return the X9ECParameters object for the named curve represented by
the passed in object identifier. Null if the curve isn't present.
@param oid an object identifier representing a named curve, if present.
return the object identifier signified by the passed in name. Null
if there is no object identifier associated with name.
@return the object identifier associated with name, if present.
return the named curve name represented by the given object identifier.
returns an enumeration containing the name strings for curves
contained in this structure.
Return the DER encoding of the object, null if the DER encoding can not be made.
@return a DER byte array, null otherwise.
Mutable class for building ASN.1 constructed objects such as SETs or SEQUENCEs.
a general purpose ASN.1 decoder - note: this class differs from the
others in that it returns null after it has read the last object in
the stream. If an ASN.1 Null is encountered a Der/BER Null object is
returned.
Create an ASN1InputStream based on the input byte array. The length of DER objects in
the stream is automatically limited to the length of the input array.
@param input array containing ASN.1 encoded data.
Create an ASN1InputStream where no DER object will be longer than limit.
@param input stream containing ASN.1 encoded data.
@param limit maximum size of a DER encoded object.
build an object given its tag and the number of bytes to construct it from.
A Null object.
Create a base ASN.1 object from a byte array.
The byte array to parse.
The base ASN.1 object represented by the byte array.
If there is a problem parsing the data, or parsing an object did not exhaust the available data.
Read a base ASN.1 object from a stream.
The stream to parse.
The base ASN.1 object represented by the byte array.
If there is a problem parsing the data.
return an Octet string from a tagged object.
@param obj the tagged object holding the object we want.
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
return an Octet string from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
@param string the octets making up the octet string.
return an Asn1Sequence from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Return an ASN1 sequence from a tagged object. There is a special
case here, if an object appears to have been explicitly tagged on
reading but we were expecting it to be implicitly tagged in the
normal course of events it indicates that we lost the surrounding
sequence - so we need to add it back (this will happen if the tagged
object is a sequence that contains other sequences). If you are
dealing with implicitly tagged sequences you really should
be using this method.
@param obj the tagged object.
@param explicitly true if the object is meant to be explicitly tagged,
false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
return the object at the sequence position indicated by index.
@param index the sequence number (starting at zero) of the object
@return the object at the sequence position indicated by index.
return an ASN1Set from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Return an ASN1 set from a tagged object. There is a special
case here, if an object appears to have been explicitly tagged on
reading but we were expecting it to be implicitly tagged in the
normal course of events it indicates that we lost the surrounding
set - so we need to add it back (this will happen if the tagged
object is a sequence that contains other sequences). If you are
dealing with implicitly tagged sets you really should
be using this method.
@param obj the tagged object.
@param explicitly true if the object is meant to be explicitly tagged
false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
return the object at the set position indicated by index.
@param index the set number (starting at zero) of the object
@return the object at the set position indicated by index.
ASN.1 TaggedObject - in ASN.1 notation this is any object preceded by
a [n] where n is some number - these are assumed to follow the construction
rules (as with sequences).
@param tagNo the tag number for this object.
@param obj the tagged object.
@param explicitly true if the object is explicitly tagged.
@param tagNo the tag number for this object.
@param obj the tagged object.
return whether or not the object may be explicitly tagged.
Note: if the object has been read from an input stream, the only
time you can be sure if isExplicit is returning the true state of
affairs is if it returns false. An implicitly tagged object may appear
to be explicitly tagged, so you need to understand the context under
which the reading was done as well, see GetObject below.
return whatever was following the tag.
Note: tagged objects are generally context dependent if you're
trying to extract a tagged object you should be going via the
appropriate GetInstance method.
Return the object held in this tagged object as a parser assuming it has
the type of the passed in tag. If the object doesn't have a parser
associated with it, the base object is returned.
iso.org.dod.internet.private.enterprise.legion-of-the-bouncy-castle
1.3.6.1.4.1.22554
pbe(1) algorithms
1.3.6.1.4.1.22554.1
SHA-1(1)
1.3.6.1.4.1.22554.1.1
SHA-2.SHA-256; 1.3.6.1.4.1.22554.1.2.1
SHA-2.SHA-384; 1.3.6.1.4.1.22554.1.2.2
SHA-2.SHA-512; 1.3.6.1.4.1.22554.1.2.3
SHA-2.SHA-224; 1.3.6.1.4.1.22554.1.2.4
PKCS-5(1)|PKCS-12(2)
SHA-1.PKCS5; 1.3.6.1.4.1.22554.1.1.1
SHA-1.PKCS12; 1.3.6.1.4.1.22554.1.1.2
SHA-256.PKCS12; 1.3.6.1.4.1.22554.1.2.1.1
SHA-256.PKCS12; 1.3.6.1.4.1.22554.1.2.1.2
AES(1) . (CBC-128(2)|CBC-192(22)|CBC-256(42))
1.3.6.1.4.1.22554.1.1.2.1.2
1.3.6.1.4.1.22554.1.1.2.1.22
1.3.6.1.4.1.22554.1.1.2.1.42
1.3.6.1.4.1.22554.1.1.2.2.2
1.3.6.1.4.1.22554.1.1.2.2.22
1.3.6.1.4.1.22554.1.1.2.2.42
signature(2) algorithms
Sphincs-256
XMSS
XMSS^MT
key_exchange(3) algorithms
NewHope
Extension to tie an alternate certificate to the containing certificate.
LinkedCertificate := SEQUENCE {
digest DigestInfo, -- digest of PQC certificate
certLocation GeneralName, -- location of PQC certificate
certIssuer [0] Name OPTIONAL, -- issuer of PQC cert (if different from current certificate)
cACerts [1] GeneralNames OPTIONAL, -- CA certificates for PQC cert (one of more locations)
}
A BER Null object.
return the DER octets that make up this string.
create an empty sequence
create a sequence containing one object
create a sequence containing a vector of objects.
create an empty sequence
create a set containing one object
create a set containing a vector of objects.
BER TaggedObject - in ASN.1 notation this is any object preceded by
a [n] where n is some number - these are assumed to follow the construction
rules (as with sequences).
@param tagNo the tag number for this object.
@param obj the tagged object.
@param explicitly true if an explicitly tagged object.
@param tagNo the tag number for this object.
@param obj the tagged object.
create an implicitly tagged object that contains a zero
length sequence.
See https://www.bsi.bund.de/cae/servlet/contentblob/471398/publicationFile/30615/BSI-TR-03111_pdf.pdf
0.4.0.127.0.7.1
ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963 OID: 0.4.0.127.0.7.1.1.5.1.1
ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963
with hash function SHA-1
OID: 0.4.0.127.0.7.1.1.5.1.1.1
ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963
with hash function SHA224
OID: 0.4.0.127.0.7.1.1.5.1.1.2
ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963
with hash function SHA256
OID: 0.4.0.127.0.7.1.1.5.1.1.3
ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963
with hash function SHA384
OID: 0.4.0.127.0.7.1.1.5.1.1.4
ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963
with hash function SHA512
OID: 0.4.0.127.0.7.1.1.5.1.1.5
ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963
with hash function RIPEMD160
OID: 0.4.0.127.0.7.1.1.5.1.1.6
Key Derivation Function for Session Keys
CAKeyUpdAnnContent ::= SEQUENCE {
oldWithNew CmpCertificate, -- old pub signed with new priv
newWithOld CmpCertificate, -- new pub signed with old priv
newWithNew CmpCertificate -- new pub signed with new priv
}
@return a basic ASN.1 object representation.
CertConfirmContent ::= SEQUENCE OF CertStatus
@return a basic ASN.1 object representation.
CertifiedKeyPair ::= SEQUENCE {
certOrEncCert CertOrEncCert,
privateKey [0] EncryptedValue OPTIONAL,
-- see [CRMF] for comment on encoding
publicationInfo [1] PKIPublicationInfo OPTIONAL
}
@return a basic ASN.1 object representation.
CertOrEncCert ::= CHOICE {
certificate [0] CMPCertificate,
encryptedCert [1] EncryptedValue
}
@return a basic ASN.1 object representation.
CertRepMessage ::= SEQUENCE {
caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL,
response SEQUENCE OF CertResponse
}
@return a basic ASN.1 object representation.
CertResponse ::= SEQUENCE {
certReqId INTEGER,
-- to match this response with corresponding request (a value
-- of -1 is to be used if certReqId is not specified in the
-- corresponding request)
status PKIStatusInfo,
certifiedKeyPair CertifiedKeyPair OPTIONAL,
rspInfo OCTET STRING OPTIONAL
-- analogous to the id-regInfo-utf8Pairs string defined
-- for regInfo in CertReqMsg [CRMF]
}
@return a basic ASN.1 object representation.
CertStatus ::= SEQUENCE {
certHash OCTET STRING,
-- the hash of the certificate, using the same hash algorithm
-- as is used to create and verify the certificate signature
certReqId INTEGER,
-- to match this confirmation with the corresponding req/rep
statusInfo PKIStatusInfo OPTIONAL
}
@return a basic ASN.1 object representation.
Challenge ::= SEQUENCE {
owf AlgorithmIdentifier OPTIONAL,
-- MUST be present in the first Challenge; MAY be omitted in
-- any subsequent Challenge in POPODecKeyChallContent (if
-- omitted, then the owf used in the immediately preceding
-- Challenge is to be used).
witness OCTET STRING,
-- the result of applying the one-way function (owf) to a
-- randomly-generated INTEGER, A. [Note that a different
-- INTEGER MUST be used for each Challenge.]
challenge OCTET STRING
-- the encryption (under the public key for which the cert.
-- request is being made) of Rand, where Rand is specified as
-- Rand ::= SEQUENCE {
-- int INTEGER,
-- - the randomly-generated INTEGER A (above)
-- sender GeneralName
-- - the sender's name (as included in PKIHeader)
-- }
}
@return a basic ASN.1 object representation.
Note: the addition of attribute certificates is a BC extension.
CMPCertificate ::= CHOICE {
x509v3PKCert Certificate
x509v2AttrCert [1] AttributeCertificate
}
Note: the addition of attribute certificates is a BC extension.
@return a basic ASN.1 object representation.
CrlAnnContent ::= SEQUENCE OF CertificateList
@return a basic ASN.1 object representation.
ErrorMsgContent ::= SEQUENCE {
pKIStatusInfo PKIStatusInfo,
errorCode INTEGER OPTIONAL,
-- implementation-specific error codes
errorDetails PKIFreeText OPTIONAL
-- implementation-specific error details
}
@return a basic ASN.1 object representation.
GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
@return a basic ASN.1 object representation.
GenRepContent ::= SEQUENCE OF InfoTypeAndValue
@return a basic ASN.1 object representation.
Example InfoTypeAndValue contents include, but are not limited
to, the following (un-comment in this ASN.1 module and use as
appropriate for a given environment):
id-it-caProtEncCert OBJECT IDENTIFIER ::= {id-it 1}
CAProtEncCertValue ::= CMPCertificate
id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2}
SignKeyPairTypesValue ::= SEQUENCE OF AlgorithmIdentifier
id-it-encKeyPairTypes OBJECT IDENTIFIER ::= {id-it 3}
EncKeyPairTypesValue ::= SEQUENCE OF AlgorithmIdentifier
id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4}
PreferredSymmAlgValue ::= AlgorithmIdentifier
id-it-caKeyUpdateInfo OBJECT IDENTIFIER ::= {id-it 5}
CAKeyUpdateInfoValue ::= CAKeyUpdAnnContent
id-it-currentCRL OBJECT IDENTIFIER ::= {id-it 6}
CurrentCRLValue ::= CertificateList
id-it-unsupportedOIDs OBJECT IDENTIFIER ::= {id-it 7}
UnsupportedOIDsValue ::= SEQUENCE OF OBJECT IDENTIFIER
id-it-keyPairParamReq OBJECT IDENTIFIER ::= {id-it 10}
KeyPairParamReqValue ::= OBJECT IDENTIFIER
id-it-keyPairParamRep OBJECT IDENTIFIER ::= {id-it 11}
KeyPairParamRepValue ::= AlgorithmIdentifer
id-it-revPassphrase OBJECT IDENTIFIER ::= {id-it 12}
RevPassphraseValue ::= EncryptedValue
id-it-implicitConfirm OBJECT IDENTIFIER ::= {id-it 13}
ImplicitConfirmValue ::= NULL
id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14}
ConfirmWaitTimeValue ::= GeneralizedTime
id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15}
OrigPKIMessageValue ::= PKIMessages
id-it-suppLangTags OBJECT IDENTIFIER ::= {id-it 16}
SuppLangTagsValue ::= SEQUENCE OF UTF8String
where
id-pkix OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
and
id-it OBJECT IDENTIFIER ::= {id-pkix 4}
InfoTypeAndValue ::= SEQUENCE {
infoType OBJECT IDENTIFIER,
infoValue ANY DEFINED BY infoType OPTIONAL
}
@return a basic ASN.1 object representation.
KeyRecRepContent ::= SEQUENCE {
status PKIStatusInfo,
newSigCert [0] CMPCertificate OPTIONAL,
caCerts [1] SEQUENCE SIZE (1..MAX) OF
CMPCertificate OPTIONAL,
keyPairHist [2] SEQUENCE SIZE (1..MAX) OF
CertifiedKeyPair OPTIONAL
}
@return a basic ASN.1 object representation.
OobCertHash ::= SEQUENCE {
hashAlg [0] AlgorithmIdentifier OPTIONAL,
certId [1] CertId OPTIONAL,
hashVal BIT STRING
-- hashVal is calculated over the Der encoding of the
-- self-signed certificate with the identifier certID.
}
@return a basic ASN.1 object representation.
PbmParameter ::= SEQUENCE {
salt OCTET STRING,
-- note: implementations MAY wish to limit acceptable sizes
-- of this string to values appropriate for their environment
-- in order to reduce the risk of denial-of-service attacks
owf AlgorithmIdentifier,
-- AlgId for a One-Way Function (SHA-1 recommended)
iterationCount INTEGER,
-- number of times the OWF is applied
-- note: implementations MAY wish to limit acceptable sizes
-- of this integer to values appropriate for their environment
-- in order to reduce the risk of denial-of-service attacks
mac AlgorithmIdentifier
-- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
} -- or HMAC [RFC2104, RFC2202])
@return a basic ASN.1 object representation.
Creates a new PkiBody.
@param type one of the TYPE_* constants
@param content message content
PkiBody ::= CHOICE { -- message-specific body elements
ir [0] CertReqMessages, --Initialization Request
ip [1] CertRepMessage, --Initialization Response
cr [2] CertReqMessages, --Certification Request
cp [3] CertRepMessage, --Certification Response
p10cr [4] CertificationRequest, --imported from [PKCS10]
popdecc [5] POPODecKeyChallContent, --pop Challenge
popdecr [6] POPODecKeyRespContent, --pop Response
kur [7] CertReqMessages, --Key Update Request
kup [8] CertRepMessage, --Key Update Response
krr [9] CertReqMessages, --Key Recovery Request
krp [10] KeyRecRepContent, --Key Recovery Response
rr [11] RevReqContent, --Revocation Request
rp [12] RevRepContent, --Revocation Response
ccr [13] CertReqMessages, --Cross-Cert. Request
ccp [14] CertRepMessage, --Cross-Cert. Response
ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann.
cann [16] CertAnnContent, --Certificate Ann.
rann [17] RevAnnContent, --Revocation Ann.
crlann [18] CRLAnnContent, --CRL Announcement
pkiconf [19] PKIConfirmContent, --Confirmation
nested [20] NestedMessageContent, --Nested Message
genm [21] GenMsgContent, --General Message
genp [22] GenRepContent, --General Response
error [23] ErrorMsgContent, --Error Message
certConf [24] CertConfirmContent, --Certificate confirm
pollReq [25] PollReqContent, --Polling request
pollRep [26] PollRepContent --Polling response
}
@return a basic ASN.1 object representation.
PkiConfirmContent ::= NULL
@return a basic ASN.1 object representation.
PKIFailureInfo ::= BIT STRING {
badAlg (0),
-- unrecognized or unsupported Algorithm Identifier
badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
badRequest (2),
-- transaction not permitted or supported
badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
badCertId (4), -- no certificate could be found matching the provided criteria
badDataFormat (5),
-- the data submitted has the wrong format
wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
incorrectData (7), -- the requester's data is incorrect (for notary services)
missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
badPOP (9) -- the proof-of-possession failed
certRevoked (10),
certConfirmed (11),
wrongIntegrity (12),
badRecipientNonce (13),
timeNotAvailable (14),
-- the TSA's time source is not available
unacceptedPolicy (15),
-- the requested TSA policy is not supported by the TSA
unacceptedExtension (16),
-- the requested extension is not supported by the TSA
addInfoNotAvailable (17)
-- the additional information requested could not be understood
-- or is not available
badSenderNonce (18),
badCertTemplate (19),
signerNotTrusted (20),
transactionIdInUse (21),
unsupportedVersion (22),
notAuthorized (23),
systemUnavail (24),
systemFailure (25),
-- the request cannot be handled due to system failure
duplicateCertReq (26)
Basic constructor.
Return the number of string elements present.
@return number of elements present.
Return the UTF8STRING at index.
@param index index of the string of interest
@return the string at index.
PkiFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
Value for a "null" recipient or sender.
PkiHeader ::= SEQUENCE {
pvno INTEGER { cmp1999(1), cmp2000(2) },
sender GeneralName,
-- identifies the sender
recipient GeneralName,
-- identifies the intended recipient
messageTime [0] GeneralizedTime OPTIONAL,
-- time of production of this message (used when sender
-- believes that the transport will be "suitable"; i.e.,
-- that the time will still be meaningful upon receipt)
protectionAlg [1] AlgorithmIdentifier OPTIONAL,
-- algorithm used for calculation of protection bits
senderKID [2] KeyIdentifier OPTIONAL,
recipKID [3] KeyIdentifier OPTIONAL,
-- to identify specific keys used for protection
transactionID [4] OCTET STRING OPTIONAL,
-- identifies the transaction; i.e., this will be the same in
-- corresponding request, response, certConf, and PKIConf
-- messages
senderNonce [5] OCTET STRING OPTIONAL,
recipNonce [6] OCTET STRING OPTIONAL,
-- nonces used to provide replay protection, senderNonce
-- is inserted by the creator of this message; recipNonce
-- is a nonce previously inserted in a related message by
-- the intended recipient of this message
freeText [7] PKIFreeText OPTIONAL,
-- this may be used to indicate context-specific instructions
-- (this field is intended for human consumption)
generalInfo [8] SEQUENCE SIZE (1..MAX) OF
InfoTypeAndValue OPTIONAL
-- this may be used to convey context-specific information
-- (this field not primarily intended for human consumption)
}
@return a basic ASN.1 object representation.
PKIHeader ::= SEQUENCE {
pvno INTEGER { cmp1999(1), cmp2000(2) },
sender GeneralName,
-- identifies the sender
recipient GeneralName,
-- identifies the intended recipient
messageTime [0] GeneralizedTime OPTIONAL,
-- time of production of this message (used when sender
-- believes that the transport will be "suitable"; i.e.,
-- that the time will still be meaningful upon receipt)
protectionAlg [1] AlgorithmIdentifier OPTIONAL,
-- algorithm used for calculation of protection bits
senderKID [2] KeyIdentifier OPTIONAL,
recipKID [3] KeyIdentifier OPTIONAL,
-- to identify specific keys used for protection
transactionID [4] OCTET STRING OPTIONAL,
-- identifies the transaction; i.e., this will be the same in
-- corresponding request, response, certConf, and PKIConf
-- messages
senderNonce [5] OCTET STRING OPTIONAL,
recipNonce [6] OCTET STRING OPTIONAL,
-- nonces used to provide replay protection, senderNonce
-- is inserted by the creator of this message; recipNonce
-- is a nonce previously inserted in a related message by
-- the intended recipient of this message
freeText [7] PKIFreeText OPTIONAL,
-- this may be used to indicate context-specific instructions
-- (this field is intended for human consumption)
generalInfo [8] SEQUENCE SIZE (1..MAX) OF
InfoTypeAndValue OPTIONAL
-- this may be used to convey context-specific information
-- (this field not primarily intended for human consumption)
}
@return a basic ASN.1 object representation.
Creates a new PkiMessage.
@param header message header
@param body message body
@param protection message protection (may be null)
@param extraCerts extra certificates (may be null)
PkiMessage ::= SEQUENCE {
header PKIHeader,
body PKIBody,
protection [0] PKIProtection OPTIONAL,
extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL
}
@return a basic ASN.1 object representation.
PkiMessages ::= SEQUENCE SIZE (1..MAX) OF PkiMessage
@return a basic ASN.1 object representation.
@param status
@param status
@param statusString
PkiStatusInfo ::= SEQUENCE {
status PKIStatus, (INTEGER)
statusString PkiFreeText OPTIONAL,
failInfo PkiFailureInfo OPTIONAL (BIT STRING)
}
PKIStatus:
granted (0), -- you got exactly what you asked for
grantedWithMods (1), -- you got something like what you asked for
rejection (2), -- you don't get it, more information elsewhere in the message
waiting (3), -- the request body part has not yet been processed, expect to hear more later
revocationWarning (4), -- this message contains a warning that a revocation is imminent
revocationNotification (5), -- notification that a revocation has occurred
keyUpdateWarning (6) -- update already done for the oldCertId specified in CertReqMsg
PkiFailureInfo:
badAlg (0), -- unrecognized or unsupported Algorithm Identifier
badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
badRequest (2), -- transaction not permitted or supported
badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
badCertId (4), -- no certificate could be found matching the provided criteria
badDataFormat (5), -- the data submitted has the wrong format
wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
incorrectData (7), -- the requester's data is incorrect (for notary services)
missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
badPOP (9) -- the proof-of-possession failed
PollRepContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER,
checkAfter INTEGER, -- time in seconds
reason PKIFreeText OPTIONAL
}
@return a basic ASN.1 object representation.
PollReqContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER
}
@return a basic ASN.1 object representation.
PopoDecKeyChallContent ::= SEQUENCE OF Challenge
@return a basic ASN.1 object representation.
PopoDecKeyRespContent ::= SEQUENCE OF INTEGER
@return a basic ASN.1 object representation.
ProtectedPart ::= SEQUENCE {
header PKIHeader,
body PKIBody
}
@return a basic ASN.1 object representation.
RevAnnContent ::= SEQUENCE {
status PKIStatus,
certId CertId,
willBeRevokedAt GeneralizedTime,
badSinceDate GeneralizedTime,
crlDetails Extensions OPTIONAL
-- extra CRL details (e.g., crl number, reason, location, etc.)
}
@return a basic ASN.1 object representation.
RevDetails ::= SEQUENCE {
certDetails CertTemplate,
-- allows requester to specify as much as they can about
-- the cert. for which revocation is requested
-- (e.g., for cases in which serialNumber is not available)
crlEntryDetails Extensions OPTIONAL
-- requested crlEntryExtensions
}
@return a basic ASN.1 object representation.
RevRepContent ::= SEQUENCE {
status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
-- in same order as was sent in RevReqContent
revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
-- IDs for which revocation was requested
-- (same order as status)
crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
-- the resulting CRLs (there may be more than one)
}
@return a basic ASN.1 object representation.
RevReqContent ::= SEQUENCE OF RevDetails
@return a basic ASN.1 object representation.
return an Attribute object from the given object.
@param o the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
Attribute ::= SEQUENCE {
attrType OBJECT IDENTIFIER,
attrValues SET OF AttributeValue
}
Attributes ::=
SET SIZE(1..MAX) OF Attribute -- according to RFC 5652
@return
Return the first attribute matching the given OBJECT IDENTIFIER
Return all the attributes matching the OBJECT IDENTIFIER oid. The vector will be
empty if there are no attributes of the required type present.
@param oid type of attribute required.
@return a vector of all the attributes found of type oid.
Return a new table with the passed in attribute added.
@param attrType
@param attrValue
@return
return an AuthenticatedData object from a tagged object.
@param obj the tagged object holding the object we want.
@param isExplicit true if the object is meant to be explicitly
tagged false otherwise.
@throws ArgumentException if the object held by the
tagged object cannot be converted.
return an AuthenticatedData object from the given object.
@param obj the object we want converted.
@throws ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
AuthenticatedData ::= SEQUENCE {
version CMSVersion,
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos,
macAlgorithm MessageAuthenticationCodeAlgorithm,
digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
encapContentInfo EncapsulatedContentInfo,
authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
mac MessageAuthenticationCode,
unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
MessageAuthenticationCode ::= OCTET STRING
Produce an object suitable for an Asn1OutputStream.
AuthenticatedData ::= SEQUENCE {
version CMSVersion,
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos,
macAlgorithm MessageAuthenticationCodeAlgorithm,
digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
encapContentInfo EncapsulatedContentInfo,
authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
mac MessageAuthenticationCode,
unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
MessageAuthenticationCode ::= OCTET STRING
return an AuthEnvelopedData object from a tagged object.
@param obj the tagged object holding the object we want.
@param isExplicit true if the object is meant to be explicitly
tagged false otherwise.
@throws ArgumentException if the object held by the
tagged object cannot be converted.
return an AuthEnvelopedData object from the given object.
@param obj the object we want converted.
@throws ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
AuthEnvelopedData ::= SEQUENCE {
version CMSVersion,
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos,
authEncryptedContentInfo EncryptedContentInfo,
authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
mac MessageAuthenticationCode,
unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
Produce an object suitable for an Asn1OutputStream.
AuthEnvelopedData ::= SEQUENCE {
version CMSVersion,
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos,
authEncryptedContentInfo EncryptedContentInfo,
authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
mac MessageAuthenticationCode,
unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
The other Revocation Info arc
id-ri OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7) ri(16) }
RFC 3274 - CMS Compressed Data.
CompressedData ::= Sequence {
version CMSVersion,
compressionAlgorithm CompressionAlgorithmIdentifier,
encapContentInfo EncapsulatedContentInfo
}
return a CompressedData object from a tagged object.
@param ato the tagged object holding the object we want.
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return a CompressedData object from the given object.
@param _obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
RFC 3274 - CMS Compressed Data.
CompressedData ::= SEQUENCE {
version CMSVersion,
compressionAlgorithm CompressionAlgorithmIdentifier,
encapContentInfo EncapsulatedContentInfo
}
Produce an object suitable for an Asn1OutputStream.
ContentInfo ::= Sequence {
contentType ContentType,
content
[0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
Produce an object suitable for an Asn1OutputStream.
ContentInfo ::= SEQUENCE {
contentType ContentType,
content
[0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
return an AuthEnvelopedData object from a tagged object.
@param obj the tagged object holding the object we want.
@param isExplicit true if the object is meant to be explicitly
tagged false otherwise.
@throws ArgumentException if the object held by the
tagged object cannot be converted.
return an AuthEnvelopedData object from the given object.
@param obj the object we want converted.
@throws ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
MQVuserKeyingMaterial ::= SEQUENCE {
ephemeralPublicKey OriginatorPublicKey,
addedukm [0] EXPLICIT UserKeyingMaterial OPTIONAL }
return an EncryptedContentInfo object from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
EncryptedContentInfo ::= Sequence {
contentType ContentType,
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
}
EncryptedContentInfo ::= SEQUENCE {
contentType ContentType,
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
}
EncryptedData ::= SEQUENCE {
version CMSVersion,
encryptedContentInfo EncryptedContentInfo,
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
@return a basic ASN.1 object representation.
return an EnvelopedData object from a tagged object.
@param obj the tagged object holding the object we want.
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return an EnvelopedData object from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
EnvelopedData ::= Sequence {
version CMSVersion,
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos,
encryptedContentInfo EncryptedContentInfo,
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
}
Produce an object suitable for an Asn1OutputStream.
EnvelopedData ::= SEQUENCE {
version CMSVersion,
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos,
encryptedContentInfo EncryptedContentInfo,
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
}
return a KekIdentifier object from a tagged object.
@param obj the tagged object holding the object we want.
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return a KekIdentifier object from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
KekIdentifier ::= Sequence {
keyIdentifier OCTET STRING,
date GeneralizedTime OPTIONAL,
other OtherKeyAttribute OPTIONAL
}
return a KekRecipientInfo object from a tagged object.
@param obj the tagged object holding the object we want.
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return a KekRecipientInfo object from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
KekRecipientInfo ::= Sequence {
version CMSVersion, -- always set to 4
kekID KekIdentifier,
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
encryptedKey EncryptedKey
}
return an KeyAgreeRecipientIdentifier object from a tagged object.
@param obj the tagged object holding the object we want.
@param isExplicit true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return an KeyAgreeRecipientIdentifier object from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
KeyAgreeRecipientIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
rKeyId [0] IMPLICIT RecipientKeyIdentifier
}
return a KeyAgreeRecipientInfo object from a tagged object.
@param obj the tagged object holding the object we want.
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return a KeyAgreeRecipientInfo object from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
* Produce an object suitable for an Asn1OutputStream.
*
* KeyAgreeRecipientInfo ::= Sequence {
* version CMSVersion, -- always set to 3
* originator [0] EXPLICIT OriginatorIdentifierOrKey,
* ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
* keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
* recipientEncryptedKeys RecipientEncryptedKeys
* }
*
* UserKeyingMaterial ::= OCTET STRING
*
return a KeyTransRecipientInfo object from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
KeyTransRecipientInfo ::= Sequence {
version CMSVersion, -- always set to 0 or 2
rid RecipientIdentifier,
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
encryptedKey EncryptedKey
}
MetaData ::= SEQUENCE {
hashProtected BOOLEAN,
fileName UTF8String OPTIONAL,
mediaType IA5String OPTIONAL,
otherMetaData Attributes OPTIONAL
}
@return
return an OriginatorIdentifierOrKey object from a tagged object.
@param o the tagged object holding the object we want.
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return an OriginatorIdentifierOrKey object from the given object.
@param o the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
OriginatorIdentifierOrKey ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] SubjectKeyIdentifier,
originatorKey [1] OriginatorPublicKey
}
SubjectKeyIdentifier ::= OCTET STRING
return an OriginatorInfo object from a tagged object.
@param obj the tagged object holding the object we want.
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return an OriginatorInfo object from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
OriginatorInfo ::= Sequence {
certs [0] IMPLICIT CertificateSet OPTIONAL,
crls [1] IMPLICIT CertificateRevocationLists OPTIONAL
}
return an OriginatorPublicKey object from a tagged object.
@param obj the tagged object holding the object we want.
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return an OriginatorPublicKey object from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
OriginatorPublicKey ::= Sequence {
algorithm AlgorithmIdentifier,
publicKey BIT STRING
}
return an OtherKeyAttribute object from the given object.
@param o the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
OtherKeyAttribute ::= Sequence {
keyAttrId OBJECT IDENTIFIER,
keyAttr ANY DEFINED BY keyAttrId OPTIONAL
}
return a OtherRecipientInfo object from a tagged object.
@param obj the tagged object holding the object we want.
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return a OtherRecipientInfo object from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
OtherRecipientInfo ::= Sequence {
oriType OBJECT IDENTIFIER,
oriValue ANY DEFINED BY oriType }
return a OtherRevocationInfoFormat object from a tagged object.
@param obj the tagged object holding the object we want.
@param explicit true if the object is meant to be explicitly
tagged false otherwise.
@exception IllegalArgumentException if the object held by the
tagged object cannot be converted.
return a OtherRevocationInfoFormat object from the given object.
@param obj the object we want converted.
@exception IllegalArgumentException if the object cannot be converted.
Produce an object suitable for an ASN1OutputStream.
OtherRevocationInfoFormat ::= SEQUENCE {
otherRevInfoFormat OBJECT IDENTIFIER,
otherRevInfo ANY DEFINED BY otherRevInfoFormat }
return a PasswordRecipientInfo object from a tagged object.
@param obj the tagged object holding the object we want.
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return a PasswordRecipientInfo object from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
PasswordRecipientInfo ::= Sequence {
version CMSVersion, -- Always set to 0
keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
OPTIONAL,
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
encryptedKey EncryptedKey }
return an RecipientEncryptedKey object from a tagged object.
@param obj the tagged object holding the object we want.
@param isExplicit true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return a RecipientEncryptedKey object from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
RecipientEncryptedKey ::= SEQUENCE {
rid KeyAgreeRecipientIdentifier,
encryptedKey EncryptedKey
}
return a RecipientIdentifier object from the given object.
@param o the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
RecipientIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] SubjectKeyIdentifier
}
SubjectKeyIdentifier ::= OCTET STRING
Produce an object suitable for an Asn1OutputStream.
RecipientInfo ::= CHOICE {
ktri KeyTransRecipientInfo,
kari [1] KeyAgreeRecipientInfo,
kekri [2] KekRecipientInfo,
pwri [3] PasswordRecipientInfo,
ori [4] OtherRecipientInfo }
return a RecipientKeyIdentifier object from a tagged object.
@param _ato the tagged object holding the object we want.
@param _explicit true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the object held by the
tagged object cannot be converted.
return a RecipientKeyIdentifier object from the given object.
@param _obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
RecipientKeyIdentifier ::= Sequence {
subjectKeyIdentifier SubjectKeyIdentifier,
date GeneralizedTime OPTIONAL,
other OtherKeyAttribute OPTIONAL
}
SubjectKeyIdentifier ::= OCTET STRING
ScvpReqRes ::= SEQUENCE {
request [0] EXPLICIT ContentInfo OPTIONAL,
response ContentInfo }
@return the ASN.1 primitive representation.
a signed data object.
Produce an object suitable for an Asn1OutputStream.
SignedData ::= Sequence {
version CMSVersion,
digestAlgorithms DigestAlgorithmIdentifiers,
encapContentInfo EncapsulatedContentInfo,
certificates [0] IMPLICIT CertificateSet OPTIONAL,
crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
signerInfos SignerInfos
}
SignedData ::= SEQUENCE {
version CMSVersion,
digestAlgorithms DigestAlgorithmIdentifiers,
encapContentInfo EncapsulatedContentInfo,
certificates [0] IMPLICIT CertificateSet OPTIONAL,
crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
signerInfos SignerInfos
}
return a SignerIdentifier object from the given object.
@param o the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
SignerIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] SubjectKeyIdentifier
}
SubjectKeyIdentifier ::= OCTET STRING
Produce an object suitable for an Asn1OutputStream.
SignerInfo ::= Sequence {
version Version,
SignerIdentifier sid,
digestAlgorithm DigestAlgorithmIdentifier,
authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
encryptedDigest EncryptedDigest,
unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
}
EncryptedDigest ::= OCTET STRING
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
creates a time object from a given date - if the date is between 1950
and 2049 a UTCTime object is Generated, otherwise a GeneralizedTime
is used.
Produce an object suitable for an Asn1OutputStream.
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
TimeStampAndCRL ::= SEQUENCE {
timeStamp TimeStampToken, -- according to RFC 3161
crl CertificateList OPTIONAL -- according to RFC 5280
}
@return
TimeStampedData ::= SEQUENCE {
version INTEGER { v1(1) },
dataUri IA5String OPTIONAL,
metaData MetaData OPTIONAL,
content OCTET STRING OPTIONAL,
temporalEvidence Evidence
}
@return
TimeStampTokenEvidence ::=
SEQUENCE SIZE(1..MAX) OF TimeStampAndCrl
@return
AttributeTypeAndValue ::= SEQUENCE {
type OBJECT IDENTIFIER,
value ANY DEFINED BY type }
@return a basic ASN.1 object representation.
CertId ::= SEQUENCE {
issuer GeneralName,
serialNumber INTEGER }
@return a basic ASN.1 object representation.
CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
@return a basic ASN.1 object representation.
Creates a new CertReqMsg.
@param certReq CertRequest
@param popo may be null
@param regInfo may be null
CertReqMsg ::= SEQUENCE {
certReq CertRequest,
pop ProofOfPossession OPTIONAL,
-- content depends upon key type
regInfo SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL }
@return a basic ASN.1 object representation.
CertRequest ::= SEQUENCE {
certReqId INTEGER, -- ID for matching request and reply
certTemplate CertTemplate, -- Selected fields of cert to be issued
controls Controls OPTIONAL } -- Attributes affecting issuance
@return a basic ASN.1 object representation.
CertTemplate ::= SEQUENCE {
version [0] Version OPTIONAL,
serialNumber [1] INTEGER OPTIONAL,
signingAlg [2] AlgorithmIdentifier OPTIONAL,
issuer [3] Name OPTIONAL,
validity [4] OptionalValidity OPTIONAL,
subject [5] Name OPTIONAL,
publicKey [6] SubjectPublicKeyInfo OPTIONAL,
issuerUID [7] UniqueIdentifier OPTIONAL,
subjectUID [8] UniqueIdentifier OPTIONAL,
extensions [9] Extensions OPTIONAL }
@return a basic ASN.1 object representation.
Sets the X.509 version. Note: for X509v3, use 2 here.
Sets the issuer unique ID (deprecated in X.509v3)
Sets the subject unique ID (deprecated in X.509v3)
CertTemplate ::= SEQUENCE {
version [0] Version OPTIONAL,
serialNumber [1] INTEGER OPTIONAL,
signingAlg [2] AlgorithmIdentifier OPTIONAL,
issuer [3] Name OPTIONAL,
validity [4] OptionalValidity OPTIONAL,
subject [5] Name OPTIONAL,
publicKey [6] SubjectPublicKeyInfo OPTIONAL,
issuerUID [7] UniqueIdentifier OPTIONAL,
subjectUID [8] UniqueIdentifier OPTIONAL,
extensions [9] Extensions OPTIONAL }
@return a basic ASN.1 object representation.
Controls ::= SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue
@return a basic ASN.1 object representation.
EncKeyWithID ::= SEQUENCE {
privateKey PrivateKeyInfo,
identifier CHOICE {
string UTF8String,
generalName GeneralName
} OPTIONAL
}
@return
EncryptedKey ::= CHOICE {
encryptedValue EncryptedValue, -- deprecated
envelopedData [0] EnvelopedData }
-- The encrypted private key MUST be placed in the envelopedData
-- encryptedContentInfo encryptedContent OCTET STRING.
EncryptedValue ::= SEQUENCE {
intendedAlg [0] AlgorithmIdentifier OPTIONAL,
-- the intended algorithm for which the value will be used
symmAlg [1] AlgorithmIdentifier OPTIONAL,
-- the symmetric algorithm used to encrypt the value
encSymmKey [2] BIT STRING OPTIONAL,
-- the (encrypted) symmetric key used to encrypt the value
keyAlg [3] AlgorithmIdentifier OPTIONAL,
-- algorithm used to encrypt the symmetric key
valueHint [4] OCTET STRING OPTIONAL,
-- a brief description or identifier of the encValue content
-- (may be meaningful only to the sending entity, and used only
-- if EncryptedValue might be re-examined by the sending entity
-- in the future)
encValue BIT STRING }
-- the encrypted value itself
@return a basic ASN.1 object representation.
