public abstract class Signature extends Object
Signature
class is the base class for Signature
algorithms. Implementations of Signature algorithms must extend this class
and implement all the abstract methods.
The term "pad" is used in the public key signature algorithms below to refer to all the operations specified in the referenced scheme to transform the message digest into the encryption block size.
A tear or card reset event resets an initialized Signature
object to the state it was in when previously initialized via a call to
init()
. For algorithms which support keys with transient key
data sets, such as DES, triple DES, AES, and Korean SEED the
Signature
object key becomes uninitialized on clear events
associated with the Key
object used to initialize the
Signature
object.
Even if a transaction is in progress, update of intermediate result state in
the implementation instance shall not participate in the transaction.
Note:
init(Key, byte, byte[], short, short)
method.
Modifier and Type | Class and Description |
---|---|
static class |
Signature.OneShot
The
OneShot class is a specialization of the
Signature class intended to support efficient one-shot signing and
verification operations that may avoid persistent memory writes entirely. |
Modifier and Type | Field and Description |
---|---|
static byte |
ALG_AES_CMAC_128
Signature algorithm
ALG_AES_CMAC_128 generates a
16-byte Cipher-based MAC (CMAC) using AES with
blocksize 128 in CBC mode with ISO9797_M2 padding scheme. |
static byte |
ALG_AES_MAC_128_NOPAD
Signature algorithm
ALG_AES_MAC_128_NOPAD generates a
16-byte MAC using AES with blocksize 128 in CBC mode and does not pad
input data. |
static byte |
ALG_AES_MAC_192_NOPAD
Deprecated.
|
static byte |
ALG_AES_MAC_256_NOPAD
Deprecated.
|
static byte |
ALG_DES_MAC4_ISO9797_1_M1_ALG3
Signature algorithm
ALG_DES_MAC4_ISO9797_1_M1_ALG3
generates a 4-byte MAC using triple DES with a 2-key DES3 key according
to ISO9797-1 MAC
algorithm 3 with method 1, where input data is
padded using method 1 and the data is processed as described in MAC
Algorithm 3 of the ISO 9797-1 specification. |
static byte |
ALG_DES_MAC4_ISO9797_1_M2_ALG3
Signature algorithm
ALG_DES_MAC4_ISO9797_1_M2_ALG3
generates a 4-byte MAC using triple DES with a 2-key DES3 key according
to ISO9797-1 MAC
algorithm 3 with method 2 (also EMV'96, EMV'2000), where input data is
padded using method 2 and the data is processed as described in MAC
Algorithm 3 of the ISO 9797-1 specification. |
static byte |
ALG_DES_MAC4_ISO9797_M1
Signature algorithm
ALG_DES_MAC4_ISO9797_M1 generates a
4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC
mode or triple DES in outer CBC mode. |
static byte |
ALG_DES_MAC4_ISO9797_M2
Signature algorithm
ALG_DES_MAC4_ISO9797_M2 generates a
4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC
mode or triple DES in outer CBC mode. |
static byte |
ALG_DES_MAC4_NOPAD
Signature algorithm
ALG_DES_MAC4_NOPAD generates a 4-byte
MAC (most significant 4 bytes of encrypted block) using DES in CBC mode
or triple DES in outer CBC mode. |
static byte |
ALG_DES_MAC4_PKCS5
Signature algorithm
ALG_DES_MAC4_PKCS5 generates a 4-byte
MAC (most significant 4 bytes of encrypted block) using DES in CBC mode
or triple DES in outer CBC mode. |
static byte |
ALG_DES_MAC8_ISO9797_1_M1_ALG3
Signature algorithm
ALG_DES_MAC8_ISO9797_1_M1_ALG3
generates an 8-byte MAC using triple DES with a 2-key DES3 key according
to ISO9797-1 MAC
algorithm 3 with method 1, where input data is
padded using method 1 and the data is processed as described in MAC
Algorithm 3 of the ISO 9797-1 specification. |
static byte |
ALG_DES_MAC8_ISO9797_1_M2_ALG3
Signature algorithm
ALG_DES_MAC8_ISO9797_1_M2_ALG3
generates an 8-byte MAC using triple DES with a 2-key DES3 key according
to ISO9797-1 MAC
algorithm 3 with method 2 (also EMV'96, EMV'2000), where input data is
padded using method 2 and the data is processed as described in MAC
Algorithm 3 of the ISO 9797-1 specification. |
static byte |
ALG_DES_MAC8_ISO9797_M1
Signature algorithm
ALG_DES_MAC8_ISO9797_M1 generates an
8-byte MAC using DES in CBC mode or triple DES in outer CBC mode. |
static byte |
ALG_DES_MAC8_ISO9797_M2
Signature algorithm
ALG_DES_MAC8_ISO9797_M2 generates an
8-byte MAC using DES in CBC mode or triple DES in outer CBC mode. |
static byte |
ALG_DES_MAC8_NOPAD
Signature algorithm
ALG_DES_MAC8_NOPAD generates an
8-byte MAC using DES in CBC mode or triple DES in outer CBC mode. |
static byte |
ALG_DES_MAC8_PKCS5
Signature algorithm
ALG_DES_MAC8_PKCS5 generates an
8-byte MAC using DES in CBC mode or triple DES in outer CBC mode. |
static byte |
ALG_DSA_SHA
Signature algorithm
ALG_DSA_SHA generates a 20-byte SHA
digest and signs/verifies the digests using DSA. |
static byte |
ALG_ECDSA_SHA
Signature algorithm
ALG_ECDSA_SHA generates a 20-byte SHA
digest and signs/verifies the digest using ECDSA. |
static byte |
ALG_ECDSA_SHA_224
Signature algorithm
ALG_ECDSA_SHA_224 generates a 28-byte
SHA-224 digest and signs/verifies the digest using ECDSA with the
curve defined in the ECKey parameters - such as the P-224
curve specified in the Digital Signature Standards specification[NIST FIPS
PUB 186-2]. |
static byte |
ALG_ECDSA_SHA_256
Signature algorithm
ALG_ECDSA_SHA_256 generates a 32-byte
SHA-256 digest and signs/verifies the digest using ECDSA with the
curve defined in the ECKey parameters - such as the P-256
curve specified in the Digital Signature Standards specification[NIST FIPS
PUB 186-2]. |
static byte |
ALG_ECDSA_SHA_384
Signature algorithm
ALG_ECDSA_SHA_384 generates a 48-byte
SHA-384 digest and signs/verifies the digest using ECDSA with the
curve defined in the ECKey parameters - such as the P-384
curve specified in the Digital Signature Standards specification[NIST FIPS
PUB 186-2]. |
