Class Signature
- java.lang.Object
-
- javacard.security.Signature
-
- Direct Known Subclasses:
Signature.OneShot
public abstract class Signature extends Object
TheSignature
class is the base class for Signature algorithms. Implementations of Signature algorithms must extend this class and implement all the abstract methods.The term "pad" is used in the public key signature algorithms below to refer to all the operations specified in the referenced scheme to transform the message digest into the encryption block size.
A tear or card reset event resets an initialized
Signature
object to the state it was in when previously initialized via a call toinit()
. For algorithms which support keys with transient key data sets, such as DES, triple DES, AES, and Korean SEED theSignature
object key becomes uninitialized on clear events associated with theKey
object used to initialize theSignature
object.Even if a transaction is in progress, update of intermediate result state in the implementation instance shall not participate in the transaction.
Note:
- On a tear or card reset event, the AES, DES, triple DES and Korean SEED algorithms in CBC mode
reset the initial vector(IV) to 0. The initial vector(IV) can be re-initialized using the
init(Key, byte, byte[], short, short)
method.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
Signature.OneShot
TheOneShot
class is a specialization of theSignature
class intended to support efficient one-shot signing and verification operations that may avoid persistent memory writes entirely.
-
Field Summary
Fields Modifier and Type Field Description static byte
ALG_AES_CMAC_128
Signature algorithmALG_AES_CMAC_128
generates a 16-byte Cipher-based MAC (CMAC) using AES with blocksize 128 in CBC mode with ISO9797_M2 padding scheme.static byte
ALG_AES_MAC_128_NOPAD
Signature algorithmALG_AES_MAC_128_NOPAD
generates a 16-byte MAC using AES with blocksize 128 in CBC mode and does not pad input data.static byte
ALG_AES_MAC_192_NOPAD
Deprecated.static byte
ALG_AES_MAC_256_NOPAD
Deprecated.static byte
ALG_DES_MAC4_ISO9797_1_M1_ALG3
Signature algorithmALG_DES_MAC4_ISO9797_1_M1_ALG3
generates a 4-byte MAC using triple DES with a 2-key DES3 key according to ISO9797-1 MAC algorithm 3 with method 1, where input data is padded using method 1 and the data is processed as described in MAC Algorithm 3 of the ISO 9797-1 specification.static byte
ALG_DES_MAC4_ISO9797_1_M2_ALG3
Signature algorithmALG_DES_MAC4_ISO9797_1_M2_ALG3
generates a 4-byte MAC using triple DES with a 2-key DES3 key according to ISO9797-1 MAC algorithm 3 with method 2 (also 3.0, EMV 4.0), where input data is padded using method 2 and the data is processed as described in MAC Algorithm 3 of the ISO 9797-1 specification.static byte
ALG_DES_MAC4_ISO9797_M1
Signature algorithmALG_DES_MAC4_ISO9797_M1
generates a 4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC mode or triple DES in outer CBC mode.static byte
ALG_DES_MAC4_ISO9797_M2
Signature algorithmALG_DES_MAC4_ISO9797_M2
generates a 4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC mode or triple DES in outer CBC mode.static byte
ALG_DES_MAC4_NOPAD
Signature algorithmALG_DES_MAC4_NOPAD
generates a 4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC mode or triple DES in outer CBC mode.static byte
ALG_DES_MAC4_PKCS5
Signature algorithmALG_DES_MAC4_PKCS5
generates a 4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC mode or triple DES in outer CBC mode.static byte
ALG_DES_MAC8_ISO9797_1_M1_ALG3
Signature algorithmALG_DES_MAC8_ISO9797_1_M1_ALG3
generates an 8-byte MAC using triple DES with a 2-key DES3 key according to ISO9797-1 MAC algorithm 3 with method 1, where input data is padded using method 1 and the data is processed as described in MAC Algorithm 3 of the ISO 9797-1 specification.static byte
ALG_DES_MAC8_ISO9797_1_M2_ALG3
Signature algorithmALG_DES_MAC8_ISO9797_1_M2_ALG3
generates an 8-byte MAC using triple DES with a 2-key DES3 key according to ISO9797-1 MAC algorithm 3 with method 2 (also EMV 3.0, EMV 4.0), where input data is padded using method 2 and the data is processed as described in MAC Algorithm 3 of the ISO 9797-1 specification.static byte
ALG_DES_MAC8_ISO9797_M1
Signature algorithmALG_DES_MAC8_ISO9797_M1
generates an 8-byte MAC using DES in CBC mode or triple DES in outer CBC mode.static byte
ALG_DES_MAC8_ISO9797_M2
Signature algorithmALG_DES_MAC8_ISO9797_M2
generates an 8-byte MAC using DES in CBC mode or triple DES in outer CBC mode.static byte
ALG_DES_MAC8_NOPAD
Signature algorithmALG_DES_MAC8_NOPAD
generates an 8-byte MAC using DES in CBC mode or triple DES in outer CBC mode.static byte
ALG_DES_MAC8_PKCS5
Signature algorithmALG_DES_MAC8_PKCS5
generates an 8-byte MAC using DES in CBC mode or triple DES in outer CBC mode.static byte
ALG_DSA_SHA
Signature algorithmALG_DSA_SHA
generates a 20-byte SHA digest and signs/verifies the digests using DSA.static byte
ALG_ECDSA_SHA
Signature algorithmALG_ECDSA_SHA
generates a 20-byte SHA digest and signs/verifies the digest using ECDSA.static byte
ALG_ECDSA_SHA_224
Signature algorithmALG_ECDSA_SHA_224
generates a 28-byte SHA-224 digest and signs/verifies the digest using ECDSA with the curve defined in theECKey
parameters - such as the P-224 curve specified in the Digital Signature Standards specification[NIST FIPS PUB 186-2].static byte
ALG_ECDSA_SHA_256
Signature algorithmALG_ECDSA_SHA_256
generates a 32-byte SHA-256 digest and signs/verifies the digest using ECDSA with the curve defined in theECKey
parameters - such as the P-256 curve specified in the Digital Signature Standards specification[NIST FIPS PUB 186-2].static byte
ALG_ECDSA_SHA_384
Signature algorithmALG_ECDSA_SHA_384
generates a 48-byte SHA-384 digest and signs/verifies the digest using ECDSA with the curve defined in theECKey
parameters - such as the P-384 curve specified in the Digital Signature Standards specification[NIST FIPS PUB 186-2].static byte
ALG_ECDSA_SHA_512
Signature algorithmALG_ECDSA_SHA_512
generates a 64-byte SHA-512 digest and signs/verifies the digest using ECDSA with the curve defined in theECKey
parameters - such as the P-521 curve specified in the Digital Signature Standards specification[NIST FIPS PUB 186-2].static byte
ALG_HMAC_MD5
HMAC message authentication algorithmALG_HMAC_MD5
This algorithm generates an HMAC following the steps found in RFC: 2104 using MD5 as the hashing algorithm.static byte
ALG_HMAC_RIPEMD160
HMAC message authentication algorithmALG_HMAC_RIPEMD160
This algorithm generates an HMAC following the steps found in RFC: 2104 using RIPEMD160 as the hashing algorithm.static byte
ALG_HMAC_SHA_256
HMAC message authentication algorithmALG_HMAC_SHA_256
This algorithm generates an HMAC following the steps found in RFC: 2104 using SHA-256 as the hashing algorithm.static byte
ALG_HMAC_SHA_384
HMAC message authentication algorithmALG_HMAC_SHA_384
This algorithm generates an HMAC following the steps found in RFC: 2104 using SHA-384 as the hashing algorithm.static byte
ALG_HMAC_SHA_512
HMAC message authentication algorithmALG_HMAC_SHA_512
This algorithm generates an HMAC following the steps found in RFC: 2104 using SHA-512 as the hashing algorithm.static byte
ALG_HMAC_SHA1
HMAC message authentication algorithmALG_HMAC_SHA1
This algorithm generates an HMAC following the steps found in RFC: 2104 using SHA1 as the hashing algorithm.static byte
ALG_KOREAN_SEED_MAC_NOPAD
Signature algorithmALG_KOREAN_SEED_MAC_NOPAD
generates an 16-byte MAC using Korean SEED in CBC mode.static byte
ALG_RSA_MD5_PKCS1
Signature algorithmALG_RSA_MD5_PKCS1
generates a 16-byte MD5 digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.static byte
ALG_RSA_MD5_PKCS1_PSS
Signature algorithmALG_RSA_MD5_PKCS1_PSS
generates a 16-byte MD5 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.static byte
ALG_RSA_MD5_RFC2409
