-OAEP is recommended for new applications, and RSAES-PKCS1-v1_5 is included only for compatiblity with existing applications and protocols. The encryption schemes are used to combine RSA encryption and decryption primitives with an encoding method. Encryption and decryption can only be done through the methods encrypt(byte[]) and decrypt(byte[]).

RSApkcs1 relies on the RSA class to perform the raw encryption/decryption operation.

For greater security, it is considered a good practice to use a given key pair with only one encryption scheme, and use a different key pair if a second scheme is to be used in a different situation.

Since:

2.0

See Also:

OAEPAlgorithmIdentifier, RSA

Field Summary

Fields inherited from class oracle.security.crypto.core.Cipher

CBC, ECB, key, mode, rbs

Constructor Summary

Constructors

Constructor and Description
RSApkcs1() Creates an uninitialized RSApkcs1 instance.

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.String	algName() Returns the encryption scheme as a string.
byte[]	decrypt(byte[] input, int inOff, int len, boolean unpad) Decrypts a sequence of bytes of specified length.
void	decrypt(byte[] input, int inOff, int len, byte[] output, int outOff) Decrypts a sequence of bytes of specified length and places the original plaintext message in the given output buffer starting at the given offset.
byte[]	encrypt(byte[] input, int inOff, int len, boolean pad) Encrypts a sequence of bytes of specified length.
void	encrypt(byte[] input, int inOff, int len, byte[] output, int outOff) Encrypts a sequence of bytes of specified length and places the resulting ciphertext in the given output buffer starting at the given offset.
void	erase() Erases any sensitive information (such as buffers and subkey tables) stored in this cipher object.
AlgorithmIdentifier	getAlgID() Builds an AlgorithmIdentifier that is a "snapshot" of the Cipher's current configuration.
int	getBlockSize() Returns 0, because this is not a block cipher.
void	initialize(AlgorithmIdentifier algID, Key key, RandomBitsSource rbs) This method initializes the cipher with the given AlgorithmIdentifier and then configures itself with the given key and RandomBitsSource.
PrivateKey	unwrapPrivateKey(byte[] key) Always throws a CipherException -- cannot unwrap a private key using this cipher.
SymmetricKey	unwrapSymmetricKey(byte[] encKey, AlgorithmIdentifier algID) Unwraps a symmetric key using this cipher.
byte[]	wrapKey(PrivateKey key) Always throws a CipherException -- cannot wrap a private key using this cipher.
byte[]	wrapKey(SymmetricKey key) Wraps a symmetric key using this cipher.

Methods inherited from class oracle.security.crypto.core.Cipher

assertDecryption, assertEncryption, assertKeyUnwrap, assertKeyWrap, cloneKey, decodeOp, decrypt, decrypt, decrypt, encodeOp, encrypt, encrypt, encrypt, finalize, getInstance, getInstance, getInstance, getInstance, getInstance, getInstance, getIV, getMode, getPaddingID, initialize, initialize, initialize, releaseOp

Methods inherited from class oracle.security.crypto.core.Coder

decode, decode, encode, encode

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RSApkcs1

public RSApkcs1()

Creates an uninitialized RSApkcs1 instance. To use the Cipher, it must be initialized with a Key and algorithm parameters, usually in the form of an AlgorithmIdentifier.

By default, the encoding method is PKCS #1 v1.5 for backwards compatability.

Method Detail

initialize

public void initialize(AlgorithmIdentifier algID,
              Key key,
              RandomBitsSource rbs)
                throws AlgorithmIdentifierException,
                       InvalidKeyException

This method initializes the cipher with the given AlgorithmIdentifier and then configures itself with the given key and RandomBitsSource.

Specified by:

initialize in class Cipher

Parameters:

algID - The AlgorithmIdentifier whose params will be used to configure the cipher.

key - The Key instance that will be used by the cipher internally.

rbs - The RandomBitsSource that the Cipher uses during encryption operations. If null is provided, the Cipher will call RandomBitsSource.getDefault() when it is required.

Throws:

AlgorithmIdentifierException - If the algID's OID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's OID.

InvalidKeyException - If there is a problem with the Key instance the Cipher is being initialized with.

decrypt

public byte[] decrypt(byte[] input,
             int inOff,
             int len,
             boolean unpad)
               throws CipherException

Decrypts a sequence of bytes of specified length.

Specified by:

decrypt in class Cipher

Parameters:

input - Buffer in which data to be decrypted is stored.

inOff - Offset within buffer of the start of data.

len - The length of the data.

unpad - Ignored because encoding data is not optional in RSA Encryption.

Returns:

The decrypted bytes.