OptionalValidity ::= SEQUENCE {
notBefore [0] Time OPTIONAL,
notAfter [1] Time OPTIONAL } --at least one MUST be present
@return a basic ASN.1 object representation.
PkiArchiveOptions ::= CHOICE {
encryptedPrivKey [0] EncryptedKey,
-- the actual value of the private key
keyGenParameters [1] KeyGenParameters,
-- parameters which allow the private key to be re-generated
archiveRemGenPrivKey [2] BOOLEAN }
-- set to TRUE if sender wishes receiver to archive the private
-- key of a key pair that the receiver generates in response to
-- this request; set to FALSE if no archival is desired.
PkiPublicationInfo ::= SEQUENCE {
action INTEGER {
dontPublish (0),
pleasePublish (1) },
pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
-- pubInfos MUST NOT be present if action is "dontPublish"
-- (if action is "pleasePublish" and pubInfos is omitted,
-- "dontCare" is assumed)
@return a basic ASN.1 object representation.
Password-based MAC value for use with POPOSigningKeyInput.
Creates a new PKMACValue.
@param params parameters for password-based MAC
@param value MAC of the DER-encoded SubjectPublicKeyInfo
Creates a new PKMACValue.
@param aid CMPObjectIdentifiers.passwordBasedMAC, with PBMParameter
@param value MAC of the DER-encoded SubjectPublicKeyInfo
PKMACValue ::= SEQUENCE {
algId AlgorithmIdentifier,
-- algorithm value shall be PasswordBasedMac 1.2.840.113533.7.66.13
-- parameter value is PBMParameter
value BIT STRING }
@return a basic ASN.1 object representation.
PopoPrivKey ::= CHOICE {
thisMessage [0] BIT STRING, -- Deprecated
-- possession is proven in this message (which contains the private
-- key itself (encrypted for the CA))
subsequentMessage [1] SubsequentMessage,
-- possession will be proven in a subsequent message
dhMAC [2] BIT STRING, -- Deprecated
agreeMAC [3] PKMACValue,
encryptedKey [4] EnvelopedData }
Creates a new Proof of Possession object for a signing key.
@param poposkIn the PopoSigningKeyInput structure, or null if the
CertTemplate includes both subject and publicKey values.
@param aid the AlgorithmIdentifier used to sign the proof of possession.
@param signature a signature over the DER-encoded value of poposkIn,
or the DER-encoded value of certReq if poposkIn is null.
PopoSigningKey ::= SEQUENCE {
poposkInput [0] PopoSigningKeyInput OPTIONAL,
algorithmIdentifier AlgorithmIdentifier,
signature BIT STRING }
-- The signature (using "algorithmIdentifier") is on the
-- DER-encoded value of poposkInput. NOTE: If the CertReqMsg
-- certReq CertTemplate contains the subject and publicKey values,
-- then poposkInput MUST be omitted and the signature MUST be
-- computed on the DER-encoded value of CertReqMsg certReq. If
-- the CertReqMsg certReq CertTemplate does not contain the public
-- key and subject values, then poposkInput MUST be present and
-- MUST be signed. This strategy ensures that the public key is
-- not present in both the poposkInput and CertReqMsg certReq
-- CertTemplate fields.
@return a basic ASN.1 object representation.
Creates a new PopoSigningKeyInput with sender name as authInfo.
Creates a new PopoSigningKeyInput using password-based MAC.
Returns the sender field, or null if authInfo is publicKeyMac
Returns the publicKeyMac field, or null if authInfo is sender
PopoSigningKeyInput ::= SEQUENCE {
authInfo CHOICE {
sender [0] GeneralName,
-- used only if an authenticated identity has been
-- established for the sender (e.g., a DN from a
-- previously-issued and currently-valid certificate
publicKeyMac PKMacValue },
-- used if no authenticated GeneralName currently exists for
-- the sender; publicKeyMac contains a password-based MAC
-- on the DER-encoded value of publicKey
publicKey SubjectPublicKeyInfo } -- from CertTemplate
@return a basic ASN.1 object representation.
Creates a ProofOfPossession with type raVerified.
Creates a ProofOfPossession for a signing key.
Creates a ProofOfPossession for key encipherment or agreement.
@param type one of TYPE_KEY_ENCIPHERMENT or TYPE_KEY_AGREEMENT
ProofOfPossession ::= CHOICE {
raVerified [0] NULL,
-- used if the RA has already verified that the requester is in
-- possession of the private key
signature [1] PopoSigningKey,
keyEncipherment [2] PopoPrivKey,
keyAgreement [3] PopoPrivKey }
@return a basic ASN.1 object representation.
SinglePubInfo ::= SEQUENCE {
pubMethod INTEGER {
dontCare (0),
x500 (1),
web (2),
ldap (3) },
pubLocation GeneralName OPTIONAL }
@return a basic ASN.1 object representation.
Table of the available named parameters for GOST 3410-2001 / 2012.
return the ECDomainParameters object for the given OID, null if it
isn't present.
@param oid an object identifier representing a named parameters, if present.
returns an enumeration containing the name strings for curves
contained in this structure.
return the named curve name represented by the given object identifier.
Gost28147-89-Parameters ::=
SEQUENCE {
iv Gost28147-89-IV,
encryptionParamSet OBJECT IDENTIFIER
}
Gost28147-89-IV ::= OCTET STRING (SIZE (8))
table of the available named parameters for GOST 3410-94.
return the GOST3410ParamSetParameters object for the given OID, null if it
isn't present.
@param oid an object identifier representing a named parameters, if present.
returns an enumeration containing the name strings for parameters
contained in this structure.
Base class for an application specific object
Return the enclosed object assuming explicit tagging.
@return the resulting object
@throws IOException if reconstruction fails.
Return the enclosed object assuming implicit tagging.
@param derTagNo the type tag that should be applied to the object's contents.
@return the resulting object
@throws IOException if reconstruction fails.
return a Bit string from the passed in object
@exception ArgumentException if the object cannot be converted.
return a Bit string from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
@param data the octets making up the bit string.
@param padBits the number of extra bits at the end of the string.
Return the octets contained in this BIT STRING, checking that this BIT STRING really
does represent an octet aligned string. Only use this method when the standard you are
following dictates that the BIT STRING will be octet aligned.
@return a copy of the octet aligned data.
@return the value of the bit string as an int (truncating if necessary)
Der BMPString object.
return a BMP string from the given object.
@param obj the object we want converted.
@exception ArgumentException if the object cannot be converted.
return a BMP string from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
basic constructor - byte encoded string.
basic constructor
return a bool from the passed in object.
@exception ArgumentException if the object cannot be converted.
return a DerBoolean from the passed in bool.
return a Boolean from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
return an integer from the passed in object
@exception ArgumentException if the object cannot be converted.
return an Enumerated from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
Class representing the DER-type External
Creates a new instance of DerExternal
See X.690 for more informations about the meaning of these parameters
@param directReference The direct reference or null if not set.
@param indirectReference The indirect reference or null if not set.
@param dataValueDescriptor The data value descriptor or null if not set.
@param externalData The external data in its encoded form.
Creates a new instance of DerExternal.
See X.690 for more informations about the meaning of these parameters
@param directReference The direct reference or null if not set.
@param indirectReference The indirect reference or null if not set.
@param dataValueDescriptor The data value descriptor or null if not set.
@param encoding The encoding to be used for the external data
@param externalData The external data
The encoding of the content. Valid values are
0 single-ASN1-type1 OCTET STRING2 BIT STRING
Generalized time object.
return a generalized time from the passed in object
@exception ArgumentException if the object cannot be converted.
return a Generalized Time object from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
The correct format for this is YYYYMMDDHHMMSS[.f]Z, or without the Z
for local time, or Z+-HHMM on the end, for difference between local
time and UTC time. The fractional second amount f must consist of at
least one number with trailing zeroes removed.
@param time the time string.
@exception ArgumentException if string is an illegal format.
base constructor from a local time object
Return the time.
@return The time string as it appeared in the encoded object.
return the time - always in the form of
YYYYMMDDhhmmssGMT(+hh:mm|-hh:mm).
Normally in a certificate we would expect "Z" rather than "GMT",
however adding the "GMT" means we can just use:
dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
To read in the time and Get a date which is compatible with our local
time zone.
return a Graphic String from the passed in object
@param obj a DerGraphicString or an object that can be converted into one.
@exception IllegalArgumentException if the object cannot be converted.
@return a DerGraphicString instance, or null.
return a Graphic String from a tagged object.
@param obj the tagged object holding the object we want
@param explicit true if the object is meant to be explicitly
tagged false otherwise.
@exception IllegalArgumentException if the tagged object cannot
be converted.
@return a DerGraphicString instance, or null.
basic constructor - with bytes.
@param string the byte encoding of the characters making up the string.
Der IA5String object - this is an ascii string.
return a IA5 string from the passed in object
@exception ArgumentException if the object cannot be converted.
return an IA5 string from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
basic constructor - with bytes.
basic constructor - without validation.
Constructor with optional validation.
@param string the base string to wrap.
@param validate whether or not to check the string.
@throws ArgumentException if validate is true and the string
contains characters that should not be in an IA5String.
return true if the passed in String can be represented without
loss as an IA5String, false otherwise.
@return true if in printable set, false otherwise.
return an integer from the passed in object
@exception ArgumentException if the object cannot be converted.
return an Integer from a tagged object.
@param obj the tagged object holding the object we want
@param isExplicit true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
in some cases positive values Get crammed into a space,
that's not quite big enough...
Apply the correct validation for an INTEGER primitive following the BER rules.
@param bytes The raw encoding of the integer.
@return true if the (in)put fails this validation.
A Null object.
Der NumericString object - this is an ascii string of characters {0,1,2,3,4,5,6,7,8,9, }.
return a Numeric string from the passed in object
@exception ArgumentException if the object cannot be converted.
return an Numeric string from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
basic constructor - with bytes.
basic constructor - without validation..
Constructor with optional validation.
@param string the base string to wrap.
@param validate whether or not to check the string.
@throws ArgumentException if validate is true and the string
contains characters that should not be in a NumericString.
Return true if the string can be represented as a NumericString ('0'..'9', ' ')
@param str string to validate.
@return true if numeric, fale otherwise.
return an Oid from the passed in object
@exception ArgumentException if the object cannot be converted.
return an object Identifier from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
Return true if this oid is an extension of the passed in branch, stem.
@param stem the arc or branch that is a possible parent.
@return true if the branch is on the passed in stem, false otherwise.
The octets making up the octet string.
Der PrintableString object.
return a printable string from the passed in object.
@exception ArgumentException if the object cannot be converted.
return a Printable string from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
basic constructor - byte encoded string.
basic constructor - this does not validate the string
Constructor with optional validation.
@param string the base string to wrap.
@param validate whether or not to check the string.
@throws ArgumentException if validate is true and the string
contains characters that should not be in a PrintableString.
return true if the passed in String can be represented without
loss as a PrintableString, false otherwise.
@return true if in printable set, false otherwise.
create an empty sequence
create a sequence containing one object
create a sequence containing a vector of objects.
A Der encoded set object
create an empty set
@param obj - a single object that makes up the set.
@param v - a vector of objects making up the set.
Der T61String (also the teletex string) - 8-bit characters
return a T61 string from the passed in object.
@exception ArgumentException if the object cannot be converted.
return an T61 string from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
basic constructor - with bytes.
basic constructor - with string.
DER TaggedObject - in ASN.1 notation this is any object preceded by
a [n] where n is some number - these are assumed to follow the construction
rules (as with sequences).
@param tagNo the tag number for this object.
@param obj the tagged object.
@param explicitly true if an explicitly tagged object.
@param tagNo the tag number for this object.
@param obj the tagged object.
create an implicitly tagged object that contains a zero
length sequence.
Der UniversalString object.
return a Universal string from the passed in object.
@exception ArgumentException if the object cannot be converted.
return a Universal string from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
basic constructor - byte encoded string.
UTC time object.
return an UTC Time from the passed in object.
@exception ArgumentException if the object cannot be converted.
return an UTC Time from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
The correct format for this is YYMMDDHHMMSSZ (it used to be that seconds were
never encoded. When you're creating one of these objects from scratch, that's
what you want to use, otherwise we'll try to deal with whatever Gets read from
the input stream... (this is why the input format is different from the GetTime()
method output).
@param time the time string.
base constructor from a DateTime object
return the time as a date based on whatever a 2 digit year will return. For
standardised processing use ToAdjustedDateTime().
@return the resulting date
@exception ParseException if the date string cannot be parsed.
return the time as an adjusted date
in the range of 1950 - 2049.
@return a date in the range of 1950 to 2049.
@exception ParseException if the date string cannot be parsed.
return the time - always in the form of
YYMMDDhhmmssGMT(+hh:mm|-hh:mm).
Normally in a certificate we would expect "Z" rather than "GMT",
however adding the "GMT" means we can just use:
dateF = new SimpleDateFormat("yyMMddHHmmssz");
To read in the time and Get a date which is compatible with our local
time zone.
Note: In some cases, due to the local date processing, this
may lead to unexpected results. If you want to stick the normal
convention of 1950 to 2049 use the GetAdjustedTime() method.
Return a time string as an adjusted date with a 4 digit year.
This goes in the range of 1950 - 2049.
Der UTF8String object.
return an UTF8 string from the passed in object.
@exception ArgumentException if the object cannot be converted.
return an UTF8 string from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
basic constructor - byte encoded string.
basic constructor
return a Videotex String from the passed in object
@param obj a DERVideotexString or an object that can be converted into one.
@exception IllegalArgumentException if the object cannot be converted.
@return a DERVideotexString instance, or null.
return a Videotex String from a tagged object.
@param obj the tagged object holding the object we want
@param explicit true if the object is meant to be explicitly
tagged false otherwise.
@exception IllegalArgumentException if the tagged object cannot
be converted.
@return a DERVideotexString instance, or null.
basic constructor - with bytes.
@param string the byte encoding of the characters making up the string.
Der VisibleString object.
return a Visible string from the passed in object.
@exception ArgumentException if the object cannot be converted.
return a Visible string from a tagged object.
@param obj the tagged object holding the object we want
@param explicitly true if the object is meant to be explicitly
tagged false otherwise.
@exception ArgumentException if the tagged object cannot
be converted.
basic constructor - byte encoded string.
basic constructor
Edwards Elliptic Curve Object Identifiers (RFC 8410)
RFC 3126: 4.3.1 Certificate Values Attribute Definition
CertificateValues ::= SEQUENCE OF Certificate
CommitmentTypeIndication ::= SEQUENCE {
commitmentTypeId CommitmentTypeIdentifier,
commitmentTypeQualifier SEQUENCE SIZE (1..MAX) OF
CommitmentTypeQualifier OPTIONAL }
Commitment type qualifiers, used in the Commitment-Type-Indication attribute (RFC3126).
CommitmentTypeQualifier ::= SEQUENCE {
commitmentTypeIdentifier CommitmentTypeIdentifier,
qualifier ANY DEFINED BY commitmentTypeIdentifier OPTIONAL }
Creates a new CommitmentTypeQualifier instance.
@param commitmentTypeIdentifier a CommitmentTypeIdentifier value
Creates a new CommitmentTypeQualifier instance.
@param commitmentTypeIdentifier a CommitmentTypeIdentifier value
@param qualifier the qualifier, defined by the above field.
Creates a new CommitmentTypeQualifier instance.
@param as CommitmentTypeQualifier structure
encoded as an Asn1Sequence.
Returns a DER-encodable representation of this instance.
@return a Asn1Object value
RFC 3126: 4.2.1 Complete Certificate Refs Attribute Definition
CompleteCertificateRefs ::= SEQUENCE OF OtherCertID
RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
CrlIdentifier ::= SEQUENCE
{
crlissuer Name,
crlIssuedTime UTCTime,
crlNumber INTEGER OPTIONAL
}
RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
CRLListID ::= SEQUENCE
{
crls SEQUENCE OF CrlValidatedID
}
RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
CrlOcspRef ::= SEQUENCE {
crlids [0] CRLListID OPTIONAL,
ocspids [1] OcspListID OPTIONAL,
otherRev [2] OtherRevRefs OPTIONAL
}
RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
CrlValidatedID ::= SEQUENCE {
crlHash OtherHash,
crlIdentifier CrlIdentifier OPTIONAL}
RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
OcspIdentifier ::= SEQUENCE {
ocspResponderID ResponderID,
-- As in OCSP response data
producedAt GeneralizedTime
-- As in OCSP response data
}
RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
OcspListID ::= SEQUENCE {
ocspResponses SEQUENCE OF OcspResponsesID
}
RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
OcspResponsesID ::= SEQUENCE {
ocspIdentifier OcspIdentifier,
ocspRepHash OtherHash OPTIONAL
}
OtherCertID ::= SEQUENCE {
otherCertHash OtherHash,
issuerSerial IssuerSerial OPTIONAL
}
OtherHash ::= CHOICE {
sha1Hash OtherHashValue, -- This contains a SHA-1 hash
otherHash OtherHashAlgAndValue
}
OtherHashValue ::= OCTET STRING
Summary description for OtherHashAlgAndValue.
OtherHashAlgAndValue ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashValue OtherHashValue
}
OtherHashValue ::= OCTET STRING
RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition
OtherRevRefs ::= SEQUENCE
{
otherRevRefType OtherRevRefType,
otherRevRefs ANY DEFINED BY otherRevRefType
}
OtherRevRefType ::= OBJECT IDENTIFIER
RFC 3126: 4.3.2 Revocation Values Attribute Definition
OtherRevVals ::= SEQUENCE
{
otherRevValType OtherRevValType,
otherRevVals ANY DEFINED BY otherRevValType
}
OtherRevValType ::= OBJECT IDENTIFIER
OtherSigningCertificate ::= SEQUENCE {
certs SEQUENCE OF OtherCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL
}
RFC 5126: 6.3.4. revocation-values Attribute Definition
RevocationValues ::= SEQUENCE {
crlVals [0] SEQUENCE OF CertificateList OPTIONAL,
ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL,
otherRevVals [2] OtherRevVals OPTIONAL
}
SignaturePolicyId ::= SEQUENCE {
sigPolicyIdentifier SigPolicyId,
sigPolicyHash SigPolicyHash,
sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF SigPolicyQualifierInfo OPTIONAL
}
SigPolicyId ::= OBJECT IDENTIFIER
SigPolicyHash ::= OtherHashAlgAndValue
SignaturePolicyIdentifier ::= CHOICE {
SignaturePolicyId SignaturePolicyId,
SignaturePolicyImplied SignaturePolicyImplied
}
SignaturePolicyImplied ::= NULL
SignerAttribute ::= SEQUENCE OF CHOICE {
claimedAttributes [0] ClaimedAttributes,
certifiedAttributes [1] CertifiedAttributes }
ClaimedAttributes ::= SEQUENCE OF Attribute
CertifiedAttributes ::= AttributeCertificate -- as defined in RFC 3281: see clause 4.1.
Signer-Location attribute (RFC3126).
SignerLocation ::= SEQUENCE {
countryName [0] DirectoryString OPTIONAL,
localityName [1] DirectoryString OPTIONAL,
postalAddress [2] PostalAddress OPTIONAL }
PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString
SignerLocation ::= SEQUENCE {
countryName [0] DirectoryString OPTIONAL,
localityName [1] DirectoryString OPTIONAL,
postalAddress [2] PostalAddress OPTIONAL }
PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1.. MAX)),
bmpString BMPString (SIZE (1..MAX)) }
SigPolicyQualifierInfo ::= SEQUENCE {
sigPolicyQualifierId SigPolicyQualifierId,
sigQualifier ANY DEFINED BY sigPolicyQualifierId
}
SigPolicyQualifierId ::= OBJECT IDENTIFIER
constructor
ContentHints ::= SEQUENCE {
contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
contentType ContentType }
Create from OCTET STRING whose octets represent the identifier.
Create from byte array representing the identifier.
The definition of ContentIdentifier is
ContentIdentifier ::= OCTET STRING
id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 7 }
constructor
EssCertID ::= SEQUENCE {
certHash Hash,
issuerSerial IssuerSerial OPTIONAL }
EssCertIDv2 ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier
DEFAULT {algorithm id-sha256},
certHash Hash,
issuerSerial IssuerSerial OPTIONAL
}
Hash ::= OCTET STRING
IssuerSerial ::= SEQUENCE {
issuer GeneralNames,
serialNumber CertificateSerialNumber
}
constructor
OtherCertID ::= SEQUENCE {
otherCertHash OtherHash,
issuerSerial IssuerSerial OPTIONAL }
OtherHash ::= CHOICE {
sha1Hash OCTET STRING,
otherHash OtherHashAlgAndValue }
OtherHashAlgAndValue ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashValue OCTET STRING }
constructors
The definition of OtherSigningCertificate is
OtherSigningCertificate ::= SEQUENCE {
certs SEQUENCE OF OtherCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL
}
id-aa-ets-otherSigCert OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 19 }
constructors
The definition of SigningCertificate is
SigningCertificate ::= SEQUENCE {
certs SEQUENCE OF EssCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL
}
id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 12 }
The definition of SigningCertificateV2 is
SigningCertificateV2 ::= SEQUENCE {
certs SEQUENCE OF EssCertIDv2,
policies SEQUENCE OF PolicyInformation OPTIONAL
}
id-aa-signingCertificateV2 OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 47 }
return the X9ECParameters object for the named curve represented by
the passed in object identifier. Null if the curve isn't present.
@param oid an object identifier representing a named curve, if present.
return the object identifier signified by the passed in name. Null
if there is no object identifier associated with name.
@return the object identifier associated with name, if present.
return the named curve name represented by the given object identifier.
returns an enumeration containing the name strings for curves
contained in this structure.
1.3.6.1.4.1.11591.15 - ellipticCurve
Marker interface for CHOICE objects - if you implement this in a roll-your-own
object, any attempt to tag the object implicitly will convert the tag to an
explicit one as the encoding rules require.
If you use this interface your class should also implement the getInstance
pattern which takes a tag object and the tagging mode used.
basic interface for Der string objects.
The CscaMasterList object. This object can be wrapped in a
CMSSignedData to be published in LDAP.
CscaMasterList ::= SEQUENCE {
version CscaMasterListVersion,
certList SET OF Certificate }
CscaMasterListVersion :: INTEGER {v0(0)}
The DataGroupHash object.
DataGroupHash ::= SEQUENCE {
dataGroupNumber DataGroupNumber,
dataGroupHashValue OCTET STRING }
DataGroupNumber ::= INTEGER {
dataGroup1 (1),
dataGroup1 (2),
dataGroup1 (3),
dataGroup1 (4),
dataGroup1 (5),
dataGroup1 (6),
dataGroup1 (7),
dataGroup1 (8),
dataGroup1 (9),
dataGroup1 (10),
dataGroup1 (11),
dataGroup1 (12),
dataGroup1 (13),
dataGroup1 (14),
dataGroup1 (15),
dataGroup1 (16) }
The LDSSecurityObject object (V1.8).
LDSSecurityObject ::= SEQUENCE {
version LDSSecurityObjectVersion,
hashAlgorithm DigestAlgorithmIdentifier,
dataGroupHashValues SEQUENCE SIZE (2..ub-DataGroups) OF DataHashGroup,
ldsVersionInfo LDSVersionInfo OPTIONAL
-- if present, version MUST be v1 }
DigestAlgorithmIdentifier ::= AlgorithmIdentifier,
LDSSecurityObjectVersion :: INTEGER {V0(0)}
LDSVersionInfo ::= SEQUENCE {
ldsVersion PRINTABLE STRING
unicodeVersion PRINTABLE STRING
}
@return
The id-isismtt-cp-accredited OID indicates that the certificate is a
qualified certificate according to Directive 1999/93/EC of the European
Parliament and of the Council of 13 December 1999 on a Community
Framework for Electronic Signatures, which additionally conforms the
special requirements of the SigG and has been issued by an accredited CA.
Certificate extensionDate of certificate generation
DateOfCertGenSyntax ::= GeneralizedTime
Attribute to indicate that the certificate holder may sign in the name of
a third person. May also be used as extension in a certificate.
Attribute to indicate admissions to certain professions. May be used as
attribute in attribute certificate or as extension in a certificate
Monetary limit for transactions. The QcEuMonetaryLimit QC statement MUST
be used in new certificates in place of the extension/attribute
MonetaryLimit since January 1, 2004. For the sake of backward
compatibility with certificates already in use, SigG conforming
components MUST support MonetaryLimit (as well as QcEuLimitValue).
A declaration of majority. May be used as attribute in attribute
certificate or as extension in a certificate
Serial number of the smart card containing the corresponding private key
ICCSNSyntax ::= OCTET STRING (SIZE(8..20))
Reference for a file of a smartcard that stores the public key of this
certificate and that is used as �security anchor�.
PKReferenceSyntax ::= OCTET STRING (SIZE(20))
Some other restriction regarding the usage of this certificate. May be
used as attribute in attribute certificate or as extension in a
certificate.
RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
@see Org.BouncyCastle.Asn1.IsisMtt.X509.Restriction
(Single)Request extension: Clients may include this extension in a
(single) Request to request the responder to send the certificate in the
response message along with the status information. Besides the LDAP
service, this extension provides another mechanism for the distribution
of certificates, which MAY optionally be provided by certificate
repositories.
RetrieveIfAllowed ::= BOOLEAN
SingleOCSPResponse extension: The certificate requested by the client by
inserting the RetrieveIfAllowed extension in the request, will be
returned in this extension.
@see Org.BouncyCastle.Asn1.IsisMtt.Ocsp.RequestedCertificate
Base ObjectIdentifier for naming authorities
SingleOCSPResponse extension: Date, when certificate has been published
in the directory and status information has become available. Currently,
accrediting authorities enforce that SigG-conforming OCSP servers include
this extension in the responses.
CertInDirSince ::= GeneralizedTime
Hash of a certificate in OCSP.
@see Org.BouncyCastle.Asn1.IsisMtt.Ocsp.CertHash
NameAtBirth ::= DirectoryString(SIZE(1..64)
Used in
{@link Org.BouncyCastle.Asn1.X509.SubjectDirectoryAttributes SubjectDirectoryAttributes}
Some other information of non-restrictive nature regarding the usage of
this certificate. May be used as attribute in atribute certificate or as
extension in a certificate.
AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
@see Org.BouncyCastle.Asn1.IsisMtt.X509.AdditionalInformationSyntax
Indicates that an attribute certificate exists, which limits the
usability of this public key certificate. Whenever verifying a signature
with the help of this certificate, the content of the corresponding
attribute certificate should be concerned. This extension MUST be
included in a PKC, if a corresponding attribute certificate (having the
PKC as base certificate) contains some attribute that restricts the
usability of the PKC too. Attribute certificates with restricting content
MUST always be included in the signed document.
LiabilityLimitationFlagSyntax ::= BOOLEAN
ISIS-MTT PROFILE: The responder may include this extension in a response to
send the hash of the requested certificate to the responder. This hash is
cryptographically bound to the certificate and serves as evidence that the
certificate is known to the responder (i.e. it has been issued and is present
in the directory). Hence, this extension is a means to provide a positive
statement of availability as described in T8.[8]. As explained in T13.[1],
clients may rely on this information to be able to validate signatures after
the expiry of the corresponding certificate. Hence, clients MUST support this
extension. If a positive statement of availability is to be delivered, this
extension syntax and OID MUST be used.
CertHash ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
certificateHash OCTET STRING
}
Constructor from Asn1Sequence.
The sequence is of type CertHash:
CertHash ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
certificateHash OCTET STRING
}
@param seq The ASN.1 sequence.
Constructor from a given details.
@param hashAlgorithm The hash algorithm identifier.
@param certificateHash The hash of the whole DER encoding of the certificate.
Produce an object suitable for an Asn1OutputStream.
Returns:
CertHash ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
certificateHash OCTET STRING
}
@return an Asn1Object
ISIS-MTT-Optional: The certificate requested by the client by inserting the
RetrieveIfAllowed extension in the request, will be returned in this
extension.
ISIS-MTT-SigG: The signature act allows publishing certificates only then,
when the certificate owner gives his isExplicit permission. Accordingly, there
may be �nondownloadable� certificates, about which the responder must provide
status information, but MUST NOT include them in the response. Clients may
get therefore the following three kind of answers on a single request
including the RetrieveIfAllowed extension:
- a) the responder supports the extension and is allowed to publish the
certificate: RequestedCertificate returned including the requested
certificate
- b) the responder supports the extension but is NOT allowed to publish
the certificate: RequestedCertificate returned including an empty OCTET
STRING
- c) the responder does not support the extension: RequestedCertificate is
not included in the response
Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If
any of the OCTET STRING options is used, it MUST contain the DER encoding of
the requested certificate.
RequestedCertificate ::= CHOICE {
Certificate Certificate,
publicKeyCertificate [0] EXPLICIT OCTET STRING,
attributeCertificate [1] EXPLICIT OCTET STRING
}
Constructor from a given details.
Only one parameter can be given. All other must be null.
@param certificate Given as Certificate
Produce an object suitable for an Asn1OutputStream.
Returns:
RequestedCertificate ::= CHOICE {
Certificate Certificate,
publicKeyCertificate [0] EXPLICIT OCTET STRING,
attributeCertificate [1] EXPLICIT OCTET STRING
}
@return an Asn1Object
Some other information of non-restrictive nature regarding the usage of this
certificate.
AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
Constructor from a given details.
@param information The describtion of the information.
Produce an object suitable for an Asn1OutputStream.
Returns:
AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
@return an Asn1Object
An Admissions structure.
Admissions ::= SEQUENCE
{
admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
professionInfos SEQUENCE OF ProfessionInfo
}
@see Org.BouncyCastle.Asn1.IsisMtt.X509.AdmissionSyntax
@see Org.BouncyCastle.Asn1.IsisMtt.X509.ProfessionInfo
@see Org.BouncyCastle.Asn1.IsisMtt.X509.NamingAuthority
Constructor from Asn1Sequence.
The sequence is of type ProcurationSyntax:
Admissions ::= SEQUENCE
{
admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
professionInfos SEQUENCE OF ProfessionInfo
}
@param seq The ASN.1 sequence.
Constructor from a given details.
Parameter professionInfos is mandatory.
@param admissionAuthority The admission authority.
@param namingAuthority The naming authority.
@param professionInfos The profession infos.
Produce an object suitable for an Asn1OutputStream.
Returns:
Admissions ::= SEQUENCE
{
admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
professionInfos SEQUENCE OF ProfessionInfo
}
@return an Asn1Object
Attribute to indicate admissions to certain professions.
AdmissionSyntax ::= SEQUENCE
{
admissionAuthority GeneralName OPTIONAL,
contentsOfAdmissions SEQUENCE OF Admissions
}
Admissions ::= SEQUENCE
{
admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
professionInfos SEQUENCE OF ProfessionInfo
}
NamingAuthority ::= SEQUENCE
{
namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
namingAuthorityUrl IA5String OPTIONAL,
namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
}
ProfessionInfo ::= SEQUENCE
{
namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
addProfessionInfo OCTET STRING OPTIONAL
}
ISIS-MTT PROFILE: The relatively complex structure of AdmissionSyntax
supports the following concepts and requirements:
- External institutions (e.g. professional associations, chambers, unions,
administrative bodies, companies, etc.), which are responsible for granting
and verifying professional admissions, are indicated by means of the data
field admissionAuthority. An admission authority is indicated by a
GeneralName object. Here an X.501 directory name (distinguished name) can be
indicated in the field directoryName, a URL address can be indicated in the
field uniformResourceIdentifier, and an object identifier can be indicated in
the field registeredId.
- The names of authorities which are responsible for the administration of
title registers are indicated in the data field namingAuthority. The name of
the authority can be identified by an object identifier in the field
namingAuthorityId, by means of a text string in the field
namingAuthorityText, by means of a URL address in the field
namingAuthorityUrl, or by a combination of them. For example, the text string
can contain the name of the authority, the country and the name of the title
register. The URL-option refers to a web page which contains lists with
officially registered professions (text and possibly OID) as well as
further information on these professions. Object identifiers for the
component namingAuthorityId are grouped under the OID-branch
id-isis-at-namingAuthorities and must be applied for.
- See http://www.teletrust.de/anwend.asp?Id=30200&Sprache=E_&HomePG=0
for an application form and http://www.teletrust.de/links.asp?id=30220,11
for an overview of registered naming authorities.
- By means of the data type ProfessionInfo certain professions,
specializations, disciplines, fields of activity, etc. are identified. A
profession is represented by one or more text strings, resp. profession OIDs
in the fields professionItems and professionOIDs and by a registration number
in the field registrationNumber. An indication in text form must always be
present, whereas the other indications are optional. The component
addProfessionInfo may contain additional applicationspecific information in
DER-encoded form.
By means of different namingAuthority-OIDs or profession OIDs hierarchies of
professions, specializations, disciplines, fields of activity, etc. can be
expressed. The issuing admission authority should always be indicated (field
admissionAuthority), whenever a registration number is presented. Still,
information on admissions can be given without indicating an admission or a
naming authority by the exclusive use of the component professionItems. In
this case the certification authority is responsible for the verification of
the admission information.
This attribute is single-valued. Still, several admissions can be captured in
the sequence structure of the component contentsOfAdmissions of
AdmissionSyntax or in the component professionInfos of Admissions. The
component admissionAuthority of AdmissionSyntax serves as default value for
the component admissionAuthority of Admissions. Within the latter component
the default value can be overwritten, in case that another authority is
responsible. The component namingAuthority of Admissions serves as a default
value for the component namingAuthority of ProfessionInfo. Within the latter
component the default value can be overwritten, in case that another naming
authority needs to be recorded.
The length of the string objects is limited to 128 characters. It is
recommended to indicate a namingAuthorityURL in all issued attribute
certificates. If a namingAuthorityURL is indicated, the field professionItems
of ProfessionInfo should contain only registered titles. If the field
professionOIDs exists, it has to contain the OIDs of the professions listed
in professionItems in the same order. In general, the field professionInfos
should contain only one entry, unless the admissions that are to be listed
are logically connected (e.g. they have been issued under the same admission
number).
@see Org.BouncyCastle.Asn1.IsisMtt.X509.Admissions
@see Org.BouncyCastle.Asn1.IsisMtt.X509.ProfessionInfo
@see Org.BouncyCastle.Asn1.IsisMtt.X509.NamingAuthority
Constructor from Asn1Sequence.
The sequence is of type ProcurationSyntax:
AdmissionSyntax ::= SEQUENCE
{
admissionAuthority GeneralName OPTIONAL,
contentsOfAdmissions SEQUENCE OF Admissions
}
Admissions ::= SEQUENCE
{
admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
professionInfos SEQUENCE OF ProfessionInfo
}
NamingAuthority ::= SEQUENCE
{
namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
namingAuthorityUrl IA5String OPTIONAL,
namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
}
ProfessionInfo ::= SEQUENCE
{
namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
addProfessionInfo OCTET STRING OPTIONAL
}
@param seq The ASN.1 sequence.
Constructor from given details.
@param admissionAuthority The admission authority.
@param contentsOfAdmissions The admissions.
Produce an object suitable for an Asn1OutputStream.
Returns:
AdmissionSyntax ::= SEQUENCE
{
admissionAuthority GeneralName OPTIONAL,
contentsOfAdmissions SEQUENCE OF Admissions
}
Admissions ::= SEQUENCE
{
admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
professionInfos SEQUENCE OF ProfessionInfo
}
NamingAuthority ::= SEQUENCE
{
namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
namingAuthorityUrl IA5String OPTIONAL,
namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
}
ProfessionInfo ::= SEQUENCE
{
namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
addProfessionInfo OCTET STRING OPTIONAL
}
@return an Asn1Object
@return Returns the admissionAuthority if present, null otherwise.
@return Returns the contentsOfAdmissions.
A declaration of majority.
DeclarationOfMajoritySyntax ::= CHOICE
{
notYoungerThan [0] IMPLICIT INTEGER,
fullAgeAtCountry [1] IMPLICIT SEQUENCE
{
fullAge BOOLEAN DEFAULT TRUE,
country PrintableString (SIZE(2))
}
dateOfBirth [2] IMPLICIT GeneralizedTime
}
fullAgeAtCountry indicates the majority of the owner with respect to the laws
of a specific country.
Produce an object suitable for an Asn1OutputStream.
Returns:
DeclarationOfMajoritySyntax ::= CHOICE
{
notYoungerThan [0] IMPLICIT INTEGER,
fullAgeAtCountry [1] IMPLICIT SEQUENCE
{
fullAge BOOLEAN DEFAULT TRUE,
country PrintableString (SIZE(2))
}
dateOfBirth [2] IMPLICIT GeneralizedTime
}
@return an Asn1Object
@return notYoungerThan if that's what we are, -1 otherwise
Monetary limit for transactions. The QcEuMonetaryLimit QC statement MUST be
used in new certificates in place of the extension/attribute MonetaryLimit
since January 1, 2004. For the sake of backward compatibility with
certificates already in use, components SHOULD support MonetaryLimit (as well
as QcEuLimitValue).
Indicates a monetary limit within which the certificate holder is authorized
to act. (This value DOES NOT express a limit on the liability of the
certification authority).
MonetaryLimitSyntax ::= SEQUENCE
{
currency PrintableString (SIZE(3)),
amount INTEGER,
exponent INTEGER
}
currency must be the ISO code.
value = amount�10*exponent
Constructor from a given details.
value = amount�10^exponent
@param currency The currency. Must be the ISO code.
@param amount The amount
@param exponent The exponent
Produce an object suitable for an Asn1OutputStream.
Returns:
MonetaryLimitSyntax ::= SEQUENCE
{
currency PrintableString (SIZE(3)),
amount INTEGER,
exponent INTEGER
}
@return an Asn1Object
Names of authorities which are responsible for the administration of title
registers.
NamingAuthority ::= SEQUENCE
{
namingAuthorityID OBJECT IDENTIFIER OPTIONAL,
namingAuthorityUrl IA5String OPTIONAL,
namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
}
@see Org.BouncyCastle.Asn1.IsisMtt.X509.AdmissionSyntax
Profession OIDs should always be defined under the OID branch of the
responsible naming authority. At the time of this writing, the work group
�Recht, Wirtschaft, Steuern� (�Law, Economy, Taxes�) is registered as the
first naming authority under the OID id-isismtt-at-namingAuthorities.
