oracle.security.crypto.core

Class DSA

java.lang.Object

oracle.security.crypto.core.Signature

oracle.security.crypto.core.DSA

public final class DSA
extends Signature

The DSA signature algorithm, a.k.a. DSS, as described in X9.30 Part 1.

The encoding of signatures conforms to the following ASN.1 structure, defined in the PKIX draft:

                Dss-Sig-Value  ::=  SEQUENCE  {
                        r       INTEGER,
                        s       INTEGER  }
        

This class defines some constant OIDs for use in ASN1 keys and signatures (e.g., for certificates or CRLs). This is done using methods DSAPublicKey.setKeyAlgOID(), DSAPrivateKey.setKeyAlgOID(), and DSAPrivateKey.setSigAlgOID(). Note that no matter what OID you specify, the underlying signature algorithm is still the same (i.e., DSA with SHA-1).

dsaKeyOldOID and dsaSigOldOID are the OIDs used by Sun's DSA implementation in JDK 1.1 (in particular, for applet signing certificates). dsaSigOldOID2 is the OID used by SSLeay before version 0.9.0. dsaKeyOID and dsaSigOID are the OIDs specified in the IETF PKIX draft for the certificate profile, and they are the ones most likely to be used in future applications. dsaSigOID is supported by SSLeay since version 0.9.0.

The defaults are dsaKeyOID and dsaSigOID.

Field Summary

Fields

Modifier and Type	Field and Description
static ASN1ObjectID	dsaKeyOID An ASN.1 OID which identifies DSA keys.
static ASN1ObjectID	dsaKeyOldOID An ASN.1 OID which identifies the DSA signature keys.
static ASN1ObjectID	dsaSigOID An ASN.1 OID with identifies the DSA signature algorithm.
static ASN1ObjectID	dsaSigOldOID An ASN.1 OID with identifies the DSA signature algorithm.
static ASN1ObjectID	dsaSigOldOID2 An ASN.1 OID with identifies the DSA signature algorithm.

Fields inherited from class oracle.security.crypto.core.Signature

document, signatureBytes

Constructor Summary

Constructors

Constructor and Description
DSA() Creates a new, uninitialized DSA signature object, with no keys defined.
DSA(DSAPrivateKey priv, byte[] doc) Creates a new instance, and generates the signature for the given document.
DSA(DSAPrivateKey priv, RandomBitsSource rbs, byte[] doc) Creates a new instance, and generates the signature for the given document with the given random bits source.
DSA(DSAPublicKey pk) Creates a new instance, which will use the specified public key.
DSA(DSAPublicKey pubKey, byte[] sigBytes, byte[] doc) Creates a new instance, and initializes for verification.
DSA(DSAPublicKey pub, DSAPrivateKey priv) Creates a new instance, which will use the specified public key and private key.
DSA(DSAPublicKey pub, DSAPrivateKey priv, byte[] doc) Produces a signature on a document.
DSA(DSAPublicKey pub, DSAPrivateKey priv, RandomBitsSource rbs) Creates a new instance with the given parameters.
DSA(DSAPublicKey pub, DSAPrivateKey priv, RandomBitsSource rbs, byte[] doc) Creates a new instance, and generates the signature for the given document with the given random bits source.

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.String	algName() Returns the name of the algorithm.
AlgorithmIdentifier	getAlgID() Gets the algorithm identifier of this Signature object.
AlgorithmIdentifier	getDigestEncryptionAlgID() Returns the algorithm identifier of the message digest encryption for this signature.
void	setAlgID(AlgorithmIdentifier algID) Sets the signature algorithm identifier to use,
void	setHash(byte[] hash) Sets the document digest to be used in the signature calculation, bypassing the digesting step.
void	setPrivateKey(PrivateKey privateKey) Sets the private key to be used for signing.
void	setPublicKey(PublicKey publicKey) Sets the public key to be used for verification.
void	setRandomBitsSource(RandomBitsSource rbs) Sets the random bits source used to generate signatures.
byte[]	sign() Signs the document.
boolean	verify() Verify that the signature matches the document.

Methods inherited from class oracle.security.crypto.core.Signature

getDocument, getInstance, getInstance, getInstance, getSigBytes, setDocument, setSigBytes

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

dsaKeyOID

public static final ASN1ObjectID dsaKeyOID

An ASN.1 OID which identifies DSA keys. It's value is defined in the PKIX draft:

                id-dsa ID ::= { iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 1 }
                

dsaKeyOldOID

public static final ASN1ObjectID dsaKeyOldOID

An ASN.1 OID which identifies the DSA signature keys.

dsaSigOID

public static final ASN1ObjectID dsaSigOID

An ASN.1 OID with identifies the DSA signature algorithm. It's value is defined in the PKIX draft:

                id-dsa-with-sha1 ID  ::=  {
                iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3
                }
                

dsaSigOldOID

public static final ASN1ObjectID dsaSigOldOID

An ASN.1 OID with identifies the DSA signature algorithm.

dsaSigOldOID2

public static final ASN1ObjectID dsaSigOldOID2

An ASN.1 OID with identifies the DSA signature algorithm.

Constructor Detail

DSA

public DSA()

Creates a new, uninitialized DSA signature object, with no keys defined.

DSA

public DSA(DSAPublicKey pk)

Creates a new instance, which will use the specified public key. To verify a signature, the document must be set via setDocument.

Parameters:

pk - A DSA public key used to verify signatures.

See Also:

Signature.setDocument(byte[])

DSA

public DSA(DSAPublicKey pub,
   DSAPrivateKey priv)

Creates a new instance, which will use the specified public key and private key. To generate or verify a signature, the document must be set via setDocument. The default random bit source will be used to generate a signature.