Throws:

CipherException - If cipher not initialized, data is not a multiple of the block size and no padding is specified, etc.

decrypt

public void decrypt(byte[] input,
           int inOff,
           int len,
           byte[] output,
           int outOff)
             throws CipherException

Decrypts a sequence of bytes of specified length and places the original plaintext message in the given output buffer starting at the given offset. This method will not attempt to pad the input.

Specified by:

decrypt in class Cipher

Parameters:

input - Array of bytes to decrypt.

inOff - Offset of the start of the data to decrypt.

len - The length of the data to decrypt.

output - Array to place the decrypted bytes.

outOff - Offset of the start of the decrypted bytes.

Throws:

CipherException - If there is a problem with the decryption process or if the cipher was not initialized for decryption.

encrypt

public byte[] encrypt(byte[] input,
             int inOff,
             int len,
             boolean pad)
               throws CipherException

Encrypts a sequence of bytes of specified length.

Specified by:

encrypt in class Cipher

Parameters:

input - Buffer in which data to be encrypted is stored.

inOff - Offset within buffer of the start of the data.

len - The length of the data.

pad - Ignored because encoding data is not optional in RSA Encryption.

Returns:

The encrypted bytes.

Throws:

CipherException - If cipher not initialized, data is not a multiple of the block size and no padding is specified, etc.

encrypt

public void encrypt(byte[] input,
           int inOff,
           int len,
           byte[] output,
           int outOff)
             throws CipherException

Encrypts a sequence of bytes of specified length and places the resulting ciphertext in the given output buffer starting at the given offset. This method will not attempt to unpad the result.

Specified by:

encrypt in class Cipher

Parameters:

input - Array of bytes to encrypt.

inOff - Offset of the start of data to encrypt.

len - The length of the data to encrypt.

output - Array to place the encrypted bytes.

outOff - Offset of the start of the encrypted bytes.

Throws:

CipherException - If there are problems with the encryption operation or if the Cipher was not initialized for encryption.

wrapKey

public byte[] wrapKey(PrivateKey key)
               throws CipherException

Always throws a CipherException -- cannot wrap a private key using this cipher.

Specified by:

wrapKey in class Cipher

Parameters:

key - The private key to wrap.

Returns:

The encrypted key.

Throws:

CipherException - If the Cipher was not initialized, if the Cipher was used for wrapping without being re-initialized or if an error occurred during the wrapping process.

wrapKey

public byte[] wrapKey(SymmetricKey key)
               throws CipherException

Wraps a symmetric key using this cipher.

Specified by:

wrapKey in class Cipher

Parameters:

key - The symmetric key to wrap.

Returns:

The encrypted key.

Throws:

CipherException - If the Cipher was not initialized, if the Cipher was used for wrapping without being re-initialized or if an error occurred during the wrapping process.

unwrapPrivateKey

public PrivateKey unwrapPrivateKey(byte[] key)
                            throws CipherException

Always throws a CipherException -- cannot unwrap a private key using this cipher.

Specified by:

unwrapPrivateKey in class Cipher

Parameters:

key - The encrypted key.

Returns:

The unwrapped symmetric key.

Throws:

CipherException - If the Cipher was not initialized, if the Cipher was used for unwrapping without being re-initialized or if an error occurred during the decryption process.

unwrapSymmetricKey

public SymmetricKey unwrapSymmetricKey(byte[] encKey,
                              AlgorithmIdentifier algID)
                                throws CipherException

Unwraps a symmetric key using this cipher.

Specified by:

unwrapSymmetricKey in class Cipher

Parameters:

encKey - The encrypted key.

algID - The algorithm identifier of the wrapped symmetric key.

Returns:

The unwrapped private key.

Throws:

CipherException - If the Cipher was not initialized, if the Cipher was used for unwrapping without being re-initialized or if an error occurred during the encryption process.

getAlgID

public AlgorithmIdentifier getAlgID()

Builds an AlgorithmIdentifier that is a "snapshot" of the Cipher's current configuration.

Altering this AlgorithmIdentifier will have no effect on the state of the Cipher.

Specified by:

getAlgID in class Cipher

Returns:

An AlgorithmIdentifier that is a "snapshot" of the Cipher's current configuration.

algName

public java.lang.String algName()

Returns the encryption scheme as a string.

Specified by:

algName in class Coder

getBlockSize

public int getBlockSize()

Returns 0, because this is not a block cipher.

Specified by:

getBlockSize in class Cipher

Returns:

0 because this is not a block cipher.

erase

public void erase()

Description copied from class: Cipher

Erases any sensitive information (such as buffers and subkey tables) stored in this cipher object. Additionally, this will erase the reference of the cipher's key.

Overrides:

erase in class Cipher