Constructor from Asn1Sequence.
NamingAuthority ::= SEQUENCE
{
namingAuthorityID OBJECT IDENTIFIER OPTIONAL,
namingAuthorityUrl IA5String OPTIONAL,
namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
}
@param seq The ASN.1 sequence.
@return Returns the namingAuthorityID.
@return Returns the namingAuthorityText.
@return Returns the namingAuthorityUrl.
Constructor from given details.
All parameters can be combined.
@param namingAuthorityID ObjectIdentifier for naming authority.
@param namingAuthorityUrl URL for naming authority.
@param namingAuthorityText Textual representation of naming authority.
Produce an object suitable for an Asn1OutputStream.
Returns:
NamingAuthority ::= SEQUENCE
{
namingAuthorityID OBJECT IDENTIFIER OPTIONAL,
namingAuthorityUrl IA5String OPTIONAL,
namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
}
@return an Asn1Object
Attribute to indicate that the certificate holder may sign in the name of a
third person.
ISIS-MTT PROFILE: The corresponding ProcurationSyntax contains either the
name of the person who is represented (subcomponent thirdPerson) or a
reference to his/her base certificate (in the component signingFor,
subcomponent certRef), furthermore the optional components country and
typeSubstitution to indicate the country whose laws apply, and respectively
the type of procuration (e.g. manager, procuration, custody).
ISIS-MTT PROFILE: The GeneralName MUST be of type directoryName and MAY only
contain: - RFC3039 attributes, except pseudonym (countryName, commonName,
surname, givenName, serialNumber, organizationName, organizationalUnitName,
stateOrProvincename, localityName, postalAddress) and - SubjectDirectoryName
attributes (title, dateOfBirth, placeOfBirth, gender, countryOfCitizenship,
countryOfResidence and NameAtBirth).
ProcurationSyntax ::= SEQUENCE {
country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
signingFor [3] EXPLICIT SigningFor
}
SigningFor ::= CHOICE
{
thirdPerson GeneralName,
certRef IssuerSerial
}
Constructor from Asn1Sequence.
The sequence is of type ProcurationSyntax:
ProcurationSyntax ::= SEQUENCE {
country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
signingFor [3] EXPLICIT SigningFor
}
SigningFor ::= CHOICE
{
thirdPerson GeneralName,
certRef IssuerSerial
}
@param seq The ASN.1 sequence.
Constructor from a given details.
Either generalName or certRef MUST be
null.
@param country The country code whose laws apply.
@param typeOfSubstitution The type of procuration.
@param certRef Reference to certificate of the person who is represented.
Constructor from a given details.
Either generalName or certRef MUST be
null.
@param country The country code whose laws apply.
@param typeOfSubstitution The type of procuration.
@param thirdPerson The GeneralName of the person who is represented.
Produce an object suitable for an Asn1OutputStream.
Returns:
ProcurationSyntax ::= SEQUENCE {
country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
signingFor [3] EXPLICIT SigningFor
}
SigningFor ::= CHOICE
{
thirdPerson GeneralName,
certRef IssuerSerial
}
@return an Asn1Object
Professions, specializations, disciplines, fields of activity, etc.
ProfessionInfo ::= SEQUENCE
{
namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
professionOids SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
addProfessionInfo OCTET STRING OPTIONAL
}
@see Org.BouncyCastle.Asn1.IsisMtt.X509.AdmissionSyntax
Rechtsanw�ltin
Rechtsanwalt
Rechtsbeistand
Steuerberaterin
Steuerberater
Steuerbevollm�chtigte
Steuerbevollm�chtigter
Notarin
Notar
Notarvertreterin
Notarvertreter
Notariatsverwalterin
Notariatsverwalter
Wirtschaftspr�ferin
Wirtschaftspr�fer
Vereidigte Buchpr�ferin
Vereidigter Buchpr�fer
Patentanw�ltin
Patentanwalt
Constructor from Asn1Sequence.
ProfessionInfo ::= SEQUENCE
{
namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
professionOids SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
addProfessionInfo OCTET STRING OPTIONAL
}
@param seq The ASN.1 sequence.
Constructor from given details.
professionItems is mandatory, all other parameters are
optional.
@param namingAuthority The naming authority.
@param professionItems Directory strings of the profession.
@param professionOids DERObjectIdentfier objects for the
profession.
@param registrationNumber Registration number.
@param addProfessionInfo Additional infos in encoded form.
Produce an object suitable for an Asn1OutputStream.
Returns:
ProfessionInfo ::= SEQUENCE
{
namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
professionOids SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
addProfessionInfo OCTET STRING OPTIONAL
}
@return an Asn1Object
@return Returns the addProfessionInfo.
@return Returns the namingAuthority.
@return Returns the professionItems.
@return Returns the professionOids.
@return Returns the registrationNumber.
Some other restriction regarding the usage of this certificate.
RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
Constructor from DirectoryString.
The DirectoryString is of type RestrictionSyntax:
RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
@param restriction A IAsn1String.
Constructor from a given details.
@param restriction The description of the restriction.
Produce an object suitable for an Asn1OutputStream.
Returns:
RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
@return an Asn1Object
Produce an object suitable for an Asn1OutputStream.
cast5CBCParameters ::= Sequence {
iv OCTET STRING DEFAULT 0,
-- Initialization vector
keyLength Integer
-- Key length, in bits
}
Produce an object suitable for an Asn1OutputStream.
IDEA-CBCPar ::= Sequence {
iv OCTET STRING OPTIONAL -- exactly 8 octets
}
The NetscapeCertType object.
NetscapeCertType ::= BIT STRING {
SSLClient (0),
SSLServer (1),
S/MIME (2),
Object Signing (3),
Reserved (4),
SSL CA (5),
S/MIME CA (6),
Object Signing CA (7) }
Basic constructor.
@param usage - the bitwise OR of the Key Usage flags giving the
allowed uses for the key.
e.g. (X509NetscapeCertType.sslCA | X509NetscapeCertType.smimeCA)
This is designed to parse
the PublicKeyAndChallenge created by the KEYGEN tag included by
Mozilla based browsers.
PublicKeyAndChallenge ::= SEQUENCE {
spki SubjectPublicKeyInfo,
challenge IA5STRING
}
KMACwithSHAKE128-params ::= SEQUENCE {
kMACOutputLength INTEGER DEFAULT 256, -- Output length in bits
customizationString OCTET STRING DEFAULT ''H
}
KMACwithSHAKE256-params ::= SEQUENCE {
kMACOutputLength INTEGER DEFAULT 512, -- Output length in bits
customizationString OCTET STRING DEFAULT ''H
}
Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-3
return the X9ECParameters object for the named curve represented by
the passed in object identifier. Null if the curve isn't present.
@param oid an object identifier representing a named curve, if present.
return the object identifier signified by the passed in name. Null
if there is no object identifier associated with name.
@return the object identifier associated with name, if present.
return the named curve name represented by the given object identifier.
returns an enumeration containing the name strings for curves
contained in this structure.
2.16.840.1.101.3.4.3.5
2.16.840.1.101.3.4.3.6
2.16.840.1.101.3.4.3.7
2.16.840.1.101.3.4.3.8
2.16.840.1.101.3.4.3.9
2.16.840.1.101.3.4.3.10
2.16.840.1.101.3.4.3.11
2.16.840.1.101.3.4.3.12
2.16.840.1.101.3.4.3.9
2.16.840.1.101.3.4.3.10
2.16.840.1.101.3.4.3.11
2.16.840.1.101.3.4.3.12
From RFC 3657
Produce an object suitable for an Asn1OutputStream.
BasicOcspResponse ::= Sequence {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT Sequence OF Certificate OPTIONAL }
Produce an object suitable for an Asn1OutputStream.
CertID ::= Sequence {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
create a CertStatus object with a tag of zero.
Produce an object suitable for an Asn1OutputStream.
CertStatus ::= CHOICE {
good [0] IMPLICIT Null,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo }
Produce an object suitable for an Asn1OutputStream.
CrlID ::= Sequence {
crlUrl [0] EXPLICIT IA5String OPTIONAL,
crlNum [1] EXPLICIT Integer OPTIONAL,
crlTime [2] EXPLICIT GeneralizedTime OPTIONAL }
Produce an object suitable for an Asn1OutputStream.
OcspRequest ::= Sequence {
tbsRequest TBSRequest,
optionalSignature [0] EXPLICIT Signature OPTIONAL }
Produce an object suitable for an Asn1OutputStream.
OcspResponse ::= Sequence {
responseStatus OcspResponseStatus,
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
The OcspResponseStatus enumeration.
OcspResponseStatus ::= Enumerated {
successful (0), --Response has valid confirmations
malformedRequest (1), --Illegal confirmation request
internalError (2), --Internal error in issuer
tryLater (3), --Try again later
--(4) is not used
sigRequired (5), --Must sign the request
unauthorized (6) --Request unauthorized
}
Produce an object suitable for an Asn1OutputStream.
Request ::= Sequence {
reqCert CertID,
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
Produce an object suitable for an Asn1OutputStream.
ResponderID ::= CHOICE {
byName [1] Name,
byKey [2] KeyHash }
Produce an object suitable for an Asn1OutputStream.
ResponseBytes ::= Sequence {
responseType OBJECT IDENTIFIER,
response OCTET STRING }
Produce an object suitable for an Asn1OutputStream.
ResponseData ::= Sequence {
version [0] EXPLICIT Version DEFAULT v1,
responderID ResponderID,
producedAt GeneralizedTime,
responses Sequence OF SingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
Produce an object suitable for an Asn1OutputStream.
RevokedInfo ::= Sequence {
revocationTime GeneralizedTime,
revocationReason [0] EXPLICIT CRLReason OPTIONAL }
Produce an object suitable for an Asn1OutputStream.
ServiceLocator ::= Sequence {
issuer Name,
locator AuthorityInfoAccessSyntax OPTIONAL }
Produce an object suitable for an Asn1OutputStream.
Signature ::= Sequence {
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT Sequence OF Certificate OPTIONAL}
Produce an object suitable for an Asn1OutputStream.
SingleResponse ::= Sequence {
certID CertID,
certStatus CertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
Produce an object suitable for an Asn1OutputStream.
TBSRequest ::= Sequence {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList Sequence OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
class for breaking up an Oid into it's component tokens, ala
java.util.StringTokenizer. We need this class as some of the
lightweight Java environment don't support classes like
StringTokenizer.
return an Attribute object from the given object.
@param o the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
Attr ::= Sequence {
attrType OBJECT IDENTIFIER,
attrValues Set OF AttributeValue
}
Pkcs10 Certfication request object.
CertificationRequest ::= Sequence {
certificationRequestInfo CertificationRequestInfo,
signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
signature BIT STRING
}
Pkcs10 CertificationRequestInfo object.
CertificationRequestInfo ::= Sequence {
version Integer { v1(0) } (v1,...),
subject Name,
subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
attributes [0] Attributes{{ CRIAttributes }}
}
Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }}
Attr { ATTRIBUTE:IOSet } ::= Sequence {
type ATTRIBUTE.&id({IOSet}),
values Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
}
Produce an object suitable for an Asn1OutputStream.
ContentInfo ::= Sequence {
contentType ContentType,
content
[0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
The EncryptedData object.
EncryptedData ::= Sequence {
version Version,
encryptedContentInfo EncryptedContentInfo
}
EncryptedContentInfo ::= Sequence {
contentType ContentType,
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
}
EncryptedContent ::= OCTET STRING
Produce an object suitable for an Asn1OutputStream.
EncryptedPrivateKeyInfo ::= Sequence {
encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
encryptedData EncryptedData
}
EncryptedData ::= OCTET STRING
KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
... -- For local profiles
}
MacData ::= SEQUENCE {
mac DigestInfo,
macSalt OCTET STRING,
iterations INTEGER DEFAULT 1
-- Note: The default is for historic reasons and its use is deprecated. A
-- higher value, like 1024 is recommended.
@return the basic DERObject construction.
the infamous Pfx from Pkcs12
PKCS#1: 1.2.840.113549.1.1.15
PKCS#1: 1.2.840.113549.1.1.16
id-alg-AEADChaCha20Poly1305 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs9(9) smime(16) alg(3) 18 }
AEADChaCha20Poly1305Nonce ::= OCTET STRING (SIZE(12))
PKCS#9: 1.2.840.113549.1.9.16.2.37 - RFC 4108
PKCS#9: 1.2.840.113549.1.9.16.2.38 - RFC 4108
PKCS#9: 1.2.840.113549.1.9.16.2.54 RFC7030
PKCS#9: 1.2.840.113549.1.9.16.2.43 RFC7030
PKCS#9: 1.2.840.113549.1.9.16.2.40 RFC7030
RFC 5958
[IMPLICIT TAGS]
OneAsymmetricKey ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] Attributes OPTIONAL,
...,
[[2: publicKey [1] PublicKey OPTIONAL ]],
...
}
PrivateKeyInfo ::= OneAsymmetricKey
Version ::= INTEGER { v1(0), v2(1) } (v1, ..., v2)
PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
{ PUBLIC-KEY,
{ PrivateKeyAlgorithms } }
PrivateKey ::= OCTET STRING
-- Content varies based on type of key. The
-- algorithm identifier dictates the format of
-- the key.
PublicKey ::= BIT STRING
-- Content varies based on type of key. The
-- algorithm identifier dictates the format of
-- the key.
Attributes ::= SET OF Attribute { { OneAsymmetricKeyAttributes } }
Return true if a public key is present, false otherwise.
For when the public key is an ASN.1 encoding.
Return the public key as a raw bit string.
The default version
RSAES-OAEP-params ::= SEQUENCE {
hashAlgorithm [0] OAEP-PSSDigestAlgorithms DEFAULT sha1,
maskGenAlgorithm [1] PKCS1MGFAlgorithms DEFAULT mgf1SHA1,
pSourceAlgorithm [2] PKCS1PSourceAlgorithms DEFAULT pSpecifiedEmpty
}
OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
{ OID id-sha1 PARAMETERS NULL }|
{ OID id-sha256 PARAMETERS NULL }|
{ OID id-sha384 PARAMETERS NULL }|
{ OID id-sha512 PARAMETERS NULL },
... -- Allows for future expansion --
}
PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= {
{ OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms },
... -- Allows for future expansion --
}
PKCS1PSourceAlgorithms ALGORITHM-IDENTIFIER ::= {
{ OID id-pSpecified PARAMETERS OCTET STRING },
... -- Allows for future expansion --
}
@return the asn1 primitive representing the parameters.
This outputs the key in Pkcs1v2 format.
RsaPrivateKey ::= Sequence {
version Version,
modulus Integer, -- n
publicExponent Integer, -- e
privateExponent Integer, -- d
prime1 Integer, -- p
prime2 Integer, -- q
exponent1 Integer, -- d mod (p-1)
exponent2 Integer, -- d mod (q-1)
coefficient Integer -- (inverse of q) mod p
}
Version ::= Integer
This routine is written to output Pkcs1 version 0, private keys.
The default version
RSASSA-PSS-params ::= SEQUENCE {
hashAlgorithm [0] OAEP-PSSDigestAlgorithms DEFAULT sha1,
maskGenAlgorithm [1] PKCS1MGFAlgorithms DEFAULT mgf1SHA1,
saltLength [2] INTEGER DEFAULT 20,
trailerField [3] TrailerField DEFAULT trailerFieldBC
}
OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
{ OID id-sha1 PARAMETERS NULL }|
{ OID id-sha256 PARAMETERS NULL }|
{ OID id-sha384 PARAMETERS NULL }|
{ OID id-sha512 PARAMETERS NULL },
... -- Allows for future expansion --
}
PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= {
{ OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms },
... -- Allows for future expansion --
}
TrailerField ::= INTEGER { trailerFieldBC(1) }
@return the asn1 primitive representing the parameters.
a Pkcs#7 signed data object.
Produce an object suitable for an Asn1OutputStream.
SignedData ::= Sequence {
version Version,
digestAlgorithms DigestAlgorithmIdentifiers,
contentInfo ContentInfo,
certificates
[0] IMPLICIT ExtendedCertificatesAndCertificates
OPTIONAL,
crls
[1] IMPLICIT CertificateRevocationLists OPTIONAL,
signerInfos SignerInfos }
a Pkcs#7 signer info object.
Produce an object suitable for an Asn1OutputStream.
SignerInfo ::= Sequence {
version Version,
issuerAndSerialNumber IssuerAndSerialNumber,
digestAlgorithm DigestAlgorithmIdentifier,
authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
encryptedDigest EncryptedDigest,
unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
}
EncryptedDigest ::= OCTET STRING
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
the elliptic curve private key object from SEC 1
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] Parameters OPTIONAL,
publicKey [1] BIT STRING OPTIONAL }
return the X9ECParameters object for the named curve represented by
the passed in object identifier. Null if the curve isn't present.
@param oid an object identifier representing a named curve, if present.
return the object identifier signified by the passed in name. Null
if there is no object identifier associated with name.
@return the object identifier associated with name, if present.
return the named curve name represented by the given object identifier.
returns an enumeration containing the name strings for curves
contained in this structure.
EllipticCurve OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) certicom(132) curve(0)
}
Handler class for dealing with S/MIME Capabilities
general preferences
encryption algorithms preferences
return an Attr object from the given object.
@param o the object we want converted.
@exception ArgumentException if the object cannot be converted.
returns an ArrayList with 0 or more objects of all the capabilities
matching the passed in capability Oid. If the Oid passed is null the
entire set is returned.
Produce an object suitable for an Asn1OutputStream.
SMIMECapabilities ::= Sequence OF SMIMECapability
general preferences
encryption algorithms preferences
Produce an object suitable for an Asn1OutputStream.
SMIMECapability ::= Sequence {
capabilityID OBJECT IDENTIFIER,
parameters ANY DEFINED BY capabilityID OPTIONAL
}
Handler for creating a vector S/MIME Capabilities
The SmimeEncryptionKeyPreference object.
SmimeEncryptionKeyPreference ::= CHOICE {
issuerAndSerialNumber [0] IssuerAndSerialNumber,
receipentKeyId [1] RecipientKeyIdentifier,
subjectAltKeyIdentifier [2] SubjectKeyIdentifier
}
@param sKeyId the subjectKeyIdentifier value (normally the X.509 one)
elliptic curves defined in "ECC Brainpool Standard Curves and Curve Generation"
http://www.ecc-brainpool.org/download/draft_pkix_additional_ecc_dp.txt
return the X9ECParameters object for the named curve represented by
the passed in object identifier. Null if the curve isn't present.
@param oid an object identifier representing a named curve, if present.
return the object identifier signified by the passed in name. Null
if there is no object identifier associated with name.
@return the object identifier associated with name, if present.
return the named curve name represented by the given object identifier.
returns an enumeration containing the name strings for curves
contained in this structure.
Accuracy ::= SEQUENCE {
seconds INTEGER OPTIONAL,
millis [0] INTEGER (1..999) OPTIONAL,
micros [1] INTEGER (1..999) OPTIONAL
}
MessageImprint ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashedMessage OCTET STRING }
TimeStampReq ::= SEQUENCE {
version INTEGER { v1(1) },
messageImprint MessageImprint,
--a hash algorithm OID and the hash value of the data to be
--time-stamped
reqPolicy TSAPolicyId OPTIONAL,
nonce INTEGER OPTIONAL,
certReq BOOLEAN DEFAULT FALSE,
extensions [0] IMPLICIT Extensions OPTIONAL
}
TimeStampResp ::= SEQUENCE {
status PkiStatusInfo,
timeStampToken TimeStampToken OPTIONAL }
TstInfo ::= SEQUENCE {
version INTEGER { v1(1) },
policy TSAPolicyId,
messageImprint MessageImprint,
-- MUST have the same value as the similar field in
-- TimeStampReq
serialNumber INTEGER,
-- Time-Stamping users MUST be ready to accommodate integers
-- up to 160 bits.
genTime GeneralizedTime,
accuracy Accuracy OPTIONAL,
ordering BOOLEAN DEFAULT FALSE,
nonce INTEGER OPTIONAL,
-- MUST be present if the similar field was present
-- in TimeStampReq. In that case it MUST have the same value.
tsa [0] GeneralName OPTIONAL,
extensions [1] IMPLICIT Extensions OPTIONAL }
Base OID: 1.2.804.2.1.1.1
DSTU4145 Little Endian presentation. OID: 1.2.804.2.1.1.1.1.3.1.1
DSTU4145 Big Endian presentation. OID: 1.2.804.2.1.1.1.1.3.1.1.1
DSTU7564 256-bit digest presentation.
DSTU7564 384-bit digest presentation.
DSTU7564 512-bit digest presentation.
DSTU7564 256-bit mac presentation.
DSTU7564 384-bit mac presentation.
DSTU7564 512-bit mac presentation.
DSTU7624 in ECB mode with 128 bit block/key presentation
DSTU7624 in ECB mode with 256 bit block/key presentation
DSTU7624 in ECB mode with 512 bit block/key presentation
DSTU7624 in CTR mode with 128 bit block/key presentation
DSTU7624 in CTR mode with 256 bit block/key presentation
DSTU7624 in CTR mode with 512 bit block/key presentation
DSTU7624 in CFB mode with 128 bit block/key presentation
DSTU7624 in CFB mode with 256 bit block/key presentation
DSTU7624 in CFB mode with 512 bit block/key presentation
DSTU7624 in MAC mode with 128 bit block/key presentation
DSTU7624 in MAC mode with 256 bit block/key presentation
DSTU7624 in MAC mode with 512 bit block/key presentation
DSTU7624 in CBC mode with 128 bit block/key presentation
DSTU7624 in CBC mode with 256 bit block/key presentation
DSTU7624 in CBC mode with 512 bit block/key presentation
DSTU7624 in OFB mode with 128 bit block/key presentation
DSTU7624 in OFB mode with 256 bit block/key presentation
DSTU7624 in OFB mode with 512 bit block/key presentation
DSTU7624 in GMAC (GCM witout encryption) mode with 128 bit block/key presentation
DSTU7624 in GMAC (GCM witout encryption) mode with 256 bit block/key presentation
DSTU7624 in GMAC (GCM witout encryption) mode with 512 bit block/key presentation
DSTU7624 in CCM mode with 128 bit block/key presentation
DSTU7624 in CCM mode with 256 bit block/key presentation
DSTU7624 in CCM mode with 512 bit block/key presentation
DSTU7624 in XTS mode with 128 bit block/key presentation
DSTU7624 in XTS mode with 256 bit block/key presentation
DSTU7624 in XTS mode with 512 bit block/key presentation
DSTU7624 in key wrap (KW) mode with 128 bit block/key presentation
DSTU7624 in key wrap (KW) mode with 256 bit block/key presentation
DSTU7624 in key wrap (KW) mode with 512 bit block/key presentation
dump a Der object as a formatted string with indentation
@param obj the Asn1Object to be dumped out.
dump out a DER object as a formatted string, in non-verbose mode
@param obj the Asn1Encodable to be dumped out.
@return the resulting string.
Dump out the object as a string
@param obj the Asn1Encodable to be dumped out.
@param verbose if true, dump out the contents of octet and bit strings.
@return the resulting string.
Holding class for the AttributeTypeAndValue structures that make up an RDN.
AttributeTypeAndValue ::= SEQUENCE {
type OBJECT IDENTIFIER,
value ANY DEFINED BY type }
@return a basic ASN.1 object representation.
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..MAX)) }
Holding class for a single Relative Distinguished Name (RDN).
Create a single valued RDN.
@param oid RDN type.
@param value RDN value.
Create a multi-valued RDN.
@param aAndVs attribute type/value pairs making up the RDN
Return the number of AttributeTypeAndValue objects in this RDN,
@return size of RDN, greater than 1 if multi-valued.
*
* RelativeDistinguishedName ::=
* SET OF AttributeTypeAndValue
* AttributeTypeAndValue ::= SEQUENCE {
* type AttributeType,
* value AttributeValue }
*
* @return this object as its ASN1Primitive type
The AccessDescription object.
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName }
create an AccessDescription with the oid and location provided.
@return the access method.
@return the access location
Return the OID in the Algorithm entry of this identifier.
Return the parameters structure in the Parameters entry of this identifier.
Produce an object suitable for an Asn1OutputStream.
AlgorithmIdentifier ::= Sequence {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
Don't use this one if you are trying to be RFC 3281 compliant.
Use it for v1 attribute certificates only.
Our GeneralNames structure
Produce an object suitable for an Asn1OutputStream.
AttCertIssuer ::= CHOICE {
v1Form GeneralNames, -- MUST NOT be used in this
-- profile
v2Form [0] V2Form -- v2 only
}
Produce an object suitable for an Asn1OutputStream.
AttCertValidityPeriod ::= Sequence {
notBeforeTime GeneralizedTime,
notAfterTime GeneralizedTime
}
return an Attr object from the given object.
@param o the object we want converted.
@exception ArgumentException if the object cannot be converted.
Produce an object suitable for an Asn1OutputStream.
Attr ::= Sequence {
attrType OBJECT IDENTIFIER,
attrValues Set OF AttributeValue
}
@param obj
@return
Produce an object suitable for an Asn1OutputStream.
AttributeCertificate ::= Sequence {
acinfo AttributeCertificateInfo,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING
}
Produce an object suitable for an Asn1OutputStream.
AttributeCertificateInfo ::= Sequence {
version AttCertVersion -- version is v2,
holder Holder,
issuer AttCertIssuer,
signature AlgorithmIdentifier,
serialNumber CertificateSerialNumber,
attrCertValidityPeriod AttCertValidityPeriod,
attributes Sequence OF Attr,
issuerUniqueID UniqueIdentifier OPTIONAL,
extensions Extensions OPTIONAL
}
AttCertVersion ::= Integer { v2(1) }
The AuthorityInformationAccess object.
id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
AuthorityInfoAccessSyntax ::=
Sequence SIZE (1..MAX) OF AccessDescription
AccessDescription ::= Sequence {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName }
id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
create an AuthorityInformationAccess with the oid and location provided.
The AuthorityKeyIdentifier object.
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
AuthorityKeyIdentifier ::= Sequence {
keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL,
authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL,
authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL }
KeyIdentifier ::= OCTET STRING
*
* Calulates the keyidentifier using a SHA1 hash over the BIT STRING
* from SubjectPublicKeyInfo as defined in RFC2459.
*
* Example of making a AuthorityKeyIdentifier:
*
* SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
* publicKey.getEncoded()).readObject());
* AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
*
*
*
create an AuthorityKeyIdentifier with the GeneralNames tag and
the serial number provided as well.
create an AuthorityKeyIdentifier with the GeneralNames tag and
the serial number provided.
create an AuthorityKeyIdentifier with a precomputed key identifier
create an AuthorityKeyIdentifier with a precomupted key identifier
and the GeneralNames tag and the serial number provided as well.
Produce an object suitable for an Asn1OutputStream.
create a cA=true object for the given path length constraint.
@param pathLenConstraint
Produce an object suitable for an Asn1OutputStream.
BasicConstraints := Sequence {
cA Boolean DEFAULT FALSE,
pathLenConstraint Integer (0..MAX) OPTIONAL
}
PKIX RFC-2459
The X.509 v2 CRL syntax is as follows. For signature calculation,
the data that is to be signed is ASN.1 Der encoded.
CertificateList ::= Sequence {
tbsCertList TbsCertList,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
This class helps to support crossCerfificatePairs in a LDAP directory
according RFC 2587
crossCertificatePairATTRIBUTE::={
WITH SYNTAX CertificatePair
EQUALITY MATCHING RULE certificatePairExactMatch
ID joint-iso-ccitt(2) ds(5) attributeType(4) crossCertificatePair(40)}
The forward elements of the crossCertificatePair attribute of a
CA's directory entry shall be used to store all, except self-issued
certificates issued to this CA. Optionally, the reverse elements of the
crossCertificatePair attribute, of a CA's directory entry may contain a
subset of certificates issued by this CA to other CAs. When both the forward
and the reverse elements are present in a single attribute value, issuer name
in one certificate shall match the subject name in the other and vice versa,
and the subject public key in one certificate shall be capable of verifying
the digital signature on the other certificate and vice versa.
When a reverse element is present, the forward element value and the reverse
element value need not be stored in the same attribute value; in other words,
they can be stored in either a single attribute value or two attribute
values.
CertificatePair ::= SEQUENCE {
forward [0] Certificate OPTIONAL,
reverse [1] Certificate OPTIONAL,
-- at least one of the pair shall be present -- }
Constructor from Asn1Sequence.
The sequence is of type CertificatePair:
CertificatePair ::= SEQUENCE {
forward [0] Certificate OPTIONAL,
reverse [1] Certificate OPTIONAL,
-- at least one of the pair shall be present -- }
@param seq The ASN.1 sequence.
Constructor from a given details.
@param forward Certificates issued to this CA.
@param reverse Certificates issued by this CA to other CAs.
Produce an object suitable for an Asn1OutputStream.
Returns:
CertificatePair ::= SEQUENCE {
forward [0] Certificate OPTIONAL,
reverse [1] Certificate OPTIONAL,
-- at least one of the pair shall be present -- }
@return a DERObject
@return Returns the forward.
@return Returns the reverse.
Construct a CertificatePolicies object containing one PolicyInformation.
@param name the name to be contained.
Produce an object suitable for an ASN1OutputStream.
CertificatePolicies ::= SEQUENCE SIZE {1..MAX} OF PolicyInformation
CertPolicyId, used in the CertificatePolicies and PolicyMappings
X509V3 Extensions.
CertPolicyId ::= OBJECT IDENTIFIER
Return the distribution points making up the sequence.
@return DistributionPoint[]
Produce an object suitable for an Asn1OutputStream.
CrlDistPoint ::= Sequence SIZE {1..MAX} OF DistributionPoint
The CRLNumber object.
CRLNumber::= Integer(0..MAX)
The CRLReason enumeration.
CRLReason ::= Enumerated {
unspecified (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6),
removeFromCRL (8),
privilegeWithdrawn (9),
aACompromise (10)
}
The DigestInfo object.
DigestInfo::=Sequence{
digestAlgorithm AlgorithmIdentifier,
digest OCTET STRING }
DisplayText class, used in
CertificatePolicies X509 V3 extensions (in policy qualifiers).
It stores a string in a chosen encoding.
DisplayText ::= CHOICE {
ia5String IA5String (SIZE (1..200)),
visibleString VisibleString (SIZE (1..200)),
bmpString BMPString (SIZE (1..200)),
utf8String UTF8String (SIZE (1..200)) }
@see PolicyQualifierInfo
@see PolicyInformation
Constant corresponding to ia5String encoding.
Constant corresponding to bmpString encoding.
Constant corresponding to utf8String encoding.
Constant corresponding to visibleString encoding.
Describe constant DisplayTextMaximumSize here.
Creates a new DisplayText instance.
@param type the desired encoding type for the text.
@param text the text to store. Strings longer than 200
characters are truncated.
Creates a new DisplayText instance.
@param text the text to encapsulate. Strings longer than 200
characters are truncated.
Creates a new DisplayText instance.
Useful when reading back a DisplayText class
from it's Asn1Encodable form.
@param contents an Asn1Encodable instance.
Returns the stored string object.
@return the stored text as a string.
The DistributionPoint object.
DistributionPoint ::= Sequence {
distributionPoint [0] DistributionPointName OPTIONAL,
reasons [1] ReasonFlags OPTIONAL,
cRLIssuer [2] GeneralNames OPTIONAL
}
The DistributionPointName object.
DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RDN
}
The extendedKeyUsage object.
extendedKeyUsage ::= Sequence SIZE (1..MAX) OF KeyPurposeId
Returns all extended key usages.
The returned ArrayList contains DerObjectIdentifier instances.
@return An ArrayList with all key purposes.
The GeneralName object.
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER}
OtherName ::= Sequence {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
EDIPartyName ::= Sequence {
nameAssigner [0] DirectoryString OPTIONAL,
partyName [1] DirectoryString }
When the subjectAltName extension contains an Internet mail address,
the address MUST be included as an rfc822Name. The format of an
rfc822Name is an "addr-spec" as defined in RFC 822 [RFC 822].
When the subjectAltName extension contains a domain name service
label, the domain name MUST be stored in the dNSName (an IA5String).
The name MUST be in the "preferred name syntax," as specified by RFC
1034 [RFC 1034].
When the subjectAltName extension contains a URI, the name MUST be
stored in the uniformResourceIdentifier (an IA5String). The name MUST
be a non-relative URL, and MUST follow the URL syntax and encoding
rules specified in [RFC 1738]. The name must include both a scheme
(e.g., "http" or "ftp") and a scheme-specific-part. The scheme-
specific-part must include a fully qualified domain name or IP
address as the host.
When the subjectAltName extension contains a iPAddress, the address
MUST be stored in the octet string in "network byte order," as
specified in RFC 791 [RFC 791]. The least significant bit (LSB) of
each octet is the LSB of the corresponding byte in the network
address. For IP Version 4, as specified in RFC 791, the octet string
MUST contain exactly four octets. For IP Version 6, as specified in
RFC 1883, the octet string MUST contain exactly sixteen octets [RFC
1883].
Create a GeneralName for the given tag from the passed in string.
This constructor can handle:
- rfc822Name
- iPAddress
- directoryName
- dNSName
- uniformResourceIdentifier
- registeredID
For x400Address, otherName and ediPartyName there is no common string
format defined.
Note: A directory name can be encoded in different ways into a byte
representation. Be aware of this if the byte representation is used for
comparing results.
@param tag tag number
@param name string representation of name
@throws ArgumentException if the string encoding is not correct or
not supported.
Construct a GeneralNames object containing one GeneralName.
The name to be contained.
Produce an object suitable for an Asn1OutputStream.
GeneralNames ::= Sequence SIZE {1..MAX} OF GeneralName
Class for containing a restriction object subtrees in NameConstraints. See
RFC 3280.
GeneralSubtree ::= SEQUENCE
{
baseName GeneralName,
minimum [0] BaseDistance DEFAULT 0,
maximum [1] BaseDistance OPTIONAL
}
@see org.bouncycastle.asn1.x509.NameConstraints
Constructor from a given details.
According RFC 3280, the minimum and maximum fields are not used with any
name forms, thus minimum MUST be zero, and maximum MUST be absent.
If minimum is null, zero is assumed, if
maximum is null, maximum is absent.
@param baseName
A restriction.
@param minimum
Minimum
@param maximum
Maximum
Produce an object suitable for an Asn1OutputStream.
Returns:
GeneralSubtree ::= SEQUENCE
{
baseName GeneralName,
minimum [0] BaseDistance DEFAULT 0,
maximum [1] BaseDistance OPTIONAL
}
@return a DERObject
The Holder object.
For an v2 attribute certificate this is:
Holder ::= SEQUENCE {
baseCertificateID [0] IssuerSerial OPTIONAL,
-- the issuer and serial number of
-- the holder's Public Key Certificate
entityName [1] GeneralNames OPTIONAL,
-- the name of the claimant or role
objectDigestInfo [2] ObjectDigestInfo OPTIONAL
-- used to directly authenticate the holder,
-- for example, an executable
}
For an v1 attribute certificate this is:
subject CHOICE {
baseCertificateID [0] EXPLICIT IssuerSerial,
-- associated with a Public Key Certificate
subjectName [1] EXPLICIT GeneralNames },
-- associated with a name
Constructor for a holder for an v1 attribute certificate.
@param tagObj The ASN.1 tagged holder object.
Constructor for a holder for an v2 attribute certificate. *
@param seq The ASN.1 sequence.
Constructs a holder from a IssuerSerial.
@param baseCertificateID The IssuerSerial.
@param version The version of the attribute certificate.
Returns 1 for v2 attribute certificates or 0 for v1 attribute
certificates.
@return The version of the attribute certificate.
Constructs a holder with an entityName for v2 attribute certificates or
with a subjectName for v1 attribute certificates.
@param entityName The entity or subject name.
Constructs a holder with an entityName for v2 attribute certificates or
with a subjectName for v1 attribute certificates.
@param entityName The entity or subject name.
@param version The version of the attribute certificate.
Constructs a holder from an object digest info.
@param objectDigestInfo The object digest info object.
Returns the entityName for an v2 attribute certificate or the subjectName
for an v1 attribute certificate.
@return The entityname or subjectname.
The Holder object.
Holder ::= Sequence {
baseCertificateID [0] IssuerSerial OPTIONAL,
-- the issuer and serial number of
-- the holder's Public Key Certificate
entityName [1] GeneralNames OPTIONAL,
-- the name of the claimant or role
objectDigestInfo [2] ObjectDigestInfo OPTIONAL
-- used to directly authenticate the holder,
-- for example, an executable
}
Implementation of IetfAttrSyntax as specified by RFC3281.
IetfAttrSyntax ::= Sequence {
policyAuthority [0] GeneralNames OPTIONAL,
values Sequence OF CHOICE {
octets OCTET STRING,
oid OBJECT IDENTIFIER,
string UTF8String
}
}
Produce an object suitable for an Asn1OutputStream.
IssuerSerial ::= Sequence {
issuer GeneralNames,
serial CertificateSerialNumber,
issuerUid UniqueIdentifier OPTIONAL
}
IssuingDistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
onlySomeReasons [3] ReasonFlags OPTIONAL,
indirectCRL [4] BOOLEAN DEFAULT FALSE,
onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
Constructor from given details.
@param distributionPoint
May contain an URI as pointer to most current CRL.
@param onlyContainsUserCerts Covers revocation information for end certificates.
@param onlyContainsCACerts Covers revocation information for CA certificates.
@param onlySomeReasons
Which revocation reasons does this point cover.
@param indirectCRL
If true then the CRL contains revocation
information about certificates ssued by other CAs.
@param onlyContainsAttributeCerts Covers revocation information for attribute certificates.
Constructor from Asn1Sequence
@return Returns the distributionPoint.
@return Returns the onlySomeReasons.
The KeyPurposeID object.
KeyPurposeID ::= OBJECT IDENTIFIER
The KeyUsage object.
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
Basic constructor.
@param usage - the bitwise OR of the Key Usage flags giving the
allowed uses for the key.
e.g. (KeyUsage.keyEncipherment | KeyUsage.dataEncipherment)
Constructor from a given details.
permitted and excluded are Vectors of GeneralSubtree objects.
@param permitted Permitted subtrees
@param excluded Excluded subtrees
NoticeReference class, used in
CertificatePolicies X509 V3 extensions
(in policy qualifiers).