static byte |
ALG_ECDSA_SHA_512
Signature algorithm
ALG_ECDSA_SHA_512 generates a 64-byte
SHA-512 digest and signs/verifies the digest using ECDSA with the
curve defined in the ECKey parameters - such as the P-521
curve specified in the Digital Signature Standards specification[NIST FIPS
PUB 186-2]. |
static byte |
ALG_HMAC_MD5
HMAC message authentication algorithm
ALG_HMAC_MD5 This
algorithm generates an HMAC following the steps found in RFC: 2104 using
MD5 as the hashing algorithm. |
static byte |
ALG_HMAC_RIPEMD160
HMAC message authentication algorithm
ALG_HMAC_RIPEMD160
This algorithm generates an HMAC following the steps found in RFC: 2104
using RIPEMD160 as the hashing algorithm. |
static byte |
ALG_HMAC_SHA_256
HMAC message authentication algorithm
ALG_HMAC_SHA_256
This algorithm generates an HMAC following the steps found in RFC: 2104
using SHA-256 as the hashing algorithm. |
static byte |
ALG_HMAC_SHA_384
HMAC message authentication algorithm
ALG_HMAC_SHA_384
This algorithm generates an HMAC following the steps found in RFC: 2104
using SHA-384 as the hashing algorithm. |
static byte |
ALG_HMAC_SHA_512
HMAC message authentication algorithm
ALG_HMAC_SHA_512
This algorithm generates an HMAC following the steps found in RFC: 2104
using SHA-512 as the hashing algorithm. |
static byte |
ALG_HMAC_SHA1
HMAC message authentication algorithm
ALG_HMAC_SHA1 This
algorithm generates an HMAC following the steps found in RFC: 2104 using
SHA1 as the hashing algorithm. |
static byte |
ALG_KOREAN_SEED_MAC_NOPAD
Signature algorithm
ALG_KOREAN_SEED_MAC_NOPAD generates an
16-byte MAC using Korean SEED in CBC mode. |
static byte |
ALG_RSA_MD5_PKCS1
Signature algorithm
ALG_RSA_MD5_PKCS1 generates a 16-byte
MD5 digest, pads the digest according to the PKCS#1 (v1.5) scheme, and
encrypts it using RSA. |
static byte |
ALG_RSA_MD5_PKCS1_PSS
Signature algorithm
ALG_RSA_MD5_PKCS1_PSS generates a
16-byte MD5 digest, pads it according to the PKCS#1-PSS scheme (IEEE
1363-2000), and encrypts it using RSA. |
static byte |
ALG_RSA_MD5_RFC2409
Signature algorithm
ALG_RSA_MD5_RFC2409 generates a
16-byte MD5 digest, pads the digest according to the RFC2409 scheme, and
encrypts it using RSA. |
static byte |
ALG_RSA_RIPEMD160_ISO9796
Signature algorithm
ALG_RSA_RIPEMD160_ISO9796 generates a
20-byte RIPE MD-160 digest, pads the digest according to the ISO 9796
scheme, and encrypts it using RSA. |
static byte |
ALG_RSA_RIPEMD160_ISO9796_MR
Signature algorithm
ALG_RSA_RIPEMD160_ISO9796_MR generates
20-byte RIPE MD-160 digest, pads it according to the ISO9796-2
specification and encrypts using RSA. |
static byte |
ALG_RSA_RIPEMD160_PKCS1
Signature algorithm
ALG_RSA_RIPEMD160_PKCS1 generates a
20-byte RIPE MD-160 digest, pads the digest according to the PKCS#1
(v1.5) scheme, and encrypts it using RSA. |
static byte |
ALG_RSA_RIPEMD160_PKCS1_PSS
Signature algorithm
ALG_RSA_RIPEMD160_PKCS1_PSS generates
a 20-byte RIPE MD-160 digest, pads it according to the PKCS#1-PSS scheme
(IEEE 1363-2000), and encrypts it using RSA. |
static byte |
ALG_RSA_SHA_224_PKCS1
Signature algorithm
ALG_RSA_SHA_224_PKCS1 generates a 28-byte
SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and
encrypts it using RSA. |
static byte |
ALG_RSA_SHA_224_PKCS1_PSS
Signature algorithm
ALG_RSA_SHA_224_PKCS1_PSS generates a
28-byte SHA-224 digest, pads it according to the PKCS#1-PSS scheme (IEEE
1363-2000), and encrypts it using RSA. |
static byte |
ALG_RSA_SHA_256_PKCS1
Signature algorithm
ALG_RSA_SHA_256_PKCS1 generates a 32-byte
SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and
encrypts it using RSA. |
static byte |
ALG_RSA_SHA_256_PKCS1_PSS
Signature algorithm
ALG_RSA_SHA_256_PKCS1_PSS generates a
32-byte SHA-256 digest, pads it according to the PKCS#1-PSS scheme (IEEE
1363-2000), and encrypts it using RSA. |
static byte |
ALG_RSA_SHA_384_PKCS1
Signature algorithm
ALG_RSA_SHA_384_PKCS1 generates a 48-byte
SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and
encrypts it using RSA. |
static byte |
ALG_RSA_SHA_384_PKCS1_PSS
Signature algorithm
ALG_RSA_SHA_384_PKCS1_PSS generates a
48-byte SHA-384 digest, pads it according to the PKCS#1-PSS scheme (IEEE
1363-2000), and encrypts it using RSA. |
static byte |
ALG_RSA_SHA_512_PKCS1
Signature algorithm
ALG_RSA_SHA_512_PKCS1 generates a 64-byte
SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and
encrypts it using RSA. |
static byte |
ALG_RSA_SHA_512_PKCS1_PSS
Signature algorithm
ALG_RSA_SHA_512_PKCS1_PSS generates a
64-byte SHA-512 digest, pads it according to the PKCS#1-PSS scheme (IEEE
1363-2000), and encrypts it using RSA. |
static byte |
ALG_RSA_SHA_ISO9796
Signature algorithm
ALG_RSA_SHA_ISO9796 generates a
20-byte SHA digest, pads the digest according to the ISO 9796-2 scheme as
specified in EMV '96 and EMV 2000, and encrypts it using RSA. |
static byte |
ALG_RSA_SHA_ISO9796_MR
Signature algorithm
ALG_RSA_SHA_ISO9796_MR generates
20-byte SHA-1 digest, pads it according to the ISO9796-2 specification
and encrypts using RSA. |
static byte |
ALG_RSA_SHA_PKCS1
Signature algorithm
ALG_RSA_SHA_PKCS1 generates a 20-byte
SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and
encrypts it using RSA. |
static byte |
ALG_RSA_SHA_PKCS1_PSS
Signature algorithm
ALG_RSA_SHA_PKCS1_PSS generates a
20-byte SHA-1 digest, pads it according to the PKCS#1-PSS scheme (IEEE
1363-2000), and encrypts it using RSA. |
static byte |
ALG_RSA_SHA_RFC2409
Signature algorithm
ALG_RSA_SHA_RFC2409 generates a
20-byte SHA digest, pads the digest according to the RFC2409 scheme, and
encrypts it using RSA. |
static byte |
MODE_SIGN
Used in
init() methods to indicate signature sign mode. |
static byte |
MODE_VERIFY
Used in
init() methods to indicate signature verify mode. |
static byte |
SIG_CIPHER_AES_CMAC128
Cipher algorithm