Parameters:

pub - A DSA public key used to verify signatures.

priv - A DSA private key used to generate signatures.

See Also:

Signature.setDocument(byte[])

DSA

public DSA(DSAPublicKey pub,
   DSAPrivateKey priv,
   RandomBitsSource rbs)

Creates a new instance with the given parameters. In order to generate or verify a signature, the document must be set via setDocument.

Parameters:

pub - A DSA public key used to verify signatures.

priv - A DSA private key used to generate signatures.

rbs - A random bits source used to generate signatures.

See Also:

Signature.getDocument()

DSA

public DSA(DSAPublicKey pub,
   DSAPrivateKey priv,
   byte[] doc)
    throws SignatureException

Produces a signature on a document.

Parameters:

pub - A DSA public key used to verify signatures.

priv - A DSA private key used to generate signatures.

doc - The document to be signed.

Throws:

SignatureException

DSA

public DSA(DSAPublicKey pub,
   DSAPrivateKey priv,
   RandomBitsSource rbs,
   byte[] doc)
    throws SignatureException

Creates a new instance, and generates the signature for the given document with the given random bits source.

Parameters:

pub - A DSA public key used to verify signatures.

priv - A DSA private key used to generate signatures.

rbs - A random bits source used to generate signatures.

doc - The document to be signed.

Throws:

SignatureException

DSA

public DSA(DSAPrivateKey priv,
   byte[] doc)
    throws SignatureException

Creates a new instance, and generates the signature for the given document. The default random bit source will be used.

Parameters:

priv - A DSA private key used to generate signatures.

doc - The document to be signed.

Throws:

SignatureException

DSA

public DSA(DSAPrivateKey priv,
   RandomBitsSource rbs,
   byte[] doc)
    throws SignatureException

Creates a new instance, and generates the signature for the given document with the given random bits source.

Parameters:

priv - A DSA private key used to generate signatures.

rbs - A random bits source used to generate signatures.

doc - The document to be signed.

Throws:

SignatureException

DSA

public DSA(DSAPublicKey pubKey,
   byte[] sigBytes,
   byte[] doc)

Creates a new instance, and initializes for verification.

Parameters:

pub - A DSA public key used to verify signatures.

sigBytes - The signature bytes of the document to be verified.

doc - The document to be verified.

Method Detail

setAlgID

public void setAlgID(AlgorithmIdentifier algID)
              throws AlgorithmIdentifierException

Description copied from class: Signature

Sets the signature algorithm identifier to use,

Specified by:

setAlgID in class Signature

Parameters:

algID - The AlgorithmIdentifier to use to perform signature and verification.

Throws:

AlgorithmIdentifierException

getAlgID

public AlgorithmIdentifier getAlgID()

Description copied from class: Signature

Gets the algorithm identifier of this Signature object.

Specified by:

getAlgID in class Signature

Returns:

An AlgorithIdentifier object representing the signature algorithm of this instance.

getDigestEncryptionAlgID

public AlgorithmIdentifier getDigestEncryptionAlgID()

Description copied from class: Signature

Returns the algorithm identifier of the message digest encryption for this signature. All concrete subclasses should override this method.

Overrides:

getDigestEncryptionAlgID in class Signature

algName

public java.lang.String algName()

Returns the name of the algorithm.

Specified by:

algName in class Signature

Returns:

"DSA"

setHash

public void setHash(byte[] hash)

Sets the document digest to be used in the signature calculation, bypassing the digesting step. Calling this method sets the document to null.

Specified by:

setHash in class Signature

Parameters:

hash - The message digest.

See Also:

Signature.setDocument(byte[])

setPublicKey

public void setPublicKey(PublicKey publicKey)
                  throws InvalidKeyException

Sets the public key to be used for verification. The specified key must be an instance of DSAPublicKey.

Specified by:

setPublicKey in class Signature

Parameters:

publicKey - The public key used to verify the signature.

Throws:

InvalidKeyException

setPrivateKey

public void setPrivateKey(PrivateKey privateKey)
                   throws InvalidKeyException

Sets the private key to be used for signing. The specified key must be an instance of DSAPrivateKey.

Specified by:

setPrivateKey in class Signature

Parameters:

privateKey - The private key used to generate the signature.

Throws:

InvalidKeyException

setRandomBitsSource

public void setRandomBitsSource(RandomBitsSource rbs)

Sets the random bits source used to generate signatures.

Overrides:

setRandomBitsSource in class Signature

Parameters:

rbs - The random bits source to be used to generate signatures.

verify

public boolean verify()
               throws AuthenticationException

Verify that the signature matches the document. The signature, public key and document must first have been specified via setSigBytes, setPublicKey and setDocument, or an appropriate constructor.

Specified by:

verify in class Signature

Returns:

true if the signature is valid, and false if it is invalid

Throws:

AuthenticationException - If the verification could not be performed.

See Also:

Signature.setSigBytes(byte[]), setPublicKey(oracle.security.crypto.core.PublicKey), Signature.setDocument(byte[])

sign

public byte[] sign()
            throws SignatureException

Signs the document. The bytes of the signature are returned, and may also be retrieved via getSigBytes.

The document and private key must first have been specified via setDocument and setPrivateKey, or an appropriate constructor.

Specified by:

sign in class Signature

Returns:

the signature

Throws:

SignatureException - If the signature could not be generated.

See Also:

Signature.setDocument(byte[]), setPrivateKey(oracle.security.crypto.core.PrivateKey), Signature.getSigBytes()