NoticeReference ::= Sequence {
organization DisplayText,
noticeNumbers Sequence OF Integer }
@see PolicyQualifierInfo
@see PolicyInformation
Creates a new NoticeReference instance.
@param organization a String value
@param numbers a Vector value
Creates a new NoticeReference instance.
@param organization a String value
@param noticeNumbers an ASN1EncodableVector value
Creates a new NoticeReference instance.
@param organization displayText
@param noticeNumbers an ASN1EncodableVector value
Creates a new NoticeReference instance.
Useful for reconstructing a NoticeReference
instance from its encodable/encoded form.
@param as an Asn1Sequence value obtained from either
calling @{link ToAsn1Object()} for a NoticeReference
instance or from parsing it from a Der-encoded stream.
Describe ToAsn1Object method here.
@return a Asn1Object value
ObjectDigestInfo ASN.1 structure used in v2 attribute certificates.
ObjectDigestInfo ::= SEQUENCE {
digestedObjectType ENUMERATED {
publicKey (0),
publicKeyCert (1),
otherObjectTypes (2) },
-- otherObjectTypes MUST NOT
-- be used in this profile
otherObjectTypeID OBJECT IDENTIFIER OPTIONAL,
digestAlgorithm AlgorithmIdentifier,
objectDigest BIT STRING
}
The public key is hashed.
The public key certificate is hashed.
An other object is hashed.
Constructor from given details.
If digestedObjectType is not {@link #publicKeyCert} or
{@link #publicKey} otherObjectTypeID must be given,
otherwise it is ignored.
@param digestedObjectType The digest object type.
@param otherObjectTypeID The object type ID for
otherObjectDigest.
@param digestAlgorithm The algorithm identifier for the hash.
@param objectDigest The hash value.
Produce an object suitable for an Asn1OutputStream.
ObjectDigestInfo ::= SEQUENCE {
digestedObjectType ENUMERATED {
publicKey (0),
publicKeyCert (1),
otherObjectTypes (2) },
-- otherObjectTypes MUST NOT
-- be used in this profile
otherObjectTypeID OBJECT IDENTIFIER OPTIONAL,
digestAlgorithm AlgorithmIdentifier,
objectDigest BIT STRING
}
The OtherName object.
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
OtherName factory method.
@param obj the object used to construct an instance of
OtherName. It must be an instance of OtherName
or ASN1Sequence.
@return the instance of OtherName built from the
supplied object.
@throws java.lang.IllegalArgumentException if the object passed
to the factory is not an instance of OtherName or something that
can be converted into an appropriate ASN1Sequence.
Base constructor.
@param typeID the type of the other name.
@param value the ANY object that represents the value.
PolicyMappings V3 extension, described in RFC3280.
PolicyMappings ::= Sequence SIZE (1..MAX) OF Sequence {
issuerDomainPolicy CertPolicyId,
subjectDomainPolicy CertPolicyId }
@see RFC 3280, section 4.2.1.6
Creates a new PolicyMappings instance.
@param seq an Asn1Sequence constructed as specified
in RFC 3280
Creates a new PolicyMappings instance.
@param mappings a HashMap value that maps
string oids
to other string oids.
PolicyQualifierId, used in the CertificatePolicies
X509V3 extension.
id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
PolicyQualifierId ::=
OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
Policy qualifiers, used in the X509V3 CertificatePolicies
extension.
PolicyQualifierInfo ::= Sequence {
policyQualifierId PolicyQualifierId,
qualifier ANY DEFINED BY policyQualifierId }
Creates a new PolicyQualifierInfo instance.
@param policyQualifierId a PolicyQualifierId value
@param qualifier the qualifier, defined by the above field.
Creates a new PolicyQualifierInfo containing a
cPSuri qualifier.
@param cps the CPS (certification practice statement) uri as a
string.
Creates a new PolicyQualifierInfo instance.
@param as PolicyQualifierInfo X509 structure
encoded as an Asn1Sequence.
Returns a Der-encodable representation of this instance.
@return a Asn1Object value
PrivateKeyUsagePeriod ::= SEQUENCE
{
notBefore [0] GeneralizedTime OPTIONAL,
notAfter [1] GeneralizedTime OPTIONAL }
The BiometricData object.
BiometricData ::= SEQUENCE {
typeOfBiometricData TypeOfBiometricData,
hashAlgorithm AlgorithmIdentifier,
biometricDataHash OCTET STRING,
sourceDataUri IA5String OPTIONAL }
The Iso4217CurrencyCode object.
Iso4217CurrencyCode ::= CHOICE {
alphabetic PrintableString (SIZE 3), --Recommended
numeric INTEGER (1..999) }
-- Alphabetic or numeric currency code as defined in ISO 4217
-- It is recommended that the Alphabetic form is used
The MonetaryValue object.
MonetaryValue ::= SEQUENCE {
currency Iso4217CurrencyCode,
amount INTEGER,
exponent INTEGER }
-- value = amount * 10^exponent
The QCStatement object.
QCStatement ::= SEQUENCE {
statementId OBJECT IDENTIFIER,
statementInfo ANY DEFINED BY statementId OPTIONAL}
The SemanticsInformation object.
SemanticsInformation ::= SEQUENCE {
semanticsIdentifier OBJECT IDENTIFIER OPTIONAL,
nameRegistrationAuthorities NameRegistrationAuthorities
OPTIONAL }
(WITH COMPONENTS {..., semanticsIdentifier PRESENT}|
WITH COMPONENTS {..., nameRegistrationAuthorities PRESENT})
NameRegistrationAuthorities ::= SEQUENCE SIZE (1..MAX) OF
GeneralName
The TypeOfBiometricData object.
TypeOfBiometricData ::= CHOICE {
predefinedBiometricType PredefinedBiometricType,
biometricDataOid OBJECT IDENTIFIER }
PredefinedBiometricType ::= INTEGER {
picture(0),handwritten-signature(1)}
(picture|handwritten-signature)
The ReasonFlags object.
ReasonFlags ::= BIT STRING {
unused(0),
keyCompromise(1),
cACompromise(2),
affiliationChanged(3),
superseded(4),
cessationOfOperation(5),
certficateHold(6)
}
@param reasons - the bitwise OR of the Key Reason flags giving the
allowed uses for the key.
Implementation of the RoleSyntax object as specified by the RFC3281.
RoleSyntax ::= SEQUENCE {
roleAuthority [0] GeneralNames OPTIONAL,
roleName [1] GeneralName
}
RoleSyntax factory method.
@param obj the object used to construct an instance of
RoleSyntax. It must be an instance of RoleSyntax
or Asn1Sequence.
@return the instance of RoleSyntax built from the
supplied object.
@throws java.lang.ArgumentException if the object passed
to the factory is not an instance of RoleSyntax or
Asn1Sequence.
Constructor.
@param roleAuthority the role authority of this RoleSyntax.
@param roleName the role name of this RoleSyntax.
Constructor. Invoking this constructor is the same as invoking
new RoleSyntax(null, roleName).
@param roleName the role name of this RoleSyntax.
Utility constructor. Takes a string argument representing
the role name, builds a GeneralName to hold the role name
and calls the constructor that takes a GeneralName.
@param roleName
Constructor that builds an instance of RoleSyntax by
extracting the encoded elements from the Asn1Sequence
object supplied.
@param seq an instance of Asn1Sequence that holds
the encoded elements used to build this RoleSyntax.
Gets the role authority of this RoleSyntax.
@return an instance of GeneralNames holding the
role authority of this RoleSyntax.
Gets the role name of this RoleSyntax.
@return an instance of GeneralName holding the
role name of this RoleSyntax.
Gets the role name as a java.lang.string object.
@return the role name of this RoleSyntax represented as a
string object.
Gets the role authority as a string[] object.
@return the role authority of this RoleSyntax represented as a
string[] array.
Implementation of the method ToAsn1Object as
required by the superclass ASN1Encodable.
RoleSyntax ::= SEQUENCE {
roleAuthority [0] GeneralNames OPTIONAL,
roleName [1] GeneralName
}
This outputs the key in Pkcs1v2 format.
RSAPublicKey ::= Sequence {
modulus Integer, -- n
publicExponent Integer, -- e
}
Structure for a name or pseudonym.
NameOrPseudonym ::= CHOICE {
surAndGivenName SEQUENCE {
surName DirectoryString,
givenName SEQUENCE OF DirectoryString
},
pseudonym DirectoryString
}
@see org.bouncycastle.asn1.x509.sigi.PersonalData
Constructor from DERString.
The sequence is of type NameOrPseudonym:
NameOrPseudonym ::= CHOICE {
surAndGivenName SEQUENCE {
surName DirectoryString,
givenName SEQUENCE OF DirectoryString
},
pseudonym DirectoryString
}
@param pseudonym pseudonym value to use.
Constructor from Asn1Sequence.
The sequence is of type NameOrPseudonym:
NameOrPseudonym ::= CHOICE {
surAndGivenName SEQUENCE {
surName DirectoryString,
givenName SEQUENCE OF DirectoryString
},
pseudonym DirectoryString
}
@param seq The ASN.1 sequence.
Constructor from a given details.
@param pseudonym The pseudonym.
Constructor from a given details.
@param surname The surname.
@param givenName A sequence of directory strings making up the givenName
Produce an object suitable for an Asn1OutputStream.
Returns:
NameOrPseudonym ::= CHOICE {
surAndGivenName SEQUENCE {
surName DirectoryString,
givenName SEQUENCE OF DirectoryString
},
pseudonym DirectoryString
}
@return an Asn1Object
Contains personal data for the otherName field in the subjectAltNames
extension.
PersonalData ::= SEQUENCE {
nameOrPseudonym NameOrPseudonym,
nameDistinguisher [0] INTEGER OPTIONAL,
dateOfBirth [1] GeneralizedTime OPTIONAL,
placeOfBirth [2] DirectoryString OPTIONAL,
gender [3] PrintableString OPTIONAL,
postalAddress [4] DirectoryString OPTIONAL
}
@see org.bouncycastle.asn1.x509.sigi.NameOrPseudonym
@see org.bouncycastle.asn1.x509.sigi.SigIObjectIdentifiers
Constructor from Asn1Sequence.
The sequence is of type NameOrPseudonym:
PersonalData ::= SEQUENCE {
nameOrPseudonym NameOrPseudonym,
nameDistinguisher [0] INTEGER OPTIONAL,
dateOfBirth [1] GeneralizedTime OPTIONAL,
placeOfBirth [2] DirectoryString OPTIONAL,
gender [3] PrintableString OPTIONAL,
postalAddress [4] DirectoryString OPTIONAL
}
@param seq The ASN.1 sequence.
Constructor from a given details.
@param nameOrPseudonym Name or pseudonym.
@param nameDistinguisher Name distinguisher.
@param dateOfBirth Date of birth.
@param placeOfBirth Place of birth.
@param gender Gender.
@param postalAddress Postal Address.
Produce an object suitable for an Asn1OutputStream.
Returns:
PersonalData ::= SEQUENCE {
nameOrPseudonym NameOrPseudonym,
nameDistinguisher [0] INTEGER OPTIONAL,
dateOfBirth [1] GeneralizedTime OPTIONAL,
placeOfBirth [2] DirectoryString OPTIONAL,
gender [3] PrintableString OPTIONAL,
postalAddress [4] DirectoryString OPTIONAL
}
@return an Asn1Object
Object Identifiers of SigI specifciation (German Signature Law
Interoperability specification).
Key purpose IDs for German SigI (Signature Interoperability
Specification)
Certificate policy IDs for German SigI (Signature Interoperability
Specification)
Other Name IDs for German SigI (Signature Interoperability Specification)
To be used for for the generation of directory service certificates.
ID for PersonalData
Certificate is conform to german signature law.
This extension may contain further X.500 attributes of the subject. See also
RFC 3039.
SubjectDirectoryAttributes ::= Attributes
Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
Attribute ::= SEQUENCE
{
type AttributeType
values SET OF AttributeValue
}
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
@see org.bouncycastle.asn1.x509.X509Name for AttributeType ObjectIdentifiers.
Constructor from Asn1Sequence.
The sequence is of type SubjectDirectoryAttributes:
SubjectDirectoryAttributes ::= Attributes
Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
Attribute ::= SEQUENCE
{
type AttributeType
values SET OF AttributeValue
}
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
@param seq
The ASN.1 sequence.
Constructor from an ArrayList of attributes.
The ArrayList consists of attributes of type {@link Attribute Attribute}
@param attributes The attributes.
Produce an object suitable for an Asn1OutputStream.
Returns:
SubjectDirectoryAttributes ::= Attributes
Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
Attribute ::= SEQUENCE
{
type AttributeType
values SET OF AttributeValue
}
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
@return a DERObject
@return Returns the attributes.
The SubjectKeyIdentifier object.
SubjectKeyIdentifier::= OCTET STRING
Calculates the keyIdentifier using a SHA1 hash over the BIT STRING
from SubjectPublicKeyInfo as defined in RFC3280.
@param spki the subject public key info.
Return a RFC 3280 type 1 key identifier. As in:
(1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
value of the BIT STRING subjectPublicKey (excluding the tag,
length, and number of unused bits).
@param keyInfo the key info object containing the subjectPublicKey field.
@return the key identifier.
Return a RFC 3280 type 2 key identifier. As in:
(2) The keyIdentifier is composed of a four bit type field with
the value 0100 followed by the least significant 60 bits of the
SHA-1 hash of the value of the BIT STRING subjectPublicKey.
@param keyInfo the key info object containing the subjectPublicKey field.
@return the key identifier.
The object that contains the public key stored in a certficate.
The GetEncoded() method in the public keys in the JCE produces a DER
encoded one of these.
for when the public key is an encoded object - if the bitstring
can't be decoded this routine raises an IOException.
@exception IOException - if the bit string doesn't represent a Der
encoded object.
for when the public key is an encoded object - if the bitstring
can't be decoded this routine raises an IOException.
@exception IOException - if the bit string doesn't represent a Der
encoded object.
for when the public key is raw bits...
Produce an object suitable for an Asn1OutputStream.
SubjectPublicKeyInfo ::= Sequence {
algorithm AlgorithmIdentifier,
publicKey BIT STRING }
Target structure used in target information extension for attribute
certificates from RFC 3281.
Target ::= CHOICE {
targetName [0] GeneralName,
targetGroup [1] GeneralName,
targetCert [2] TargetCert
}
The targetCert field is currently not supported and must not be used
according to RFC 3281.
Creates an instance of a Target from the given object.
obj can be a Target or a {@link Asn1TaggedObject}
@param obj The object.
@return A Target instance.
@throws ArgumentException if the given object cannot be
interpreted as Target.
Constructor from Asn1TaggedObject.
@param tagObj The tagged object.
@throws ArgumentException if the encoding is wrong.
Constructor from given details.
Exactly one of the parameters must be not null.
@param type the choice type to apply to the name.
@param name the general name.
@throws ArgumentException if type is invalid.
@return Returns the targetGroup.
@return Returns the targetName.
Produce an object suitable for an Asn1OutputStream.
Returns:
Target ::= CHOICE {
targetName [0] GeneralName,
targetGroup [1] GeneralName,
targetCert [2] TargetCert
}
@return an Asn1Object
Target information extension for attributes certificates according to RFC
3281.
SEQUENCE OF Targets
Creates an instance of a TargetInformation from the given object.
obj can be a TargetInformation or a {@link Asn1Sequence}
@param obj The object.
@return A TargetInformation instance.
@throws ArgumentException if the given object cannot be interpreted as TargetInformation.
Constructor from a Asn1Sequence.
@param seq The Asn1Sequence.
@throws ArgumentException if the sequence does not contain
correctly encoded Targets elements.
Returns the targets in this target information extension.
The ArrayList is cloned before it is returned.
@return Returns the targets.
Constructs a target information from a single targets element.
According to RFC 3281 only one targets element must be produced.
@param targets A Targets instance.
According to RFC 3281 only one targets element must be produced. If
multiple targets are given they must be merged in
into one targets element.
@param targets An array with {@link Targets}.
Produce an object suitable for an Asn1OutputStream.
Returns:
SEQUENCE OF Targets
According to RFC 3281 only one targets element must be produced. If
multiple targets are given in the constructor they are merged into one
targets element. If this was produced from a
{@link Org.BouncyCastle.Asn1.Asn1Sequence} the encoding is kept.
@return an Asn1Object
Targets structure used in target information extension for attribute
certificates from RFC 3281.
Targets ::= SEQUENCE OF Target
Target ::= CHOICE {
targetName [0] GeneralName,
targetGroup [1] GeneralName,
targetCert [2] TargetCert
}
TargetCert ::= SEQUENCE {
targetCertificate IssuerSerial,
targetName GeneralName OPTIONAL,
certDigestInfo ObjectDigestInfo OPTIONAL
}
@see org.bouncycastle.asn1.x509.Target
@see org.bouncycastle.asn1.x509.TargetInformation
Creates an instance of a Targets from the given object.
obj can be a Targets or a {@link Asn1Sequence}
@param obj The object.
@return A Targets instance.
@throws ArgumentException if the given object cannot be interpreted as Target.
Constructor from Asn1Sequence.
@param targets The ASN.1 SEQUENCE.
@throws ArgumentException if the contents of the sequence are
invalid.
Constructor from given targets.
The ArrayList is copied.
@param targets An ArrayList of {@link Target}s.
@see Target
@throws ArgumentException if the ArrayList contains not only Targets.
Returns the targets in an ArrayList.
The ArrayList is cloned before it is returned.
@return Returns the targets.
Produce an object suitable for an Asn1OutputStream.
Returns:
Targets ::= SEQUENCE OF Target
@return an Asn1Object
The TbsCertificate object.
TbsCertificate ::= Sequence {
version [ 0 ] Version DEFAULT v1(0),
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL,
subjectUniqueID [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL,
extensions [ 3 ] Extensions OPTIONAL
}
Note: issuerUniqueID and subjectUniqueID are both deprecated by the IETF. This class
will parse them, but you really shouldn't be creating new ones.
PKIX RFC-2459 - TbsCertList object.
TbsCertList ::= Sequence {
version Version OPTIONAL,
-- if present, shall be v2
signature AlgorithmIdentifier,
issuer Name,
thisUpdate Time,
nextUpdate Time OPTIONAL,
revokedCertificates Sequence OF Sequence {
userCertificate CertificateSerialNumber,
revocationDate Time,
crlEntryExtensions Extensions OPTIONAL
-- if present, shall be v2
} OPTIONAL,
crlExtensions [0] EXPLICIT Extensions OPTIONAL
-- if present, shall be v2
}
creates a time object from a given date - if the date is between 1950
and 2049 a UTCTime object is Generated, otherwise a GeneralizedTime
is used.
Return our time as DateTime.
A date time.
Produce an object suitable for an Asn1OutputStream.
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
UserNotice class, used in
CertificatePolicies X509 extensions (in policy
qualifiers).
UserNotice ::= Sequence {
noticeRef NoticeReference OPTIONAL,
explicitText DisplayText OPTIONAL}
@see PolicyQualifierId
@see PolicyInformation
Creates a new UserNotice instance.
@param noticeRef a NoticeReference value
@param explicitText a DisplayText value
Creates a new UserNotice instance.
@param noticeRef a NoticeReference value
@param str the explicitText field as a string.
Creates a new UserNotice instance.
Useful from reconstructing a UserNotice instance
from its encodable/encoded form.
@param as an ASN1Sequence value obtained from either
calling @{link toASN1Object()} for a UserNotice
instance or from parsing it from a DER-encoded stream.
Generator for Version 1 TbsCertificateStructures.
TbsCertificate ::= Sequence {
version [ 0 ] Version DEFAULT v1(0),
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
}
Generator for Version 2 AttributeCertificateInfo
AttributeCertificateInfo ::= Sequence {
version AttCertVersion -- version is v2,
holder Holder,
issuer AttCertIssuer,
signature AlgorithmIdentifier,
serialNumber CertificateSerialNumber,
attrCertValidityPeriod AttCertValidityPeriod,
attributes Sequence OF Attr,
issuerUniqueID UniqueIdentifier OPTIONAL,
extensions Extensions OPTIONAL
}
@param attribute
Produce an object suitable for an Asn1OutputStream.
V2Form ::= Sequence {
issuerName GeneralNames OPTIONAL,
baseCertificateID [0] IssuerSerial OPTIONAL,
objectDigestInfo [1] ObjectDigestInfo OPTIONAL
-- issuerName MUST be present in this profile
-- baseCertificateID and objectDigestInfo MUST NOT
-- be present in this profile
}
Generator for Version 2 TbsCertList structures.
TbsCertList ::= Sequence {
version Version OPTIONAL,
-- if present, shall be v2
signature AlgorithmIdentifier,
issuer Name,
thisUpdate Time,
nextUpdate Time OPTIONAL,
revokedCertificates Sequence OF Sequence {
userCertificate CertificateSerialNumber,
revocationDate Time,
crlEntryExtensions Extensions OPTIONAL
-- if present, shall be v2
} OPTIONAL,
crlExtensions [0] EXPLICIT Extensions OPTIONAL
-- if present, shall be v2
}
Note: This class may be subject to change
Generator for Version 3 TbsCertificateStructures.
TbsCertificate ::= Sequence {
version [ 0 ] Version DEFAULT v1(0),
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL,
subjectUniqueID [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL,
extensions [ 3 ] Extensions OPTIONAL
}
an X509Certificate structure.
Certificate ::= Sequence {
tbsCertificate TbsCertificate,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}
The default converter for X509 DN entries when going from their
string value to ASN.1 strings.
Apply default conversion for the given value depending on the oid
and the character range of the value.
@param oid the object identifier for the DN entry
@param value the value associated with it
@return the ASN.1 equivalent for the string value.
an object for the elements in the X.509 V3 extension block.
Convert the value of the passed in extension to an object.
The extension to parse.
The object the value string contains.
If conversion is not possible.
Subject Directory Attributes
Subject Key Identifier
Key Usage
Private Key Usage Period
Subject Alternative Name
Issuer Alternative Name
Basic Constraints
CRL Number
Reason code
Hold Instruction Code
Invalidity Date
Delta CRL indicator
Issuing Distribution Point
Certificate Issuer
Name Constraints
CRL Distribution Points
Certificate Policies
Policy Mappings
Authority Key Identifier
Policy Constraints
Extended Key Usage
Freshest CRL
Inhibit Any Policy
Authority Info Access
Subject Info Access
Logo Type
BiometricInfo
QCStatements
Audit identity extension in attribute certificates.
NoRevAvail extension in attribute certificates.
TargetInformation extension in attribute certificates.
Expired Certificates on CRL extension
Constructor from Asn1Sequence.
the extensions are a list of constructed sequences, either with (Oid, OctetString) or (Oid, Boolean, OctetString)
constructor from a table of extensions.
it's is assumed the table contains Oid/string pairs.
Constructor from a table of extensions with ordering.
It's is assumed the table contains Oid/string pairs.
Constructor from two vectors
@param objectIDs an ArrayList of the object identifiers.
@param values an ArrayList of the extension values.
constructor from a table of extensions.
it's is assumed the table contains Oid/string pairs.
Constructor from a table of extensions with ordering.
It's is assumed the table contains Oid/string pairs.
Constructor from two vectors
@param objectIDs an ArrayList of the object identifiers.
@param values an ArrayList of the extension values.
return an Enumeration of the extension field's object ids.
return the extension represented by the object identifier
passed in.
@return the extension if it's present, null otherwise.
return the parsed value of the extension represented by the object identifier
passed in.
@return the parsed value of the extension if it's present, null otherwise.
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnId EXTENSION.&id ({ExtensionSet}),
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
Generator for X.509 extensions
Reset the generator
Add an extension with the given oid and the passed in value to be included
in the OCTET STRING associated with the extension.
OID for the extension.
True if critical, false otherwise.
The ASN.1 object to be included in the extension.
Add an extension with the given oid and the passed in byte array to be wrapped
in the OCTET STRING associated with the extension.
OID for the extension.
True if critical, false otherwise.
The byte array to be wrapped.
Return true if there are no extension present in this generator.
True if empty, false otherwise
Generate an X509Extensions object based on the current state of the generator.
An X509Extensions object
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type OBJECT IDENTIFIER,
value ANY }
country code - StringType(SIZE(2))
organization - StringType(SIZE(1..64))
organizational unit name - StringType(SIZE(1..64))
Title
common name - StringType(SIZE(1..64))
street - StringType(SIZE(1..64))
device serial number name - StringType(SIZE(1..64))
locality name - StringType(SIZE(1..64))
state, or province name - StringType(SIZE(1..64))
Naming attributes of type X520name
businessCategory - DirectoryString(SIZE(1..128)
postalCode - DirectoryString(SIZE(1..40)
dnQualifier - DirectoryString(SIZE(1..64)
RFC 3039 Pseudonym - DirectoryString(SIZE(1..64)
RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z
RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128)
RFC 3039 DateOfBirth - PrintableString (SIZE(1)) -- "M", "F", "m" or "f"
RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166
codes only
RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166
codes only
ISIS-MTT NameAtBirth - DirectoryString(SIZE(1..64)
RFC 3039 PostalAddress - SEQUENCE SIZE (1..6) OF
DirectoryString(SIZE(1..30))
RFC 2256 dmdName
id-at-telephoneNumber
id-at-organizationIdentifier
id-at-name
Email address (RSA PKCS#9 extension) - IA5String.
Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here.
more from PKCS#9
email address in Verisign certificates
LDAP User id.
determines whether or not strings should be processed and printed
from back to front.
default look up table translating OID values into their common symbols following
the convention in RFC 2253 with a few extras
look up table translating OID values into their common symbols following the convention in RFC 2253
look up table translating OID values into their common symbols following the convention in RFC 1779
look up table translating common symbols into their OIDS.
Return a X509Name based on the passed in tagged object.
@param obj tag object holding name.
@param explicitly true if explicitly tagged false otherwise.
@return the X509Name
Constructor from Asn1Sequence
the principal will be a list of constructed sets, each containing an (OID, string) pair.
Constructor from a table of attributes with ordering.
it's is assumed the table contains OID/string pairs, and the contents
of the table are copied into an internal table as part of the
construction process. The ordering ArrayList should contain the OIDs
in the order they are meant to be encoded or printed in ToString.
Constructor from a table of attributes with ordering.
it's is assumed the table contains OID/string pairs, and the contents
of the table are copied into an internal table as part of the
construction process. The ordering ArrayList should contain the OIDs
in the order they are meant to be encoded or printed in ToString.
The passed in converter will be used to convert the strings into their
ASN.1 counterparts.
Takes two vectors one of the oids and the other of the values.
Takes two vectors one of the oids and the other of the values.
The passed in converter will be used to convert the strings into their
ASN.1 counterparts.
Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
some such, converting it into an ordered set of name attributes.
Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
some such, converting it into an ordered set of name attributes with each
string value being converted to its associated ASN.1 type using the passed
in converter.
Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
some such, converting it into an ordered set of name attributes. If reverse
is true, create the encoded version of the sequence starting from the
last element in the string.
Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
some such, converting it into an ordered set of name attributes with each
string value being converted to its associated ASN.1 type using the passed
in converter. If reverse is true the ASN.1 sequence representing the DN will
be built by starting at the end of the string, rather than the start.
Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
some such, converting it into an ordered set of name attributes. lookUp
should provide a table of lookups, indexed by lowercase only strings and
yielding a DerObjectIdentifier, other than that OID. and numeric oids
will be processed automatically.
If reverse is true, create the encoded version of the sequence
starting from the last element in the string.
@param reverse true if we should start scanning from the end (RFC 2553).
@param lookUp table of names and their oids.
@param dirName the X.500 string to be parsed.
Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or
some such, converting it into an ordered set of name attributes. lookUp
should provide a table of lookups, indexed by lowercase only strings and
yielding a DerObjectIdentifier, other than that OID. and numeric oids
will be processed automatically. The passed in converter is used to convert the
string values to the right of each equals sign to their ASN.1 counterparts.
@param reverse true if we should start scanning from the end, false otherwise.
@param lookUp table of names and oids.
@param dirName the string dirName
@param converter the converter to convert string values into their ASN.1 equivalents
return an IList of the oids in the name, in the order they were found.
return an IList of the values found in the name, in the order they
were found.
return an IList of the values found in the name, in the order they
were found, with the DN label corresponding to passed in oid.
The X509Name object to test equivalency against.
If true, the order of elements must be the same,
as well as the values associated with each element.
test for equivalence - note: case is ignored.
convert the structure to a string - if reverse is true the
oids and values are listed out starting with the last element
in the sequence (ala RFC 2253), otherwise the string will begin
with the first element of the structure. If no string definition
for the oid is found in oidSymbols the string value of the oid is
added. Two standard symbol tables are provided DefaultSymbols, and
RFC2253Symbols as part of this class.
@param reverse if true start at the end of the sequence and work back.
@param oidSymbols look up table strings for oids.
* It turns out that the number of standard ways the fields in a DN should be
* encoded into their ASN.1 counterparts is rapidly approaching the
* number of machines on the internet. By default the X509Name class
* will produce UTF8Strings in line with the current recommendations (RFC 3280).
*
* An example of an encoder look like below:
*
* public class X509DirEntryConverter
* : X509NameEntryConverter
* {
* public Asn1Object GetConvertedValue(
* DerObjectIdentifier oid,
* string value)
* {
* if (str.Length() != 0 && str.charAt(0) == '#')
* {
* return ConvertHexEncoded(str, 1);
* }
* if (oid.Equals(EmailAddress))
* {
* return new DerIA5String(str);
* }
* else if (CanBePrintable(str))
* {
* return new DerPrintableString(str);
* }
* else if (CanBeUTF8(str))
* {
* return new DerUtf8String(str);
* }
* else
* {
* return new DerBmpString(str);
* }
* }
* }
*
*
Convert an inline encoded hex string rendition of an ASN.1
object back into its corresponding ASN.1 object.
@param str the hex encoded object
@param off the index at which the encoding starts
@return the decoded object
return true if the passed in string can be represented without
loss as a PrintableString, false otherwise.
Convert the passed in string value into the appropriate ASN.1
encoded object.
@param oid the oid associated with the value in the DN.
@param value the value of the particular DN component.
@return the ASN.1 equivalent for the value.
class for breaking up an X500 Name into it's component tokens, ala
java.util.StringTokenizer. We need this class as some of the
lightweight Java environment don't support classes like
StringTokenizer.
A general class that reads all X9.62 style EC curve tables.
return a X9ECParameters object representing the passed in named
curve. The routine returns null if the curve is not present.
@param name the name of the curve requested
@return an X9ECParameters object or null if the curve is not available.
return the object identifier signified by the passed in name. Null
if there is no object identifier associated with name.
@return the object identifier associated with name, if present.
return a X9ECParameters object representing the passed in named
curve.
@param oid the object id of the curve requested
@return an X9ECParameters object or null if the curve is not available.
return an enumeration of the names of the available curves.
@return an enumeration of the names of the available curves.
ASN.1 def for Diffie-Hellman key exchange KeySpecificInfo structure. See
RFC 2631, or X9.42, for further details.
Produce an object suitable for an Asn1OutputStream.
KeySpecificInfo ::= Sequence {
algorithm OBJECT IDENTIFIER,
counter OCTET STRING SIZE (4..4)
}
ANS.1 def for Diffie-Hellman key exchange OtherInfo structure. See
RFC 2631, or X9.42, for further details.
Produce an object suitable for an Asn1OutputStream.
OtherInfo ::= Sequence {
keyInfo KeySpecificInfo,
partyAInfo [0] OCTET STRING OPTIONAL,
suppPubInfo [2] OCTET STRING
}
table of the current named curves defined in X.962 EC-DSA.
return the X9ECParameters object for the named curve represented by
the passed in object identifier. Null if the curve isn't present.
@param oid an object identifier representing a named curve, if present.
return the object identifier signified by the passed in name. Null
if there is no object identifier associated with name.
@return the object identifier associated with name, if present.
return the named curve name represented by the given object identifier.
returns an enumeration containing the name strings for curves
contained in this structure.
Produce an object suitable for an Asn1OutputStream.
Parameters ::= CHOICE {
ecParameters ECParameters,
namedCurve CURVES.&id({CurveNames}),
implicitlyCA Null
}
ASN.1 def for Elliptic-Curve Curve structure. See
X9.62, for further details.
Produce an object suitable for an Asn1OutputStream.
Curve ::= Sequence {
a FieldElement,
b FieldElement,
seed BIT STRING OPTIONAL
}
ASN.1 def for Elliptic-Curve ECParameters structure. See
X9.62, for further details.
Return the ASN.1 entry representing the Curve.
@return the X9Curve for the curve in these parameters.
Return the ASN.1 entry representing the FieldID.
@return the X9FieldID for the FieldID in these parameters.
Return the ASN.1 entry representing the base point G.
@return the X9ECPoint for the base point in these parameters.
Produce an object suitable for an Asn1OutputStream.
ECParameters ::= Sequence {
version Integer { ecpVer1(1) } (ecpVer1),
fieldID FieldID {{FieldTypes}},
curve X9Curve,
base X9ECPoint,
order Integer,
cofactor Integer OPTIONAL
}
class for describing an ECPoint as a Der object.
Produce an object suitable for an Asn1OutputStream.
ECPoint ::= OCTET STRING
Octet string produced using ECPoint.GetEncoded().
Class for processing an ECFieldElement as a DER object.
Produce an object suitable for an Asn1OutputStream.
FieldElement ::= OCTET STRING
- if q is an odd prime then the field element is
processed as an Integer and converted to an octet string
according to x 9.62 4.3.1.
- if q is 2m then the bit string
contained in the field element is converted into an octet
string with the same ordering padded at the front if necessary.
ASN.1 def for Elliptic-Curve Field ID structure. See
X9.62, for further details.
Constructor for elliptic curves over prime fields
F2.
@param primeP The prime p defining the prime field.
Constructor for elliptic curves over binary fields
F2m.
@param m The exponent m of
F2m.
@param k1 The integer k1 where xm +
xk1 + 1
represents the reduction polynomial f(z).
Constructor for elliptic curves over binary fields
F2m.
@param m The exponent m of
F2m.
@param k1 The integer k1 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@param k2 The integer k2 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@param k3 The integer k3 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z)..
Produce a Der encoding of the following structure.
FieldID ::= Sequence {
fieldType FIELD-ID.&id({IOSet}),
parameters FIELD-ID.&Type({IOSet}{@fieldType})
}
id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) x9-57 (10040) x9cm(4) 3 }
X9.63
X9.42
reader for Base64 armored objects - read the headers and then start returning
bytes when the data is reached. An IOException is thrown if the CRC check
is detected and fails.
By default a missing CRC will not cause an exception. To force CRC detection use:
ArmoredInputStream aIn = ...
aIn.setDetectMissingCRC(true);
decode the base 64 encoded input data.
@return the offset the data starts in out.
Create a stream for reading a PGP armoured message, parsing up to a header
and then reading the data that follows.
@param input
Create an armoured input stream which will assume the data starts
straight away, or parse for headers first depending on the value of
hasHeaders.
@param input
@param hasHeaders true if headers are to be looked for, false otherwise.
@return true if we are inside the clear text section of a PGP
signed message.
@return true if the stream is actually at end of file.
Return the armor header line (if there is one)
@return the armor header line, null if none present.
Return the armor headers (the lines after the armor header line),
@return an array of armor headers, null if there aren't any.
Reads up to len bytes of data from the input stream into
an array of bytes. An attempt is made to read as many as
len bytes, but a smaller number may be read.
The number of bytes actually read is returned as an integer.
The first byte read is stored into element b[off], the
next one into b[off+1], and so on. The number of bytes read
is, at most, equal to len.
NOTE: We need to override the custom behavior of Java's {@link InputStream#read(byte[], int, int)},
as the upstream method silently swallows {@link IOException IOExceptions}.
This would cause CRC checksum errors to go unnoticed.
@see Related BC bug report
@param b byte array
@param off offset at which we start writing data to the array
@param len number of bytes we write into the array
@return total number of bytes read into the buffer
@throws IOException if an exception happens AT ANY POINT
Change how the stream should react if it encounters missing CRC checksum.
The default value is false (ignore missing CRC checksums). If the behavior is set to true,
an {@link IOException} will be thrown if a missing CRC checksum is encountered.
@param detectMissing ignore missing CRC sums
Basic output stream.
encode the input data producing a base 64 encoded byte array.
Set an additional header entry. Any current value(s) under the same name will be
replaced by the new one. A null value will clear the entry for name. *
@param name the name of the header entry.
@param v the value of the header entry.
Set an additional header entry. The current value(s) will continue to exist together
with the new one. Adding a null value has no effect.
@param name the name of the header entry.
@param value the value of the header entry.
Reset the headers to only contain a Version string (if one is present).
Start a clear text signed message.
@param hashAlgorithm
Note: Close() does not close the underlying stream. So it is possible to write
multiple objects using armoring to a single stream.
Basic type for a image attribute packet.
Reader for PGP objects.
Returns the next packet tag in the stream.
A stream that overlays our input stream, allowing the user to only read a segment of it.
NB: dataLength will be negative if the segment length is in the upper range above 2**31.
Base class for a PGP object.
Basic output stream.
Create a stream representing a general packet.
Output stream to write to.
Create a stream representing an old style partial object.
Output stream to write to.
The packet tag for the object.
Create a stream representing a general packet.
Output stream to write to.
Packet tag.
Size of chunks making up the packet.
If true, the header is written out in old format.
Create a new style partial input stream buffered into chunks.
Output stream to write to.
Packet tag.
Size of chunks making up the packet.
Create a new style partial input stream buffered into chunks.
Output stream to write to.
Packet tag.
Buffer to use for collecting chunks.
Flush the underlying stream.
Finish writing out the current packet without closing the underlying stream.
Generic compressed data object.
The algorithm tag value.
Basic tags for compression algorithms.
Basic type for a PGP packet.
Base class for a DSA public key.
The stream to read the packet from.
The format, as a string, always "PGP".
Return the standard PGP encoding of the key.
Base class for a DSA secret key.
@param in
The format, as a string, always "PGP".
Return the standard PGP encoding of the key.
@return x
Base class for an ECDH Public Key.
The stream to read the packet from.
Base class for an ECDSA Public Key.
The stream to read the packet from.
Base class for an EC Public Key.
The stream to read the packet from.
The format, as a string, always "PGP".
Return the standard PGP encoding of the key.
Base class for an EC Secret Key.
The format, as a string, always "PGP".
Return the standard PGP encoding of the key.
Base class for an ElGamal public key.
The format, as a string, always "PGP".
Return the standard PGP encoding of the key.
Base class for an ElGamal secret key.
@param in
@param x
The format, as a string, always "PGP".