Signature algorithmALG_RSA_MD5_RFC2409
generates a 16-byte MD5 digest, pads the digest according to the RFC2409 scheme, and encrypts it using RSA.static byte
ALG_RSA_RIPEMD160_ISO9796
Signature algorithmALG_RSA_RIPEMD160_ISO9796
generates a 20-byte RIPE MD-160 digest, pads the digest according to the ISO 9796 scheme, and encrypts it using RSA.static byte
ALG_RSA_RIPEMD160_ISO9796_MR
Signature algorithmALG_RSA_RIPEMD160_ISO9796_MR
generates 20-byte RIPE MD-160 digest, pads it according to the ISO9796-2 specification and encrypts using RSA.static byte
ALG_RSA_RIPEMD160_PKCS1
Signature algorithmALG_RSA_RIPEMD160_PKCS1
generates a 20-byte RIPE MD-160 digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.static byte
ALG_RSA_RIPEMD160_PKCS1_PSS
Signature algorithmALG_RSA_RIPEMD160_PKCS1_PSS
generates a 20-byte RIPE MD-160 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.static byte
ALG_RSA_SHA_224_PKCS1
Signature algorithmALG_RSA_SHA_224_PKCS1
generates a 28-byte SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.static byte
ALG_RSA_SHA_224_PKCS1_PSS
Signature algorithmALG_RSA_SHA_224_PKCS1_PSS
generates a 28-byte SHA-224 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.static byte
ALG_RSA_SHA_256_PKCS1
Signature algorithmALG_RSA_SHA_256_PKCS1
generates a 32-byte SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.static byte
ALG_RSA_SHA_256_PKCS1_PSS
Signature algorithmALG_RSA_SHA_256_PKCS1_PSS
generates a 32-byte SHA-256 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.static byte
ALG_RSA_SHA_384_PKCS1
Signature algorithmALG_RSA_SHA_384_PKCS1
generates a 48-byte SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.static byte
ALG_RSA_SHA_384_PKCS1_PSS
Signature algorithmALG_RSA_SHA_384_PKCS1_PSS
generates a 48-byte SHA-384 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.static byte
ALG_RSA_SHA_512_PKCS1
Signature algorithmALG_RSA_SHA_512_PKCS1
generates a 64-byte SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.static byte
ALG_RSA_SHA_512_PKCS1_PSS
Signature algorithmALG_RSA_SHA_512_PKCS1_PSS
generates a 64-byte SHA-512 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.static byte
ALG_RSA_SHA_ISO9796
Signature algorithmALG_RSA_SHA_ISO9796
generates a 20-byte SHA digest, pads the digest according to the ISO/IEC 9796-2 scheme as specified in EMV 3.0 and EMV 4.0, and encrypts it using RSA.static byte
ALG_RSA_SHA_ISO9796_MR
Signature algorithmALG_RSA_SHA_ISO9796_MR
generates 20-byte SHA-1 digest, pads it according to the ISO/IEC 9796-2 specification and encrypts using RSA.static byte
ALG_RSA_SHA_PKCS1
Signature algorithmALG_RSA_SHA_PKCS1
generates a 20-byte SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.static byte
ALG_RSA_SHA_PKCS1_PSS
Signature algorithmALG_RSA_SHA_PKCS1_PSS
generates a 20-byte SHA-1 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.static byte
ALG_RSA_SHA_RFC2409
Signature algorithmALG_RSA_SHA_RFC2409
generates a 20-byte SHA digest, pads the digest according to the RFC2409 scheme, and encrypts it using RSA.static byte
MODE_SIGN
Used ininit()
methods to indicate signature sign mode.static byte
MODE_VERIFY
Used ininit()
methods to indicate signature verify mode.static byte
SIG_CIPHER_AES_CMAC128
Cipher algorithmSIG_CIPHER_AES_CMAC128
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_AES_MAC128
Cipher algorithmSIG_CIPHER_AES_MAC128
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_DES_MAC4
Cipher algorithmSIG_CIPHER_DES_MAC4
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_DES_MAC8
Cipher algorithmSIG_CIPHER_DES_MAC8
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_DSA
Cipher algorithmSIG_CIPHER_DSA
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_ECDSA
Cipher algorithmSIG_CIPHER_ECDSA
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_ECDSA_PLAIN
Cipher algorithmSIG_CIPHER_ECDSA_PLAIN
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_EDDSA
Cipher algorithmSIG_CIPHER_EDDSA
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_EDDSAPH
Cipher algorithmSIG_CIPHER_EDDSAPH
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_HMAC
Cipher algorithmSIG_CIPHER_HMAC
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_KOREAN_SEED_MAC
Cipher algorithmSIG_CIPHER_KOREAN_SEED_MAC
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_RSA
Cipher algorithmSIG_CIPHER_RSA
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_SM2
Cipher algorithmSIG_CIPHER_SM2
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.static byte
SIG_CIPHER_SM4_MAC128
Cipher algorithmSIG_CIPHER_SM4_MAC128
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method.
-
Constructor Summary
Constructors Modifier Constructor Description protected
Signature()
Protected Constructor
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description abstract byte
getAlgorithm()
Gets the Signature algorithm.abstract byte
getCipherAlgorithm()
Gets the cipher algorithm.static Signature
getInstance(byte algorithm, boolean externalAccess)
Creates aSignature
object instance of the selected algorithm.static Signature
getInstance(byte messageDigestAlgorithm, byte cipherAlgorithm, byte paddingAlgorithm, boolean externalAccess)
Creates aSignature
object instance with the selected message digest algorithm, cipher algorithm and padding algorithm.abstract short
getLength()
Returns the byte length of the signature data.abstract byte
getMessageDigestAlgorithm()
Gets the message digest algorithm.abstract byte
getPaddingAlgorithm()
Gets the padding algorithm.abstract void
init(Key theKey, byte theMode)
Initializes theSignature
object with the appropriateKey
.abstract void
init(Key theKey, byte theMode, byte[] bArray, short bOff, short bLen)
Initializes theSignature
object with the appropriateKey
and algorithm specific parameters.abstract void
setInitialDigest(byte[] initialDigestBuf, short initialDigestOffset, short initialDigestLength, byte[] digestedMsgLenBuf, short digestedMsgLenOffset, short digestedMsgLenLength)
This method initializes the starting hash value in place of the default value used by theSignature
class.abstract short
sign(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset)
Generates the signature of all/last input data.abstract short
signPreComputedHash(byte[] hashBuff, short hashOffset, short hashLength, byte[] sigBuff, short sigOffset)
Generates the signature of the precomputed hash data.abstract void
update(byte[] inBuff, short inOffset, short inLength)
Accumulates a signature of the input data.abstract boolean
verify(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset, short sigLength)
Verifies the signature of all/last input data against the passed in signature.abstract boolean
verifyPreComputedHash(byte[] hashBuff, short hashOffset, short hashLength, byte[] sigBuff, short sigOffset, short sigLength)
Verifies the signature of precomputed hash data.
-
-
-
Field Detail
-
ALG_DES_MAC4_NOPAD
public static final byte ALG_DES_MAC4_NOPAD
Signature algorithmALG_DES_MAC4_NOPAD
generates a 4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC mode or triple DES in outer CBC mode. This algorithm does not pad input data. If the input data is not (8 byte) block aligned it throwsCryptoException
with the reason codeILLEGAL_USE
.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_DES_MAC4
,Cipher.PAD_NOPAD
constants respectively.- See Also:
- Constant Field Values
-
ALG_DES_MAC8_NOPAD
public static final byte ALG_DES_MAC8_NOPAD
Signature algorithmALG_DES_MAC8_NOPAD
generates an 8-byte MAC using DES in CBC mode or triple DES in outer CBC mode. This algorithm does not pad input data. If the input data is not (8 byte) block aligned it throwsCryptoException
with the reason codeILLEGAL_USE
.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_DES_MAC8
,Cipher.PAD_NOPAD
constants respectively.Note:
- This algorithm must not be implemented if export restrictions apply.