SIG_CIPHER_AES_CMAC128 choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. |
static byte |
SIG_CIPHER_AES_MAC128
Cipher algorithm
SIG_CIPHER_AES_MAC128 choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. |
static byte |
SIG_CIPHER_DES_MAC4
Cipher algorithm
SIG_CIPHER_DES_MAC4 choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. |
static byte |
SIG_CIPHER_DES_MAC8
Cipher algorithm
SIG_CIPHER_DES_MAC8 choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. |
static byte |
SIG_CIPHER_DSA
Cipher algorithm
SIG_CIPHER_DSA choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. |
static byte |
SIG_CIPHER_ECDSA
Cipher algorithm
SIG_CIPHER_ECDSA choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. |
static byte |
SIG_CIPHER_ECDSA_PLAIN
Cipher algorithm
SIG_CIPHER_ECDSA_PLAIN choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. |
static byte |
SIG_CIPHER_HMAC
Cipher algorithm
SIG_CIPHER_HMAC choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. |
static byte |
SIG_CIPHER_KOREAN_SEED_MAC
Cipher algorithm
SIG_CIPHER_KOREAN_SEED_MAC choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. |
static byte |
SIG_CIPHER_RSA
Cipher algorithm
SIG_CIPHER_RSA choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. |
Modifier | Constructor and Description |
---|---|
protected |
Signature()
Protected Constructor
|
Modifier and Type | Method and Description |
---|---|
abstract byte |
getAlgorithm()
Gets the Signature algorithm.
|
abstract byte |
getCipherAlgorithm()
Gets the cipher algorithm.
|
static Signature |
getInstance(byte algorithm,
boolean externalAccess)
Creates a
Signature object instance of the selected
algorithm. |
static Signature |
getInstance(byte messageDigestAlgorithm,
byte cipherAlgorithm,
byte paddingAlgorithm,
boolean externalAccess)
Creates a
Signature object instance with the selected
message digest algorithm, cipher algorithm and padding algorithm. |
abstract short |
getLength()
Returns the byte length of the signature data.
|
abstract byte |
getMessageDigestAlgorithm()
Gets the message digest algorithm.
|
abstract byte |
getPaddingAlgorithm()
Gets the padding algorithm.
|
abstract void |
init(Key theKey,
byte theMode)
Initializes the
Signature object with the appropriate
Key . |
abstract void |
init(Key theKey,
byte theMode,
byte[] bArray,
short bOff,
short bLen)
Initializes the
Signature object with the appropriate
Key and algorithm specific parameters. |
abstract void |
setInitialDigest(byte[] initialDigestBuf,
short initialDigestOffset,
short initialDigestLength,
byte[] digestedMsgLenBuf,
short digestedMsgLenOffset,
short digestedMsgLenLength)
This method initializes the starting hash value in place of the default
value used by the
Signature class. |
abstract short |
sign(byte[] inBuff,
short inOffset,
short inLength,
byte[] sigBuff,
short sigOffset)
Generates the signature of all/last input data.
|
abstract short |
signPreComputedHash(byte[] hashBuff,
short hashOffset,
short hashLength,
byte[] sigBuff,
short sigOffset)
Generates the signature of the precomputed hash data.
|
abstract void |
update(byte[] inBuff,
short inOffset,
short inLength)
Accumulates a signature of the input data.
|
abstract boolean |
verify(byte[] inBuff,
short inOffset,
short inLength,
byte[] sigBuff,
short sigOffset,
short sigLength)
Verifies the signature of all/last input data against the passed in
signature.
|
abstract boolean |
verifyPreComputedHash(byte[] hashBuff,
short hashOffset,
short hashLength,
byte[] sigBuff,
short sigOffset,
short sigLength)
Verifies the signature of precomputed hash data.
|
public static final byte ALG_DES_MAC4_NOPAD
ALG_DES_MAC4_NOPAD
generates a 4-byte
MAC (most significant 4 bytes of encrypted block) using DES in CBC mode
or triple DES in outer CBC mode. This algorithm does not pad input data.
If the input data is not (8 byte) block aligned it throws
CryptoException
with the reason code
ILLEGAL_USE
.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_DES_MAC4
,
Cipher.PAD_NOPAD
constants respectively.
public static final byte ALG_DES_MAC8_NOPAD
ALG_DES_MAC8_NOPAD
generates an
8-byte MAC using DES in CBC mode or triple DES in outer CBC mode. This
algorithm does not pad input data. If the input data is not (8 byte)
block aligned it throws CryptoException
with the reason
code ILLEGAL_USE
.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_DES_MAC8
,
Cipher.PAD_NOPAD
constants respectively.
Note:
public static final byte ALG_DES_MAC4_ISO9797_M1
ALG_DES_MAC4_ISO9797_M1
generates a
4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC
mode or triple DES in outer CBC mode. Input data is padded according to
the ISO 9797 method 1 scheme.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_DES_MAC4
,
Cipher.PAD_ISO9797_M1
constants respectively.
public static final byte ALG_DES_MAC8_ISO9797_M1
ALG_DES_MAC8_ISO9797_M1
generates an
8-byte MAC using DES in CBC mode or triple DES in outer CBC mode. Input
data is padded according to the ISO 9797 method 1 scheme.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_DES_MAC8
,
Cipher.PAD_ISO9797_M1
constants respectively.
Note:
public static final byte ALG_DES_MAC4_ISO9797_M2
ALG_DES_MAC4_ISO9797_M2
generates a
4-byte MAC (most significant 4 bytes of encrypted block) using DES in CBC
mode or triple DES in outer CBC mode. Input data is padded according to
the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_DES_MAC4
,
Cipher.PAD_ISO9797_M2
constants respectively.
public static final byte ALG_DES_MAC8_ISO9797_M2
ALG_DES_MAC8_ISO9797_M2
generates an
8-byte MAC using DES in CBC mode or triple DES in outer CBC mode. Input
data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96)
scheme.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_DES_MAC8
,
Cipher.PAD_ISO9797_M2
constants respectively.