Return the standard PGP encoding of the key.
Basic packet for an experimental packet.
Basic tags for hash algorithms.
Base interface for a PGP key.
The base format for this key - in the case of the symmetric keys it will generally
be raw indicating that the key is just a straight byte representation, for an asymmetric
key the format will be PGP, indicating the key is a string of MPIs encoded in PGP format.
"RAW" or "PGP".
Note: you can only read from this once...
Generic literal data packet.
The format tag value.
The modification time of the file in milli-seconds (since Jan 1, 1970 UTC)
Basic type for a marker packet.
Basic packet for a modification detection code packet.
A multiple precision integer
Generic signature object
The encryption algorithm tag.
The hash algorithm tag.
Basic PGP packet tag types.
Public Key Algorithm tag numbers.
Basic packet for a PGP public key.
Basic packet for a PGP public key.
Construct a version 4 public key packet.
Basic packet for a PGP public subkey
Construct a version 4 public subkey packet.
Base class for an RSA public key.
Construct an RSA public key from the passed in stream.
The modulus.
The public exponent.
The format, as a string, always "PGP".
Return the standard PGP encoding of the key.
Base class for an RSA secret (or priate) key.
The format, as a string, always "PGP".
Return the standard PGP encoding of the key.
The string to key specifier class.
The hash algorithm.
The IV for the key generation algorithm.
The iteration count
The protection mode - only if GnuDummyS2K
Basic packet for a PGP secret key.
Basic packet for a PGP secret key.
Generic signature packet.
Generate a version 4 signature packet.
@param signatureType
@param keyAlgorithm
@param hashAlgorithm
@param hashedData
@param unhashedData
@param fingerprint
@param signature
Generate a version 2/3 signature packet.
@param signatureType
@param keyAlgorithm
@param hashAlgorithm
@param fingerprint
@param signature
return the keyId
@return the keyId that created the signature.
return the signature trailer that must be included with the data
to reconstruct the signature
@return byte[]
* return the signature as a set of integers - note this is normalised to be the
* ASN.1 encoding of what appears in the signature packet.
Return the byte encoding of the signature section.
@return uninterpreted signature bytes.
Return the creation time in milliseconds since 1 Jan., 1970 UTC.
Basic type for a PGP Signature sub-packet.
Return the generic data making up the packet.
reader for signature sub-packets
Basic PGP signature sub-packet tag types.
Packet embedded signature
packet giving signature creation time.
packet giving signature expiration time.
Identifier for the Modification Detection (packets 18 and 19)
Identifier for the AEAD Encrypted Data Packet (packet 20) and version 5
Symmetric-Key Encrypted Session Key Packets (packet 3)
Identifier for the Version 5 Public-Key Packet format and corresponding new
fingerprint format
Returns if modification detection is supported.
Returns if a particular feature is supported.
packet giving signature creation time.
packet giving time after creation at which the key expires.
Return the number of seconds after creation time a key is valid for.
@return second count for key validity.
Packet holding the key flag values.
Return the flag values contained in the first 4 octets (note: at the moment
the standard only uses the first one).
Class provided a NotationData object according to
RFC2440, Chapter 5.2.3.15. Notation Data
packet giving signature creation time.
packet giving whether or not the signature is signed using the primary user ID for the key.
packet giving whether or not is revocable.
packet giving signature creation time.
packet giving signature expiration time.
return time in seconds before signature expires after creation time.
packet giving the User ID of the signer.
packet giving trust.
Represents revocation key OpenPGP signature sub packet.
Represents revocation reason OpenPGP signature sub packet.
Basic type for a symmetric key encrypted packet.
Basic tags for symmetric key algorithms
Basic type for a symmetric encrypted session key packet
@return int
@return S2k
@return byte[]
@return int
Basic type for a trust packet.
Basic type for a user attribute packet.
Basic type for a user attribute sub-packet.
return the generic data making up the packet.
reader for user attribute sub-packets
Basic PGP user attribute sub-packet tag types.
Basic type for a user ID packet.
Compressed data objects
The algorithm used for compression
Get the raw input stream contained in the object.
Return an uncompressed input stream which allows reading of the compressed data.
Class for producing compressed data packets.
Return an output stream which will save the data being written to
the compressed object.
The stream created can be closed off by either calling Close()
on the stream or Close() on the generator. Closing the returned
stream does not close off the Stream parameter outStr.
Stream to be used for output.
A Stream for output of the compressed data.
Return an output stream which will compress the data as it is written to it.
The stream will be written out in chunks according to the size of the passed in buffer.
The stream created can be closed off by either calling Close()
on the stream or Close() on the generator. Closing the returned
stream does not close off the Stream parameter outStr.
Note: if the buffer is not a power of 2 in length only the largest power of 2
bytes worth of the buffer will be used.
Note: using this may break compatibility with RFC 1991 compliant tools.
Only recent OpenPGP implementations are capable of accepting these streams.
Stream to be used for output.
The buffer to use.
A Stream for output of the compressed data.
Close the compressed object.summary>
Thrown if the IV at the start of a data stream indicates the wrong key is being used.
Return the raw input stream for the data stream.
Return true if the message is integrity protected.
True, if there is a modification detection code namespace associated
with this stream.
Note: This can only be called after the message has been read.
True, if the message verifies, false otherwise
Generator for encrypted objects.
Existing SecureRandom constructor.
The symmetric algorithm to use.
Source of randomness.
Creates a cipher stream which will have an integrity packet associated with it.
Base constructor.
The symmetric algorithm to use.
Source of randomness.
PGP 2.6.x compatibility required.
Add a PBE encryption method to the encrypted object using the default algorithm (S2K_SHA1).
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
Add a PBE encryption method to the encrypted object.
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
Add a PBE encryption method to the encrypted object.
The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes).
Add a PBE encryption method to the encrypted object.
Allows the caller to handle the encoding of the passphrase to bytes.
Add a public key encrypted session key to the encrypted object.
If buffer is non null stream assumed to be partial, otherwise the length will be used
to output a fixed length packet.
The stream created can be closed off by either calling Close()
on the stream or Close() on the generator. Closing the returned
stream does not close off the Stream parameter outStr.
Return an output stream which will encrypt the data as it is written to it.
The stream created can be closed off by either calling Close()
on the stream or Close() on the generator. Closing the returned
stream does not close off the Stream parameter outStr.
Return an output stream which will encrypt the data as it is written to it.
The stream will be written out in chunks according to the size of the passed in buffer.
The stream created can be closed off by either calling Close()
on the stream or Close() on the generator. Closing the returned
stream does not close off the Stream parameter outStr.
Note: if the buffer is not a power of 2 in length only the largest power of 2
bytes worth of the buffer will be used.
Close off the encrypted object - this is equivalent to calling Close() on the stream
returned by the Open() method.
Note: This does not close the underlying output stream, only the stream on top of
it created by the Open() method.
A holder for a list of PGP encryption method packets.
Generic exception class for PGP encoding/decoding problems.
Key flag values for the KeyFlags subpacket.
General class to handle JCA key pairs and convert them into OpenPGP ones.
A word for the unwary, the KeyId for an OpenPGP public key is calculated from
a hash that includes the time of creation, if you pass a different date to the
constructor below with the same public private key pair the KeyIs will not be the
same as for previous generations of the key, so ideally you only want to do
this once.
Create a key pair from a PgpPrivateKey and a PgpPublicKey.
The public key.
The private key.
The keyId associated with this key pair.
Generator for a PGP master and subkey ring.
This class will generate both the secret and public key rings
Create a new key ring generator using old style checksumming. It is recommended to use
SHA1 checksumming where possible.
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
The certification level for keys on this ring.
The master key pair.
The id to be associated with the ring.
The algorithm to be used to protect secret keys.
The passPhrase to be used to protect secret keys.
Packets to be included in the certification hash.
Packets to be attached unhashed to the certification.
input secured random.
Create a new key ring generator.
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
The certification level for keys on this ring.
The master key pair.
The id to be associated with the ring.
The algorithm to be used to protect secret keys.
The passPhrase to be used to protect secret keys.
Checksum the secret keys with SHA1 rather than the older 16 bit checksum.
Packets to be included in the certification hash.
Packets to be attached unhashed to the certification.
input secured random.
Create a new key ring generator.
The certification level for keys on this ring.
The master key pair.
The id to be associated with the ring.
The algorithm to be used to protect secret keys.
If true, conversion of the passphrase to bytes uses Encoding.UTF8.GetBytes(), otherwise the conversion
is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier).
The passPhrase to be used to protect secret keys.
Checksum the secret keys with SHA1 rather than the older 16 bit checksum.
Packets to be included in the certification hash.
Packets to be attached unhashed to the certification.
input secured random.
Create a new key ring generator.
The certification level for keys on this ring.
The master key pair.
The id to be associated with the ring.
The algorithm to be used to protect secret keys.
The passPhrase to be used to protect secret keys.
Checksum the secret keys with SHA1 rather than the older 16 bit checksum.
Packets to be included in the certification hash.
Packets to be attached unhashed to the certification.
input secured random.
Create a new key ring generator.
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
The certification level for keys on this ring.
The master key pair.
The id to be associated with the ring.
The algorithm to be used to protect secret keys.
The hash algorithm.
The passPhrase to be used to protect secret keys.
Checksum the secret keys with SHA1 rather than the older 16 bit checksum.
Packets to be included in the certification hash.
Packets to be attached unhashed to the certification.
input secured random.
Create a new key ring generator.
The certification level for keys on this ring.
The master key pair.
The id to be associated with the ring.
The algorithm to be used to protect secret keys.
The hash algorithm.
If true, conversion of the passphrase to bytes uses Encoding.UTF8.GetBytes(), otherwise the conversion
is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier).
The passPhrase to be used to protect secret keys.
Checksum the secret keys with SHA1 rather than the older 16 bit checksum.
Packets to be included in the certification hash.
Packets to be attached unhashed to the certification.
input secured random.
Create a new key ring generator.
Allows the caller to handle the encoding of the passphrase to bytes.
The certification level for keys on this ring.
The master key pair.
The id to be associated with the ring.
The algorithm to be used to protect secret keys.
The hash algorithm.
The passPhrase to be used to protect secret keys.
Checksum the secret keys with SHA1 rather than the older 16 bit checksum.
Packets to be included in the certification hash.
Packets to be attached unhashed to the certification.
input secured random.
Add a subkey to the key ring to be generated with default certification.
Add a subkey to the key ring to be generated with default certification.
The key pair.
The hash algorithm.
Add a signing subkey to the key ring to be generated with default certification and a primary key binding signature.
The key pair.
The hash algorithm.
The primary-key binding hash algorithm.
Add a subkey with specific hashed and unhashed packets associated with it and
default certification using SHA-1.
Public/private key pair.
Hashed packet values to be included in certification.
Unhashed packets values to be included in certification.
Add a subkey with specific hashed and unhashed packets associated with it and
default certification.
Public/private key pair.
Hashed packet values to be included in certification.
Unhashed packets values to be included in certification.
The hash algorithm.
exception adding subkey:
Add a signing subkey with specific hashed and unhashed packets associated with it and
default certifications, including the primary-key binding signature.
Public/private key pair.
Hashed packet values to be included in certification.
Unhashed packets values to be included in certification.
The hash algorithm.
The primary-key binding hash algorithm.
exception adding subkey:
Return the secret key ring.
Return the public key ring that corresponds to the secret key ring.
Thrown if the key checksum is invalid.
Class for processing literal data objects.
The special name indicating a "for your eyes only" packet.
The format of the data stream - Binary or Text
The file name that's associated with the data stream.
Return the file name as an unintrepreted byte array.
The modification time for the file.
The raw input stream for the data stream.
The input stream representing the data stream.
Class for producing literal data packets.
The special name indicating a "for your eyes only" packet.
Generates literal data objects in the old format.
This is important if you need compatibility with PGP 2.6.x.
If true, uses old format.
Open a literal data packet, returning a stream to store the data inside the packet.
The stream created can be closed off by either calling Close()
on the stream or Close() on the generator. Closing the returned
stream does not close off the Stream parameter outStr.
The stream we want the packet in.
The format we are using.
The name of the 'file'.
The length of the data we will write.
The time of last modification we want stored.
Open a literal data packet, returning a stream to store the data inside the packet,
as an indefinite length stream. The stream is written out as a series of partial
packets with a chunk size determined by the size of the passed in buffer.
The stream created can be closed off by either calling Close()
on the stream or Close() on the generator. Closing the returned
stream does not close off the Stream parameter outStr.
Note: if the buffer is not a power of 2 in length only the largest power of 2
bytes worth of the buffer will be used.
The stream we want the packet in.
The format we are using.
The name of the 'file'.
The time of last modification we want stored.
The buffer to use for collecting data to put into chunks.
Open a literal data packet for the passed in FileInfo object, returning
an output stream for saving the file contents.
The stream created can be closed off by either calling Close()
on the stream or Close() on the generator. Closing the returned
stream does not close off the Stream parameter outStr.
The stream we want the packet in.
The format we are using.
The FileInfo object containg the packet details.
Close the literal data packet - this is equivalent to calling Close()
on the stream returned by the Open() method.
A PGP marker packet - in general these should be ignored other than where
the idea is to preserve the original input stream.
General class for reading a PGP object stream.
Note: if this class finds a PgpPublicKey or a PgpSecretKey it
will create a PgpPublicKeyRing, or a PgpSecretKeyRing for each
key found. If all you are trying to do is read a key ring file use
either PgpPublicKeyRingBundle or PgpSecretKeyRingBundle.
Return the next object in the stream, or null if the end is reached.
On a parse error
Return all available objects in a list.
An IList containing all objects from this factory, in order.
Read all available objects, returning only those that are assignable to the specified type.
The type of objects to return. All other objects are ignored.
An IList containing the filtered objects from this factory, in order.
A one pass signature object.
Initialise the signature object for verification.
Verify the calculated signature against the passed in PgpSignature.
Holder for a list of PgpOnePassSignature objects.
Padding functions.
A password based encryption object.
Return the raw input stream for the data stream.
Return the decrypted input stream, using the passed in passphrase.
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
Return the decrypted input stream, using the passed in passphrase.
The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes).
Return the decrypted input stream, using the passed in passphrase.
Allows the caller to handle the encoding of the passphrase to bytes.
General class to contain a private key for use with other OpenPGP objects.
Create a PgpPrivateKey from a keyID, the associated public data packet, and a regular private key.
ID of the corresponding public key.
the public key data packet to be associated with this private key.
the private key data packet to be associated with this private key.
The keyId associated with the contained private key.
The public key packet associated with this private key, if available.
The contained private key.
General class to handle a PGP public key object.
Create a PgpPublicKey from the passed in lightweight one.
Note: the time passed in affects the value of the key's keyId, so you probably only want
to do this once for a lightweight key, or make sure you keep track of the time you used.
Asymmetric algorithm type representing the public key.
Actual public key to associate.
Date of creation.
If pubKey is not public.
On key creation problem.
Constructor for a sub-key.
Copy constructor.
The public key to copy.
The version of this key.
The creation time of this key.
The number of valid days from creation time - zero means no expiry.
WARNING: This method will return 1 for keys with version > 3 that expire in less than 1 day
Return the trust data associated with the public key, if present.
A byte array with trust data, null otherwise.
The number of valid seconds from creation time - zero means no expiry.
The keyId associated with the public key.
The fingerprint of the key
Check if this key has an algorithm type that makes it suitable to use for encryption.
Note: with version 4 keys KeyFlags subpackets should also be considered when present for
determining the preferred use of the key.
true if this key algorithm is suitable for encryption.
True, if this could be a master key.
The algorithm code associated with the public key.
The strength of the key in bits.
The public key contained in the object.
A lightweight public key.
If the key algorithm is not recognised.
Allows enumeration of any user IDs associated with the key.
An IEnumerable of string objects.
Allows enumeration of any user attribute vectors associated with the key.
An IEnumerable of PgpUserAttributeSubpacketVector objects.
Allows enumeration of any signatures associated with the passed in id.
The ID to be matched.
An IEnumerable of PgpSignature objects.
Allows enumeration of signatures associated with the passed in user attributes.
The vector of user attributes to be matched.
An IEnumerable of PgpSignature objects.
Allows enumeration of signatures of the passed in type that are on this key.
The type of the signature to be returned.
An IEnumerable of PgpSignature objects.
Allows enumeration of all signatures/certifications associated with this key.
An IEnumerable with all signatures/certifications.
Return all signatures/certifications directly associated with this key (ie, not to a user id).
@return an iterator (possibly empty) with all signatures/certifications.
Check whether this (sub)key has a revocation signature on it.
True, if this (sub)key has been revoked.
Add a certification for an id to the given public key.
The key the certification is to be added to.
The ID the certification is associated with.
The new certification.
The re-certified key.
Add a certification for the given UserAttributeSubpackets to the given public key.
The key the certification is to be added to.
The attributes the certification is associated with.
The new certification.
The re-certified key.
Remove any certifications associated with a user attribute subpacket on a key.
The key the certifications are to be removed from.
The attributes to be removed.
The re-certified key, or null if the user attribute subpacket was not found on the key.
Remove any certifications associated with a given ID on a key.
The key the certifications are to be removed from.
The ID that is to be removed.
The re-certified key, or null if the ID was not found on the key.
Remove a certification associated with a given ID on a key.
The key the certifications are to be removed from.
The ID that the certfication is to be removed from.
The certfication to be removed.
The re-certified key, or null if the certification was not found.
Remove a certification associated with a given user attributes on a key.
The key the certifications are to be removed from.
The user attributes that the certfication is to be removed from.
The certification to be removed.
The re-certified key, or null if the certification was not found.
Add a revocation or some other key certification to a key.
The key the revocation is to be added to.
The key signature to be added.
The new changed public key object.
Remove a certification from the key.
The key the certifications are to be removed from.
The certfication to be removed.
The modified key, null if the certification was not found.
A public key encrypted data object.
The key ID for the key used to encrypt the data.
Return the algorithm code for the symmetric algorithm used to encrypt the data.
Return the decrypted data stream for the packet.
Class to hold a single master public key and its subkeys.
Often PGP keyring files consist of multiple master keys, if you are trying to process
or construct one of these you should use the PgpPublicKeyRingBundle class.
Return the first public key in the ring.
Return the public key referred to by the passed in key ID if it is present.
Allows enumeration of all the public keys.
An IEnumerable of PgpPublicKey objects.
Returns a new key ring with the public key passed in either added or
replacing an existing one.
The public key ring to be modified.
The public key to be inserted.
A new PgpPublicKeyRing
Returns a new key ring with the public key passed in removed from the key ring.
The public key ring to be modified.
The public key to be removed.
A new PgpPublicKeyRing, or null if pubKey is not found.
Often a PGP key ring file is made up of a succession of master/sub-key key rings.
If you want to read an entire public key file in one hit this is the class for you.
Build a PgpPublicKeyRingBundle from the passed in input stream.
Input stream containing data.
If a problem parsing the stream occurs.
If an object is encountered which isn't a PgpPublicKeyRing.
Return the number of key rings in this collection.
Allow enumeration of the public key rings making up this collection.
Allow enumeration of the key rings associated with the passed in userId.
The user ID to be matched.
An IEnumerable of key rings which matched (possibly none).
Allow enumeration of the key rings associated with the passed in userId.
The user ID to be matched.
If true, userId need only be a substring of an actual ID string to match.
An IEnumerable of key rings which matched (possibly none).
Allow enumeration of the key rings associated with the passed in userId.
The user ID to be matched.
If true, userId need only be a substring of an actual ID string to match.
If true, case is ignored in user ID comparisons.
An IEnumerable of key rings which matched (possibly none).
Return the PGP public key associated with the given key id.
The ID of the public key to return.
Return the public key ring which contains the key referred to by keyId
key ID to match against
Return true if a key matching the passed in key ID is present, false otherwise.
key ID to look for.
Return a new bundle containing the contents of the passed in bundle and
the passed in public key ring.
The PgpPublicKeyRingBundle the key ring is to be added to.
The key ring to be added.
A new PgpPublicKeyRingBundle merging the current one with the passed in key ring.
If the keyId for the passed in key ring is already present.
Return a new bundle containing the contents of the passed in bundle with
the passed in public key ring removed.
The PgpPublicKeyRingBundle the key ring is to be removed from.
The key ring to be removed.
A new PgpPublicKeyRingBundle not containing the passed in key ring.
If the keyId for the passed in key ring is not present.
General class to handle a PGP secret key object.
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
If utf8PassPhrase is true, conversion of the passphrase to bytes uses Encoding.UTF8.GetBytes(), otherwise the conversion
is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier).
Allows the caller to handle the encoding of the passphrase to bytes.
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
If utf8PassPhrase is true, conversion of the passphrase to bytes uses Encoding.UTF8.GetBytes(), otherwise the conversion
is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier).
Allows the caller to handle the encoding of the passphrase to bytes.
Check if this key has an algorithm type that makes it suitable to use for signing.
Note: with version 4 keys KeyFlags subpackets should also be considered when present for
determining the preferred use of the key.
true if this key algorithm is suitable for use with signing.
True, if this is a master key.
Detect if the Secret Key's Private Key is empty or not
The algorithm the key is encrypted with.
The key ID of the public key associated with this key.
Return the S2K usage associated with this key.
Return the S2K used to process this key.
The public key associated with this key.
Allows enumeration of any user IDs associated with the key.
An IEnumerable of string objects.
Allows enumeration of any user attribute vectors associated with the key.
An IEnumerable of string objects.
Extract a PgpPrivateKey from this secret key's encrypted contents.
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
Extract a PgpPrivateKey from this secret key's encrypted contents.
The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes).
Extract a PgpPrivateKey from this secret key's encrypted contents.
Allows the caller to handle the encoding of the passphrase to bytes.
Return a copy of the passed in secret key, encrypted using a new password
and the passed in algorithm.
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
The PgpSecretKey to be copied.
The current password for the key.
The new password for the key.
The algorithm to be used for the encryption.
Source of randomness.
Return a copy of the passed in secret key, encrypted using a new password
and the passed in algorithm.
The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes).
The PgpSecretKey to be copied.
The current password for the key.
The new password for the key.
The algorithm to be used for the encryption.
Source of randomness.
Return a copy of the passed in secret key, encrypted using a new password
and the passed in algorithm.
Allows the caller to handle the encoding of the passphrase to bytes.
The PgpSecretKey to be copied.
The current password for the key.
The new password for the key.
The algorithm to be used for the encryption.
Source of randomness.
Replace the passed the public key on the passed in secret key.
Secret key to change.
New public key.
A new secret key.
If KeyId's do not match.
Parse a secret key from one of the GPG S expression keys associating it with the passed in public key.
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
Parse a secret key from one of the GPG S expression keys associating it with the passed in public key.
The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes).
Parse a secret key from one of the GPG S expression keys associating it with the passed in public key.
Allows the caller to handle the encoding of the passphrase to bytes.
Parse a secret key from one of the GPG S expression keys.
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
Parse a secret key from one of the GPG S expression keys.
The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes).
Parse a secret key from one of the GPG S expression keys.
Allows the caller to handle the encoding of the passphrase to bytes.
Parse a secret key from one of the GPG S expression keys.
Class to hold a single master secret key and its subkeys.
Often PGP keyring files consist of multiple master keys, if you are trying to process
or construct one of these you should use the PgpSecretKeyRingBundle class.
Return the public key for the master key.
Return the master private key.
Allows enumeration of the secret keys.
An IEnumerable of PgpSecretKey objects.
Return an iterator of the public keys in the secret key ring that
have no matching private key. At the moment only personal certificate data
appears in this fashion.
An IEnumerable of unattached, or extra, public keys.
Replace the public key set on the secret ring with the corresponding key off the public ring.
Secret ring to be changed.
Public ring containing the new public key set.
Return a copy of the passed in secret key ring, with the master key and sub keys encrypted
using a new password and the passed in algorithm.
The PgpSecretKeyRing to be copied.
The current password for key.
The new password for the key.
The algorithm to be used for the encryption.
Source of randomness.
Returns a new key ring with the secret key passed in either added or
replacing an existing one with the same key ID.
The secret key ring to be modified.
The secret key to be inserted.
A new PgpSecretKeyRing
Returns a new key ring with the secret key passed in removed from the key ring.
The secret key ring to be modified.
The secret key to be removed.
A new PgpSecretKeyRing, or null if secKey is not found.
Often a PGP key ring file is made up of a succession of master/sub-key key rings.
If you want to read an entire secret key file in one hit this is the class for you.
Build a PgpSecretKeyRingBundle from the passed in input stream.
Input stream containing data.
If a problem parsing the stream occurs.
If an object is encountered which isn't a PgpSecretKeyRing.
Return the number of rings in this collection.
Allow enumeration of the secret key rings making up this collection.
Allow enumeration of the key rings associated with the passed in userId.
The user ID to be matched.
An IEnumerable of key rings which matched (possibly none).
Allow enumeration of the key rings associated with the passed in userId.
The user ID to be matched.
If true, userId need only be a substring of an actual ID string to match.
An IEnumerable of key rings which matched (possibly none).
Allow enumeration of the key rings associated with the passed in userId.
The user ID to be matched.
If true, userId need only be a substring of an actual ID string to match.
If true, case is ignored in user ID comparisons.
An IEnumerable of key rings which matched (possibly none).
Return the PGP secret key associated with the given key id.
The ID of the secret key to return.
Return the secret key ring which contains the key referred to by keyId
The ID of the secret key
Return true if a key matching the passed in key ID is present, false otherwise.
key ID to look for.
Return a new bundle containing the contents of the passed in bundle and
the passed in secret key ring.
The PgpSecretKeyRingBundle the key ring is to be added to.
The key ring to be added.
A new PgpSecretKeyRingBundle merging the current one with the passed in key ring.
If the keyId for the passed in key ring is already present.
Return a new bundle containing the contents of the passed in bundle with
the passed in secret key ring removed.
The PgpSecretKeyRingBundle the key ring is to be removed from.
The key ring to be removed.
A new PgpSecretKeyRingBundle not containing the passed in key ring.
If the keyId for the passed in key ring is not present.
A PGP signature object.
The OpenPGP version number for this signature.
The key algorithm associated with this signature.
The hash algorithm associated with this signature.
Return true if this signature represents a certification.
Verify the signature as certifying the passed in public key as associated
with the passed in user attributes.
User attributes the key was stored under.
The key to be verified.
True, if the signature matches, false otherwise.
Verify the signature as certifying the passed in public key as associated
with the passed in ID.
ID the key was stored under.
The key to be verified.
True, if the signature matches, false otherwise.
Verify a certification for the passed in key against the passed in master key.
The key we are verifying against.
The key we are verifying.
True, if the certification is valid, false otherwise.
Verify a key certification, such as revocation, for the passed in key.
The key we are checking.
True, if the certification is valid, false otherwise.
The ID of the key that created the signature.
The creation time of this signature.
Return true if the signature has either hashed or unhashed subpackets.
Return true if the passed in signature type represents a certification, false if the signature type is not.
true if signatureType is a certification, false otherwise.
Generator for PGP signatures.
Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.
Initialise the generator for signing.
Initialise the generator for signing.
Return the one pass header associated with the current signature.
Return a signature object containing the current signature state.
Generate a certification for the passed in ID and key.
The ID we are certifying against the public key.
The key we are certifying against the ID.
The certification.
Generate a certification for the passed in userAttributes.
The ID we are certifying against the public key.
The key we are certifying against the ID.
The certification.
Generate a certification for the passed in key against the passed in master key.
The key we are certifying against.
The key we are certifying.
The certification.
Generate a certification, such as a revocation, for the passed in key.
The key we are certifying.
The certification.
A list of PGP signatures - normally in the signature block after literal data.
Generator for signature subpackets.
Base constructor, creates an empty generator.
Constructor for pre-initialising the generator from an existing one.
sigSubV an initial set of subpackets.
Add a TrustSignature packet to the signature. The values for depth and trust are largely
installation dependent but there are some guidelines in RFC 4880 - 5.2.3.13.
true if the packet is critical.
depth level.
trust amount.
Set the number of seconds a key is valid for after the time of its creation.
A value of zero means the key never expires.
True, if should be treated as critical, false otherwise.
The number of seconds the key is valid, or zero if no expiry.
Set the number of seconds a signature is valid for after the time of its creation.
A value of zero means the signature never expires.
True, if should be treated as critical, false otherwise.
The number of seconds the signature is valid, or zero if no expiry.
Set the creation time for the signature.
Note: this overrides the generation of a creation time when the signature
is generated.
Sets revocation reason sub packet
Sets revocation key sub packet
Sets issuer key sub packet
Container for a list of signature subpackets.
Return true if a particular subpacket type exists.
@param type type to look for.
@return true if present, false otherwise.
Return all signature subpackets of the passed in type.
@param type subpacket type code
@return an array of zero or more matching subpackets.
Return the number of seconds a signature is valid for after its creation date.
A value of zero means the signature never expires.
Seconds a signature is valid for.
Return the number of seconds a key is valid for after its creation date.
A value of zero means the key never expires.
Seconds a signature is valid for.
Return the number of packets this vector contains.
Container for a list of user attribute subpackets.
Basic utility class.
Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is
the historical behaviour of the library (1.7 and earlier).
The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes).
Allows the caller to handle the encoding of the passphrase to bytes.
Write out the passed in file as a literal data packet.
Write out the passed in file as a literal data packet in partial packet format.
Return either an ArmoredInputStream or a BcpgInputStream based on whether
the initial characters of the stream are binary PGP encodings or not.
Generator for old style PGP V3 Signatures.
Create a generator for the passed in keyAlgorithm and hashAlgorithm codes.
Initialise the generator for signing.
Initialise the generator for signing.
Return the one pass header associated with the current signature.
Return a V3 signature object containing the current signature state.
Utility functions for looking a S-expression keys. This class will move when it finds a better home!
Format documented here:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/keyformat.txt;h=42c4b1f06faf1bbe71ffadc2fee0fad6bec91a97;hb=refs/heads/master
Wrap a PKIMessage ASN.1 structure.
PKI message.
Create a PKIMessage from the passed in bytes.
BER/DER encoding of the PKIMessage
Return true if this message has protection bits on it. A return value of true
indicates the message can be used to construct a ProtectedPKIMessage.
Wrapper for a PKIMessage with protection attached to it.
Wrap a general message.
If the general message does not have protection.
The General message
Wrap a PKI message.
If the PKI message does not have protection.
The PKI message
Message header
Message Body
Return the underlying ASN.1 structure contained in this object.
PKI Message structure
Determine whether the message is protected by a password based MAC. Use verify(PKMACBuilder, char[])
to verify the message if this method returns true.
true if protection MAC PBE based, false otherwise.
Return the extra certificates associated with this message.
an array of extra certificates, zero length if none present.
Verify a message with a public key based signature attached.
a factory of signature verifiers.
true if the provider is able to create a verifier that validates the signature, false otherwise.
Verify a message with password based MAC protection.
MAC builder that can be used to construct the appropriate MacCalculator
the MAC password
true if the passed in password and MAC builder verify the message, false otherwise.
if algorithm not MAC based, or an exception is thrown verifying the MAC.
The 'Signature' parameter is only available when generating unsigned attributes.
containing class for an CMS Authenticated Data object
return the object identifier for the content MAC algorithm.
return a store of the intended recipients for this message
return the ContentInfo
return a table of the digested attributes indexed by
the OID of the attribute.
return a table of the undigested attributes indexed by
the OID of the attribute.
return the ASN.1 encoded representation of this object.
General class for generating a CMS authenticated-data message.
A simple example of usage.
CMSAuthenticatedDataGenerator fact = new CMSAuthenticatedDataGenerator();
fact.addKeyTransRecipient(cert);
CMSAuthenticatedData data = fact.generate(content, algorithm, "BC");
base constructor
constructor allowing specific source of randomness
@param rand instance of SecureRandom to use
generate an enveloped object that contains an CMS Enveloped Data
object using the given provider and the passed in key generator.
generate an authenticated object that contains an CMS Authenticated Data object
Parsing class for an CMS Authenticated Data object from an input stream.
Note: that because we are in a streaming mode only one recipient can be tried and it is important
that the methods on the parser are called in the appropriate order.
Example of use - assuming the first recipient matches the private key we have.
CMSAuthenticatedDataParser ad = new CMSAuthenticatedDataParser(inputStream);
RecipientInformationStore recipients = ad.getRecipientInfos();
Collection c = recipients.getRecipients();
Iterator it = c.iterator();
if (it.hasNext())
{
RecipientInformation recipient = (RecipientInformation)it.next();
CMSTypedStream recData = recipient.getContentStream(privateKey, "BC");
processDataStream(recData.getContentStream());
if (!Arrays.equals(ad.getMac(), recipient.getMac())
{
System.err.println("Data corrupted!!!!");
}
}
Note: this class does not introduce buffering - if you are processing large files you should create
the parser with:
CMSAuthenticatedDataParser ep = new CMSAuthenticatedDataParser(new BufferedInputStream(inputStream, bufSize));
where bufSize is a suitably large buffer size.
return the object identifier for the mac algorithm.
return the ASN.1 encoded encryption algorithm parameters, or null if
there aren't any.
return a store of the intended recipients for this message
return a table of the unauthenticated attributes indexed by
the OID of the attribute.
@exception java.io.IOException
return a table of the unauthenticated attributes indexed by
the OID of the attribute.
@exception java.io.IOException
General class for generating a CMS authenticated-data message stream.
A simple example of usage.
CMSAuthenticatedDataStreamGenerator edGen = new CMSAuthenticatedDataStreamGenerator();
edGen.addKeyTransRecipient(cert);
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = edGen.open(
bOut, CMSAuthenticatedDataGenerator.AES128_CBC, "BC");*
out.write(data);
out.close();
base constructor
constructor allowing specific source of randomness
@param rand instance of SecureRandom to use
Set the underlying string size for encapsulated data
@param bufferSize length of octet strings to buffer the data.
Use a BER Set to store the recipient information
generate an enveloped object that contains an CMS Enveloped Data
object using the given provider and the passed in key generator.
@throws java.io.IOException
generate an enveloped object that contains an CMS Enveloped Data object
generate an enveloped object that contains an CMS Enveloped Data object
base constructor
constructor allowing specific source of randomness
@param rand instance of SecureRandom to use
containing class for an CMS AuthEnveloped Data object
containing class for an CMS Compressed Data object
Return the uncompressed content.
@return the uncompressed content
@throws CmsException if there is an exception uncompressing the data.
Return the uncompressed content, throwing an exception if the data size
is greater than the passed in limit. If the content is exceeded getCause()
on the CMSException will contain a StreamOverflowException
@param limit maximum number of bytes to read
@return the content read
@throws CMSException if there is an exception uncompressing the data.
return the ContentInfo
return the ASN.1 encoded representation of this object.
* General class for generating a compressed CMS message.
*
* A simple example of usage.
*
*
* CMSCompressedDataGenerator fact = new CMSCompressedDataGenerator();
* CMSCompressedData data = fact.Generate(content, algorithm);
*
*
Generate an object that contains an CMS Compressed Data
Class for reading a CMS Compressed Data stream.
CMSCompressedDataParser cp = new CMSCompressedDataParser(inputStream);
process(cp.GetContent().GetContentStream());
Note: this class does not introduce buffering - if you are processing large files you should create
the parser with:
CMSCompressedDataParser ep = new CMSCompressedDataParser(new BufferedInputStream(inputStream, bufSize));
where bufSize is a suitably large buffer size.
General class for generating a compressed CMS message stream.
A simple example of usage.
CMSCompressedDataStreamGenerator gen = new CMSCompressedDataStreamGenerator();
Stream cOut = gen.Open(outputStream, CMSCompressedDataStreamGenerator.ZLIB);
cOut.Write(data);
cOut.Close();
base constructor
Set the underlying string size for encapsulated data
@param bufferSize length of octet strings to buffer the data.
Close the underlying data stream.
@throws IOException if the close fails.
containing class for an CMS Enveloped Data object
return the object identifier for the content encryption algorithm.
return a store of the intended recipients for this message
return the ContentInfo
return a table of the unprotected attributes indexed by
the OID of the attribute.
return the ASN.1 encoded representation of this object.
General class for generating a CMS enveloped-data message.
A simple example of usage.
CmsEnvelopedDataGenerator fact = new CmsEnvelopedDataGenerator();
fact.AddKeyTransRecipient(cert);
CmsEnvelopedData data = fact.Generate(content, algorithm);
Constructor allowing specific source of randomness
Instance of SecureRandom to use.
Generate an enveloped object that contains a CMS Enveloped Data
object using the passed in key generator.
Generate an enveloped object that contains an CMS Enveloped Data object.
Generate an enveloped object that contains an CMS Enveloped Data object.
Parsing class for an CMS Enveloped Data object from an input stream.
Note: that because we are in a streaming mode only one recipient can be tried and it is important
that the methods on the parser are called in the appropriate order.
Example of use - assuming the first recipient matches the private key we have.
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(inputStream);
RecipientInformationStore recipients = ep.GetRecipientInfos();
Collection c = recipients.getRecipients();
Iterator it = c.iterator();
if (it.hasNext())
{
RecipientInformation recipient = (RecipientInformation)it.next();
CMSTypedStream recData = recipient.getContentStream(privateKey);
processDataStream(recData.getContentStream());
}
Note: this class does not introduce buffering - if you are processing large files you should create
the parser with:
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(new BufferedInputStream(inputStream, bufSize));
where bufSize is a suitably large buffer size.
return the object identifier for the content encryption algorithm.
return the ASN.1 encoded encryption algorithm parameters, or null if
there aren't any.
return a store of the intended recipients for this message
return a table of the unprotected attributes indexed by
the OID of the attribute.
@throws IOException
General class for generating a CMS enveloped-data message stream.
A simple example of usage.
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyTransRecipient(cert);
MemoryStream bOut = new MemoryStream();
Stream out = edGen.Open(
bOut, CMSEnvelopedDataGenerator.AES128_CBC);*
out.Write(data);
out.Close();
Constructor allowing specific source of randomness
Instance of SecureRandom to use.
Set the underlying string size for encapsulated data.
Length of octet strings to buffer the data.
Use a BER Set to store the recipient information.
Generate an enveloped object that contains an CMS Enveloped Data
object using the passed in key generator.
generate an enveloped object that contains an CMS Enveloped Data object
@throws IOException
generate an enveloped object that contains an CMS Enveloped Data object
@throws IOException
General class for generating a CMS enveloped-data message.
A simple example of usage.