- See Also:
- Constant Field Values
-
ALG_DES_MAC4_ISO9797_M1
public static final byte ALG_DES_MAC4_ISO9797_M1
Signature algorithmALG_DES_MAC4_ISO9797_M1
generates a 4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC mode or triple DES in outer CBC mode. Input data is padded according to the ISO 9797 method 1 scheme.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_DES_MAC4
,Cipher.PAD_ISO9797_M1
constants respectively.- See Also:
- Constant Field Values
-
ALG_DES_MAC8_ISO9797_M1
public static final byte ALG_DES_MAC8_ISO9797_M1
Signature algorithmALG_DES_MAC8_ISO9797_M1
generates an 8-byte MAC using DES in CBC mode or triple DES in outer CBC mode. Input data is padded according to the ISO 9797 method 1 scheme.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_DES_MAC8
,Cipher.PAD_ISO9797_M1
constants respectively.Note:
- This algorithm must not be implemented if export restrictions apply.
- See Also:
- Constant Field Values
-
ALG_DES_MAC4_ISO9797_M2
public static final byte ALG_DES_MAC4_ISO9797_M2
Signature algorithmALG_DES_MAC4_ISO9797_M2
generates a 4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC mode or triple DES in outer CBC mode. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV 3.0) scheme.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_DES_MAC4
,Cipher.PAD_ISO9797_M2
constants respectively.- See Also:
- Constant Field Values
-
ALG_DES_MAC8_ISO9797_M2
public static final byte ALG_DES_MAC8_ISO9797_M2
Signature algorithmALG_DES_MAC8_ISO9797_M2
generates an 8-byte MAC using DES in CBC mode or triple DES in outer CBC mode. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV 3.0) scheme.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_DES_MAC8
,Cipher.PAD_ISO9797_M2
constants respectively.Note:
- This algorithm must not be implemented if export restrictions apply.
- See Also:
- Constant Field Values
-
ALG_DES_MAC4_PKCS5
public static final byte ALG_DES_MAC4_PKCS5
Signature algorithmALG_DES_MAC4_PKCS5
generates a 4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC mode or triple DES in outer CBC mode. Input data is padded according to the PKCS#5 scheme.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_DES_MAC4
,Cipher.PAD_PKCS5
constants respectively.- See Also:
- Constant Field Values
-
ALG_DES_MAC8_PKCS5
public static final byte ALG_DES_MAC8_PKCS5
Signature algorithmALG_DES_MAC8_PKCS5
generates an 8-byte MAC using DES in CBC mode or triple DES in outer CBC mode. Input data is padded according to the PKCS#5 scheme.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_DES_MAC8
,Cipher.PAD_PKCS5
constants respectively.Note:
- This algorithm must not be implemented if export restrictions apply.
- See Also:
- Constant Field Values
-
ALG_RSA_SHA_ISO9796
public static final byte ALG_RSA_SHA_ISO9796
Signature algorithmALG_RSA_SHA_ISO9796
generates a 20-byte SHA digest, pads the digest according to the ISO/IEC 9796-2 scheme as specified in EMV 3.0 and EMV 4.0, and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA
,SIG_CIPHER_RSA
,Cipher.PAD_ISO9796
constants respectively.Note:
- The
verify
method does not support the message recovery semantics of this algorithm.
- See Also:
- Constant Field Values
- The
-
ALG_RSA_SHA_PKCS1
public static final byte ALG_RSA_SHA_PKCS1
Signature algorithmALG_RSA_SHA_PKCS1
generates a 20-byte SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.Note:
- The encryption block(EB) during signing is built as follows:
EB = 00 || 01 || PS || 00 || T
:: where T is the DER encoding of :
digestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier of SHA-1,
digest OCTET STRING
}
:: PS is an octet string of length k-3-||T|| with value FF. The length of PS must be at least 8 octets.
:: k is the RSA modulus size.
DER encoded SHA-1 AlgorithmIdentifier = 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1
constants respectively.- See Also:
- Constant Field Values
- The encryption block(EB) during signing is built as follows:
-
ALG_RSA_MD5_PKCS1
public static final byte ALG_RSA_MD5_PKCS1
Signature algorithmALG_RSA_MD5_PKCS1
generates a 16-byte MD5 digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.Note:
- The encryption block(EB) during signing is built as follows:
EB = 00 || 01 || PS || 00 || T
:: where T is the DER encoding of :
digestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier of MD5,
digest OCTET STRING
}
:: PS is an octet string of length k-3-||T|| with value FF. The length of PS must be at least 8 octets.
:: k is the RSA modulus size.
DER encoded MD5 AlgorithmIdentifier = 30 20 30 0C 06 08 2A 86 48 86 F7 0D 02 05 05 00 04 10.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_MD5
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1
constants respectively.- See Also:
- Constant Field Values
- The encryption block(EB) during signing is built as follows:
-
ALG_RSA_RIPEMD160_ISO9796
public static final byte ALG_RSA_RIPEMD160_ISO9796
Signature algorithmALG_RSA_RIPEMD160_ISO9796
generates a 20-byte RIPE MD-160 digest, pads the digest according to the ISO 9796 scheme, and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_RIPEMD160
,SIG_CIPHER_RSA
,Cipher.PAD_ISO9796
constants respectively.- See Also:
- Constant Field Values
-
ALG_RSA_RIPEMD160_PKCS1
public static final byte ALG_RSA_RIPEMD160_PKCS1
Signature algorithmALG_RSA_RIPEMD160_PKCS1
generates a 20-byte RIPE MD-160 digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.Note:
- The encryption block(EB) during signing is built as follows:
EB = 00 || 01 || PS || 00 || T
:: where T is the DER encoding of :
digestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier of RIPEMD160,
digest OCTET STRING
}
:: PS is an octet string of length k-3-||T|| with value FF. The length of PS must be at least 8 octets.
:: k is the RSA modulus size.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_RIPEMD160
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1
constants respectively.- See Also:
- Constant Field Values
- The encryption block(EB) during signing is built as follows:
-
ALG_DSA_SHA
public static final byte ALG_DSA_SHA
Signature algorithmALG_DSA_SHA
generates a 20-byte SHA digest and signs/verifies the digests using DSA. The signature is encoded as an ASN.1 sequence of two INTEGER values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA
,SIG_CIPHER_DSA
,Cipher.PAD_NULL
constants respectively.- See Also:
- Constant Field Values
-
ALG_RSA_SHA_RFC2409
public static final byte ALG_RSA_SHA_RFC2409
Signature algorithmALG_RSA_SHA_RFC2409
generates a 20-byte SHA digest, pads the digest according to the RFC2409 scheme, and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA
,SIG_CIPHER_RSA
,Cipher.PAD_RFC2409
constants respectively.- See Also:
- Constant Field Values
-
ALG_RSA_MD5_RFC2409
public static final byte ALG_RSA_MD5_RFC2409
Signature algorithmALG_RSA_MD5_RFC2409
generates a 16-byte MD5 digest, pads the digest according to the RFC2409 scheme, and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_MD5
,SIG_CIPHER_RSA
,Cipher.PAD_RFC2409
constants respectively.- See Also:
- Constant Field Values
-
ALG_ECDSA_SHA
public static final byte ALG_ECDSA_SHA
Signature algorithmALG_ECDSA_SHA
generates a 20-byte SHA digest and signs/verifies the digest using ECDSA. The signature is encoded as an ASN.1 sequence of two INTEGER values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }Note:
- This algorithm truncates the SHA-1 digest to the length of the EC key for EC key lengths less than 160 bits in accordance with section 4.1 "Elliptic Curve Digit Signature Algorithm" of the "SEC 1: Elliptic Curve Cryptography" specification
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA
,SIG_CIPHER_ECDSA
,Cipher.PAD_NULL
constants respectively.- See Also:
- Constant Field Values
-
ALG_AES_MAC_128_NOPAD