Note:
public static final byte ALG_DES_MAC4_PKCS5
ALG_DES_MAC4_PKCS5
generates a 4-byte
MAC (most significant 4 bytes of encrypted block) using DES in CBC mode
or triple DES in outer CBC mode. Input data is padded according to the
PKCS#5 scheme.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_DES_MAC4
,
Cipher.PAD_PKCS5
constants respectively.
public static final byte ALG_DES_MAC8_PKCS5
ALG_DES_MAC8_PKCS5
generates an
8-byte MAC using DES in CBC mode or triple DES in outer CBC mode. Input
data is padded according to the PKCS#5 scheme.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_DES_MAC8
,
Cipher.PAD_PKCS5
constants respectively.
Note:
public static final byte ALG_RSA_SHA_ISO9796
ALG_RSA_SHA_ISO9796
generates a
20-byte SHA digest, pads the digest according to the ISO 9796-2 scheme as
specified in EMV '96 and EMV 2000, and encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA
, SIG_CIPHER_RSA
,
Cipher.PAD_ISO9796
constants respectively.
Note:
verify
method does not support the message recovery
semantics of this algorithm.
public static final byte ALG_RSA_SHA_PKCS1
ALG_RSA_SHA_PKCS1
generates a 20-byte
SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and
encrypts it using RSA.
Note:
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1
constants respectively.
public static final byte ALG_RSA_MD5_PKCS1
ALG_RSA_MD5_PKCS1
generates a 16-byte
MD5 digest, pads the digest according to the PKCS#1 (v1.5) scheme, and
encrypts it using RSA.
Note:
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_MD5
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1
constants respectively.
public static final byte ALG_RSA_RIPEMD160_ISO9796
ALG_RSA_RIPEMD160_ISO9796
generates a
20-byte RIPE MD-160 digest, pads the digest according to the ISO 9796
scheme, and encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_RIPEMD160
, SIG_CIPHER_RSA
,
Cipher.PAD_ISO9796
constants respectively.
public static final byte ALG_RSA_RIPEMD160_PKCS1
ALG_RSA_RIPEMD160_PKCS1
generates a
20-byte RIPE MD-160 digest, pads the digest according to the PKCS#1
(v1.5) scheme, and encrypts it using RSA.
Note:
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_RIPEMD160
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1
constants respectively.
public static final byte ALG_DSA_SHA
ALG_DSA_SHA
generates a 20-byte SHA
digest and signs/verifies the digests using DSA. The signature is encoded
as an ASN.1 sequence of two INTEGER values, r and s, in that order:
SEQUENCE ::= { r INTEGER, s INTEGER }
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA
, SIG_CIPHER_DSA
,
Cipher.PAD_NULL
constants respectively.
public static final byte ALG_RSA_SHA_RFC2409
ALG_RSA_SHA_RFC2409
generates a
20-byte SHA digest, pads the digest according to the RFC2409 scheme, and
encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA
, SIG_CIPHER_RSA
,
Cipher.PAD_RFC2409
constants respectively.
public static final byte ALG_RSA_MD5_RFC2409
ALG_RSA_MD5_RFC2409
generates a
16-byte MD5 digest, pads the digest according to the RFC2409 scheme, and
encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_MD5
, SIG_CIPHER_RSA
,
Cipher.PAD_RFC2409
constants respectively.
public static final byte ALG_ECDSA_SHA
ALG_ECDSA_SHA
generates a 20-byte SHA
digest and signs/verifies the digest using ECDSA. The signature is
encoded as an ASN.1 sequence of two INTEGER values, r and s, in that
order: SEQUENCE ::= { r INTEGER, s INTEGER }
Note:
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA
, SIG_CIPHER_ECDSA
,
Cipher.PAD_NULL
constants respectively.
public static final byte ALG_AES_MAC_128_NOPAD
ALG_AES_MAC_128_NOPAD
generates a
16-byte MAC using AES with blocksize 128 in CBC mode and does not pad
input data. If the input data is not (16-byte) block aligned it throws
CryptoException
with the reason code
ILLEGAL_USE
.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_AES_MAC128
,
Cipher.PAD_NOPAD
constants respectively.
public static final byte ALG_AES_CMAC_128
ALG_AES_CMAC_128
generates a
16-byte Cipher-based MAC (CMAC) using AES with
blocksize 128 in CBC mode with ISO9797_M2 padding scheme.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_AES_CMAC_128
,
Cipher.PAD_ISO9797_M2
constants respectively.
public static final byte ALG_DES_MAC4_ISO9797_1_M2_ALG3
ALG_DES_MAC4_ISO9797_1_M2_ALG3
generates a 4-byte MAC using triple DES with a 2-key DES3 key according
to ISO9797-1 MAC
algorithm 3 with method 2 (also EMV'96, EMV'2000), where input data is
padded using method 2 and the data is processed as described in MAC
Algorithm 3 of the ISO 9797-1 specification. The left key block of the
triple DES key is used as a single DES key(K) and the right key block of
the triple DES key is used as a single DES Key (K') during MAC
processing. The final result is truncated to 4 bytes as described in
ISO9797-1.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_DES_MAC4
,
Cipher.PAD_ISO9797_1_M2_ALG3
constants respectively.
Note:
public static final byte ALG_DES_MAC8_ISO9797_1_M2_ALG3
ALG_DES_MAC8_ISO9797_1_M2_ALG3
generates an 8-byte MAC using triple DES with a 2-key DES3 key according
to ISO9797-1 MAC
algorithm 3 with method 2 (also EMV'96, EMV'2000), where input data is
padded using method 2 and the data is processed as described in MAC
Algorithm 3 of the ISO 9797-1 specification. The left key block of the
triple DES key is used as a single DES key(K) and the right key block of
the triple DES key is used as a single DES Key (K') during MAC
processing. The final result is truncated to 8 bytes as described in
ISO9797-1.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_DES_MAC8
,
Cipher.PAD_ISO9797_1_M2_ALG3
constants respectively.