CMSEnvelopedDataGenerator fact = new CMSEnvelopedDataGenerator();
fact.addKeyTransRecipient(cert);
CMSEnvelopedData data = fact.generate(content, algorithm, "BC");
Constructor allowing specific source of randomness
Instance of SecureRandom to use.
add a recipient.
@param cert recipient's public key certificate
@exception ArgumentException if there is a problem with the certificate
add a recipient
@param key the public key used by the recipient
@param subKeyId the identifier for the recipient's public key
@exception ArgumentException if there is a problem with the key
add a KEK recipient.
@param key the secret key to use for wrapping
@param keyIdentifier the byte string that identifies the key
add a KEK recipient.
@param key the secret key to use for wrapping
@param keyIdentifier the byte string that identifies the key
Add a key agreement based recipient.
@param agreementAlgorithm key agreement algorithm to use.
@param senderPrivateKey private key to initialise sender side of agreement with.
@param senderPublicKey sender public key to include with message.
@param recipientCert recipient's public key certificate.
@param cekWrapAlgorithm OID for key wrapping algorithm to use.
@exception SecurityUtilityException if the algorithm requested cannot be found
@exception InvalidKeyException if the keys are inappropriate for the algorithm specified
Add multiple key agreement based recipients (sharing a single KeyAgreeRecipientInfo structure).
@param agreementAlgorithm key agreement algorithm to use.
@param senderPrivateKey private key to initialise sender side of agreement with.
@param senderPublicKey sender public key to include with message.
@param recipientCerts recipients' public key certificates.
@param cekWrapAlgorithm OID for key wrapping algorithm to use.
@exception SecurityUtilityException if the algorithm requested cannot be found
@exception InvalidKeyException if the keys are inappropriate for the algorithm specified
Add a generator to produce the recipient info required.
a generator of a recipient info object.
Generic routine to copy out the data we want processed.
This routine may be called multiple times.
a holding class for a byte array of data to be processed.
A clone of the byte array
a holding class for a file of data to be processed.
The file handle
general class for handling a pkcs7-signature message.
A simple example of usage - note, in the example below the validity of
the certificate isn't verified, just the fact that one of the certs
matches the given signer...
IX509Store certs = s.GetCertificates();
SignerInformationStore signers = s.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
ArrayList certList = new ArrayList(certs.GetMatches(signer.SignerID));
X509Certificate cert = (X509Certificate) certList[0];
if (signer.Verify(cert.GetPublicKey()))
{
verified++;
}
}
Content with detached signature, digests precomputed
@param hashes a map of precomputed digests for content indexed by name of hash.
@param sigBlock the signature object.
base constructor - content with detached signature.
@param signedContent the content that was signed.
@param sigData the signature object.
base constructor - with encapsulated content
Return the version number for this object.
return the collection of signers that are associated with the
signatures for the message.
return a X509Store containing the attribute certificates, if any, contained
in this message.
@param type type of store to create
@return a store of attribute certificates
@exception NoSuchStoreException if the store type isn't available.
@exception CmsException if a general exception prevents creation of the X509Store
return a X509Store containing the public key certificates, if any, contained
in this message.
@param type type of store to create
@return a store of public key certificates
@exception NoSuchStoreException if the store type isn't available.
@exception CmsException if a general exception prevents creation of the X509Store
return a X509Store containing CRLs, if any, contained
in this message.
@param type type of store to create
@return a store of CRLs
@exception NoSuchStoreException if the store type isn't available.
@exception CmsException if a general exception prevents creation of the X509Store
Return the DerObjectIdentifier associated with the encapsulated
content info structure carried in the signed data.
return the ContentInfo
return the ASN.1 encoded representation of this object.
return the ASN.1 encoded representation of this object using the specified encoding.
@param encoding the ASN.1 encoding format to use ("BER" or "DER").
Replace the signerinformation store associated with this
CmsSignedData object with the new one passed in. You would
probably only want to do this if you wanted to change the unsigned
attributes associated with a signer, or perhaps delete one.
@param signedData the signed data object to be used as a base.
@param signerInformationStore the new signer information store to use.
@return a new signed data object.
Replace the certificate and CRL information associated with this
CmsSignedData object with the new one passed in.
@param signedData the signed data object to be used as a base.
@param x509Certs the new certificates to be used.
@param x509Crls the new CRLs to be used.
@return a new signed data object.
@exception CmsException if there is an error processing the stores
* general class for generating a pkcs7-signature message.
*
* A simple example of usage.
*
*
* IX509Store certs...
* IX509Store crls...
* CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
*
* gen.AddSigner(privKey, cert, CmsSignedGenerator.DigestSha1);
* gen.AddCertificates(certs);
* gen.AddCrls(crls);
*
* CmsSignedData data = gen.Generate(content);
*
*
Constructor allowing specific source of randomness
Instance of SecureRandom to use.
* add a signer - no attributes other than the default ones will be
* provided here.
*
* @param key signing key to use
* @param cert certificate containing corresponding public key
* @param digestOID digest algorithm OID
add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be
provided here.
@param key signing key to use
@param cert certificate containing corresponding public key
@param encryptionOID digest encryption algorithm OID
@param digestOID digest algorithm OID
add a signer - no attributes other than the default ones will be
provided here.
add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be
provided here.
* add a signer with extra signed/unsigned attributes.
*
* @param key signing key to use
* @param cert certificate containing corresponding public key
* @param digestOID digest algorithm OID
* @param signedAttr table of attributes to be included in signature
* @param unsignedAttr table of attributes to be included as unsigned
add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes.
@param key signing key to use
@param cert certificate containing corresponding public key
@param encryptionOID digest encryption algorithm OID
@param digestOID digest algorithm OID
@param signedAttr table of attributes to be included in signature
@param unsignedAttr table of attributes to be included as unsigned
* add a signer with extra signed/unsigned attributes.
*
* @param key signing key to use
* @param subjectKeyID subjectKeyID of corresponding public key
* @param digestOID digest algorithm OID
* @param signedAttr table of attributes to be included in signature
* @param unsignedAttr table of attributes to be included as unsigned
add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes.
@param key signing key to use
@param subjectKeyID subjectKeyID of corresponding public key
@param encryptionOID digest encryption algorithm OID
@param digestOID digest algorithm OID
@param signedAttr table of attributes to be included in signature
@param unsignedAttr table of attributes to be included as unsigned
add a signer with extra signed/unsigned attributes based on generators.
add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes based on generators.
add a signer with extra signed/unsigned attributes based on generators.
add a signer, including digest encryption algorithm, with extra signed/unsigned attributes based on generators.
generate a signed object that for a CMS Signed Data object
generate a signed object that for a CMS Signed Data
object - if encapsulate is true a copy
of the message will be included in the signature. The content type
is set according to the OID represented by the string signedContentType.
generate a signed object that for a CMS Signed Data
object - if encapsulate is true a copy
of the message will be included in the signature with the
default content type "data".
generate a set of one or more SignerInformation objects representing counter signatures on
the passed in SignerInformation object.
@param signer the signer to be countersigned
@param sigProvider the provider to be used for counter signing.
@return a store containing the signers.
Parsing class for an CMS Signed Data object from an input stream.
Note: that because we are in a streaming mode only one signer can be tried and it is important
that the methods on the parser are called in the appropriate order.
A simple example of usage for an encapsulated signature.
Two notes: first, in the example below the validity of
the certificate isn't verified, just the fact that one of the certs
matches the given signer, and, second, because we are in a streaming
mode the order of the operations is important.
CmsSignedDataParser sp = new CmsSignedDataParser(encapSigData);
sp.GetSignedContent().Drain();
IX509Store certs = sp.GetCertificates();
SignerInformationStore signers = sp.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
ArrayList certList = new ArrayList(certs.GetMatches(signer.SignerID));
X509Certificate cert = (X509Certificate) certList[0];
Console.WriteLine("verify returns: " + signer.Verify(cert));
}
Note also: this class does not introduce buffering - if you are processing large files you should create
the parser with:
CmsSignedDataParser ep = new CmsSignedDataParser(new BufferedInputStream(encapSigData, bufSize));
where bufSize is a suitably large buffer size.
base constructor - with encapsulated content
base constructor
@param signedContent the content that was signed.
@param sigData the signature object.
Return the version number for the SignedData object
@return the version number
return the collection of signers that are associated with the
signatures for the message.
@throws CmsException
return a X509Store containing the attribute certificates, if any, contained
in this message.
@param type type of store to create
@return a store of attribute certificates
@exception org.bouncycastle.x509.NoSuchStoreException if the store type isn't available.
@exception CmsException if a general exception prevents creation of the X509Store
return a X509Store containing the public key certificates, if any, contained
in this message.
@param type type of store to create
@return a store of public key certificates
@exception NoSuchStoreException if the store type isn't available.
@exception CmsException if a general exception prevents creation of the X509Store
return a X509Store containing CRLs, if any, contained
in this message.
@param type type of store to create
@return a store of CRLs
@exception NoSuchStoreException if the store type isn't available.
@exception CmsException if a general exception prevents creation of the X509Store
Return the DerObjectIdentifier associated with the encapsulated
content info structure carried in the signed data.
Replace the signerinformation store associated with the passed
in message contained in the stream original with the new one passed in.
You would probably only want to do this if you wanted to change the unsigned
attributes associated with a signer, or perhaps delete one.
The output stream is returned unclosed.
@param original the signed data stream to be used as a base.
@param signerInformationStore the new signer information store to use.
@param out the stream to Write the new signed data object to.
@return out.
Replace the certificate and CRL information associated with this
CMSSignedData object with the new one passed in.
The output stream is returned unclosed.
@param original the signed data stream to be used as a base.
@param certsAndCrls the new certificates and CRLs to be used.
@param out the stream to Write the new signed data object to.
@return out.
@exception CmsException if there is an error processing the CertStore
General class for generating a pkcs7-signature message stream.
A simple example of usage.
IX509Store certs...
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(privateKey, cert, CmsSignedDataStreamGenerator.DIGEST_SHA1);
gen.AddCertificates(certs);
Stream sigOut = gen.Open(bOut);
sigOut.Write(Encoding.UTF8.GetBytes("Hello World!"));
sigOut.Close();
Constructor allowing specific source of randomness
Instance of SecureRandom to use.
Set the underlying string size for encapsulated data
@param bufferSize length of octet strings to buffer the data.
add a signer - no attributes other than the default ones will be
provided here.
@throws NoSuchAlgorithmException
@throws InvalidKeyException
add a signer, specifying the digest encryption algorithm - no attributes other than the default ones will be
provided here.
@throws NoSuchProviderException
@throws NoSuchAlgorithmException
@throws InvalidKeyException
add a signer with extra signed/unsigned attributes.
@throws NoSuchAlgorithmException
@throws InvalidKeyException
add a signer with extra signed/unsigned attributes - specifying digest
encryption algorithm.
@throws NoSuchProviderException
@throws NoSuchAlgorithmException
@throws InvalidKeyException
add a signer - no attributes other than the default ones will be
provided here.
@throws NoSuchAlgorithmException
@throws InvalidKeyException
add a signer - no attributes other than the default ones will be
provided here.
@throws NoSuchProviderException
@throws NoSuchAlgorithmException
@throws InvalidKeyException
add a signer with extra signed/unsigned attributes.
@throws NoSuchAlgorithmException
@throws InvalidKeyException
generate a signed object that for a CMS Signed Data object
generate a signed object that for a CMS Signed Data
object - if encapsulate is true a copy
of the message will be included in the signature with the
default content type "data".
generate a signed object that for a CMS Signed Data
object using the given provider - if encapsulate is true a copy
of the message will be included in the signature with the
default content type "data". If dataOutputStream is non null the data
being signed will be written to the stream as it is processed.
@param out stream the CMS object is to be written to.
@param encapsulate true if data should be encapsulated.
@param dataOutputStream output stream to copy the data being signed to.
generate a signed object that for a CMS Signed Data
object - if encapsulate is true a copy
of the message will be included in the signature. The content type
is set according to the OID represented by the string signedContentType.
generate a signed object that for a CMS Signed Data
object using the given provider - if encapsulate is true a copy
of the message will be included in the signature. The content type
is set according to the OID represented by the string signedContentType.
@param out stream the CMS object is to be written to.
@param signedContentType OID for data to be signed.
@param encapsulate true if data should be encapsulated.
@param dataOutputStream output stream to copy the data being signed to.
Default type for the signed data.
Constructor allowing specific source of randomness
Instance of SecureRandom to use.
Add the attribute certificates contained in the passed in store to the
generator.
@param store a store of Version 2 attribute certificates
@throws CmsException if an error occurse processing the store.
Add a store of precalculated signers to the generator.
@param signerStore store of signers
Return a map of oids and byte arrays representing the digests calculated on the content during
the last generate.
@return a map of oids (as string objects) and byte[] representing digests.
Return the digest algorithm using one of the standard JCA string
representations rather than the algorithm identifier (if possible).
Return the digest encryption algorithm using one of the standard
JCA string representations rather than the algorithm identifier (if
possible).
Default authenticated attributes generator.
Initialise to use all defaults
Initialise with some extra attributes or overrides.
@param attributeTable initial attribute table to use.
Create a standard attribute table from the passed in parameters - this will
normally include contentType and messageDigest. If the constructor
using an AttributeTable was used, entries in it for contentType and
messageDigest will override the generated ones.
@param parameters source parameters for table generation.
@return a filled in IDictionary of attributes.
@param parameters source parameters
@return the populated attribute table
Default signed attributes generator.
Initialise to use all defaults
Initialise with some extra attributes or overrides.
@param attributeTable initial attribute table to use.
Create a standard attribute table from the passed in parameters - this will
normally include contentType, signingTime, and messageDigest. If the constructor
using an AttributeTable was used, entries in it for contentType, signingTime, and
messageDigest will override the generated ones.
@param parameters source parameters for table generation.
@return a filled in Hashtable of attributes.
@param parameters source parameters
@return the populated attribute table
the RecipientInfo class for a recipient who has been sent a message
encrypted using a secret key known to the other side.
decrypt the content and return an input stream.
the RecipientInfo class for a recipient who has been sent a message
encrypted using key agreement.
decrypt the content and return an input stream.
the KeyTransRecipientInformation class for a recipient who has been sent a secret
key encrypted using their public key that needs to be used to
extract the message.
decrypt the content and return it as a byte array.
a basic index for an originator.
Return the certificates stored in the underlying OriginatorInfo object.
@return a Store of X509CertificateHolder objects.
Return the CRLs stored in the underlying OriginatorInfo object.
@return a Store of X509CRLHolder objects.
Return the underlying ASN.1 object defining this SignerInformation object.
@return a OriginatorInfo.
the RecipientInfo class for a recipient who has been sent a message
encrypted using a password.
return the object identifier for the key derivation algorithm, or null
if there is none present.
@return OID for key derivation algorithm, if present.
decrypt the content and return an input stream.
PKCS5 scheme-2 - password converted to bytes assuming ASCII.
PKCS5 scheme-2 - password converted to bytes using UTF-8.
Generate a RecipientInfo object for the given key.
A
A
A
* return the object identifier for the key encryption algorithm.
*
* @return OID for key encryption algorithm.
* return the ASN.1 encoded key encryption algorithm parameters, or null if
* there aren't any.
*
* @return ASN.1 encoding of key encryption algorithm parameters.
Return the MAC calculated for the content stream. Note: this call is only meaningful once all
the content has been read.
@return byte array containing the mac.
Return the first RecipientInformation object that matches the
passed in selector. Null if there are no matches.
@param selector to identify a recipient
@return a single RecipientInformation object. Null if none matches.
Return the number of recipients in the collection.
@return number of recipients identified.
Return all recipients in the collection
@return a collection of recipients.
Return possible empty collection with recipients matching the passed in RecipientID
@param selector a recipient id to select against.
@return a collection of RecipientInformation objects.
a basic index for a signer.
If the passed in flag is true, the signer signature will be based on the data, not
a collection of signed attributes, and no signed attributes will be included.
@return the builder object
Provide a custom signed attribute generator.
@param signedGen a generator of signed attributes.
@return the builder object
Provide a generator of unsigned attributes.
@param unsignedGen a generator for signed attributes.
@return the builder object
Build a generator with the passed in X.509 certificate issuer and serial number as the signerIdentifier.
@param contentSigner operator for generating the final signature in the SignerInfo with.
@param certificate X.509 certificate related to the contentSigner.
@return a SignerInfoGenerator
@throws OperatorCreationException if the generator cannot be built.
Build a generator with the passed in subjectKeyIdentifier as the signerIdentifier. If used you should
try to follow the calculation described in RFC 5280 section 4.2.1.2.
@param signerFactory operator factory for generating the final signature in the SignerInfo with.
@param subjectKeyIdentifier key identifier to identify the public key for verifying the signature.
@return a SignerInfoGenerator
an expanded SignerInfo block from a CMS Signed message
Protected constructor. In some cases clients have their own idea about how to encode
the signed attributes and calculate the signature. This constructor is to allow developers
to deal with that by extending off the class and overriding e.g. SignedAttributes property.
@param baseInfo the SignerInformation to base this one on.
return the version number for this objects underlying SignerInfo structure.
return the object identifier for the signature.
return the signature parameters, or null if there aren't any.
return the content digest that was calculated during verification.
return the object identifier for the signature.
return the signature/encryption algorithm parameters, or null if
there aren't any.
return a table of the signed attributes - indexed by
the OID of the attribute.
return a table of the unsigned attributes indexed by
the OID of the attribute.
return the encoded signature
Return a SignerInformationStore containing the counter signatures attached to this
signer. If no counter signatures are present an empty store is returned.
return the DER encoding of the signed attributes.
@throws IOException if an encoding error occurs.
verify that the given public key successfully handles and confirms the
signature associated with this signer.
verify that the given certificate successfully handles and confirms
the signature associated with this signer and, if a signingTime
attribute is available, that the certificate was valid at the time the
signature was generated.
Return the base ASN.1 CMS structure that this object contains.
@return an object containing a CMS SignerInfo structure.
Return a signer information object with the passed in unsigned
attributes replacing the ones that are current associated with
the object passed in.
@param signerInformation the signerInfo to be used as the basis.
@param unsignedAttributes the unsigned attributes to add.
@return a copy of the original SignerInformationObject with the changed attributes.
Return a signer information object with passed in SignerInformationStore representing counter
signatures attached as an unsigned attribute.
@param signerInformation the signerInfo to be used as the basis.
@param counterSigners signer info objects carrying counter signature.
@return a copy of the original SignerInformationObject with the changed attributes.
Create a store containing a single SignerInformation object.
@param signerInfo the signer information to contain.
Create a store containing a collection of SignerInformation objects.
@param signerInfos a collection signer information objects to contain.
Return the first SignerInformation object that matches the
passed in selector. Null if there are no matches.
@param selector to identify a signer
@return a single SignerInformation object. Null if none matches.
The number of signers in the collection.
An ICollection of all signers in the collection
Return possible empty collection with signers matching the passed in SignerID
@param selector a signer id to select against.
@return a collection of SignerInformation objects.
Basic generator that just returns a preconstructed attribute table
Carrier for an authenticator control.
Basic constructor - build from a UTF-8 string representing the token.
UTF-8 string representing the token.
Basic constructor - build from a string representing the token.
string representing the token.
Return the type of this control.
Return the token associated with this control (a UTF8String).
Create a CertificateRequestMessage from the passed in bytes.
BER/DER encoding of the CertReqMsg structure.
Return the underlying ASN.1 object defining this CertificateRequestMessage object.
A CertReqMsg
Return the certificate template contained in this message.
a CertTemplate structure.
Return whether or not this request has control values associated with it.
true if there are control values present, false otherwise.
Return whether or not this request has a specific type of control value.
the type OID for the control value we are checking for.
true if a control value of type is present, false otherwise.
Return a control value of the specified type.
the type OID for the control value we are checking for.
the control value if present, null otherwise.
Return whether or not this request message has a proof-of-possession field in it.
true if proof-of-possession is present, false otherwise.
Return the type of the proof-of-possession this request message provides.
one of: popRaVerified, popSigningKey, popKeyEncipherment, popKeyAgreement
Return whether or not the proof-of-possession (POP) is of the type popSigningKey and
it has a public key MAC associated with it.
true if POP is popSigningKey and a PKMAC is present, false otherwise.
Return whether or not a signing key proof-of-possession (POP) is valid.
a provider that can produce content verifiers for the signature contained in this POP.
true if the POP is valid, false otherwise.
if there is a problem in verification or content verifier creation.
if POP not appropriate.
Return the ASN.1 encoding of the certReqMsg we wrap.
a byte array containing the binary encoding of the certReqMsg.
Create a builder that makes EncryptedValue structures.
wrapper a wrapper for key used to encrypt the actual data contained in the EncryptedValue.
encryptor an output encryptor to encrypt the actual data contained in the EncryptedValue.
Create a builder that makes EncryptedValue structures with fixed length blocks padded using the passed in padder.
a wrapper for key used to encrypt the actual data contained in the EncryptedValue.
encryptor an output encryptor to encrypt the actual data contained in the EncryptedValue.
padder a padder to ensure that the EncryptedValue created will always be a constant length.
Build an EncryptedValue structure containing the passed in pass phrase.
a revocation pass phrase.
an EncryptedValue containing the encrypted pass phrase.
Build an EncryptedValue structure containing the certificate contained in
the passed in holder.
a holder containing a certificate.
an EncryptedValue containing the encrypted certificate.
on a failure to encrypt the data, or wrap the symmetric key for this value.
Build an EncryptedValue structure containing the private key contained in
the passed info structure.
a PKCS#8 private key info structure.
an EncryptedValue containing an EncryptedPrivateKeyInfo structure.
on a failure to encrypt the data, or wrap the symmetric key for this value.
Generic interface for a CertificateRequestMessage control value.
Return the type of this control.
Return the value contained in this control object.
An encrypted value padder is used to make sure that prior to a value been
encrypted the data is padded to a standard length.
Return a byte array of padded data.
the data to be padded.
a padded byte array containing data.
Return a byte array of with padding removed.
the data to be padded.
an array containing the original unpadded data.
Basic constructor - build from an PKIArchiveOptions structure.
the ASN.1 structure that will underlie this control.
Return the type of this control.
CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions
Return the underlying ASN.1 object.
a PKIArchiveOptions structure.
Return the archive control type, one of: encryptedPrivKey,keyGenParameters,or archiveRemGenPrivKey.
the archive control type.
Return whether this control contains enveloped data.
true if the control contains enveloped data, false otherwise.
Return the enveloped data structure contained in this control.
a CMSEnvelopedData object.
Basic constructor - specify the contents of the PKIArchiveControl structure.
the private key to be archived.
the general name to be associated with the private key.
Add a recipient generator to this control.
recipient generator created for a specific recipient.
this builder object.
Build the PKIArchiveControl using the passed in encryptor to encrypt its contents.
a suitable content encryptor.
a PKIArchiveControl object.
Default, IterationCount = 1000, OIW=IdSha1, Mac=HmacSHA1
Defaults with IPKMacPrimitivesProvider
Create.
The Mac provider
Digest Algorithm Id
Mac Algorithm Id
Create a PKMAC builder enforcing a ceiling on the maximum iteration count.
supporting calculator
max allowable value for iteration count.
Set the salt length in octets.
@param saltLength length in octets of the salt to be generated.
@return the generator
Set the iteration count.
the iteration count.
this
if iteration count is less than 100
Set PbmParameters
The parameters.
this
The Secure random
The random.
this
Build an IMacFactory.
The password.
IMacFactory
Basic constructor - build from a UTF-8 string representing the token.
UTF-8 string representing the token.
Basic constructor - build from a string representing the token.
string representing the token.
Return the type of this control.
CRMFObjectIdentifiers.id_regCtrl_regToken
Return the token associated with this control (a UTF8String).
a UTF8String.
a Diffie-Hellman key exchange engine.
note: This uses MTI/A0 key agreement in order to make the key agreement
secure against passive attacks. If you're doing Diffie-Hellman and both
parties have long term public keys you should look at using this. For
further information have a look at RFC 2631.
It's possible to extend this to more than two parties as well, for the moment
that is left as an exercise for the reader.
calculate our initial message.
given a message from a given party and the corresponding public key
calculate the next message in the agreement sequence. In this case
this will represent the shared secret.
a Diffie-Hellman key agreement class.
note: This is only the basic algorithm, it doesn't take advantage of
long term public keys if they are available. See the DHAgreement class
for a "better" implementation.
given a short term public key from a given party calculate the next
message in the agreement sequence.
Standard Diffie-Hellman groups from various IETF specifications.
P1363 7.2.1 ECSVDP-DH
ECSVDP-DH is Elliptic Curve Secret Value Derivation Primitive,
Diffie-Hellman version. It is based on the work of [DH76], [Mil86],
and [Kob87]. This primitive derives a shared secret value from one
party's private key and another party's public key, where both have
the same set of EC domain parameters. If two parties correctly
execute this primitive, they will produce the same output. This
primitive can be invoked by a scheme to derive a shared secret key;
specifically, it may be used with the schemes ECKAS-DH1 and
DL/ECKAS-DH2. It assumes that the input keys are valid (see also
Section 7.2.2).
P1363 7.2.2 ECSVDP-DHC
ECSVDP-DHC is Elliptic Curve Secret Value Derivation Primitive,
Diffie-Hellman version with cofactor multiplication. It is based on
the work of [DH76], [Mil86], [Kob87], [LMQ98] and [Kal98a]. This
primitive derives a shared secret value from one party's private key
and another party's public key, where both have the same set of EC
domain parameters. If two parties correctly execute this primitive,
they will produce the same output. This primitive can be invoked by a
scheme to derive a shared secret key; specifically, it may be used
with the schemes ECKAS-DH1 and DL/ECKAS-DH2. It does not assume the
validity of the input public key (see also Section 7.2.1).
Note: As stated P1363 compatibility mode with ECDH can be preset, and
in this case the implementation doesn't have a ECDH compatibility mode
(if you want that just use ECDHBasicAgreement and note they both implement
BasicAgreement!).
A participant in a Password Authenticated Key Exchange by Juggling (J-PAKE) exchange.
The J-PAKE exchange is defined by Feng Hao and Peter Ryan in the paper
"Password Authenticated Key Exchange by Juggling, 2008."
The J-PAKE protocol is symmetric.
There is no notion of a client or server, but rather just two participants.
An instance of JPakeParticipant represents one participant, and
is the primary interface for executing the exchange.
To execute an exchange, construct a JPakeParticipant on each end,
and call the following 7 methods
(once and only once, in the given order, for each participant, sending messages between them as described):
CreateRound1PayloadToSend() - and send the payload to the other participant
ValidateRound1PayloadReceived(JPakeRound1Payload) - use the payload received from the other participant
CreateRound2PayloadToSend() - and send the payload to the other participant
ValidateRound2PayloadReceived(JPakeRound2Payload) - use the payload received from the other participant
CalculateKeyingMaterial()
CreateRound3PayloadToSend(BigInteger) - and send the payload to the other participant
ValidateRound3PayloadReceived(JPakeRound3Payload, BigInteger) - use the payload received from the other participant
Each side should derive a session key from the keying material returned by CalculateKeyingMaterial().
The caller is responsible for deriving the session key using a secure key derivation function (KDF).
Round 3 is an optional key confirmation process.
If you do not execute round 3, then there is no assurance that both participants are using the same key.
(i.e. if the participants used different passwords, then their session keys will differ.)
If the round 3 validation succeeds, then the keys are guaranteed to be the same on both sides.
The symmetric design can easily support the asymmetric cases when one party initiates the communication.
e.g. Sometimes the round1 payload and round2 payload may be sent in one pass.
Also, in some cases, the key confirmation payload can be sent together with the round2 payload.
These are the trivial techniques to optimize the communication.
The key confirmation process is implemented as specified in
NIST SP 800-56A Revision 1,
Section 8.2 Unilateral Key Confirmation for Key Agreement Schemes.
This class is stateful and NOT threadsafe.
Each instance should only be used for ONE complete J-PAKE exchange
(i.e. a new JPakeParticipant should be constructed for each new J-PAKE exchange).
Convenience constructor for a new JPakeParticipant that uses
the JPakePrimeOrderGroups#NIST_3072 prime order group,
a SHA-256 digest, and a default SecureRandom implementation.
After construction, the State state will be STATE_INITIALIZED.
Throws NullReferenceException if any argument is null. Throws
ArgumentException if password is empty.
Unique identifier of this participant.
The two participants in the exchange must NOT share the same id.
Shared secret.
A defensive copy of this array is made (and cleared once CalculateKeyingMaterial() is called).
Caller should clear the input password as soon as possible.
Convenience constructor for a new JPakeParticipant that uses
a SHA-256 digest, and a default SecureRandom implementation.
After construction, the State state will be STATE_INITIALIZED.
Throws NullReferenceException if any argument is null. Throws
ArgumentException if password is empty.
Unique identifier of this participant.
The two participants in the exchange must NOT share the same id.
Shared secret.
A defensive copy of this array is made (and cleared once CalculateKeyingMaterial() is called).
Caller should clear the input password as soon as possible.
Prime order group. See JPakePrimeOrderGroups for standard groups.
Constructor for a new JPakeParticipant.
After construction, the State state will be STATE_INITIALIZED.
Throws NullReferenceException if any argument is null. Throws
ArgumentException if password is empty.
Unique identifier of this participant.
The two participants in the exchange must NOT share the same id.
Shared secret.
A defensive copy of this array is made (and cleared once CalculateKeyingMaterial() is called).
Caller should clear the input password as soon as possible.
Prime order group. See JPakePrimeOrderGroups for standard groups.
Digest to use during zero knowledge proofs and key confirmation
(SHA-256 or stronger preferred).
Source of secure random data for x1 and x2, and for the zero knowledge proofs.
Gets the current state of this participant.
See the STATE_* constants for possible values.
Creates and returns the payload to send to the other participant during round 1.
After execution, the State state} will be STATE_ROUND_1_CREATED}.
Validates the payload received from the other participant during round 1.
Must be called prior to CreateRound2PayloadToSend().
After execution, the State state will be STATE_ROUND_1_VALIDATED.
Throws CryptoException if validation fails. Throws InvalidOperationException
if called multiple times.
Creates and returns the payload to send to the other participant during round 2.
ValidateRound1PayloadReceived(JPakeRound1Payload) must be called prior to this method.
After execution, the State state will be STATE_ROUND_2_CREATED.
Throws InvalidOperationException if called prior to ValidateRound1PayloadReceived(JPakeRound1Payload), or multiple times
Validates the payload received from the other participant during round 2.
Note that this DOES NOT detect a non-common password.
The only indication of a non-common password is through derivation
of different keys (which can be detected explicitly by executing round 3 and round 4)
Must be called prior to CalculateKeyingMaterial().
After execution, the State state will be STATE_ROUND_2_VALIDATED.
Throws CryptoException if validation fails. Throws
InvalidOperationException if called prior to ValidateRound1PayloadReceived(JPakeRound1Payload), or multiple times
Calculates and returns the key material.
A session key must be derived from this key material using a secure key derivation function (KDF).
The KDF used to derive the key is handled externally (i.e. not by JPakeParticipant).
The keying material will be identical for each participant if and only if
each participant's password is the same. i.e. If the participants do not
share the same password, then each participant will derive a different key.
Therefore, if you immediately start using a key derived from
the keying material, then you must handle detection of incorrect keys.
If you want to handle this detection explicitly, you can optionally perform
rounds 3 and 4. See JPakeParticipant for details on how to execute
rounds 3 and 4.
The keying material will be in the range [0, p-1].
ValidateRound2PayloadReceived(JPakeRound2Payload) must be called prior to this method.
As a side effect, the internal password array is cleared, since it is no longer needed.
After execution, the State state will be STATE_KEY_CALCULATED.
Throws InvalidOperationException if called prior to ValidateRound2PayloadReceived(JPakeRound2Payload),
or if called multiple times.
Creates and returns the payload to send to the other participant during round 3.
See JPakeParticipant for more details on round 3.
After execution, the State state} will be STATE_ROUND_3_CREATED.
Throws InvalidOperationException if called prior to CalculateKeyingMaterial, or multiple
times.
The keying material as returned from CalculateKeyingMaterial().
Validates the payload received from the other participant during round 3.
See JPakeParticipant for more details on round 3.
After execution, the State state will be STATE_ROUND_3_VALIDATED.
Throws CryptoException if validation fails. Throws InvalidOperationException if called prior to
CalculateKeyingMaterial or multiple times
The round 3 payload received from the other participant.
The keying material as returned from CalculateKeyingMaterial().
A pre-computed prime order group for use during a J-PAKE exchange.
Typically a Schnorr group is used. In general, J-PAKE can use any prime order group
that is suitable for public key cryptography, including elliptic curve cryptography.
See JPakePrimeOrderGroups for convenient standard groups.
NIST publishes
many groups that can be used for the desired level of security.
Constructs a new JPakePrimeOrderGroup.
In general, you should use one of the pre-approved groups from
JPakePrimeOrderGroups, rather than manually constructing one.
The following basic checks are performed:
p-1 must be evenly divisible by q
g must be in [2, p-1]
g^q mod p must equal 1
p must be prime (within reasonably certainty)
q must be prime (within reasonably certainty)
The prime checks are performed using BigInteger#isProbablePrime(int),
and are therefore subject to the same probability guarantees.
These checks prevent trivial mistakes.
However, due to the small uncertainties if p and q are not prime,
advanced attacks are not prevented.
Use it at your own risk.
Throws NullReferenceException if any argument is null. Throws
InvalidOperationException is any of the above validations fail.
Constructor used by the pre-approved groups in JPakePrimeOrderGroups.
These pre-approved groups can avoid the expensive checks.
User-specified groups should not use this constructor.
Standard pre-computed prime order groups for use by J-PAKE.
(J-PAKE can use pre-computed prime order groups, same as DSA and Diffie-Hellman.)
This class contains some convenient constants for use as input for
constructing {@link JPAKEParticipant}s.
The prime order groups below are taken from Sun's JDK JavaDoc (docs/guide/security/CryptoSpec.html#AppB),
and from the prime order groups
published by NIST.
From Sun's JDK JavaDoc (docs/guide/security/CryptoSpec.html#AppB)
1024-bit p, 160-bit q and 1024-bit g for 80-bit security.
From NIST.
2048-bit p, 224-bit q and 2048-bit g for 112-bit security.
From NIST.
3072-bit p, 256-bit q and 3072-bit g for 128-bit security.
The payload sent/received during the first round of a J-PAKE exchange.
Each JPAKEParticipant creates and sends an instance of this payload to
the other. The payload to send should be created via
JPAKEParticipant.CreateRound1PayloadToSend().
Each participant must also validate the payload received from the other.
The received payload should be validated via
JPAKEParticipant.ValidateRound1PayloadReceived(JPakeRound1Payload).
The id of the JPAKEParticipant who created/sent this payload.
The value of g^x1
The value of g^x2
The zero knowledge proof for x1.
This is a two element array, containing {g^v, r} for x1.
The zero knowledge proof for x2.
This is a two element array, containing {g^v, r} for x2.
The payload sent/received during the second round of a J-PAKE exchange.
Each JPAKEParticipant creates and sends an instance
of this payload to the other JPAKEParticipant.
The payload to send should be created via
JPAKEParticipant#createRound2PayloadToSend()
Each JPAKEParticipant must also validate the payload
received from the other JPAKEParticipant.
The received payload should be validated via
JPAKEParticipant#validateRound2PayloadReceived(JPakeRound2Payload)
The id of the JPAKEParticipant who created/sent this payload.
The value of A, as computed during round 2.
The zero knowledge proof for x2 * s.
This is a two element array, containing {g^v, r} for x2 * s.
The payload sent/received during the optional third round of a J-PAKE exchange,
which is for explicit key confirmation.
Each JPAKEParticipant creates and sends an instance
of this payload to the other JPAKEParticipant.
The payload to send should be created via
JPAKEParticipant#createRound3PayloadToSend(BigInteger)
Eeach JPAKEParticipant must also validate the payload
received from the other JPAKEParticipant.
The received payload should be validated via
JPAKEParticipant#validateRound3PayloadReceived(JPakeRound3Payload, BigInteger)
The id of the {@link JPAKEParticipant} who created/sent this payload.
The value of MacTag, as computed by round 3.
See JPAKEUtil#calculateMacTag(string, string, BigInteger, BigInteger, BigInteger, BigInteger, BigInteger, org.bouncycastle.crypto.Digest)
Primitives needed for a J-PAKE exchange.
The recommended way to perform a J-PAKE exchange is by using
two JPAKEParticipants. Internally, those participants
call these primitive operations in JPakeUtilities.
The primitives, however, can be used without a JPAKEParticipant if needed.
Return a value that can be used as x1 or x3 during round 1.
The returned value is a random value in the range [0, q-1].
Return a value that can be used as x2 or x4 during round 1.
The returned value is a random value in the range [1, q-1].
Converts the given password to a BigInteger
for use in arithmetic calculations.
Calculate g^x mod p as done in round 1.
Calculate ga as done in round 2.
Calculate x2 * s as done in round 2.
Calculate A as done in round 2.
Calculate a zero knowledge proof of x using Schnorr's signature.
The returned array has two elements {g^v, r = v-x*h} for x.
Validates that g^x4 is not 1.
throws CryptoException if g^x4 is 1
Validates that ga is not 1.
As described by Feng Hao...
Alice could simply check ga != 1 to ensure it is a generator.
In fact, as we will explain in Section 3, (x1 + x3 + x4 ) is random over Zq even in the face of active attacks.
Hence, the probability for ga = 1 is extremely small - on the order of 2^160 for 160-bit q.
throws CryptoException if ga is 1
Validates the zero knowledge proof (generated by
calculateZeroKnowledgeProof(BigInteger, BigInteger, BigInteger, BigInteger, BigInteger, string, Digest, SecureRandom)
is correct.
throws CryptoException if the zero knowledge proof is not correct
Calculates the keying material, which can be done after round 2 has completed.
A session key must be derived from this key material using a secure key derivation function (KDF).
The KDF used to derive the key is handled externally (i.e. not by JPAKEParticipant).
KeyingMaterial = (B/g^{x2*x4*s})^x2
Validates that the given participant ids are not equal.
(For the J-PAKE exchange, each participant must use a unique id.)
Throws CryptoException if the participantId strings are equal.
Validates that the given participant ids are equal.
This is used to ensure that the payloads received from
each round all come from the same participant.
Validates that the given object is not null.
throws NullReferenceException if the object is null.
object in question
name of the object (to be used in exception message)
Calculates the MacTag (to be used for key confirmation), as defined by
NIST SP 800-56A Revision 1,
Section 8.2 Unilateral Key Confirmation for Key Agreement Schemes.