public static final byte ALG_AES_MAC_128_NOPAD
Signature algorithmALG_AES_MAC_128_NOPAD
generates a 16-byte MAC using AES with blocksize 128 in CBC mode and does not pad input data. If the input data is not (16-byte) block aligned it throwsCryptoException
with the reason codeILLEGAL_USE
.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_AES_MAC128
,Cipher.PAD_NOPAD
constants respectively.- See Also:
- Constant Field Values
-
ALG_AES_CMAC_128
public static final byte ALG_AES_CMAC_128
Signature algorithmALG_AES_CMAC_128
generates a 16-byte Cipher-based MAC (CMAC) using AES with blocksize 128 in CBC mode with ISO9797_M2 padding scheme.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_AES_CMAC_128
,Cipher.PAD_ISO9797_M2
constants respectively.- See Also:
- Constant Field Values
-
ALG_DES_MAC4_ISO9797_1_M2_ALG3
public static final byte ALG_DES_MAC4_ISO9797_1_M2_ALG3
Signature algorithmALG_DES_MAC4_ISO9797_1_M2_ALG3
generates a 4-byte MAC using triple DES with a 2-key DES3 key according to ISO9797-1 MAC algorithm 3 with method 2 (also 3.0, EMV 4.0), where input data is padded using method 2 and the data is processed as described in MAC Algorithm 3 of the ISO 9797-1 specification. The left key block of the triple DES key is used as a single DES key(K) and the right key block of the triple DES key is used as a single DES Key (K') during MAC processing. The final result is truncated to 4 bytes as described in ISO9797-1.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_DES_MAC4
,Cipher.PAD_ISO9797_1_M2_ALG3
constants respectively.Note:
- This algorithm is a triple DES algorithm and requires a 16 byte key (2-key DES3 key)
- See Also:
- Constant Field Values
-
ALG_DES_MAC8_ISO9797_1_M2_ALG3
public static final byte ALG_DES_MAC8_ISO9797_1_M2_ALG3
Signature algorithmALG_DES_MAC8_ISO9797_1_M2_ALG3
generates an 8-byte MAC using triple DES with a 2-key DES3 key according to ISO9797-1 MAC algorithm 3 with method 2 (also EMV 3.0, EMV 4.0), where input data is padded using method 2 and the data is processed as described in MAC Algorithm 3 of the ISO 9797-1 specification. The left key block of the triple DES key is used as a single DES key(K) and the right key block of the triple DES key is used as a single DES Key (K') during MAC processing. The final result is truncated to 8 bytes as described in ISO9797-1.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_DES_MAC8
,Cipher.PAD_ISO9797_1_M2_ALG3
constants respectively.Note:
- This algorithm is a triple DES algorithm and requires a 16 byte key (2-key DES3 key)
- See Also:
- Constant Field Values
-
ALG_RSA_SHA_PKCS1_PSS
public static final byte ALG_RSA_SHA_PKCS1_PSS
Signature algorithmALG_RSA_SHA_PKCS1_PSS
generates a 20-byte SHA-1 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1_PSS
constants respectively.- See Also:
- Constant Field Values
-
ALG_RSA_MD5_PKCS1_PSS
public static final byte ALG_RSA_MD5_PKCS1_PSS
Signature algorithmALG_RSA_MD5_PKCS1_PSS
generates a 16-byte MD5 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_MD5
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1_PSS
constants respectively.- See Also:
- Constant Field Values
-
ALG_RSA_RIPEMD160_PKCS1_PSS
public static final byte ALG_RSA_RIPEMD160_PKCS1_PSS
Signature algorithmALG_RSA_RIPEMD160_PKCS1_PSS
generates a 20-byte RIPE MD-160 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_RIPEMD160
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1_PSS
constants respectively.- See Also:
- Constant Field Values
-
ALG_HMAC_SHA1
public static final byte ALG_HMAC_SHA1
HMAC message authentication algorithmALG_HMAC_SHA1
This algorithm generates an HMAC following the steps found in RFC: 2104 using SHA1 as the hashing algorithm.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA
,SIG_CIPHER_HMAC
,Cipher.PAD_NULL
constants respectively.- See Also:
- Constant Field Values
-
ALG_HMAC_SHA_256
public static final byte ALG_HMAC_SHA_256
HMAC message authentication algorithmALG_HMAC_SHA_256
This algorithm generates an HMAC following the steps found in RFC: 2104 using SHA-256 as the hashing algorithm.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_256
,SIG_CIPHER_HMAC
,Cipher.PAD_NULL
constants respectively.- See Also:
- Constant Field Values
-
ALG_HMAC_SHA_384
public static final byte ALG_HMAC_SHA_384
HMAC message authentication algorithmALG_HMAC_SHA_384
This algorithm generates an HMAC following the steps found in RFC: 2104 using SHA-384 as the hashing algorithm.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_384
,SIG_CIPHER_HMAC
,Cipher.PAD_NULL
constants respectively.- See Also:
- Constant Field Values
-
ALG_HMAC_SHA_512
public static final byte ALG_HMAC_SHA_512
HMAC message authentication algorithmALG_HMAC_SHA_512
This algorithm generates an HMAC following the steps found in RFC: 2104 using SHA-512 as the hashing algorithm.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_512
,SIG_CIPHER_HMAC
,Cipher.PAD_NULL
constants respectively.- See Also:
- Constant Field Values
-
ALG_HMAC_MD5
public static final byte ALG_HMAC_MD5
HMAC message authentication algorithmALG_HMAC_MD5
This algorithm generates an HMAC following the steps found in RFC: 2104 using MD5 as the hashing algorithm.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_MD5
,SIG_CIPHER_HMAC
,Cipher.PAD_NULL
constants respectively.- See Also:
- Constant Field Values
-
ALG_HMAC_RIPEMD160
public static final byte ALG_HMAC_RIPEMD160
HMAC message authentication algorithmALG_HMAC_RIPEMD160
This algorithm generates an HMAC following the steps found in RFC: 2104 using RIPEMD160 as the hashing algorithm.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_RIPEMD160
,SIG_CIPHER_HMAC
,Cipher.PAD_NULL
constants respectively.- See Also:
- Constant Field Values
-
ALG_RSA_SHA_ISO9796_MR
public static final byte ALG_RSA_SHA_ISO9796_MR
Signature algorithmALG_RSA_SHA_ISO9796_MR
generates 20-byte SHA-1 digest, pads it according to the ISO/IEC 9796-2 specification and encrypts using RSA. This algorithm is conformant with EMV 4.0.This algorithm uses the first part of the input message as padding bytes during signing. During verification, these message bytes (recoverable message) can be recovered to reconstruct the message.
To use this algorithm the
Signature
object instance returned by thegetInstance
method must be cast to theSignatureMessageRecovery
interface to invoke the applicable methods.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA
,SIG_CIPHER_RSA
,Cipher.PAD_ISO9796_MR
constants respectively.- See Also:
- Constant Field Values
-
ALG_RSA_RIPEMD160_ISO9796_MR
public static final byte ALG_RSA_RIPEMD160_ISO9796_MR
Signature algorithmALG_RSA_RIPEMD160_ISO9796_MR
generates 20-byte RIPE MD-160 digest, pads it according to the ISO9796-2 specification and encrypts using RSA.This algorithm uses the first part of the input message as padding bytes during signing. During verification, these message bytes (recoverable message) can be recovered to reconstruct the message.
To use this algorithm the
Signature
object instance returned by thegetInstance
method must be cast to theSignatureMessageRecovery
interface to invoke the applicable methods.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_RIPEMD160
,SIG_CIPHER_RSA
,Cipher.PAD_ISO9796_MR
constants respectively.- See Also:
- Constant Field Values
-
ALG_KOREAN_SEED_MAC_NOPAD
public static final byte ALG_KOREAN_SEED_MAC_NOPAD
Signature algorithmALG_KOREAN_SEED_MAC_NOPAD
generates an 16-byte MAC using Korean SEED in CBC mode. This algorithm does not pad input data. If the input data is not (16 byte) block aligned it throwsCryptoException
with the reason codeILLEGAL_USE
.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_KOREAN_SEED_MAC
,Cipher.PAD_NOPAD
constants respectively.Note:
- This algorithm must not be implemented if export restrictions apply.