Note:
public static final byte ALG_RSA_SHA_PKCS1_PSS
ALG_RSA_SHA_PKCS1_PSS
generates a
20-byte SHA-1 digest, pads it according to the PKCS#1-PSS scheme (IEEE
1363-2000), and encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1_PSS
constants respectively.
public static final byte ALG_RSA_MD5_PKCS1_PSS
ALG_RSA_MD5_PKCS1_PSS
generates a
16-byte MD5 digest, pads it according to the PKCS#1-PSS scheme (IEEE
1363-2000), and encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_MD5
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1_PSS
constants respectively.
public static final byte ALG_RSA_RIPEMD160_PKCS1_PSS
ALG_RSA_RIPEMD160_PKCS1_PSS
generates
a 20-byte RIPE MD-160 digest, pads it according to the PKCS#1-PSS scheme
(IEEE 1363-2000), and encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_RIPEMD160
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1_PSS
constants respectively.
public static final byte ALG_HMAC_SHA1
ALG_HMAC_SHA1
This
algorithm generates an HMAC following the steps found in RFC: 2104 using
SHA1 as the hashing algorithm.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA
, SIG_CIPHER_HMAC
,
Cipher.PAD_NULL
constants respectively.
public static final byte ALG_HMAC_SHA_256
ALG_HMAC_SHA_256
This algorithm generates an HMAC following the steps found in RFC: 2104
using SHA-256 as the hashing algorithm.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_256
, SIG_CIPHER_HMAC
,
Cipher.PAD_NULL
constants respectively.
public static final byte ALG_HMAC_SHA_384
ALG_HMAC_SHA_384
This algorithm generates an HMAC following the steps found in RFC: 2104
using SHA-384 as the hashing algorithm.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_384
, SIG_CIPHER_HMAC
,
Cipher.PAD_NULL
constants respectively.
public static final byte ALG_HMAC_SHA_512
ALG_HMAC_SHA_512
This algorithm generates an HMAC following the steps found in RFC: 2104
using SHA-512 as the hashing algorithm.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_512
, SIG_CIPHER_HMAC
,
Cipher.PAD_NULL
constants respectively.
public static final byte ALG_HMAC_MD5
ALG_HMAC_MD5
This
algorithm generates an HMAC following the steps found in RFC: 2104 using
MD5 as the hashing algorithm.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_MD5
, SIG_CIPHER_HMAC
,
Cipher.PAD_NULL
constants respectively.
public static final byte ALG_HMAC_RIPEMD160
ALG_HMAC_RIPEMD160
This algorithm generates an HMAC following the steps found in RFC: 2104
using RIPEMD160 as the hashing algorithm.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_RIPEMD160
, SIG_CIPHER_HMAC
,
Cipher.PAD_NULL
constants respectively.
public static final byte ALG_RSA_SHA_ISO9796_MR
ALG_RSA_SHA_ISO9796_MR
generates
20-byte SHA-1 digest, pads it according to the ISO9796-2 specification
and encrypts using RSA. This algorithm is conformant with EMV2000.
This algorithm uses the first part of the input message as padding bytes during signing. During verification, these message bytes (recoverable message) can be recovered to reconstruct the message.
To use this algorithm the Signature
object instance
returned by the getInstance
method must be cast to the
SignatureMessageRecovery
interface to invoke the
applicable methods.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA
, SIG_CIPHER_RSA
,
Cipher.PAD_ISO9796_MR
constants respectively.
public static final byte ALG_RSA_RIPEMD160_ISO9796_MR
ALG_RSA_RIPEMD160_ISO9796_MR
generates
20-byte RIPE MD-160 digest, pads it according to the ISO9796-2
specification and encrypts using RSA.
This algorithm uses the first part of the input message as padding bytes during signing. During verification, these message bytes (recoverable message) can be recovered to reconstruct the message.
To use this algorithm the Signature
object instance
returned by the getInstance
method must be cast to the
SignatureMessageRecovery
interface to invoke the
applicable methods.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_RIPEMD160
, SIG_CIPHER_RSA
,
Cipher.PAD_ISO9796_MR
constants respectively.
public static final byte ALG_KOREAN_SEED_MAC_NOPAD
ALG_KOREAN_SEED_MAC_NOPAD
generates an
16-byte MAC using Korean SEED in CBC mode. This algorithm does not pad
input data. If the input data is not (16 byte) block aligned it throws
CryptoException
with the reason code
ILLEGAL_USE
.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_KOREAN_SEED_MAC
,
Cipher.PAD_NOPAD
constants respectively.
Note:
public static final byte ALG_ECDSA_SHA_256
ALG_ECDSA_SHA_256
generates a 32-byte
SHA-256 digest and signs/verifies the digest using ECDSA with the
curve defined in the ECKey
parameters - such as the P-256
curve specified in the Digital Signature Standards specification[NIST FIPS
PUB 186-2]. The signature is encoded as an ASN.1 sequence of two INTEGER
values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_256
, SIG_CIPHER_ECDSA
,
Cipher.PAD_NULL
constants respectively.
Note:
public static final byte ALG_ECDSA_SHA_384
ALG_ECDSA_SHA_384
generates a 48-byte
SHA-384 digest and signs/verifies the digest using ECDSA with the
curve defined in the ECKey
parameters - such as the P-384
curve specified in the Digital Signature Standards specification[NIST FIPS
PUB 186-2]. The signature is encoded as an ASN.1 sequence of two INTEGER
values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_384
, SIG_CIPHER_ECDSA
,
Cipher.PAD_NULL
constants respectively.
Note:
public static final byte ALG_AES_MAC_192_NOPAD
ALG_AES_MAC_192_NOPAD
should not be used. AES algorithms as defined by NIST in the FIPS PUB 197
standard only support a block size of 128 bits.public static final byte ALG_AES_MAC_256_NOPAD
ALG_AES_MAC_256_NOPAD
should not be used. AES algorithms as defined by NIST in the FIPS PUB 197
standard only support a block size of 128 bits.public static final byte ALG_ECDSA_SHA_224
ALG_ECDSA_SHA_224
generates a 28-byte
SHA-224 digest and signs/verifies the digest using ECDSA with the
curve defined in the ECKey
parameters - such as the P-224
curve specified in the Digital Signature Standards specification[NIST FIPS
PUB 186-2]. The signature is encoded as an ASN.1 sequence of two INTEGER
values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_224
, SIG_CIPHER_ECDSA
,
Cipher.PAD_NULL
constants respectively.
Note:
public static final byte ALG_ECDSA_SHA_512
ALG_ECDSA_SHA_512
generates a 64-byte
SHA-512 digest and signs/verifies the digest using ECDSA with the
curve defined in the ECKey
parameters - such as the P-521
curve specified in the Digital Signature Standards specification[NIST FIPS
PUB 186-2]. The signature is encoded as an ASN.1 sequence of two INTEGER
values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_512
, SIG_CIPHER_ECDSA
,
Cipher.PAD_NULL
constants respectively.
Note:
public static final byte ALG_RSA_SHA_224_PKCS1
ALG_RSA_SHA_224_PKCS1
generates a 28-byte
SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and
encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_224
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1
constants respectively.
Note:
public static final byte ALG_RSA_SHA_256_PKCS1
ALG_RSA_SHA_256_PKCS1
generates a 32-byte
SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and
encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_256
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1
constants respectively.
Note:
public static final byte ALG_RSA_SHA_384_PKCS1
ALG_RSA_SHA_384_PKCS1
generates a 48-byte
SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and
encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_384
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1
constants respectively.