MacTag = HMAC(MacKey, MacLen, MacData)
MacKey = H(K || "JPAKE_KC")
MacData = "KC_1_U" || participantId || partnerParticipantId || gx1 || gx2 || gx3 || gx4
Note that both participants use "KC_1_U" because the sender of the round 3 message
is always the initiator for key confirmation.
HMAC = {@link HMac} used with the given {@link Digest}
H = The given {@link Digest}
MacLen = length of MacTag
Calculates the MacKey (i.e. the key to use when calculating the MagTag for key confirmation).
MacKey = H(K || "JPAKE_KC")
Validates the MacTag received from the partner participant.
throws CryptoException if the participantId strings are equal.
Generator for Concatenation Key Derivation Function defined in NIST SP 800-56A, Sect 5.8.1
@param digest the digest to be used as the source of generated bytes
return the underlying digest.
fill len bytes of the output buffer with bytes generated from
the derivation function.
@throws DataLengthException if the out buffer is too small.
RFC 2631 Diffie-hellman KEK derivation function.
X9.63 based key derivation function for ECDH CMS.
SM2 Key Exchange protocol - based on https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
Implements the client side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe.
This implementation of SRP is based on the optimized message sequence put forth by Thomas Wu in the paper
"SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, 2002"
Initialises the client to begin new authentication attempt
@param N The safe prime associated with the client's verifier
@param g The group parameter associated with the client's verifier
@param digest The digest algorithm associated with the client's verifier
@param random For key generation
Generates client's credentials given the client's salt, identity and password
@param salt The salt used in the client's verifier.
@param identity The user's identity (eg. username)
@param password The user's password
@return Client's public value to send to server
Generates client's verification message given the server's credentials
@param serverB The server's credentials
@return Client's verification message for the server
@throws CryptoException If server's credentials are invalid
Computes the client evidence message M1 using the previously received values.
To be called after calculating the secret S.
@return M1: the client side generated evidence message
@throws CryptoException
Authenticates the server evidence message M2 received and saves it only if correct.
@param M2: the server side generated evidence message
@return A boolean indicating if the server message M2 was the expected one.
@throws CryptoException
Computes the final session key as a result of the SRP successful mutual authentication
To be called after verifying the server evidence message M2.
@return Key: the mutually authenticated symmetric session key
@throws CryptoException
Implements the server side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe.
This implementation of SRP is based on the optimized message sequence put forth by Thomas Wu in the paper
"SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, 2002"
Initialises the server to accept a new client authentication attempt
@param N The safe prime associated with the client's verifier
@param g The group parameter associated with the client's verifier
@param v The client's verifier
@param digest The digest algorithm associated with the client's verifier
@param random For key generation
Generates the server's credentials that are to be sent to the client.
@return The server's public value to the client
Processes the client's credentials. If valid the shared secret is generated and returned.
@param clientA The client's credentials
@return A shared secret BigInteger
@throws CryptoException If client's credentials are invalid
Authenticates the received client evidence message M1 and saves it only if correct.
To be called after calculating the secret S.
@param M1: the client side generated evidence message
@return A boolean indicating if the client message M1 was the expected one.
@throws CryptoException
Computes the server evidence message M2 using the previously verified values.
To be called after successfully verifying the client evidence message M1.
@return M2: the server side generated evidence message
@throws CryptoException
Computes the final session key as a result of the SRP successful mutual authentication
To be called after calculating the server evidence message M2.
@return Key: the mutual authenticated symmetric session key
@throws CryptoException
Computes the client evidence message (M1) according to the standard routine:
M1 = H( A | B | S )
@param digest The Digest used as the hashing function H
@param N Modulus used to get the pad length
@param A The public client value
@param B The public server value
@param S The secret calculated by both sides
@return M1 The calculated client evidence message
Computes the server evidence message (M2) according to the standard routine:
M2 = H( A | M1 | S )
@param digest The Digest used as the hashing function H
@param N Modulus used to get the pad length
@param A The public client value
@param M1 The client evidence message
@param S The secret calculated by both sides
@return M2 The calculated server evidence message
Computes the final Key according to the standard routine: Key = H(S)
@param digest The Digest used as the hashing function H
@param N Modulus used to get the pad length
@param S The secret calculated by both sides
@return
Generates new SRP verifier for user
Initialises generator to create new verifiers
@param N The safe prime to use (see DHParametersGenerator)
@param g The group parameter to use (see DHParametersGenerator)
@param digest The digest to use. The same digest type will need to be used later for the actual authentication
attempt. Also note that the final session key size is dependent on the chosen digest.
Creates a new SRP verifier
@param salt The salt to use, generally should be large and random
@param identity The user's identifying information (eg. username)
@param password The user's password
@return A new verifier for use in future SRP authentication
a holding class for public/private parameter pairs.
basic constructor.
@param publicParam a public key parameters object.
@param privateParam the corresponding private key parameters.
return the public key parameters.
@return the public key parameters.
return the private key parameters.
@return the private key parameters.
The AEAD block ciphers already handle buffering internally, so this class
just takes care of implementing IBufferedCipher methods.
initialise the cipher.
@param forEncryption if true the cipher is initialised for
encryption, if false for decryption.
@param param the key and other data required by the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
return the blocksize for the underlying cipher.
@return the blocksize for the underlying cipher.
return the size of the output buffer required for an update
an input of len bytes.
@param len the length of the input.
@return the space required to accommodate a call to update
with len bytes of input.
return the size of the output buffer required for an update plus a
doFinal with an input of len bytes.
@param len the length of the input.
@return the space required to accommodate a call to update and doFinal
with len bytes of input.
process a single byte, producing an output block if necessary.
@param in the input byte.
@param out the space for any output that might be produced.
@param outOff the offset from which the output will be copied.
@return the number of output bytes copied to out.
@exception DataLengthException if there isn't enough space in out.
@exception InvalidOperationException if the cipher isn't initialised.
process an array of bytes, producing output if necessary.
@param in the input byte array.
@param inOff the offset at which the input data starts.
@param len the number of bytes to be copied out of the input array.
@param out the space for any output that might be produced.
@param outOff the offset from which the output will be copied.
@return the number of output bytes copied to out.
@exception DataLengthException if there isn't enough space in out.
@exception InvalidOperationException if the cipher isn't initialised.
Process the last block in the buffer.
@param out the array the block currently being held is copied into.
@param outOff the offset at which the copying starts.
@return the number of output bytes copied to out.
@exception DataLengthException if there is insufficient space in out for
the output, or the input is not block size aligned and should be.
@exception InvalidOperationException if the underlying cipher is not
initialised.
@exception InvalidCipherTextException if padding is expected and not found.
@exception DataLengthException if the input is not block size
aligned.
Reset the buffer and cipher. After resetting the object is in the same
state as it was after the last init (if there was one).
The AEAD ciphers already handle buffering internally, so this class
just takes care of implementing IBufferedCipher methods.
initialise the cipher.
@param forEncryption if true the cipher is initialised for
encryption, if false for decryption.
@param param the key and other data required by the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
return the blocksize for the underlying cipher.
@return the blocksize for the underlying cipher.
return the size of the output buffer required for an update
an input of len bytes.
@param len the length of the input.
@return the space required to accommodate a call to update
with len bytes of input.
return the size of the output buffer required for an update plus a
doFinal with an input of len bytes.
@param len the length of the input.
@return the space required to accommodate a call to update and doFinal
with len bytes of input.
process a single byte, producing an output block if necessary.
@param in the input byte.
@param out the space for any output that might be produced.
@param outOff the offset from which the output will be copied.
@return the number of output bytes copied to out.
@exception DataLengthException if there isn't enough space in out.
@exception InvalidOperationException if the cipher isn't initialised.
process an array of bytes, producing output if necessary.
@param in the input byte array.
@param inOff the offset at which the input data starts.
@param len the number of bytes to be copied out of the input array.
@param out the space for any output that might be produced.
@param outOff the offset from which the output will be copied.
@return the number of output bytes copied to out.
@exception DataLengthException if there isn't enough space in out.
@exception InvalidOperationException if the cipher isn't initialised.
Process the last block in the buffer.
@param out the array the block currently being held is copied into.
@param outOff the offset at which the copying starts.
@return the number of output bytes copied to out.
@exception DataLengthException if there is insufficient space in out for
the output, or the input is not block size aligned and should be.
@exception InvalidOperationException if the underlying cipher is not
initialised.
@exception InvalidCipherTextException if padding is expected and not found.
@exception DataLengthException if the input is not block size
aligned.
Reset the buffer and cipher. After resetting the object is in the same
state as it was after the last init (if there was one).
a buffer wrapper for an asymmetric block cipher, allowing input
to be accumulated in a piecemeal fashion until final processing.
base constructor.
@param cipher the cipher this buffering object wraps.
return the amount of data sitting in the buffer.
@return the amount of data sitting in the buffer.
initialise the buffer and the underlying cipher.
@param forEncryption if true the cipher is initialised for
encryption, if false for decryption.
@param param the key and other data required by the cipher.
process the contents of the buffer using the underlying
cipher.
@return the result of the encryption/decryption process on the
buffer.
@exception InvalidCipherTextException if we are given a garbage block.
Reset the buffer
A wrapper class that allows block ciphers to be used to process data in
a piecemeal fashion. The BufferedBlockCipher outputs a block only when the
buffer is full and more data is being added, or on a doFinal.
Note: in the case where the underlying cipher is either a CFB cipher or an
OFB one the last block may not be a multiple of the block size.
constructor for subclasses
Create a buffered block cipher without padding.
@param cipher the underlying block cipher this buffering object wraps.
false otherwise.
initialise the cipher.
@param forEncryption if true the cipher is initialised for
encryption, if false for decryption.
@param param the key and other data required by the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
return the blocksize for the underlying cipher.
@return the blocksize for the underlying cipher.
return the size of the output buffer required for an update
an input of len bytes.
@param len the length of the input.
@return the space required to accommodate a call to update
with len bytes of input.
return the size of the output buffer required for an update plus a
doFinal with an input of len bytes.
@param len the length of the input.
@return the space required to accommodate a call to update and doFinal
with len bytes of input.
process a single byte, producing an output block if necessary.
@param in the input byte.
@param out the space for any output that might be produced.
@param outOff the offset from which the output will be copied.
@return the number of output bytes copied to out.
@exception DataLengthException if there isn't enough space in out.
@exception InvalidOperationException if the cipher isn't initialised.
process an array of bytes, producing output if necessary.
@param in the input byte array.
@param inOff the offset at which the input data starts.
@param len the number of bytes to be copied out of the input array.
@param out the space for any output that might be produced.
@param outOff the offset from which the output will be copied.
@return the number of output bytes copied to out.
@exception DataLengthException if there isn't enough space in out.
@exception InvalidOperationException if the cipher isn't initialised.
Process the last block in the buffer.
@param out the array the block currently being held is copied into.
@param outOff the offset at which the copying starts.
@return the number of output bytes copied to out.
@exception DataLengthException if there is insufficient space in out for
the output, or the input is not block size aligned and should be.
@exception InvalidOperationException if the underlying cipher is not
initialised.
@exception InvalidCipherTextException if padding is expected and not found.
@exception DataLengthException if the input is not block size
aligned.
Reset the buffer and cipher. After resetting the object is in the same
state as it was after the last init (if there was one).
The base class for symmetric, or secret, cipher key generators.
initialise the key generator.
@param param the parameters to be used for key generation
Generate a secret key.
@return a byte array containing the key value.
this exception is thrown if a buffer that is meant to have output
copied into it turns out to be too short, or if we've been given
insufficient input. In general this exception will Get thrown rather
than an ArrayOutOfBounds exception.
base constructor.
create a DataLengthException with the given message.
@param message the message to be carried with the exception.
Basic sized constructor - size in bits.
@param digestSize size of the digest in bits
Blake2b for authentication ("Prefix-MAC mode").
After calling the doFinal() method, the key will
remain to be used for further computations of
this instance.
The key can be overwritten using the clearKey() method.
@param key A key up to 64 bytes or null
Blake2b with key, required digest length (in bytes), salt and personalization.
After calling the doFinal() method, the key, the salt and the personal string
will remain and might be used for further computations with this instance.
The key can be overwritten using the clearKey() method, the salt (pepper)
can be overwritten using the clearSalt() method.
@param key A key up to 64 bytes or null
@param digestLength from 1 up to 64 bytes
@param salt 16 bytes or null
@param personalization 16 bytes or null
update the message digest with a single byte.
@param b the input byte to be entered.
update the message digest with a block of bytes.
@param message the byte array containing the data.
@param offset the offset into the byte array where the data starts.
@param len the length of the data.
close the digest, producing the final digest value. The doFinal
call leaves the digest reset.
Key, salt and personal string remain.
@param out the array the digest is to be copied into.
@param outOffset the offset into the out array the digest is to start at.
Reset the digest back to it's initial state.
The key, the salt and the personal string will
remain for further computations.
return the algorithm name
@return the algorithm name
return the size, in bytes, of the digest produced by this message digest.
@return the size, in bytes, of the digest produced by this message digest.
Return the size in bytes of the internal buffer the digest applies it's compression
function to.
@return byte length of the digests internal buffer.
Overwrite the key
if it is no longer used (zeroization)
Overwrite the salt (pepper) if it
is secret and no longer used (zeroization)
Implementation of the cryptographic hash function BLAKE2s.
BLAKE2s offers a built-in keying mechanism to be used directly
for authentication ("Prefix-MAC") rather than a HMAC construction.
BLAKE2s offers a built-in support for a salt for randomized hashing
and a personal string for defining a unique hash function for each application.
BLAKE2s is optimized for 32-bit platforms and produces digests of any size
between 1 and 32 bytes.
BLAKE2s Initialization Vector
Message word permutations
Whenever this buffer overflows, it will be processed in the Compress()
function. For performance issues, long messages will not use this buffer.
Position of last inserted byte
Internal state, in the BLAKE2 paper it is called v
State vector, in the BLAKE2 paper it is called h
holds least significant bits of counter
holds most significant bits of counter
finalization flag, for last block: ~0
BLAKE2s-256 for hashing.
BLAKE2s for hashing.
@param digestBits the desired digest length in bits. Must be a multiple of 8 and less than 256.
BLAKE2s for authentication ("Prefix-MAC mode").
After calling the doFinal() method, the key will remain to be used for
further computations of this instance. The key can be overwritten using
the clearKey() method.
@param key a key up to 32 bytes or null
BLAKE2s with key, required digest length, salt and personalization.
After calling the doFinal() method, the key, the salt and the personal
string will remain and might be used for further computations with this
instance. The key can be overwritten using the clearKey() method, the
salt (pepper) can be overwritten using the clearSalt() method.
@param key a key up to 32 bytes or null
@param digestBytes from 1 up to 32 bytes
@param salt 8 bytes or null
@param personalization 8 bytes or null
Update the message digest with a single byte.
@param b the input byte to be entered.
Update the message digest with a block of bytes.
@param message the byte array containing the data.
@param offset the offset into the byte array where the data starts.
@param len the length of the data.
Close the digest, producing the final digest value. The doFinal() call
leaves the digest reset. Key, salt and personal string remain.
@param out the array the digest is to be copied into.
@param outOffset the offset into the out array the digest is to start at.
Reset the digest back to its initial state. The key, the salt and the
personal string will remain for further computations.
Return the algorithm name.
@return the algorithm name
Return the size in bytes of the digest produced by this message digest.
@return the size in bytes of the digest produced by this message digest.
Return the size in bytes of the internal buffer the digest applies its
compression function to.
@return byte length of the digest's internal buffer.
Overwrite the key if it is no longer used (zeroization).
Overwrite the salt (pepper) if it is secret and no longer used
(zeroization).
Customizable SHAKE function.
Base constructor
bit length of the underlying SHAKE function, 128 or 256.
the function name string, note this is reserved for use by NIST. Avoid using it if not required.
the customization string - available for local use.
implementation of Ukrainian DSTU 7564 hash function
base implementation of MD4 family style digest as outlined in
"Handbook of Applied Cryptography", pages 344 - 347.
implementation of GOST R 34.11-94
Standard constructor
Constructor to allow use of a particular sbox with GOST28147
@see GOST28147Engine#getSBox(String)
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables to the IV values.
Implementation of Keccak based on following KeccakNISTInterface.c from http://keccak.noekeon.org/
Following the naming conventions used in the C source code to enable easy review of the implementation.
Return the size of block that the compression function is applied to in bytes.
@return internal byte length of a block.
Base class for SHA-384 and SHA-512.
Constructor for variable length word
Copy constructor. We are using copy constructors in place
of the object.Clone() interface as this interface is not
supported by J2ME.
adjust the byte counts so that byteCount2 represents the
upper long (less 3 bits) word of the byte count.
implementation of MD2
as outlined in RFC1319 by B.Kaliski from RSA Laboratories April 1992
return the algorithm name
@return the algorithm name
Close the digest, producing the final digest value. The doFinal
call leaves the digest reset.
@param out the array the digest is to be copied into.
@param outOff the offset into the out array the digest is to start at.
reset the digest back to it's initial state.
update the message digest with a single byte.
@param in the input byte to be entered.
update the message digest with a block of bytes.
@param in the byte array containing the data.
@param inOff the offset into the byte array where the data starts.
@param len the length of the data.
implementation of MD4 as RFC 1320 by R. Rivest, MIT Laboratory for
Computer Science and RSA Data Security, Inc.
NOTE: This algorithm is only included for backwards compatibility
with legacy applications, it's not secure, don't use it for anything new!
Standard constructor
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables to the IV values.
implementation of MD5 as outlined in "Handbook of Applied Cryptography", pages 346 - 347.
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables to the IV values.
Wrapper removes exposure to the IMemoable interface on an IDigest implementation.
Base constructor.
@param baseDigest underlying digest to use.
@exception IllegalArgumentException if baseDigest is null
ParallelHash - a hash designed to support the efficient hashing of very long strings, by taking advantage,
of the parallelism available in modern processors with an optional XOF mode.
From NIST Special Publication 800-185 - SHA-3 Derived Functions:cSHAKE, KMAC, TupleHash and ParallelHash
Base constructor.
@param bitLength bit length of the underlying SHAKE function, 128 or 256.
@param S the customization string - available for local use.
@param B the blocksize (in bytes) for hashing.
implementation of RipeMD128
Standard constructor
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables to the IV values.
implementation of RipeMD see,
http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
Standard constructor
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables to the IV values.
Implementation of RipeMD256.
Note: this algorithm offers the same level of security as RipeMD128.
Standard constructor
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables to the IV values.
Implementation of RipeMD 320.
Note: this algorithm offers the same level of security as RipeMD160.
Standard constructor
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables to the IV values.
implementation of SHA-1 as outlined in "Handbook of Applied Cryptography", pages 346 - 349.
It is interesting to ponder why the, apart from the extra IV, the other difference here from MD5
is the "endianness" of the word processing!
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables
SHA-224 as described in RFC 3874
block word digest
SHA-1 512 32 160
SHA-224 512 32 224
SHA-256 512 32 256
SHA-384 1024 64 384
SHA-512 1024 64 512
Standard constructor
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables
Draft FIPS 180-2 implementation of SHA-256. Note: As this is
based on a draft this implementation is subject to change.
block word digest
SHA-1 512 32 160
SHA-256 512 32 256
SHA-384 1024 64 384
SHA-512 1024 64 512
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables
Draft FIPS 180-2 implementation of SHA-384. Note: As this is
based on a draft this implementation is subject to change.
block word digest
SHA-1 512 32 160
SHA-256 512 32 256
SHA-384 1024 64 384
SHA-512 1024 64 512
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables
Implementation of SHA-3 based on following KeccakNISTInterface.c from http://keccak.noekeon.org/
Following the naming conventions used in the C source code to enable easy review of the implementation.
Draft FIPS 180-2 implementation of SHA-512. Note: As this is
based on a draft this implementation is subject to change.
block word digest
SHA-1 512 32 160
SHA-256 512 32 256
SHA-384 1024 64 384
SHA-512 1024 64 512
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables
FIPS 180-4 implementation of SHA-512/t
Standard constructor
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables
Implementation of SHAKE based on following KeccakNISTInterface.c from http://keccak.noekeon.org/
Following the naming conventions used in the C source code to enable easy review of the implementation.
Wrapper class that reduces the output length of a particular digest to
only the first n bytes of the digest function.
Base constructor.
@param baseDigest underlying digest to use.
@param length length in bytes of the output of doFinal.
@exception ArgumentException if baseDigest is null, or length is greater than baseDigest.GetDigestSize().
Implementation of the Skein parameterised hash function in 256, 512 and 1024 bit block sizes,
based on the Threefish tweakable block cipher.
This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3
competition in October 2010.
Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
256 bit block size - Skein-256
512 bit block size - Skein-512
1024 bit block size - Skein-1024
Constructs a Skein digest with an internal state size and output size.
the internal state size in bits - one of or
.
the output/digest size to produce in bits, which must be an integral number of
bytes.
Optionally initialises the Skein digest with the provided parameters.
See for details on the parameterisation of the Skein hash function.
the parameters to apply to this engine, or null to use no parameters.
Implementation of the Skein family of parameterised hash functions in 256, 512 and 1024 bit block
sizes, based on the Threefish tweakable block cipher.
This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3
competition in October 2010.
Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
This implementation is the basis for and , implementing the
parameter based configuration system that allows Skein to be adapted to multiple applications.
Initialising the engine with allows standard and arbitrary parameters to
be applied during the Skein hash function.
Implemented:
- 256, 512 and 1024 bit internal states.
- Full 96 bit input length.
- Parameters defined in the Skein specification, and arbitrary other pre and post message
parameters.
- Arbitrary output size in 1 byte intervals.
Not implemented:
- Sub-byte length input (bit padding).
- Tree hashing.
256 bit block size - Skein-256
512 bit block size - Skein-512
1024 bit block size - Skein-1024
The parameter type for the Skein key.
The parameter type for the Skein configuration block.
The parameter type for the message.
The parameter type for the output transformation.
Precalculated UBI(CFG) states for common state/output combinations without key or other
pre-message params.
Point at which position might overflow long, so switch to add with carry logic
Bit 127 = final
Bit 126 = first
UBI uses a 128 bit tweak
Whether 64 bit position exceeded
Advances the position in the tweak by the specified value.
The Unique Block Iteration chaining mode.
Buffer for the current block of message data
Offset into the current message block
Buffer for message words for feedback into encrypted block
Underlying Threefish tweakable block cipher
Size of the digest output, in bytes
The current chaining/state value
The initial state value
The (optional) key parameter
Parameters to apply prior to the message
Parameters to apply after the message, but prior to output
The current UBI operation
Buffer for single byte update method
Constructs a Skein digest with an internal state size and output size.
the internal state size in bits - one of or
.
the output/digest size to produce in bits, which must be an integral number of
bytes.
Creates a SkeinEngine as an exact copy of an existing instance.
Initialises the Skein engine with the provided parameters. See for
details on the parameterisation of the Skein hash function.
the parameters to apply to this engine, or null to use no parameters.
Calculate the initial (pre message block) chaining state.
Reset the engine to the initial state (with the key and any pre-message parameters , ready to
accept message input.
Implementation of Chinese SM3 digest as described at
http://tools.ietf.org/html/draft-shen-sm3-hash-00
and at .... ( Chinese PDF )
The specification says "process a bit stream",
but this is written to process bytes in blocks of 4,
meaning this will process 32-bit word groups.
But so do also most other digest specifications,
including the SHA-256 which was a origin for
this specification.
Standard constructor
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables
implementation of Tiger based on:
http://www.cs.technion.ac.il/~biham/Reports/Tiger
Standard constructor
Copy constructor. This will copy the state of the provided
message digest.
reset the chaining variables
TupleHash - a hash designed to simply hash a tuple of input strings, any or all of which may be empty strings,
in an unambiguous way with an optional XOF mode.
From NIST Special Publication 800-185 - SHA-3 Derived Functions:cSHAKE, KMAC, TupleHash and ParallelHash
Base constructor.
@param bitLength bit length of the underlying SHAKE function, 128 or 256.
@param S the customization string - available for local use.
Implementation of WhirlpoolDigest, based on Java source published by Barreto
and Rijmen.
Copy constructor. This will copy the state of the provided message
digest.
Reset the chaining variables
return the X9ECParameters object for the named curve represented by
the passed in object identifier. Null if the curve isn't present.
@param oid an object identifier representing a named curve, if present.
return the object identifier signified by the passed in name. Null
if there is no object identifier associated with name.
@return the object identifier associated with name, if present.
return the named curve name represented by the given object identifier.
returns an enumeration containing the name strings for curves
contained in this structure.
ISO 9796-1 padding. Note in the light of recent results you should
only use this with RSA (rather than the "simpler" Rabin keys) and you
should never use it with anything other than a hash (ie. even if the
message is small don't sign the message, sign it's hash) or some "random"
value. See your favorite search engine for details.
return the input block size. The largest message we can process
is (key_size_in_bits + 3)/16, which in our world comes to
key_size_in_bytes / 2.
return the maximum possible size for the output.
set the number of bits in the next message to be treated as
pad bits.
retrieve the number of pad bits in the last decoded message.
@exception InvalidCipherTextException if the decrypted block is not a valid ISO 9796 bit string
Optimal Asymmetric Encryption Padding (OAEP) - see PKCS 1 V 2.
@exception InvalidCipherTextException if the decrypted block turns out to
be badly formatted.
mask generator function, as described in PKCS1v2.
this does your basic Pkcs 1 v1.5 padding - whether or not you should be using this
depends on your application - see Pkcs1 Version 2 for details.
some providers fail to include the leading zero in PKCS1 encoded blocks. If you need to
work with one of these set the system property Org.BouncyCastle.Pkcs1.Strict to false.
The same effect can be achieved by setting the static property directly
The static property is checked during construction of the encoding object, it is set to
true by default.
Basic constructor.
@param cipher
Constructor for decryption with a fixed plaintext length.
@param cipher The cipher to use for cryptographic operation.
@param pLen Length of the expected plaintext.
Constructor for decryption with a fixed plaintext length and a fallback
value that is returned, if the padding is incorrect.
@param cipher
The cipher to use for cryptographic operation.
@param fallback
The fallback value, we don't to a arraycopy here.
Checks if the argument is a correctly PKCS#1.5 encoded Plaintext
for encryption.
@param encoded The Plaintext.
@param pLen Expected length of the plaintext.
@return Either 0, if the encoding is correct, or -1, if it is incorrect.
Decode PKCS#1.5 encoding, and return a random value if the padding is not correct.
@param in The encrypted block.
@param inOff Offset in the encrypted block.
@param inLen Length of the encrypted block.
@param pLen Length of the desired output.
@return The plaintext without padding, or a random value if the padding was incorrect.
@throws InvalidCipherTextException
@exception InvalidCipherTextException if the decrypted block is not in Pkcs1 format.
an implementation of the AES (Rijndael), from FIPS-197.
For further details see: http://csrc.nist.gov/encryption/aes/.
This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at
http://fp.gladman.plus.com/cryptography_technology/rijndael/
There are three levels of tradeoff of speed vs memory
Because java has no preprocessor, they are written as three separate classes from which to choose
The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption
and 4 for decryption.
The middle performance version uses only one 256 word table for each, for a total of 2Kbytes,
adding 12 rotate operations per round to compute the values contained in the other tables from
the contents of the first.
The slowest version uses no static tables at all and computes the values in each round.
This file contains the middle performance version with 2Kbytes of static tables for round precomputation.
Calculate the necessary round keys
The number of calculations depends on key size and block size
AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits
This code is written assuming those are the only possible values
default constructor - 128 bit block size.
initialise an AES cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
an implementation of the AES (Rijndael)), from FIPS-197.
For further details see: http://csrc.nist.gov/encryption/aes/.
This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at
http://fp.gladman.plus.com/cryptography_technology/rijndael/
There are three levels of tradeoff of speed vs memory
Because java has no preprocessor), they are written as three separate classes from which to choose
The fastest uses 8Kbytes of static tables to precompute round calculations), 4 256 word tables for encryption
and 4 for decryption.
The middle performance version uses only one 256 word table for each), for a total of 2Kbytes),
adding 12 rotate operations per round to compute the values contained in the other tables from
the contents of the first
The slowest version uses no static tables at all and computes the values in each round
This file contains the fast version with 8Kbytes of static tables for round precomputation
Unfortunately this class has a few side channel issues.
In an environment where encryption/decryption may be closely observed it should not be used.
Calculate the necessary round keys
The number of calculations depends on key size and block size
AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits
This code is written assuming those are the only possible values
default constructor - 128 bit block size.
initialise an AES cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
an implementation of the AES (Rijndael), from FIPS-197.
For further details see: http://csrc.nist.gov/encryption/aes/.
This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at
http://fp.gladman.plus.com/cryptography_technology/rijndael/
There are three levels of tradeoff of speed vs memory
Because java has no preprocessor, they are written as three separate classes from which to choose
The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption
and 4 for decryption.
The middle performance version uses only one 256 word table for each, for a total of 2Kbytes,
adding 12 rotate operations per round to compute the values contained in the other tables from
the contents of the first
The slowest version uses no static tables at all and computes the values
in each round.
This file contains the slowest performance version with no static tables
for round precomputation, but it has the smallest foot print.
Calculate the necessary round keys
The number of calculations depends on key size and block size
AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits
This code is written assuming those are the only possible values
default constructor - 128 bit block size.
initialise an AES cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
An implementation of the AES Key Wrapper from the NIST Key Wrap Specification.
For further details see: http://csrc.nist.gov/encryption/kms/key-wrap.pdf.
RFC 5794.
ARIA is a 128-bit block cipher with 128-, 192-, and 256-bit keys.
A class that provides Blowfish key encryption operations,
such as encoding data and generating keys.
All the algorithms herein are from Applied Cryptography
and implement a simplified cryptography interface.
initialise a Blowfish cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
apply the encryption cycle to each value pair in the table.
Encrypt the given input starting at the given offset and place
the result in the provided buffer starting at the given offset.
The input will be an exact multiple of our blocksize.
Decrypt the given input starting at the given offset and place
the result in the provided buffer starting at the given offset.
The input will be an exact multiple of our blocksize.
Camellia - based on RFC 3713.
Camellia - based on RFC 3713, smaller implementation, about half the size of CamelliaEngine.
An implementation of the Camellia key wrapper based on RFC 3657/RFC 3394.
For further details see: http://www.ietf.org/rfc/rfc3657.txt.
A class that provides CAST key encryption operations,
such as encoding data and generating keys.
All the algorithms herein are from the Internet RFC's
RFC2144 - Cast5 (64bit block, 40-128bit key)
RFC2612 - CAST6 (128bit block, 128-256bit key)
and implement a simplified cryptography interface.
initialise a CAST cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
Encrypt the given input starting at the given offset and place
the result in the provided buffer starting at the given offset.
@param src The plaintext buffer
@param srcIndex An offset into src
@param dst The ciphertext buffer
@param dstIndex An offset into dst
Decrypt the given input starting at the given offset and place
the result in the provided buffer starting at the given offset.
@param src The plaintext buffer
@param srcIndex An offset into src
@param dst The ciphertext buffer
@param dstIndex An offset into dst
The first of the three processing functions for the
encryption and decryption.
@param D the input to be processed
@param Kmi the mask to be used from Km[n]
@param Kri the rotation value to be used
The second of the three processing functions for the
encryption and decryption.
@param D the input to be processed
@param Kmi the mask to be used from Km[n]
@param Kri the rotation value to be used
The third of the three processing functions for the
encryption and decryption.
@param D the input to be processed
@param Kmi the mask to be used from Km[n]
@param Kri the rotation value to be used
Does the 16 rounds to encrypt the block.
@param L0 the LH-32bits of the plaintext block
@param R0 the RH-32bits of the plaintext block
A class that provides CAST6 key encryption operations,
such as encoding data and generating keys.
All the algorithms herein are from the Internet RFC
RFC2612 - CAST6 (128bit block, 128-256bit key)
and implement a simplified cryptography interface.
Encrypt the given input starting at the given offset and place
the result in the provided buffer starting at the given offset.
@param src The plaintext buffer
@param srcIndex An offset into src
@param dst The ciphertext buffer
@param dstIndex An offset into dst
Decrypt the given input starting at the given offset and place
the result in the provided buffer starting at the given offset.
@param src The plaintext buffer
@param srcIndex An offset into src
@param dst The ciphertext buffer
@param dstIndex An offset into dst
Does the 12 quad rounds rounds to encrypt the block.
@param A the 00-31 bits of the plaintext block
@param B the 32-63 bits of the plaintext block
@param C the 64-95 bits of the plaintext block
@param D the 96-127 bits of the plaintext block
@param result the resulting ciphertext
Does the 12 quad rounds rounds to decrypt the block.
@param A the 00-31 bits of the ciphertext block
@param B the 32-63 bits of the ciphertext block
@param C the 64-95 bits of the ciphertext block
@param D the 96-127 bits of the ciphertext block
@param result the resulting plaintext
Implementation of Daniel J. Bernstein's ChaCha stream cipher.
Creates a 20 rounds ChaCha engine.
Implementation of Daniel J. Bernstein's ChaCha stream cipher.
Creates a 20 rounds ChaCha engine.
Creates a ChaCha engine with a specific number of rounds.
the number of rounds (must be an even number).
ChaCha function.
The number of ChaCha rounds to execute
The input words.
The ChaCha state to modify.
A class that provides a basic DESede (or Triple DES) engine.
initialise a DESede cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
* Wrap keys according to
*
* draft-ietf-smime-key-wrap-01.txt.
*
* Note:
*
* - this is based on a draft, and as such is subject to change - don't use this class for anything requiring long term storage.
* - if you are using this to wrap triple-des keys you need to set the
* parity bits on the key and, if it's a two-key triple-des key, pad it
* yourself.
*
*
Field engine
Field param
Field paramPlusIV
Field iv
Field forWrapping
Field IV2
Method init
@param forWrapping
@param param
Method GetAlgorithmName
@return
Method wrap
@param in
@param inOff
@param inLen
@return
Method unwrap
@param in
@param inOff
@param inLen
@return
@throws InvalidCipherTextException
Some key wrap algorithms make use of the Key Checksum defined
in CMS [CMS-Algorithms]. This is used to provide an integrity
check value for the key being wrapped. The algorithm is
- Compute the 20 octet SHA-1 hash on the key being wrapped.
- Use the first 8 octets of this hash as the checksum value.
@param key
@return
@throws Exception
@see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
@param key
@param checksum
@return
@see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
A class that provides a basic DES engine.
initialise a DES cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
what follows is mainly taken from "Applied Cryptography", by
Bruce Schneier, however it also bears great resemblance to Richard
Outerbridge's D3DES...
Generate an integer based working key based on our secret key
and what we processing we are planning to do.
Acknowledgements for this routine go to James Gillogly and Phil Karn.
(whoever, and wherever they are!).
the DES engine.
implementation of DSTU 7624 (Kalyna)
this does your basic ElGamal algorithm.
initialise the ElGamal engine.
@param forEncryption true if we are encrypting, false otherwise.
@param param the necessary ElGamal key parameters.
Return the maximum size for an input block to this engine.
For ElGamal this is always one byte less than the size of P on
encryption, and twice the length as the size of P on decryption.
@return maximum size for an input block.
Return the maximum size for an output block to this engine.
For ElGamal this is always one byte less than the size of P on
decryption, and twice the length as the size of P on encryption.
@return maximum size for an output block.
Process a single block using the basic ElGamal algorithm.
@param in the input array.
@param inOff the offset into the input buffer where the data starts.
@param length the length of the data to be processed.
@return the result of the ElGamal process.
@exception DataLengthException the input block is too large.
implementation of GOST 28147-89
standard constructor.
initialise an Gost28147 cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is inappropriate.
Return the S-Box associated with SBoxName
@param sBoxName name of the S-Box
@return byte array representing the S-Box
HC-128 is a software-efficient stream cipher created by Hongjun Wu. It
generates keystream from a 128-bit secret key and a 128-bit initialization
vector.
http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf
It is a third phase candidate in the eStream contest, and is patent-free.
No attacks are known as of today (April 2007). See
http://www.ecrypt.eu.org/stream/hcp3.html
Initialise a HC-128 cipher.
@param forEncryption whether or not we are for encryption. Irrelevant, as
encryption and decryption are the same.
@param params the parameters required to set up the cipher.
@throws ArgumentException if the params argument is
inappropriate (ie. the key is not 128 bit long).
HC-256 is a software-efficient stream cipher created by Hongjun Wu. It
generates keystream from a 256-bit secret key and a 256-bit initialization
vector.
http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf
Its brother, HC-128, is a third phase candidate in the eStream contest.
The algorithm is patent-free. No attacks are known as of today (April 2007).
See
http://www.ecrypt.eu.org/stream/hcp3.html
Initialise a HC-256 cipher.
@param forEncryption whether or not we are for encryption. Irrelevant, as
encryption and decryption are the same.
@param params the parameters required to set up the cipher.
@throws ArgumentException if the params argument is
inappropriate (ie. the key is not 256 bit long).
A class that provides a basic International Data Encryption Algorithm (IDEA) engine.
This implementation is based on the "HOWTO: INTERNATIONAL DATA ENCRYPTION ALGORITHM"
implementation summary by Fauzan Mirza (F.U.Mirza@sheffield.ac.uk). (barring 1 typo at the
end of the MulInv function!).
It can be found at ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/idea/
Note: This algorithm was patented in the USA, Japan and Europe. These patents expired in 2011/2012.
standard constructor.
initialise an IDEA cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
return x = x * y where the multiplication is done modulo
65537 (0x10001) (as defined in the IDEA specification) and
a zero input is taken to be 65536 (0x10000).
@param x the x value
@param y the y value
@return x = x * y
The following function is used to expand the user key to the encryption
subkey. The first 16 bytes are the user key, and the rest of the subkey
is calculated by rotating the previous 16 bytes by 25 bits to the left,
and so on until the subkey is completed.
This function computes multiplicative inverse using Euclid's Greatest
Common Divisor algorithm. Zero and one are self inverse.
i.e. x * MulInv(x) == 1 (modulo BASE)
Return the additive inverse of x.
i.e. x + AddInv(x) == 0
The function to invert the encryption subkey to the decryption subkey.
It also involves the multiplicative inverse and the additive inverse functions.
support class for constructing intergrated encryption ciphers
for doing basic message exchanges on top of key agreement ciphers
set up for use with stream mode, where the key derivation function
is used to provide a stream of bytes to xor with the message.