- See Also:
- Constant Field Values
-
ALG_ECDSA_SHA_256
public static final byte ALG_ECDSA_SHA_256
Signature algorithmALG_ECDSA_SHA_256
generates a 32-byte SHA-256 digest and signs/verifies the digest using ECDSA with the curve defined in theECKey
parameters - such as the P-256 curve specified in the Digital Signature Standards specification[NIST FIPS PUB 186-2]. The signature is encoded as an ASN.1 sequence of two INTEGER values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_256
,SIG_CIPHER_ECDSA
,Cipher.PAD_NULL
constants respectively.Note:
- This algorithm truncates the SHA-256 digest to the length of the EC key for EC key lengths less than 256 bits in accordance with section 4.1 "Elliptic Curve Digit Signature Algorithm" of the "SEC 1: Elliptic Curve Cryptography" specification
- See Also:
- Constant Field Values
-
ALG_ECDSA_SHA_384
public static final byte ALG_ECDSA_SHA_384
Signature algorithmALG_ECDSA_SHA_384
generates a 48-byte SHA-384 digest and signs/verifies the digest using ECDSA with the curve defined in theECKey
parameters - such as the P-384 curve specified in the Digital Signature Standards specification[NIST FIPS PUB 186-2]. The signature is encoded as an ASN.1 sequence of two INTEGER values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_384
,SIG_CIPHER_ECDSA
,Cipher.PAD_NULL
constants respectively.Note:
- This algorithm truncates the SHA-384 digest to the length of the EC key for EC key lengths less than 384 bits in accordance with section 4.1 "Elliptic Curve Digit Signature Algorithm" of the "SEC 1: Elliptic Curve Cryptography" specification
- See Also:
- Constant Field Values
-
ALG_AES_MAC_192_NOPAD
@Deprecated public static final byte ALG_AES_MAC_192_NOPAD
Deprecated.This Signature algorithmALG_AES_MAC_192_NOPAD
should not be used. AES algorithms as defined by NIST in the FIPS PUB 197 standard only support a block size of 128 bits.- See Also:
- Constant Field Values
-
ALG_AES_MAC_256_NOPAD
@Deprecated public static final byte ALG_AES_MAC_256_NOPAD
Deprecated.This Signature algorithmALG_AES_MAC_256_NOPAD
should not be used. AES algorithms as defined by NIST in the FIPS PUB 197 standard only support a block size of 128 bits.- See Also:
- Constant Field Values
-
ALG_ECDSA_SHA_224
public static final byte ALG_ECDSA_SHA_224
Signature algorithmALG_ECDSA_SHA_224
generates a 28-byte SHA-224 digest and signs/verifies the digest using ECDSA with the curve defined in theECKey
parameters - such as the P-224 curve specified in the Digital Signature Standards specification[NIST FIPS PUB 186-2]. The signature is encoded as an ASN.1 sequence of two INTEGER values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_224
,SIG_CIPHER_ECDSA
,Cipher.PAD_NULL
constants respectively.Note:
- This algorithm truncates the SHA-224 digest to the length of the EC key for EC key lengths less than 224 bits in accordance with section 4.1 "Elliptic Curve Digit Signature Algorithm" of the "SEC 1: Elliptic Curve Cryptography" specification
- See Also:
- Constant Field Values
-
ALG_ECDSA_SHA_512
public static final byte ALG_ECDSA_SHA_512
Signature algorithmALG_ECDSA_SHA_512
generates a 64-byte SHA-512 digest and signs/verifies the digest using ECDSA with the curve defined in theECKey
parameters - such as the P-521 curve specified in the Digital Signature Standards specification[NIST FIPS PUB 186-2]. The signature is encoded as an ASN.1 sequence of two INTEGER values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_512
,SIG_CIPHER_ECDSA
,Cipher.PAD_NULL
constants respectively.Note:
- This algorithm truncates the SHA-512 digest to the length of the EC key for EC key lengths less than 512 bits in accordance with section 4.1 "Elliptic Curve Digit Signature Algorithm" of the "SEC 1: Elliptic Curve Cryptography" specification
- See Also:
- Constant Field Values
-
ALG_RSA_SHA_224_PKCS1
public static final byte ALG_RSA_SHA_224_PKCS1
Signature algorithmALG_RSA_SHA_224_PKCS1
generates a 28-byte SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_224
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1
constants respectively.Note:
- The encryption block(EB) during signing is built as follows:
EB = 00 || 01 || PS || 00 || T
:: where T is the DER encoding of :
digestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier of SHA-224,
digest OCTET STRING
}
:: PS is an octet string of length k-3-||T|| with value FF. The length of PS must be at least 8 octets.
:: k is the RSA modulus size.
DER encoded SHA-224 AlgorithmIdentifier = 30 2d 30 0d 06 09 60 86 48 01 65 03 04 02 04 05 00 04 1c.
- See Also:
- Constant Field Values
- The encryption block(EB) during signing is built as follows:
-
ALG_RSA_SHA_256_PKCS1
public static final byte ALG_RSA_SHA_256_PKCS1
Signature algorithmALG_RSA_SHA_256_PKCS1
generates a 32-byte SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_256
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1
constants respectively.Note:
- The encryption block(EB) during signing is built as follows:
EB = 00 || 01 || PS || 00 || T
:: where T is the DER encoding of :
digestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier of SHA-256,
digest OCTET STRING
}
:: PS is an octet string of length k-3-||T|| with value FF. The length of PS must be at least 8 octets.
:: k is the RSA modulus size.
DER encoded SHA-256 AlgorithmIdentifier = 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20.
- See Also:
- Constant Field Values
- The encryption block(EB) during signing is built as follows:
-
ALG_RSA_SHA_384_PKCS1
public static final byte ALG_RSA_SHA_384_PKCS1
Signature algorithmALG_RSA_SHA_384_PKCS1
generates a 48-byte SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_384
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1
constants respectively.Note:
- The encryption block(EB) during signing is built as follows:
EB = 00 || 01 || PS || 00 || T
:: where T is the DER encoding of :
digestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier of SHA-384,
digest OCTET STRING
}
:: PS is an octet string of length k-3-||T|| with value FF. The length of PS must be at least 8 octets.
:: k is the RSA modulus size.
DER encoded SHA-384 AlgorithmIdentifier = 30 41 30 0d 06 09 60 86 48 01 65 03 04 02 02 05 00 04 30.
- See Also:
- Constant Field Values
- The encryption block(EB) during signing is built as follows:
-
ALG_RSA_SHA_512_PKCS1
public static final byte ALG_RSA_SHA_512_PKCS1
Signature algorithmALG_RSA_SHA_512_PKCS1
generates a 64-byte SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_512
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1
constants respectively.Note:
- The encryption block(EB) during signing is built as follows:
EB = 00 || 01 || PS || 00 || T
:: where T is the DER encoding of :
digestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier of SHA-512,
digest OCTET STRING
}
:: PS is an octet string of length k-3-||T|| with value FF. The length of PS must be at least 8 octets.
:: k is the RSA modulus size.
DER encoded SHA-512 AlgorithmIdentifier = 30 51 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 04 40.
- See Also:
- Constant Field Values
- The encryption block(EB) during signing is built as follows:
-
ALG_RSA_SHA_224_PKCS1_PSS
public static final byte ALG_RSA_SHA_224_PKCS1_PSS
Signature algorithmALG_RSA_SHA_224_PKCS1_PSS
generates a 28-byte SHA-224 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_224
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1_PSS
constants respectively.- See Also:
- Constant Field Values
-
ALG_RSA_SHA_256_PKCS1_PSS
public static final byte ALG_RSA_SHA_256_PKCS1_PSS
Signature algorithmALG_RSA_SHA_256_PKCS1_PSS
generates a 32-byte SHA-256 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_256
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1_PSS
constants respectively.- See Also:
- Constant Field Values
-
ALG_RSA_SHA_384_PKCS1_PSS
public static final byte ALG_RSA_SHA_384_PKCS1_PSS
Signature algorithmALG_RSA_SHA_384_PKCS1_PSS
generates a 48-byte SHA-384 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_384
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1_PSS
constants respectively.- See Also:
- Constant Field Values
-
ALG_RSA_SHA_512_PKCS1_PSS
public static final byte ALG_RSA_SHA_512_PKCS1_PSS
Signature algorithmALG_RSA_SHA_512_PKCS1_PSS
generates a 64-byte SHA-512 digest, pads it according to the PKCS#1-PSS scheme (IEEE 1363-2000), and encrypts it using RSA.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_SHA_512
,SIG_CIPHER_RSA
,Cipher.PAD_PKCS1_PSS
constants respectively.- See Also:
- Constant Field Values
-
ALG_DES_MAC4_ISO9797_1_M1_ALG3
public static final byte ALG_DES_MAC4_ISO9797_1_M1_ALG3
Signature algorithmALG_DES_MAC4_ISO9797_1_M1_ALG3
generates a 4-byte MAC using triple DES with a 2-key DES3 key according to ISO9797-1 MAC algorithm 3 with method 1, where input data is padded using method 1 and the data is processed as described in MAC Algorithm 3 of the ISO 9797-1 specification. The left key block of the triple DES key is used as a single DES key(K) and the right key block of the triple DES key is used as a single DES Key (K') during MAC processing. The final result is truncated to 4 bytes as described in ISO9797-1.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_DES_MAC4