Note:
public static final byte ALG_RSA_SHA_512_PKCS1
ALG_RSA_SHA_512_PKCS1
generates a 64-byte
SHA digest, pads the digest according to the PKCS#1 (v1.5) scheme, and
encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_512
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1
constants respectively.
Note:
public static final byte ALG_RSA_SHA_224_PKCS1_PSS
ALG_RSA_SHA_224_PKCS1_PSS
generates a
28-byte SHA-224 digest, pads it according to the PKCS#1-PSS scheme (IEEE
1363-2000), and encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_224
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1_PSS
constants respectively.
public static final byte ALG_RSA_SHA_256_PKCS1_PSS
ALG_RSA_SHA_256_PKCS1_PSS
generates a
32-byte SHA-256 digest, pads it according to the PKCS#1-PSS scheme (IEEE
1363-2000), and encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_256
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1_PSS
constants respectively.
public static final byte ALG_RSA_SHA_384_PKCS1_PSS
ALG_RSA_SHA_384_PKCS1_PSS
generates a
48-byte SHA-384 digest, pads it according to the PKCS#1-PSS scheme (IEEE
1363-2000), and encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_384
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1_PSS
constants respectively.
public static final byte ALG_RSA_SHA_512_PKCS1_PSS
ALG_RSA_SHA_512_PKCS1_PSS
generates a
64-byte SHA-512 digest, pads it according to the PKCS#1-PSS scheme (IEEE
1363-2000), and encrypts it using RSA.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_SHA_512
, SIG_CIPHER_RSA
,
Cipher.PAD_PKCS1_PSS
constants respectively.
public static final byte ALG_DES_MAC4_ISO9797_1_M1_ALG3
ALG_DES_MAC4_ISO9797_1_M1_ALG3
generates a 4-byte MAC using triple DES with a 2-key DES3 key according
to ISO9797-1 MAC
algorithm 3 with method 1, where input data is
padded using method 1 and the data is processed as described in MAC
Algorithm 3 of the ISO 9797-1 specification. The left key block of the
triple DES key is used as a single DES key(K) and the right key block of
the triple DES key is used as a single DES Key (K') during MAC
processing. The final result is truncated to 4 bytes as described in
ISO9797-1.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_DES_MAC4
,
Cipher.PAD_ISO9797_1_M1_ALG3
constants respectively.
Note:
public static final byte ALG_DES_MAC8_ISO9797_1_M1_ALG3
ALG_DES_MAC8_ISO9797_1_M1_ALG3
generates an 8-byte MAC using triple DES with a 2-key DES3 key according
to ISO9797-1 MAC
algorithm 3 with method 1, where input data is
padded using method 1 and the data is processed as described in MAC
Algorithm 3 of the ISO 9797-1 specification. The left key block of the
triple DES key is used as a single DES key(K) and the right key block of
the triple DES key is used as a single DES Key (K') during MAC
processing. The final result is truncated to 8 bytes as described in
ISO9797-1.
To request this algorithm using the
getInstance(byte, byte, byte, boolean)
method use the MessageDigest.ALG_NULL
, SIG_CIPHER_DES_MAC8
,
Cipher.PAD_ISO9797_1_M1_ALG3
constants respectively.
Note:
public static final byte SIG_CIPHER_DES_MAC4
SIG_CIPHER_DES_MAC4
choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. The signature algorithm generates a 4-byte
MAC (most significant 4 bytes of encrypted block) using DES in CBC mode
or triple DES in outer CBC mode.public static final byte SIG_CIPHER_DES_MAC8
SIG_CIPHER_DES_MAC8
choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. The signature algorithm generates a 8-byte
MAC (most significant 8 bytes of encrypted block) using DES in CBC mode
or triple DES in outer CBC mode.public static final byte SIG_CIPHER_RSA
SIG_CIPHER_RSA
choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. The signature algorithm uses the RSA cipher.public static final byte SIG_CIPHER_DSA
SIG_CIPHER_DSA
choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. The signature algorithm uses the DSA cipher.
The signature is encoded
as an ASN.1 sequence of two INTEGER values, r and s, in that order:
SEQUENCE ::= { r INTEGER, s INTEGER }public static final byte SIG_CIPHER_ECDSA
SIG_CIPHER_ECDSA
choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. The signature algorithm uses the ECDSA cipher.
The signature is encoded as an ASN.1 sequence of two INTEGER values, r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }
Note:
public static final byte SIG_CIPHER_ECDSA_PLAIN
SIG_CIPHER_ECDSA_PLAIN
choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. The signature algorithm uses the ECDSA cipher.
The signature is encoded as an octet string R || S as specified in section 5.2.1 of BSI TR-03111.
Note:
public static final byte SIG_CIPHER_AES_MAC128
SIG_CIPHER_AES_MAC128
choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. The signature algorithm generates a 16-byte MAC using AES
with block size 128 in CBC mode.public static final byte SIG_CIPHER_AES_CMAC128
SIG_CIPHER_AES_CMAC128
choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. The signature algorithm generates a 16-byte Cipher-based MAC (CMAC) using AES
with block size 128 in CBC mode.public static final byte SIG_CIPHER_HMAC
SIG_CIPHER_HMAC
choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. The signature algorithm generates an HMAC following the steps
found in RFC: 2104 using the specified hashing algorithm.public static final byte SIG_CIPHER_KOREAN_SEED_MAC
SIG_CIPHER_KOREAN_SEED_MAC
choice for the cipherAlgorithm
parameter of the
getInstance(byte, byte, byte, boolean)
method. The signature algorithm generates a generates a
16-byte MAC using Korean SEED in CBC mode.public static final byte MODE_SIGN
init()
methods to indicate signature sign mode.public static final byte MODE_VERIFY
init()
methods to indicate signature verify mode.public static final Signature getInstance(byte algorithm, boolean externalAccess) throws CryptoException
Signature
object instance of the selected
algorithm.algorithm
- the desired Signature algorithm. Valid codes listed in
ALG_*
constants above e.g.
ALG_DES_MAC4_NOPAD
.externalAccess
- true
indicates that the instance will be shared
among multiple applet instances and that the
Signature
instance will also be accessed (via a
Shareable
interface) when the owner of the
Signature
instance is not the currently
selected applet. If true
the implementation
must not allocate CLEAR_ON_DESELECT transient space for
internal data.Signature
object instance of the requested
algorithmCryptoException
- with the following reason codes:
CryptoException.NO_SUCH_ALGORITHM
if
the requested algorithm or shared access mode is not
supported.
getInstance(byte, byte, byte, boolean)
,
getAlgorithm()
public static final Signature getInstance(byte messageDigestAlgorithm, byte cipherAlgorithm, byte paddingAlgorithm, boolean externalAccess) throws CryptoException
Signature
object instance with the selected
message digest algorithm, cipher algorithm and padding algorithm.
Note:
DSA
.
MessageDigest.ALG_NULL
choice for the message digest algorithm.
PAD_NULL
choice for the padding algorithm.
messageDigestAlgorithm
- the desired message digest algorithm. Valid codes listed in
ALG_*
constants in the MessageDigest class e.g.
ALG_NULL
.cipherAlgorithm
- the desired cipher algorithm. Valid codes listed in
SIG_CIPHER_*
constants in this class e.g.
SIG_CIPHER_DES_MAC4
.paddingAlgorithm
- the desired padding algorithm. Valid codes listed in
PAD_*
constants in the Cipher class e.g.
PAD_NULL
.externalAccess
- true
indicates that the instance will be shared
among multiple applet instances and that the
Signature
instance will also be accessed (via a
Shareable
interface) when the owner of the
Signature
instance is not the currently
selected applet. If true
the implementation
must not allocate CLEAR_ON_DESELECT transient space for
internal data.Signature
object instance of the requested
algorithmCryptoException
- with the following reason codes:
CryptoException.NO_SUCH_ALGORITHM
if
the requested message digest algorithm or cipher
algorithm or padding algorithm or their combination
or the requested shared access mode is not
supported.
getInstance(byte, boolean)
,
getMessageDigestAlgorithm()
,
getCipherAlgorithm()
,
getPaddingAlgorithm()
public abstract void init(Key theKey, byte theMode) throws CryptoException
Signature
object with the appropriate
Key
. This method should be used for algorithms which do
not need initialization parameters or use default parameter values.
init()
must be used to update the Signature
object with a new key. If the Key
object is modified after
invoking the init()
method, the behavior of the
update()
, sign()
, and
verify()
methods is unspecified.
The Key
is checked for consistency with the Signature
algorithm. For example, the key type must be matched.
For elliptic curve algorithms, the key must represent a valid point on the
curve's domain parameters. Additional key component/domain parameter
strength checks are implementation specific.
Note:
theKey
parameter is a transient key,
the implementation should, whenever possible, use transient space for internal storage.
theKey
- the key object to use for signing or verifyingtheMode
- one of MODE_SIGN
or MODE_VERIFY
CryptoException
- with the following reason codes:
CryptoException.ILLEGAL_VALUE
if
theMode
option is an undefined value or if
the Key
is inconsistent with
theMode
or with the Signature
implementation.
CryptoException.UNINITIALIZED_KEY
if
theKey
instance is uninitialized.
public abstract void init(Key theKey, byte theMode, byte[] bArray, short bOff, short bLen) throws CryptoException
Signature
object with the appropriate
Key
and algorithm specific parameters.
init()
must be used to update the Signature
object with a new key. If the Key
object is modified after
invoking the init()
method, the behavior of the
update()
, sign()
, and
verify()
methods is unspecified.
The Key
is checked for consistency with the Signature
algorithm. For example, the key type must be matched.
For elliptic curve algorithms, the key must represent a valid point on the
curve's domain parameters. Additional key component/domain parameter
strength checks are implementation specific.
Note:
bArray
.
bArray
.
bArray
.
CryptoException.ILLEGAL_VALUE
.
For RSA algorithms using the padding scheme PKCS1_PSS expect a two-byte parameter value (b1 b2)
for the salt length in bArray
. This two-byte parameter represents a short value
where b1 is the first byte (high order byte) and b2 is the second byte (low order byte).
For all other RSA algorithms CryptoException.ILLEGAL_VALUE is thrown.
theKey
parameter is a transient key,
the implementation should, whenever possible, use transient space for internal storage.
theKey
- the key object to use for signingtheMode
- one of MODE_SIGN
or MODE_VERIFY
bArray
- byte array containing algorithm specific initialization
informationbOff
- offset within bArray
where the algorithm
specific data beginsbLen
- byte length of algorithm specific parameter dataCryptoException
- with the following reason codes:
CryptoException.ILLEGAL_VALUE
if
theMode
option is an undefined value or if
a byte array parameter option is not supported by the
algorithm or if the bLen
is an incorrect
byte length for the algorithm specific data or if the
Key
is inconsistent with
theMode
or with the Signature
implementation.
CryptoException.UNINITIALIZED_KEY
if
theKey
instance is uninitialized.
public abstract void setInitialDigest(byte[] initialDigestBuf, short initialDigestOffset, short initialDigestLength, byte[] digestedMsgLenBuf, short digestedMsgLenOffset, short digestedMsgLenLength) throws CryptoException
Signature
class. The starting
hash value represents the previously computed hash (using the same
algorithm) of the first part of the message. The remaining bytes of the
message must be presented to this Signature
object via the update
and sign
or
verify
methods
to generate or verify the signature.
Note:
initialDigestBuf
- input buffer containing the starting hash value representing
the previously computed hash (using the same algorithm) of
first part of the messageinitialDigestOffset
- offset into initialDigestBuf
array where the
starting digest value data beginsinitialDigestLength
- the length of data in initialDigestBuf
array.digestedMsgLenBuf
- the byte array containing the number of bytes in the first
part of the message that has previously been hashed to obtain
the specified starting digest valuedigestedMsgLenOffset
- the offset within digestedMsgLenBuf
where the
digested length begins(the bytes starting at this offset for
digestedMsgLenLength
bytes are concatenated to
form the actual digested message length value)digestedMsgLenLength
- byte length of the digested lengthCryptoException
- with the following reason codes:
CryptoException.ILLEGAL_VALUE
if the
parameter initialDigestLength
is not equal
to the intermediate hash value size of the algorithm
or if the number of bytes
in the first part of the message that has previously been
hashed is 0 or not a multiple of the algorithm's block
size or greater than the maximum length supported by the
algorithm (see ALG_*
algorithm descriptions
MessageDigest.ALG_SHA
).
CryptoException.ILLEGAL_USE
if the
Signature algorithm does not compute a distinct message
digest value prior to applying cryptographic primitives or
if this Signature
algorithm includes message
recovery functionality.
public abstract byte getAlgorithm()
ALG_*
constants above, for example, ALG_DES_MAC4_NOPAD
.0
is returned.public abstract byte getMessageDigestAlgorithm()
ALG_*
constants in the MessageDigest class e.g.
ALG_NULL
.MessageDigest
class; if the algorithm is not one of the pre-defined
algorithms, 0
is returned.public abstract byte getCipherAlgorithm()
SIG_CIPHER_*
constants in this class e.g.
SIG_CIPHER_DES_MAC4
.0
is returned.public abstract byte getPaddingAlgorithm()
PAD_*
constants in the Cipher
class e.g.