,Cipher.PAD_ISO9797_1_M1_ALG3
constants respectively.Note:
- This algorithm is a triple DES algorithm and requires a 16 byte key (2-key DES3 key)
- See Also:
- Constant Field Values
-
ALG_DES_MAC8_ISO9797_1_M1_ALG3
public static final byte ALG_DES_MAC8_ISO9797_1_M1_ALG3
Signature algorithmALG_DES_MAC8_ISO9797_1_M1_ALG3
generates an 8-byte MAC using triple DES with a 2-key DES3 key according to ISO9797-1 MAC algorithm 3 with method 1, where input data is padded using method 1 and the data is processed as described in MAC Algorithm 3 of the ISO 9797-1 specification. The left key block of the triple DES key is used as a single DES key(K) and the right key block of the triple DES key is used as a single DES Key (K') during MAC processing. The final result is truncated to 8 bytes as described in ISO9797-1.To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use theMessageDigest.ALG_NULL
,SIG_CIPHER_DES_MAC8
,Cipher.PAD_ISO9797_1_M1_ALG3
constants respectively.Note:
- This algorithm is a triple DES algorithm and requires a 16 byte key (2-key DES3 key)
- See Also:
- Constant Field Values
-
SIG_CIPHER_DES_MAC4
public static final byte SIG_CIPHER_DES_MAC4
Cipher algorithmSIG_CIPHER_DES_MAC4
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. The signature algorithm generates a 4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC mode or triple DES in outer CBC mode.- See Also:
- Constant Field Values
-
SIG_CIPHER_DES_MAC8
public static final byte SIG_CIPHER_DES_MAC8
Cipher algorithmSIG_CIPHER_DES_MAC8
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. The signature algorithm generates a 8-byte MAC (most significant 8 bytes of encrypted block) using DES in CBC mode or triple DES in outer CBC mode.- See Also:
- Constant Field Values
-
SIG_CIPHER_RSA
public static final byte SIG_CIPHER_RSA
Cipher algorithmSIG_CIPHER_RSA
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. The signature algorithm uses the RSA cipher.- See Also:
- Constant Field Values
-
SIG_CIPHER_DSA
public static final byte SIG_CIPHER_DSA
Cipher algorithmSIG_CIPHER_DSA
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. The signature algorithm uses the DSA cipher. The signature is encoded as an ASN.1 sequence of two INTEGER values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }- See Also:
- Constant Field Values
-
SIG_CIPHER_ECDSA
public static final byte SIG_CIPHER_ECDSA
Cipher algorithmSIG_CIPHER_ECDSA
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. The signature algorithm uses the ECDSA cipher.The signature is encoded as an ASN.1 sequence of two INTEGER values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }
Note:
- This algorithm truncates the message digest to the length of the EC key for EC key lengths less than the length of the message digest in accordance with section 4.1 "Elliptic Curve Digit Signature Algorithm" of the "SEC 1: Elliptic Curve Cryptography" specification
- See Also:
- Constant Field Values
-
SIG_CIPHER_ECDSA_PLAIN
public static final byte SIG_CIPHER_ECDSA_PLAIN
Cipher algorithmSIG_CIPHER_ECDSA_PLAIN
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. The signature algorithm uses the ECDSA cipher.The signature is encoded as an octet string R || S as specified in section 5.2.1 of BSI TR-03111.
Note:
- This algorithm truncates the message digest to the length of the EC key for EC key lengths less than the length of the message digest in accordance with section 4.1 "Elliptic Curve Digit Signature Algorithm" of the "SEC 1: Elliptic Curve Cryptography" specification
- See Also:
- Constant Field Values
-
SIG_CIPHER_AES_MAC128
public static final byte SIG_CIPHER_AES_MAC128
Cipher algorithmSIG_CIPHER_AES_MAC128
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. The signature algorithm generates a 16-byte MAC using AES with block size 128 in CBC mode.- See Also:
- Constant Field Values
-
SIG_CIPHER_AES_CMAC128
public static final byte SIG_CIPHER_AES_CMAC128
Cipher algorithmSIG_CIPHER_AES_CMAC128
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. The signature algorithm generates a 16-byte Cipher-based MAC (CMAC) using AES with block size 128 in CBC mode.- See Also:
- Constant Field Values
-
SIG_CIPHER_HMAC
public static final byte SIG_CIPHER_HMAC
Cipher algorithmSIG_CIPHER_HMAC
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. The signature algorithm generates an HMAC following the steps found in RFC: 2104 using the specified hashing algorithm.- See Also:
- Constant Field Values
-
SIG_CIPHER_KOREAN_SEED_MAC
public static final byte SIG_CIPHER_KOREAN_SEED_MAC
Cipher algorithmSIG_CIPHER_KOREAN_SEED_MAC
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. The signature algorithm generates a 16-byte MAC using Korean SEED in CBC mode.- See Also:
- Constant Field Values
-
SIG_CIPHER_SM2
public static final byte SIG_CIPHER_SM2
Cipher algorithmSIG_CIPHER_SM2
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. Used to generate elliptic curve signature scheme using SM2 curve as defined in GM/T 0003.2-2012 (Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves Part 2: Digital Signature Algorithm).- Since:
- 3.1
- See Also:
- Constant Field Values
-
SIG_CIPHER_SM4_MAC128
public static final byte SIG_CIPHER_SM4_MAC128
Cipher algorithmSIG_CIPHER_SM4_MAC128
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. Used to generate a 128-bit MAC using SM4 algorithm in CBC mode.See SM4 block cipher algorithm, December 2010 from Organization of State Commercial Administration of China
- Since:
- 3.1
- See Also:
- Constant Field Values
-
SIG_CIPHER_EDDSA
public static final byte SIG_CIPHER_EDDSA
Cipher algorithmSIG_CIPHER_EDDSA
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. Used to generate elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (pure EdDSA) with curves defined in RFC 8032- Since:
- 3.1
- See Also:
- Constant Field Values
-
SIG_CIPHER_EDDSAPH
public static final byte SIG_CIPHER_EDDSAPH
Cipher algorithmSIG_CIPHER_EDDSAPH
choice for thecipherAlgorithm
parameter of thegetInstance(byte, byte, byte, boolean)
method. Used to generate elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (pre-hash EdDSA) with curves defined in RFC 8032- Since:
- 3.1
- See Also:
- Constant Field Values
-
MODE_SIGN
public static final byte MODE_SIGN
Used ininit()
methods to indicate signature sign mode.- See Also:
- Constant Field Values
-
MODE_VERIFY
public static final byte MODE_VERIFY
Used ininit()
methods to indicate signature verify mode.- See Also:
- Constant Field Values
-
-
Method Detail
-
getInstance
public static final Signature getInstance(byte algorithm, boolean externalAccess) throws CryptoException
Creates aSignature
object instance of the selected algorithm.- Parameters:
algorithm
- the desired Signature algorithm. Valid codes listed inALG_*
constants above e.g.ALG_DES_MAC4_NOPAD
.externalAccess
-true
indicates that the instance will be shared among multiple applet instances and that theSignature
instance will also be accessed (via aShareable
interface) when the owner of theSignature
instance is not the currently selected applet. Iftrue
the implementation must not allocate CLEAR_ON_DESELECT transient space for internal data.- Returns:
- the
Signature
object instance of the requested algorithm - Throws:
CryptoException
- with the following reason codes:CryptoException.NO_SUCH_ALGORITHM
if the requested algorithm or shared access mode is not supported.
- See Also:
getInstance(byte, byte, byte, boolean)
,getAlgorithm()
-
getInstance
public static final Signature getInstance(byte messageDigestAlgorithm, byte cipherAlgorithm, byte paddingAlgorithm, boolean externalAccess) throws CryptoException
Creates aSignature
object instance with the selected message digest algorithm, cipher algorithm and padding algorithm.Note:
- Note that the cipher algorithms listed in the Signature class
include some choices not available directly as a Cipher - e.g
DSA
. - When there is no discrete message digest algorithm, use
the
MessageDigest.ALG_NULL
choice for the message digest algorithm. - When the padding algorithm is built into the cipher algorithm use
the
PAD_NULL
choice for the padding algorithm.
- Parameters:
messageDigestAlgorithm
- the desired message digest algorithm. Valid codes listed inALG_*
constants in the MessageDigest class e.g.ALG_NULL
.cipherAlgorithm
- the desired cipher algorithm. Valid codes listed inSIG_CIPHER_*
constants in this class e.g.SIG_CIPHER_DES_MAC4
.paddingAlgorithm
- the desired padding algorithm. Valid codes listed inPAD_*
constants in the Cipher class e.g.PAD_NULL
.externalAccess
-true
indicates that the instance will be shared among multiple applet instances and that theSignature
instance will also be accessed (via aShareable
interface) when the owner of theSignature
instance is not the currently selected applet. Iftrue
the implementation must not allocate CLEAR_ON_DESELECT transient space for internal data.- Returns:
- the
Signature
object instance of the requested algorithm - Throws:
CryptoException
- with the following reason codes:CryptoException.NO_SUCH_ALGORITHM
if the requested message digest algorithm or cipher algorithm or padding algorithm or their combination or the requested shared access mode is not supported.
- Since:
- 3.0.4
- See Also:
getInstance(byte, boolean)
,getMessageDigestAlgorithm()
,getCipherAlgorithm()
,getPaddingAlgorithm()
- Note that the cipher algorithms listed in the Signature class
include some choices not available directly as a Cipher - e.g
-
init
public abstract void init(Key theKey, byte theMode) throws CryptoException
Initializes theSignature
object with the appropriateKey
. This method should be used for algorithms which do not need initialization parameters or use default parameter values.init()
must be used to update theSignature
object with a new key. If theKey
object is modified after invoking theinit()
method, the behavior of theupdate()
,sign()
, andverify()
methods is unspecified.The
Key
is checked for consistency with theSignature
algorithm. For example, the key type must be matched. For elliptic curve algorithms, the key must represent a valid point on the curve's domain parameters. Additional key component/domain parameter strength checks are implementation specific.Note:
- AES, DES, triple DES, and Korean SEED algorithms in CBC mode will use 0 for initial vector(IV) if this method is used.
- RSA algorithms using the padding scheme PKCS1_PSS will use a default salt length equal to the length of the message digest.
- For optimal performance, when the
theKey
parameter is a transient key, the implementation should, whenever possible, use transient space for internal storage.
- Parameters:
theKey
- the key object to use for signing or verifyingtheMode
- one ofMODE_SIGN
orMODE_VERIFY
- Throws:
CryptoException
- with the following reason codes:CryptoException.ILLEGAL_VALUE
iftheMode
option is an undefined value or if theKey
is inconsistent withtheMode
or with theSignature
implementation.CryptoException.UNINITIALIZED_KEY
iftheKey
instance is uninitialized.CryptoException.ILLEGAL_USE
iftheMode
is not allowed by thisSignature
algorithm.
-
init
public abstract void init(Key theKey, byte theMode, byte[] bArray, short bOff, short bLen) throws CryptoException
Initializes theSignature
object with the appropriateKey
and algorithm specific parameters.init()
must be used to update theSignature
object with a new key. If theKey
object is modified after invoking theinit()
method, the behavior of theupdate()
,sign()
, andverify()
methods is unspecified.The
Key
is checked for consistency with theSignature
algorithm. For example, the key type must be matched. For elliptic curve algorithms, the key must represent a valid point on the curve's domain parameters. Additional key component/domain parameter strength checks are implementation specific.Note:
- DES and triple DES algorithms in CBC mode expect an 8-byte parameter value for
the initial vector(IV) in
bArray
. - AES algorithms, except for ALG_AES_CMAC_128, in CBC mode expect a 16-byte parameter value for
the initial vector(IV) in
bArray
. - Korean SEED algorithms in CBC mode expect a 16-byte parameter value for
the initial vector(IV) in
bArray
. - ECDSA, DSA and HMAC algorithms throw
CryptoException.ILLEGAL_VALUE
. For RSA algorithms using the padding scheme PKCS1_PSS expect a two-byte parameter value (b1 b2) for the salt length inbArray
. This two-byte parameter represents a short value where b1 is the first byte (high order byte) and b2 is the second byte (low order byte). For all other RSA algorithms CryptoException.ILLEGAL_VALUE is thrown. - For optimal performance, when the
theKey
parameter is a transient key, the implementation should, whenever possible, use transient space for internal storage.
- Parameters:
theKey
- the key object to use for signingtheMode
- one ofMODE_SIGN
orMODE_VERIFY
bArray
- byte array containing algorithm specific initialization informationbOff
- offset withinbArray
where the algorithm specific data beginsbLen
- byte length of algorithm specific parameter data- Throws:
CryptoException
- with the following reason codes:CryptoException.ILLEGAL_VALUE
iftheMode
option is an undefined value or if a byte array parameter option is not supported by the algorithm or if thebLen
is an incorrect byte length for the algorithm specific data or if theKey
is inconsistent withtheMode
or with theSignature
implementation.CryptoException.UNINITIALIZED_KEY
iftheKey
instance is uninitialized.CryptoException.ILLEGAL_USE
iftheMode
is not allowed by thisSignature
algorithm.
- DES and triple DES algorithms in CBC mode expect an 8-byte parameter value for
the initial vector(IV) in
-
setInitialDigest
public abstract void setInitialDigest(byte[] initialDigestBuf, short initialDigestOffset, short initialDigestLength, byte[] digestedMsgLenBuf, short digestedMsgLenOffset, short digestedMsgLenLength) throws CryptoException
This method initializes the starting hash value in place of the default value used by theSignature
class. The starting hash value represents the previously computed hash (using the same algorithm) of the first part of the message. The remaining bytes of the message must be presented to thisSignature
object via theupdate
andsign
orverify
methods to generate or verify the signature.Note:
- The maximum allowed value of the byte length of the first part of the message is algorithm specific
- This method throws an exception if the underlying signature algorithm does not compute a distinct message digest value prior to applying cryptographic primitives. These algorithms throw exception - DES, triple DES, AES, HMAC and KOREAN SEED.
- Parameters:
initialDigestBuf
- input buffer containing the starting hash value representing the previously computed hash (using the same algorithm) of first part of the messageinitialDigestOffset
- offset intoinitialDigestBuf
array where the starting digest value data beginsinitialDigestLength
- the length of data ininitialDigestBuf
array.digestedMsgLenBuf
- the byte array containing the number of bytes in the first part of the message that has previously been hashed to obtain the specified starting digest valuedigestedMsgLenOffset
- the offset withindigestedMsgLenBuf
where the digested length begins(the bytes starting at this offset fordigestedMsgLenLength
bytes are concatenated to form the actual digested message length value)digestedMsgLenLength
- byte length of the digested length- Throws:
CryptoException
- with the following reason codes:CryptoException.ILLEGAL_VALUE
if the parameterinitialDigestLength
is not equal to the intermediate hash value size of the algorithm or if the number of bytes in the first part of the message that has previously been hashed is 0 or not a multiple of the algorithm's block size or greater than the maximum length supported by the algorithm (seeALG_*
algorithm descriptionsMessageDigest.ALG_SHA
).CryptoException.ILLEGAL_USE
if the Signature algorithm does not compute a distinct message digest value prior to applying cryptographic primitives or if thisSignature
algorithm includes message recovery functionality.
- Since:
- 3.0.4
-
getAlgorithm
public abstract byte getAlgorithm()
Gets the Signature algorithm. Pre-defined codes listed inALG_*
constants above, for example,ALG_DES_MAC4_NOPAD
.- Returns:
- the algorithm code defined above; if the algorithm is not one of the pre-defined
algorithms,
0
is returned.
-
getMessageDigestAlgorithm
public abstract byte getMessageDigestAlgorithm()
Gets the message digest algorithm. Pre-defined codes listed inALG_*
constants in the MessageDigest class e.g.ALG_NULL
.- Returns:
- the message digest algorithm code defined in the
MessageDigest
class; if the algorithm is not one of the pre-defined algorithms,0
is returned. - Since:
- 3.0.5
-
getCipherAlgorithm
public abstract byte getCipherAlgorithm()
Gets the cipher algorithm. Pre-defined codes listed inSIG_CIPHER_*
constants in this class e.g.SIG_CIPHER_DES_MAC4
.- Returns:
- the cipher algorithm code defined above; if the algorithm is not
one of the pre-defined algorithms,
0
is returned. - Since:
- 3.0.5
-
getPaddingAlgorithm
public abstract byte getPaddingAlgorithm()
Gets the padding algorithm. Pre-defined codes listed inPAD_*
constants in theCipher
class e.g.PAD_NULL
.- Returns:
- the padding algorithm code defined in the
Cipher
class; if the algorithm is not one of the pre-defined algorithms,0
is returned. - Since:
- 3.0.5
-
getLength
public abstract short getLength() throws CryptoException
Returns the byte length of the signature data.- Returns:
- the byte length of the signature data
- Throws:
CryptoException
- with the following reason codes:CryptoException.INVALID_INIT
if thisSignature
object is not initialized.CryptoException.UNINITIALIZED_KEY
if key not initialized.