PAD_NULL
.Cipher
class; if
the algorithm is not one of the pre-defined algorithms, 0
is
returned.public abstract short getLength() throws CryptoException
CryptoException
- with the following reason codes:
CryptoException.INVALID_INIT
if this
Signature
object is not initialized.
CryptoException.UNINITIALIZED_KEY
if
key not initialized.
public abstract void update(byte[] inBuff, short inOffset, short inLength) throws CryptoException
sign()
or verify()
method is recommended. The sign()
or verify()
method must be called to complete processing of input data accumulated by
one or more calls to the update()
method.
Note:
inLength
is 0 this method does nothing.
inBuff
- the input buffer of data to be signed/verifiedinOffset
- the offset into the input buffer where input data beginsinLength
- the byte length to sign/verifyCryptoException
- with the following reason codes:
CryptoException.UNINITIALIZED_KEY
if
key not initialized.
CryptoException.INVALID_INIT
if this
Signature
object is not initialized.
CryptoException.ILLEGAL_USE
if the
message value is not supported by the
Signature
algorithm
or if a message value consistency check failed.
sign(byte[], short,
short, byte[], short)
,
verify(byte[],
short, short, byte[], short, short)
public abstract short sign(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset) throws CryptoException
A call to this method also resets this Signature
object to
the state it was in when previously initialized via a call to
init()
. That is, the object is reset and available to
sign another message. In addition, note that the initial vector(IV) used
in AES, DES and Korean SEED algorithms in CBC mode will be reset to 0.
Note:
init(Key, byte, byte[], short, short)
method.
The input and output buffer data may overlap.
In addition to returning ashort
result, this method sets the
result in an internal state which can be rechecked using assertion methods
of the SensitiveResult
class,
if supported by the platform.inBuff
- the input buffer of data to be signedinOffset
- the offset into the input buffer at which to begin signature
generationinLength
- the byte length to signsigBuff
- the output buffer to store signature datasigOffset
- the offset into sigBuff at which to begin signature dataCryptoException
- with the following reason codes:
CryptoException.UNINITIALIZED_KEY
if
key not initialized.
CryptoException.INVALID_INIT
if this
Signature
object is not initialized or
initialized for signature verify mode.
CryptoException.ILLEGAL_USE
if one of
the following conditions is met:
Signature
algorithm does not
pad the message and the message is not block aligned.
Signature
algorithm does not
pad the message and no input data has been provided in
inBuff
or via the update()
method.
Signature
algorithm
or if a message value consistency check failed.
Signature
algorithm includes
message recovery functionality.
public abstract short signPreComputedHash(byte[] hashBuff, short hashOffset, short hashLength, byte[] sigBuff, short sigOffset) throws CryptoException
A call to this method also resets this Signature
object to
the state it was in when previously initialized via a call to
init()
. That is, the object is reset and available to
sign another precomputed hash.
Note:
update
method are discarded.
The hash and output buffer data may overlap.
In addition to returning ashort
result, this method sets the
result in an internal state which can be rechecked using assertion methods
of the SensitiveResult
class,
if supported by the platform.hashBuff
- the input buffer of precomputed hash to be signedhashOffset
- the offset into the buffer where the hash beginshashLength
- the byte length of the hashsigBuff
- the output buffer to store signature datasigOffset
- the offset into sigBuff at which to begin signature dataCryptoException
- with the following reason codes:
CryptoException.UNINITIALIZED_KEY
if
key not initialized.
CryptoException.INVALID_INIT
if this
Signature
object is not initialized or
initialized for signature verify mode.
CryptoException.ILLEGAL_USE
if one of
the following conditions is met:
hashLength
value is not equal
to the length of the algorithm's message digest length.
Signature
algorithm includes
message recovery functionality.
public abstract boolean verify(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset, short sigLength) throws CryptoException
Signature
object to
the state it was in when previously initialized via a call to
init()
. That is, the object is reset and available to
verify another message. In addition, note that the initial vector(IV)
used in AES, DES and Korean SEED algorithms in CBC mode will be reset to 0.
Note:
init(Key, byte, byte[], short, short)
method.
boolean
result, this method sets the
result in an internal state which can be rechecked using assertion methods
of the SensitiveResult
class,
if supported by the platform.inBuff
- the input buffer of data to be verifiedinOffset
- the offset into the input buffer at which to begin signature
generationinLength
- the byte length to signsigBuff
- the input buffer containing signature datasigOffset
- the offset into sigBuff
where signature data
beginssigLength
- the byte length of the signature datatrue
if the signature verifies, false
otherwise. Note, if sigLength
is inconsistent with
this Signature
algorithm, false
is
returned.CryptoException
- with the following reason codes:
CryptoException.UNINITIALIZED_KEY
if
key not initialized.
CryptoException.INVALID_INIT
if this
Signature
object is not initialized or
initialized for signature sign mode.
CryptoException.ILLEGAL_USE
if one of
the following conditions is met:
Signature
algorithm does not
pad the message and the message is not block aligned.
Signature
algorithm does not
pad the message and no input data has been provided in
inBuff
or via the update()
method.
Signature
algorithm
or if a message value consistency check failed.
Signature
algorithm includes
message recovery functionality.
public abstract boolean verifyPreComputedHash(byte[] hashBuff, short hashOffset, short hashLength, byte[] sigBuff, short sigOffset, short sigLength) throws CryptoException
A call to this method also resets this Signature
object to
the state it was in when previously initialized via a call to
init()
. That is, the object is reset and available to
verify another precomputed hash. In addition, note that the initial vector(IV)
used in AES, DES and Korean SEED algorithms in CBC mode will be reset to 0.
Note:
update
method are discarded.
The hash and output buffer data may overlap.
In addition to returning aboolean
result, this method sets the
result in an internal state which can be rechecked using assertion methods
of the SensitiveResult
class,
if supported by the platform.hashBuff
- the input buffer of precomputed hash to be verifiedhashOffset
- the offset into the buffer where the hash beginshashLength
- the byte length of the hashsigBuff
- the input buffer containing signature datasigOffset
- the offset into sigBuff
where signature data
beginssigLength
- the byte length of the signature datatrue
if the signature verifies, false
otherwise. Note, if sigLength
is inconsistent with
this Signature
algorithm, false
is
returned.CryptoException
- with the following reason codes:
CryptoException.UNINITIALIZED_KEY
if
key not initialized.
CryptoException.INVALID_INIT
if this
Signature
object is not initialized or
initialized for signature sign mode.
CryptoException.ILLEGAL_USE
if one of
the following conditions is met:
hashLength
value is not equal
to the length of the algorithm's message digest length.
Signature
algorithm includes
message recovery functionality.
Copyright © 1998, 2015, Oracle and/or its affiliates. All rights reserved. Use is subject to license terms