-
update
public abstract void update(byte[] inBuff, short inOffset, short inLength) throws CryptoException
Accumulates a signature of the input data. This method requires temporary storage of intermediate results. In addition, if the input data length is not block aligned (multiple of block size) then additional internal storage may be allocated at this time to store a partial input data block. This may result in additional resource consumption and/or slow performance. This method should only be used if all the input data required for signing/verifying is not available in one byte array. If all of the input data required for signing/verifying is located in a single byte array, use of thesign()
orverify()
method is recommended. Thesign()
orverify()
method must be called to complete processing of input data accumulated by one or more calls to theupdate()
method.Note:
- If
inLength
is 0 this method does nothing.
- Parameters:
inBuff
- the input buffer of data to be signed/verifiedinOffset
- the offset into the input buffer where input data beginsinLength
- the byte length to sign/verify- Throws:
CryptoException
- with the following reason codes:CryptoException.UNINITIALIZED_KEY
if key not initialized.CryptoException.INVALID_INIT
if thisSignature
object is not initialized.CryptoException.ILLEGAL_USE
if the message value is not supported by theSignature
algorithm or if a message value consistency check failed.
- See Also:
sign(byte[], short, short, byte[], short)
,verify(byte[], short, short, byte[], short, short)
- If
-
sign
public abstract short sign(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset) throws CryptoException
Generates the signature of all/last input data.A call to this method also resets this
Signature
object to the state it was in when previously initialized via a call toinit()
. That is, the object is reset and available to sign another message. In addition, note that the initial vector(IV) used in AES, DES and Korean SEED algorithms in CBC mode will be reset to 0.Note:
- AES, DES, triple DES, and Korean SEED algorithms in CBC mode reset the initial vector(IV)
to 0. The initial vector(IV) can be re-initialized using the
init(Key, byte, byte[], short, short)
method.
The input and output buffer data may overlap.
In addition to returning a
short
result, this method sets the result in an internal state which can be rechecked using assertion methods of theSensitiveResult
class, if supported by the platform.- Parameters:
inBuff
- the input buffer of data to be signedinOffset
- the offset into the input buffer at which to begin signature generationinLength
- the byte length to signsigBuff
- the output buffer to store signature datasigOffset
- the offset into sigBuff at which to begin signature data- Returns:
- number of bytes of signature output in sigBuff
- Throws:
CryptoException
- with the following reason codes:CryptoException.UNINITIALIZED_KEY
if key not initialized.CryptoException.INVALID_INIT
if thisSignature
object is not initialized or initialized for signature verify mode.CryptoException.ILLEGAL_USE
if one of the following conditions is met:- if this
Signature
algorithm does not pad the message and the message is not block aligned. - if this
Signature
algorithm does not pad the message and no input data has been provided ininBuff
or via theupdate()
method. - if the message value is not supported by the
Signature
algorithm or if a message value consistency check failed. - if this
Signature
algorithm includes message recovery functionality.
- if this
- AES, DES, triple DES, and Korean SEED algorithms in CBC mode reset the initial vector(IV)
to 0. The initial vector(IV) can be re-initialized using the
-
signPreComputedHash
public abstract short signPreComputedHash(byte[] hashBuff, short hashOffset, short hashLength, byte[] sigBuff, short sigOffset) throws CryptoException
Generates the signature of the precomputed hash data.A call to this method also resets this
Signature
object to the state it was in when previously initialized via a call toinit()
. That is, the object is reset and available to sign another precomputed hash.Note:
- This method throws an exception if the underlying signature algorithm does not compute a distinct message digest value prior to applying cryptographic primitives. These algorithms throw exception - DES, triple DES, AES, HMAC and KOREAN SEED.
- Any data previously accumulated from previous
calls to the
update
method are discarded.
The hash and output buffer data may overlap.
In addition to returning a
short
result, this method sets the result in an internal state which can be rechecked using assertion methods of theSensitiveResult
class, if supported by the platform.- Parameters:
hashBuff
- the input buffer of precomputed hash to be signedhashOffset
- the offset into the buffer where the hash beginshashLength
- the byte length of the hashsigBuff
- the output buffer to store signature datasigOffset
- the offset into sigBuff at which to begin signature data- Returns:
- number of bytes of signature output in sigBuff
- Throws:
CryptoException
- with the following reason codes:CryptoException.UNINITIALIZED_KEY
if key not initialized.CryptoException.INVALID_INIT
if thisSignature
object is not initialized or initialized for signature verify mode.CryptoException.ILLEGAL_USE
if one of the following conditions is met:- if the
hashLength
value is not equal to the length of the algorithm's message digest length. - if this
Signature
algorithm includes message recovery functionality. - if the Signature algorithm does not compute a distinct message digest value prior to applying cryptographic primitives
- if the
-
verify
public abstract boolean verify(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset, short sigLength) throws CryptoException
Verifies the signature of all/last input data against the passed in signature. A call to this method also resets thisSignature
object to the state it was in when previously initialized via a call toinit()
. That is, the object is reset and available to verify another message. In addition, note that the initial vector(IV) used in AES, DES and Korean SEED algorithms in CBC mode will be reset to 0.Note:
- AES, DES, triple DES, and Korean SEED algorithms in CBC mode reset the initial vector(IV)
to 0. The initial vector(IV) can be re-initialized using the
init(Key, byte, byte[], short, short)
method.
In addition to returning a
boolean
result, this method sets the result in an internal state which can be rechecked using assertion methods of theSensitiveResult
class, if supported by the platform.- Parameters:
inBuff
- the input buffer of data to be verifiedinOffset
- the offset into the input buffer at which to begin signature generationinLength
- the byte length to signsigBuff
- the input buffer containing signature datasigOffset
- the offset intosigBuff
where signature data beginssigLength
- the byte length of the signature data- Returns:
true
if the signature verifies,false
otherwise. Note, ifsigLength
is inconsistent with thisSignature
algorithm,false
is returned.- Throws:
CryptoException
- with the following reason codes:CryptoException.UNINITIALIZED_KEY
if key not initialized.CryptoException.INVALID_INIT
if thisSignature
object is not initialized or initialized for signature sign mode.CryptoException.ILLEGAL_USE
if one of the following conditions is met:- if this
Signature
algorithm does not pad the message and the message is not block aligned. - if this
Signature
algorithm does not pad the message and no input data has been provided ininBuff
or via theupdate()
method. - if the message value is not supported by the
Signature
algorithm or if a message value consistency check failed. - if this
Signature
algorithm includes message recovery functionality.
- if this
- AES, DES, triple DES, and Korean SEED algorithms in CBC mode reset the initial vector(IV)
to 0. The initial vector(IV) can be re-initialized using the
-
verifyPreComputedHash
public abstract boolean verifyPreComputedHash(byte[] hashBuff, short hashOffset, short hashLength, byte[] sigBuff, short sigOffset, short sigLength) throws CryptoException
Verifies the signature of precomputed hash data.A call to this method also resets this
Signature
object to the state it was in when previously initialized via a call toinit()
. That is, the object is reset and available to verify another precomputed hash. In addition, note that the initial vector(IV) used in AES, DES and Korean SEED algorithms in CBC mode will be reset to 0.Note:
- This method throws an exception if the underlying signature algorithm does not compute a distinct message digest value prior to applying cryptographic primitives. These algorithms throw exception - DES, triple DES, AES, and KOREAN SEED.
- Any data previously accumulated from previous
calls to the
update
method are discarded.
The hash and output buffer data may overlap.
In addition to returning a
boolean
result, this method sets the result in an internal state which can be rechecked using assertion methods of theSensitiveResult
class, if supported by the platform.- Parameters:
hashBuff
- the input buffer of precomputed hash to be verifiedhashOffset
- the offset into the buffer where the hash beginshashLength
- the byte length of the hashsigBuff
- the input buffer containing signature datasigOffset
- the offset intosigBuff
where signature data beginssigLength
- the byte length of the signature data- Returns:
true
if the signature verifies,false
otherwise. Note, ifsigLength
is inconsistent with thisSignature
algorithm,false
is returned.- Throws:
CryptoException
- with the following reason codes:CryptoException.UNINITIALIZED_KEY
if key not initialized.CryptoException.INVALID_INIT
if thisSignature
object is not initialized or initialized for signature sign mode.CryptoException.ILLEGAL_USE
if one of the following conditions is met:- if the
hashLength
value is not equal to the length of the algorithm's message digest length. - if this
Signature
algorithm includes message recovery functionality. - if the Signature algorithm does not compute a distinct message digest value prior to applying cryptographic primitives
- if the
-
-