@param agree the key agreement used as the basis for the encryption
@param kdf the key derivation function used for byte generation
@param mac the message authentication code generator for the message
set up for use in conjunction with a block cipher to handle the
message.
@param agree the key agreement used as the basis for the encryption
@param kdf the key derivation function used for byte generation
@param mac the message authentication code generator for the message
@param cipher the cipher to used for encrypting the message
Initialise the encryptor.
@param forEncryption whether or not this is encryption/decryption.
@param privParam our private key parameters
@param pubParam the recipient's/sender's public key parameters
@param param encoding and derivation parameters.
Implementation of Bob Jenkin's ISAAC (Indirection Shift Accumulate Add and Count).
see: http://www.burtleburtle.net/bob/rand/isaacafa.html
initialise an ISAAC cipher.
@param forEncryption whether or not we are for encryption.
@param params the parameters required to set up the cipher.
@exception ArgumentException if the params argument is
inappropriate.
NaccacheStern Engine. For details on this cipher, please see
http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
Initializes this algorithm. Must be called before all other Functions.
@see org.bouncycastle.crypto.AsymmetricBlockCipher#init(bool,
org.bouncycastle.crypto.CipherParameters)
Returns the input block size of this algorithm.
@see org.bouncycastle.crypto.AsymmetricBlockCipher#GetInputBlockSize()
Returns the output block size of this algorithm.
@see org.bouncycastle.crypto.AsymmetricBlockCipher#GetOutputBlockSize()
Process a single Block using the Naccache-Stern algorithm.
@see org.bouncycastle.crypto.AsymmetricBlockCipher#ProcessBlock(byte[],
int, int)
Encrypts a BigInteger aka Plaintext with the public key.
@param plain
The BigInteger to encrypt
@return The byte[] representation of the encrypted BigInteger (i.e.
crypted.toByteArray())
Adds the contents of two encrypted blocks mod sigma
@param block1
the first encrypted block
@param block2
the second encrypted block
@return encrypt((block1 + block2) mod sigma)
@throws InvalidCipherTextException
Convenience Method for data exchange with the cipher.
Determines blocksize and splits data to blocksize.
@param data the data to be processed
@return the data after it went through the NaccacheSternEngine.
@throws InvalidCipherTextException
Computes the integer x that is expressed through the given primes and the
congruences with the chinese remainder theorem (CRT).
@param congruences
the congruences c_i
@param primes
the primes p_i
@return an integer x for that x % p_i == c_i
A Noekeon engine, using direct-key mode.
Create an instance of the Noekeon encryption algorithm
and set some defaults
initialise
@param forEncryption whether or not we are for encryption.
@param params the parameters required to set up the cipher.
@exception ArgumentException if the params argument is
inappropriate.
The no-op engine that just copies bytes through, irrespective of whether encrypting and decrypting.
Provided for the sake of completeness.
an implementation of RC2 as described in RFC 2268
"A Description of the RC2(r) Encryption Algorithm" R. Rivest.
initialise a RC2 cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
return the result rotating the 16 bit number in x left by y
Wrap keys according to RFC 3217 - RC2 mechanism
Field engine
Field param
Field paramPlusIV
Field iv
Field forWrapping
Field IV2
Method init
@param forWrapping
@param param
Method GetAlgorithmName
@return
Method wrap
@param in
@param inOff
@param inLen
@return
Method unwrap
@param in
@param inOff
@param inLen
@return
@throws InvalidCipherTextException
Some key wrap algorithms make use of the Key Checksum defined
in CMS [CMS-Algorithms]. This is used to provide an integrity
check value for the key being wrapped. The algorithm is
- Compute the 20 octet SHA-1 hash on the key being wrapped.
- Use the first 8 octets of this hash as the checksum value.
@param key
@return
@throws Exception
@see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
@param key
@param checksum
@return
@see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
initialise a RC4 cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
The specification for RC5 came from the RC5 Encryption Algorithm
publication in RSA CryptoBytes, Spring of 1995.
http://www.rsasecurity.com/rsalabs/cryptobytes.
This implementation has a word size of 32 bits.
Create an instance of the RC5 encryption algorithm
and set some defaults
initialise a RC5-32 cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
Re-key the cipher.
@param key the key to be used
Encrypt the given block starting at the given offset and place
the result in the provided buffer starting at the given offset.
@param in in byte buffer containing data to encrypt
@param inOff offset into src buffer
@param out out buffer where encrypted data is written
@param outOff offset into out buffer
Perform a left "spin" of the word. The rotation of the given
word x is rotated left by y bits.
Only the lg(32) low-order bits of y
are used to determine the rotation amount. Here it is
assumed that the wordsize used is a power of 2.
@param x word to rotate
@param y number of bits to rotate % 32
Perform a right "spin" of the word. The rotation of the given
word x is rotated left by y bits.
Only the lg(32) low-order bits of y
are used to determine the rotation amount. Here it is
assumed that the wordsize used is a power of 2.
@param x word to rotate
@param y number of bits to rotate % 32
The specification for RC5 came from the RC5 Encryption Algorithm
publication in RSA CryptoBytes, Spring of 1995.
http://www.rsasecurity.com/rsalabs/cryptobytes.
This implementation is set to work with a 64 bit word size.
Create an instance of the RC5 encryption algorithm
and set some defaults
initialise a RC5-64 cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
Re-key the cipher.
@param key the key to be used
Encrypt the given block starting at the given offset and place
the result in the provided buffer starting at the given offset.
@param in in byte buffer containing data to encrypt
@param inOff offset into src buffer
@param out out buffer where encrypted data is written
@param outOff offset into out buffer
Perform a left "spin" of the word. The rotation of the given
word x is rotated left by y bits.
Only the lg(wordSize) low-order bits of y
are used to determine the rotation amount. Here it is
assumed that the wordsize used is a power of 2.
@param x word to rotate
@param y number of bits to rotate % wordSize
Perform a right "spin" of the word. The rotation of the given
word x is rotated left by y bits.
Only the lg(wordSize) low-order bits of y
are used to determine the rotation amount. Here it is
assumed that the wordsize used is a power of 2.
@param x word to rotate
@param y number of bits to rotate % wordSize
An RC6 engine.
Create an instance of the RC6 encryption algorithm
and set some defaults
initialise a RC5-32 cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
Re-key the cipher.
@param inKey the key to be used
Perform a left "spin" of the word. The rotation of the given
word x is rotated left by y bits.
Only the lg(wordSize) low-order bits of y
are used to determine the rotation amount. Here it is
assumed that the wordsize used is a power of 2.
@param x word to rotate
@param y number of bits to rotate % wordSize
Perform a right "spin" of the word. The rotation of the given
word x is rotated left by y bits.
Only the lg(wordSize) low-order bits of y
are used to determine the rotation amount. Here it is
assumed that the wordsize used is a power of 2.
@param x word to rotate
@param y number of bits to rotate % wordSize
an implementation of the RFC 3211 Key Wrap
Specification.
An implementation of the AES Key Wrapper from the NIST Key Wrap
Specification as described in RFC 3394.
For further details see: http://www.ietf.org/rfc/rfc3394.txt
and http://csrc.nist.gov/encryption/kms/key-wrap.pdf.
an implementation of Rijndael, based on the documentation and reference implementation
by Paulo Barreto, Vincent Rijmen, for v2.0 August '99.
Note: this implementation is based on information prior to readonly NIST publication.
multiply two elements of GF(2^m)
needed for MixColumn and InvMixColumn
xor corresponding text input and round key input bytes
Row 0 remains unchanged
The other three rows are shifted a variable amount
Replace every byte of the input by the byte at that place
in the nonlinear S-box
Mix the bytes of every column in a linear way
Mix the bytes of every column in a linear way
This is the opposite operation of Mixcolumn
Calculate the necessary round keys
The number of calculations depends on keyBits and blockBits
default constructor - 128 bit block size.
basic constructor - set the cipher up for a given blocksize
@param blocksize the blocksize in bits, must be 128, 192, or 256.
initialise a Rijndael cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
this does your basic RSA algorithm with blinding
initialise the RSA engine.
@param forEncryption true if we are encrypting, false otherwise.
@param param the necessary RSA key parameters.
Return the maximum size for an input block to this engine.
For RSA this is always one byte less than the key size on
encryption, and the same length as the key size on decryption.
@return maximum size for an input block.
Return the maximum size for an output block to this engine.
For RSA this is always one byte less than the key size on
decryption, and the same length as the key size on encryption.
@return maximum size for an output block.
Process a single block using the basic RSA algorithm.
@param inBuf the input array.
@param inOff the offset into the input buffer where the data starts.
@param inLen the length of the data to be processed.
@return the result of the RSA process.
@exception DataLengthException the input block is too large.
This does your basic RSA Chaum's blinding and unblinding as outlined in
"Handbook of Applied Cryptography", page 475. You need to use this if you are
trying to get another party to generate signatures without them being aware
of the message they are signing.
Initialise the blinding engine.
@param forEncryption true if we are encrypting (blinding), false otherwise.
@param param the necessary RSA key parameters.
Return the maximum size for an input block to this engine.
For RSA this is always one byte less than the key size on
encryption, and the same length as the key size on decryption.
@return maximum size for an input block.
Return the maximum size for an output block to this engine.
For RSA this is always one byte less than the key size on
decryption, and the same length as the key size on encryption.
@return maximum size for an output block.
Process a single block using the RSA blinding algorithm.
@param in the input array.
@param inOff the offset into the input buffer where the data starts.
@param inLen the length of the data to be processed.
@return the result of the RSA process.
@throws DataLengthException the input block is too large.
this does your basic RSA algorithm.
initialise the RSA engine.
@param forEncryption true if we are encrypting, false otherwise.
@param param the necessary RSA key parameters.
Return the maximum size for an input block to this engine.
For RSA this is always one byte less than the key size on
encryption, and the same length as the key size on decryption.
@return maximum size for an input block.
Return the maximum size for an output block to this engine.
For RSA this is always one byte less than the key size on
decryption, and the same length as the key size on encryption.
@return maximum size for an output block.
this does your basic RSA algorithm.
initialise the RSA engine.
@param forEncryption true if we are encrypting, false otherwise.
@param param the necessary RSA key parameters.
Return the maximum size for an input block to this engine.
For RSA this is always one byte less than the key size on
encryption, and the same length as the key size on decryption.
@return maximum size for an input block.
Return the maximum size for an output block to this engine.
For RSA this is always one byte less than the key size on
decryption, and the same length as the key size on encryption.
@return maximum size for an output block.
Process a single block using the basic RSA algorithm.
@param inBuf the input array.
@param inOff the offset into the input buffer where the data starts.
@param inLen the length of the data to be processed.
@return the result of the RSA process.
@exception DataLengthException the input block is too large.
Implementation of Daniel J. Bernstein's Salsa20 stream cipher, Snuffle 2005
Constants
Creates a 20 round Salsa20 engine.
Creates a Salsa20 engine with a specific number of rounds.
the number of rounds (must be an even number).
Implementation of the SEED algorithm as described in RFC 4009
An implementation of the SEED key wrapper based on RFC 4010/RFC 3394.
For further details see: http://www.ietf.org/rfc/rfc4010.txt.
* Serpent is a 128-bit 32-round block cipher with variable key lengths,
* including 128, 192 and 256 bit keys conjectured to be at least as
* secure as three-key triple-DES.
*
* Serpent was designed by Ross Anderson, Eli Biham and Lars Knudsen as a
* candidate algorithm for the NIST AES Quest.
*
*
* For full details see The Serpent home page
*
Expand a user-supplied key material into a session key.
@param key The user-key bytes (multiples of 4) to use.
@exception ArgumentException
Encrypt one block of plaintext.
@param input the array containing the input data.
@param inOff offset into the in array the data starts at.
@param output the array the output data will be copied into.
@param outOff the offset into the out array the output will start at.
Decrypt one block of ciphertext.
@param input the array containing the input data.
@param inOff offset into the in array the data starts at.
@param output the array the output data will be copied into.
@param outOff the offset into the out array the output will start at.
initialise a Serpent cipher.
@param encrypting whether or not we are for encryption.
@param params the parameters required to set up the cipher.
@throws IllegalArgumentException if the params argument is
inappropriate.
Process one block of input from the array in and write it to
the out array.
@param in the array containing the input data.
@param inOff offset into the in array the data starts at.
@param out the array the output data will be copied into.
@param outOff the offset into the out array the output will start at.
@return the number of bytes processed and produced.
@throws DataLengthException if there isn't enough data in in, or
space in out.
@throws IllegalStateException if the cipher isn't initialised.
InvSO - {13, 3,11, 0,10, 6, 5,12, 1,14, 4, 7,15, 9, 8, 2 } - 15 terms.
S1 - {15,12, 2, 7, 9, 0, 5,10, 1,11,14, 8, 6,13, 3, 4 } - 14 terms.
InvS1 - { 5, 8, 2,14,15, 6,12, 3,11, 4, 7, 9, 1,13,10, 0 } - 14 steps.
S2 - { 8, 6, 7, 9, 3,12,10,15,13, 1,14, 4, 0,11, 5, 2 } - 16 terms.
InvS2 - {12, 9,15, 4,11,14, 1, 2, 0, 3, 6,13, 5, 8,10, 7 } - 16 steps.
S3 - { 0,15,11, 8,12, 9, 6, 3,13, 1, 2, 4,10, 7, 5,14 } - 16 terms.
InvS3 - { 0, 9,10, 7,11,14, 6,13, 3, 5,12, 2, 4, 8,15, 1 } - 15 terms
S4 - { 1,15, 8, 3,12, 0,11, 6, 2, 5, 4,10, 9,14, 7,13 } - 15 terms.
InvS4 - { 5, 0, 8, 3,10, 9, 7,14, 2,12,11, 6, 4,15,13, 1 } - 15 terms.
S5 - {15, 5, 2,11, 4,10, 9,12, 0, 3,14, 8,13, 6, 7, 1 } - 16 terms.
InvS5 - { 8,15, 2, 9, 4, 1,13,14,11, 6, 5, 3, 7,12,10, 0 } - 16 terms.
S6 - { 7, 2,12, 5, 8, 4, 6,11,14, 9, 1,15,13, 3,10, 0 } - 15 terms.
InvS6 - {15,10, 1,13, 5, 3, 6, 0, 4, 9,14, 7, 2,12, 8,11 } - 15 terms.
S7 - { 1,13,15, 0,14, 8, 2,11, 7, 4,12,10, 9, 3, 5, 6 } - 16 terms.
InvS7 - { 3, 0, 6,13, 9,14,15, 8, 5,12,11, 7,10, 1, 4, 2 } - 17 terms.
Apply the linear transformation to the register set.
Apply the inverse of the linear transformation to the register set.
a class that provides a basic SKIPJACK engine.
initialise a SKIPJACK cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
The G permutation
the inverse of the G permutation.
SM2 public key encryption engine - based on https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02.
SM4 Block Cipher - SM4 is a 128 bit block cipher with a 128 bit key.
The implementation here is based on the document http://eprint.iacr.org/2008/329.pdf
by Whitfield Diffie and George Ledin, which is a translation of Prof. LU Shu-wang's original standard.
An TEA engine.
Create an instance of the TEA encryption algorithm
and set some defaults
initialise
@param forEncryption whether or not we are for encryption.
@param params the parameters required to set up the cipher.
@exception ArgumentException if the params argument is
inappropriate.
Re-key the cipher.
@param key the key to be used
Implementation of the Threefish tweakable large block cipher in 256, 512 and 1024 bit block
sizes.
This is the 1.3 version of Threefish defined in the Skein hash function submission to the NIST
SHA-3 competition in October 2010.
Threefish was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
This implementation inlines all round functions, unrolls 8 rounds, and uses 1.2k of static tables
to speed up key schedule injection.
2 x block size state is retained by each cipher instance.
256 bit block size - Threefish-256
512 bit block size - Threefish-512
1024 bit block size - Threefish-1024
Size of the tweak in bytes (always 128 bit/16 bytes)
Rounds in Threefish-256
Rounds in Threefish-512
Rounds in Threefish-1024
Max rounds of any of the variants
Key schedule parity constant
Block size in bytes
Block size in 64 bit words
Buffer for byte oriented processBytes to call internal word API
Tweak bytes (2 byte t1,t2, calculated t3 and repeat of t1,t2 for modulo free lookup
Key schedule words
The internal cipher implementation (varies by blocksize)
Constructs a new Threefish cipher, with a specified block size.
the block size in bits, one of , ,
.
Initialise the engine.
Initialise for encryption if true, for decryption if false.
an instance of or (to
use a 0 tweak)
Initialise the engine, specifying the key and tweak directly.
the cipher mode.
the words of the key, or null to use the current key.
the 2 word (128 bit) tweak, or null to use the current tweak.
Process a block of data represented as 64 bit words.
the number of 8 byte words processed (which will be the same as the block size).
a block sized buffer of words to process.
a block sized buffer of words to receive the output of the operation.
if either the input or output is not block sized
if this engine is not initialised
Read a single 64 bit word from input in LSB first order.
Write a 64 bit word to output in LSB first order.
Rotate left + xor part of the mix operation.
Rotate xor + rotate right part of the unmix operation.
The extended + repeated tweak words
The extended + repeated key words
Mix rotation constants defined in Skein 1.3 specification
Mix rotation constants defined in Skein 1.3 specification
Mix rotation constants defined in Skein 1.3 specification
Mix rotation constants defined in Skein 1.3 specification
Mix rotation constants defined in Skein 1.3 specification
Mix rotation constants defined in Skein 1.3 specification
Mix rotation constants defined in Skein 1.3 specification
Mix rotation constants defined in Skein 1.3 specification
Mix rotation constants defined in Skein 1.3 specification
Mix rotation constants defined in Skein 1.3 specification
Tnepres is a 128-bit 32-round block cipher with variable key lengths,
including 128, 192 and 256 bit keys conjectured to be at least as
secure as three-key triple-DES.
Tnepres is based on Serpent which was designed by Ross Anderson, Eli Biham and Lars Knudsen as a
candidate algorithm for the NIST AES Quest. Unfortunately there was an endianness issue
with test vectors in the AES submission and the resulting confusion lead to the Tnepres cipher
as well, which is a byte swapped version of Serpent.
For full details see The Serpent home page
Expand a user-supplied key material into a session key.
@param key The user-key bytes (multiples of 4) to use.
@exception ArgumentException
Encrypt one block of plaintext.
@param input the array containing the input data.
@param inOff offset into the in array the data starts at.
@param output the array the output data will be copied into.
@param outOff the offset into the out array the output will start at.
Decrypt one block of ciphertext.
@param input the array containing the input data.
@param inOff offset into the in array the data starts at.
@param output the array the output data will be copied into.
@param outOff the offset into the out array the output will start at.
A class that provides Twofish encryption operations.
This Java implementation is based on the Java reference
implementation provided by Bruce Schneier and developed
by Raif S. Naffah.
Define the fixed p0/p1 permutations used in keyed S-box lookup.
By changing the following constant definitions, the S-boxes will
automatically Get changed in the Twofish engine.
gSubKeys[] and gSBox[] are eventually used in the
encryption and decryption methods.
initialise a Twofish cipher.
@param forEncryption whether or not we are for encryption.
@param parameters the parameters required to set up the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
Encrypt the given input starting at the given offset and place
the result in the provided buffer starting at the given offset.
The input will be an exact multiple of our blocksize.
encryptBlock uses the pre-calculated gSBox[] and subKey[]
arrays.
Decrypt the given input starting at the given offset and place
the result in the provided buffer starting at the given offset.
The input will be an exact multiple of our blocksize.
Use (12, 8) Reed-Solomon code over GF(256) to produce
a key S-box 32-bit entity from 2 key material 32-bit
entities.
@param k0 first 32-bit entity
@param k1 second 32-bit entity
@return Remainder polynomial Generated using RS code
* Reed-Solomon code parameters: (12,8) reversible code:
*
*
* G(x) = x^4 + (a+1/a)x^3 + ax^2 + (a+1/a)x + 1
*
* where a = primitive root of field generator 0x14D
*
initialise a VMPC cipher.
@param forEncryption
whether or not we are for encryption.
@param params
the parameters required to set up the cipher.
@exception ArgumentException
if the params argument is inappropriate.
Implementation of Daniel J. Bernstein's XSalsa20 stream cipher - Salsa20 with an extended nonce.
XSalsa20 requires a 256 bit key, and a 192 bit nonce.
XSalsa20 key generation: process 256 bit input key and 128 bits of the input nonce
using a core Salsa20 function without input addition to produce 256 bit working key
and use that with the remaining 64 bits of nonce to initialize a standard Salsa20 engine state.
An XTEA engine.
Create an instance of the TEA encryption algorithm
and set some defaults
initialise
@param forEncryption whether or not we are for encryption.
@param params the parameters required to set up the cipher.
@exception ArgumentException if the params argument is
inappropriate.
Re-key the cipher.
@param key the key to be used
Base class for format-preserving encryption.
Process length bytes from inBuf, writing the output to outBuf.
number of bytes output.
input data.
offset in input data to start at.
number of bytes to process.
destination buffer.
offset to start writing at in destination buffer.
Initialize the FPE engine for encryption/decryption.
number of bytes output.
true if initialising for encryption, false otherwise.
the key and other parameters to use to set the engine up.
Basic KDF generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033
This implementation is based on ISO 18033/P1363a.
Construct a KDF Parameters generator.
@param counterStart value of counter.
@param digest the digest to be used as the source of derived keys.
return the underlying digest.
fill len bytes of the output buffer with bytes generated from
the derivation function.
@throws ArgumentException if the size of the request will cause an overflow.
@throws DataLengthException if the out buffer is too small.
Core of password hashing scheme Bcrypt,
designed by Niels Provos and David Mazières,
corresponds to the C reference implementation.
This implementation does not correspondent to the 1999 published paper
"A Future-Adaptable Password Scheme" of Niels Provos and David Mazières,
see: https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node1.html.
In contrast to the paper, the order of key setup and salt setup is reversed:
state <- ExpandKey(state, 0, key)
state %lt;- ExpandKey(state, 0, salt)
This corresponds to the OpenBSD reference implementation of Bcrypt.
Note:
There is no successful cryptanalysis (status 2015), but
the amount of memory and the band width of Bcrypt
may be insufficient to effectively prevent attacks
with custom hardware like FPGAs, ASICs
This implementation uses some parts of Bouncy Castle's BlowfishEngine.
Derives a raw 192 bit Bcrypt key
@param cost the cost factor, treated as an exponent of 2
@param salt a 16 byte salt
@param psw the password
@return a 192 bit key
Size of the salt parameter in bytes
Minimum value of cost parameter, equal to log2(bytes of salt)
Maximum value of cost parameter (31 == 2,147,483,648)
Maximum size of password == max (unrestricted) size of Blowfish key
Converts a character password to bytes incorporating the required trailing zero byte.
@param password the password to be encoded.
@return a byte representation of the password in UTF8 + trailing zero.
Calculates the bcrypt hash of a password.
This implements the raw bcrypt function as defined in the bcrypt specification, not
the crypt encoded version implemented in OpenBSD.
@param password the password bytes (up to 72 bytes) to use for this invocation.
@param salt the 128 bit salt to use for this invocation.
@param cost the bcrypt cost parameter. The cost of the bcrypt function grows as
2^cost. Legal values are 4..31 inclusive.
@return the output of the raw bcrypt operation: a 192 bit (24 byte) hash.
initialise the key generator - if strength is set to zero
the key Generated will be 192 bits in size, otherwise
strength can be 128 or 192 (or 112 or 168 if you don't count
parity bits), depending on whether you wish to do 2-key or 3-key
triple DES.
@param param the parameters to be used for key generation
initialise the key generator - if strength is set to zero
the key generated will be 64 bits in size, otherwise
strength can be 64 or 56 bits (if you don't count the parity bits).
@param param the parameters to be used for key generation
a basic Diffie-Hellman key pair generator.
This generates keys consistent for use with the basic algorithm for
Diffie-Hellman.
a Diffie-Hellman key pair generator.
This generates keys consistent for use in the MTI/A0 key agreement protocol
as described in "Handbook of Applied Cryptography", Pages 516-519.
which Generates the p and g values from the given parameters,
returning the DHParameters object.
Note: can take a while...
a DSA key pair generator.
This Generates DSA keys in line with the method described
in FIPS 186-3 B.1 FFC Key Pair Generation.
Generate suitable parameters for DSA, in line with FIPS 186-2, or FIPS 186-3.
Initialise the generator
This form can only be used for older DSA (pre-DSA2) parameters
the size of keys in bits (from 512 up to 1024, and a multiple of 64)
measure of robustness of primes (at least 80 for FIPS 186-2 compliance)
the source of randomness to use
Initialise the generator for DSA 2
You must use this Init method if you need to generate parameters for DSA 2 keys
An instance of DsaParameterGenerationParameters used to configure this generator
Generates a set of DsaParameters
Can take a while...
generate suitable parameters for DSA, in line with
FIPS 186-3 A.1 Generation of the FFC Primes p and q.
Given the domain parameters this routine generates an EC key
pair in accordance with X9.62 section 5.2.1 pages 26, 27.
a ElGamal key pair generator.
This Generates keys consistent for use with ElGamal as described in
page 164 of "Handbook of Applied Cryptography".
* which Generates the p and g values from the given parameters,
* returning the ElGamalParameters object.
*
* Note: can take a while...
*
a GOST3410 key pair generator.
This generates GOST3410 keys in line with the method described
in GOST R 34.10-94.
generate suitable parameters for GOST3410.
initialise the key generator.
@param size size of the key
@param typeProcedure type procedure A,B = 1; A',B' - else
@param random random byte source.
Procedure C
procedure generates the a value from the given p,q,
returning the a value.
which generates the p , q and a values from the given parameters,
returning the Gost3410Parameters object.
HMAC-based Extract-and-Expand Key Derivation Function (HKDF) implemented
according to IETF RFC 5869, May 2010 as specified by H. Krawczyk, IBM
Research & P. Eronen, Nokia. It uses a HMac internally to compute de OKM
(output keying material) and is likely to have better security properties
than KDF's based on just a hash function.
Creates a HKDFBytesGenerator based on the given hash function.
@param hash the digest to be used as the source of generatedBytes bytes
Performs the extract part of the key derivation function.
@param salt the salt to use
@param ikm the input keying material
@return the PRK as KeyParameter
Performs the expand part of the key derivation function, using currentT
as input and output buffer.
@throws DataLengthException if the total number of bytes generated is larger than the one
specified by RFC 5869 (255 * HashLen)
KFD2 generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033
This implementation is based on IEEE P1363/ISO 18033.
Construct a KDF1 byte generator.
@param digest the digest to be used as the source of derived keys.
KDF2 generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033
This implementation is based on IEEE P1363/ISO 18033.
Construct a KDF2 bytes generator. Generates key material
according to IEEE P1363 or ISO 18033 depending on the initialisation.
@param digest the digest to be used as the source of derived keys.
Generator for MGF1 as defined in Pkcs 1v2
@param digest the digest to be used as the source of Generated bytes
return the underlying digest.
int to octet string.
fill len bytes of the output buffer with bytes Generated from
the derivation function.
@throws DataLengthException if the out buffer is too small.
Key generation parameters for NaccacheStern cipher. For details on this cipher, please see
http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
Generates a permuted ArrayList from the original one. The original List
is not modified
@param arr
the ArrayList to be permuted
@param rand
the source of Randomness for permutation
@return a new IList with the permuted elements.
Finds the first 'count' primes starting with 3
@param count
the number of primes to find
@return a vector containing the found primes as Integer
Password hashing scheme BCrypt,
designed by Niels Provos and David Mazières, using the
String format and the Base64 encoding
of the reference implementation on OpenBSD
Creates a 60 character Bcrypt String, including
version, cost factor, salt and hash, separated by '$'
@param version the version, 2y,2b or 2a. (2a is not backwards compatible.)
@param cost the cost factor, treated as an exponent of 2
@param salt a 16 byte salt
@param password the password
@return a 60 character Bcrypt String
Creates a 60 character Bcrypt String, including
version, cost factor, salt and hash, separated by '$' using version
'2y'.
@param cost the cost factor, treated as an exponent of 2
@param salt a 16 byte salt
@param password the password
@return a 60 character Bcrypt String
Creates a 60 character Bcrypt String, including
version, cost factor, salt and hash, separated by '$'
@param version the version, may be 2b, 2y or 2a. (2a is not backwards compatible.)
@param cost the cost factor, treated as an exponent of 2
@param salt a 16 byte salt
@param password the password
@return a 60 character Bcrypt String
Checks if a password corresponds to a 60 character Bcrypt String
@param bcryptString a 60 character Bcrypt String, including
version, cost factor, salt and hash,
separated by '$'
@param password the password as an array of chars
@return true if the password corresponds to the
Bcrypt String, otherwise false
Construct a OpenSSL Parameters generator - digest the original MD5.
Construct a OpenSSL Parameters generator - digest as specified.
the digest to use as the PRF.
Initialise - note the iteration count for this algorithm is fixed at 1.
@param password password to use.
@param salt salt to use.
the derived key function, the ith hash of the password and the salt.
Generate a key parameter derived from the password, salt, and iteration
count we are currently initialised with.
@param keySize the size of the key we want (in bits)
@return a KeyParameter object.
@exception ArgumentException if the key length larger than the base hash size.
Generate a key with initialisation vector parameter derived from
the password, salt, and iteration count we are currently initialised
with.
@param keySize the size of the key we want (in bits)
@param ivSize the size of the iv we want (in bits)
@return a ParametersWithIV object.
@exception ArgumentException if keySize + ivSize is larger than the base hash size.
Generate a key parameter for use with a MAC derived from the password,
salt, and iteration count we are currently initialised with.
@param keySize the size of the key we want (in bits)
@return a KeyParameter object.
@exception ArgumentException if the key length larger than the base hash size.
Generator for Pbe derived keys and ivs as defined by Pkcs 12 V1.0.
The document this implementation is based on can be found at
RSA's Pkcs12 Page
Construct a Pkcs 12 Parameters generator.
@param digest the digest to be used as the source of derived keys.
@exception ArgumentException if an unknown digest is passed in.
add a + b + 1, returning the result in a. The a value is treated
as a BigInteger of length (b.Length * 8) bits. The result is
modulo 2^b.Length in case of overflow.
generation of a derived key ala Pkcs12 V1.0.
Generate a key parameter derived from the password, salt, and iteration
count we are currently initialised with.
@param keySize the size of the key we want (in bits)
@return a KeyParameter object.
Generate a key with initialisation vector parameter derived from
the password, salt, and iteration count we are currently initialised
with.
@param keySize the size of the key we want (in bits)
@param ivSize the size of the iv we want (in bits)
@return a ParametersWithIV object.
Generate a key parameter for use with a MAC derived from the password,
salt, and iteration count we are currently initialised with.
@param keySize the size of the key we want (in bits)
@return a KeyParameter object.
Generator for Pbe derived keys and ivs as defined by Pkcs 5 V2.0 Scheme 1.
Note this generator is limited to the size of the hash produced by the
digest used to drive it.
The document this implementation is based on can be found at
RSA's Pkcs5 Page
Construct a Pkcs 5 Scheme 1 Parameters generator.
@param digest the digest to be used as the source of derived keys.
the derived key function, the ith hash of the mPassword and the mSalt.
Generate a key parameter derived from the mPassword, mSalt, and iteration
count we are currently initialised with.
@param keySize the size of the key we want (in bits)
@return a KeyParameter object.
@exception ArgumentException if the key length larger than the base hash size.
Generate a key with initialisation vector parameter derived from
the mPassword, mSalt, and iteration count we are currently initialised
with.
@param keySize the size of the key we want (in bits)
@param ivSize the size of the iv we want (in bits)
@return a ParametersWithIV object.
@exception ArgumentException if keySize + ivSize is larger than the base hash size.
Generate a key parameter for use with a MAC derived from the mPassword,
mSalt, and iteration count we are currently initialised with.
@param keySize the size of the key we want (in bits)
@return a KeyParameter object.
@exception ArgumentException if the key length larger than the base hash size.
Generator for Pbe derived keys and ivs as defined by Pkcs 5 V2.0 Scheme 2.
This generator uses a SHA-1 HMac as the calculation function.
The document this implementation is based on can be found at
RSA's Pkcs5 Page
construct a Pkcs5 Scheme 2 Parameters generator.
Generate a key parameter derived from the password, salt, and iteration
count we are currently initialised with.
@param keySize the size of the key we want (in bits)
@return a KeyParameter object.
Generate a key with initialisation vector parameter derived from
the password, salt, and iteration count we are currently initialised
with.
@param keySize the size of the key we want (in bits)
@param ivSize the size of the iv we want (in bits)
@return a ParametersWithIV object.
Generate a key parameter for use with a MAC derived from the password,
salt, and iteration count we are currently initialised with.
@param keySize the size of the key we want (in bits)
@return a KeyParameter object.
Generates keys for the Poly1305 MAC.
Poly1305 keys are 256 bit keys consisting of a 128 bit secret key used for the underlying block
cipher followed by a 128 bit {@code r} value used for the polynomial portion of the Mac.
The {@code r} value has a specific format with some bits required to be cleared, resulting in an
effective 106 bit key.
A separately generated 256 bit key can be modified to fit the Poly1305 key format by using the
{@link #clamp(byte[])} method to clear the required bits.
Initialises the key generator.
Poly1305 keys are always 256 bits, so the key length in the provided parameters is ignored.
Generates a 256 bit key in the format required for Poly1305 - e.g.
k[0] ... k[15], r[0] ... r[15] with the required bits in r cleared
as per .
Modifies an existing 32 byte key value to comply with the requirements of the Poly1305 key by
clearing required bits in the r (second 16 bytes) portion of the key.
Specifically:
- r[3], r[7], r[11], r[15] have top four bits clear (i.e., are {0, 1, . . . , 15})
- r[4], r[8], r[12] have bottom two bits clear (i.e., are in {0, 4, 8, . . . , 252})
a 32 byte key value k[0] ... k[15], r[0] ... r[15]
Checks a 32 byte key for compliance with the Poly1305 key requirements, e.g.
k[0] ... k[15], r[0] ... r[15] with the required bits in r cleared
as per .
Key.
if the key is of the wrong length, or has invalid bits set
in the r portion of the key.
Generate a random factor suitable for use with RSA blind signatures
as outlined in Chaum's blinding and unblinding as outlined in
"Handbook of Applied Cryptography", page 475.
Initialise the factor generator
@param param the necessary RSA key parameters.
Generate a suitable blind factor for the public key the generator was initialised with.
@return a random blind factor
an RSA key pair generator.
Choose a random prime value for use with RSA
the bit-length of the returned prime
the RSA public exponent
a prime p, with (p-1) relatively prime to e
Implementation of the scrypt a password-based key derivation function.
Scrypt was created by Colin Percival and is specified in
draft-josefsson-scrypt-kd.
Generate a key using the scrypt key derivation function.
the bytes of the pass phrase.
the salt to use for this invocation.
CPU/Memory cost parameter. Must be larger than 1, a power of 2 and less than
2^(128 * r / 8).
the block size, must be >= 1.
Parallelization parameter. Must be a positive integer less than or equal to
Int32.MaxValue / (128 * r * 8).
the length of the key to generate.
the generated key.
Base interface for mapping from an alphabet to a set of indexes
suitable for use with FPE.
Return the number of characters in the alphabet.
the radix for the alphabet.
Return the passed in char[] as a byte array of indexes (indexes
can be more than 1 byte)
an index array.
characters to be mapped.
Return a char[] for this alphabet based on the indexes passed.
an array of char corresponding to the index values.
input array of indexes.
Base interface for a public/private key block cipher.
The name of the algorithm this cipher implements.
Initialise the cipher.
Initialise for encryption if true, for decryption if false.
The key or other data required by the cipher.
The maximum size, in bytes, an input block may be.
The maximum size, in bytes, an output block will be.
Process a block.
The input buffer.
The offset into inBuf that the input block begins.
The length of the input block.
Input decrypts improperly.
Input is too large for the cipher.
interface that a public/private key pair generator should conform to.
intialise the key pair generator.
@param the parameters the key pair is to be initialised with.
return an AsymmetricCipherKeyPair containing the Generated keys.
@return an AsymmetricCipherKeyPair containing the Generated keys.
The basic interface that basic Diffie-Hellman implementations
conforms to.
initialise the agreement engine.
return the field size for the agreement algorithm in bytes.
given a public key from a given party calculate the next
message in the agreement sequence.
Base interface for a symmetric key block cipher.
The name of the algorithm this cipher implements.
Initialise the cipher.
Initialise for encryption if true, for decryption if false.
The key or other data required by the cipher.
The block size for this cipher, in bytes.
Indicates whether this cipher can handle partial blocks.
Process a block.
The input buffer.
The offset into inBuf that the input block begins.
The output buffer.
The offset into outBuf to write the output block.
If input block is wrong size, or outBuf too small.
The number of bytes processed and produced.
Reset the cipher to the same state as it was after the last init (if there was one).
Operators that reduce their input to a single block return an object
of this type.
Return the final result of the operation.
A block of bytes, representing the result of an operation.
Store the final result of the operation by copying it into the destination array.
The number of bytes copied into destination.
The byte array to copy the result into.
The offset into destination to start copying the result at.
Block cipher engines are expected to conform to this interface.
The name of the algorithm this cipher implements.
Initialise the cipher.
If true the cipher is initialised for encryption,
if false for decryption.
The key and other data required by the cipher.
Reset the cipher. After resetting the cipher is in the same state
as it was after the last init (if there was one).
Base interface for a ciphers that do not require data to be block aligned.
Note: In cases where the underlying algorithm is block based, these ciphers may add or remove padding as needed.
Return the size of the output buffer required for a Write() plus a
close() with the write() being passed inputLen bytes.
The returned size may be dependent on the initialisation of this cipher
and may not be accurate once subsequent input data is processed as the cipher may
add, add or remove padding, as it sees fit.
The space required to accommodate a call to processBytes and doFinal with inputLen bytes of input.
The length of the expected input.
Return the size of the output buffer required for a write() with the write() being
passed inputLen bytes and just updating the cipher output.
The space required to accommodate a call to processBytes with inputLen bytes of input.
The length of the expected input.
Gets the stream for reading/writing data processed/to be processed.
The stream associated with this cipher.
Base interface for cipher builders.
Return the algorithm and parameter details associated with any cipher built.
Return the maximum output size that a given input will produce.
the length of the expected input.
The maximum possible output size that can produced for the expected input length.
Build a cipher that operates on the passed in stream.
The stream to write/read any encrypted/decrypted data.
A cipher based around the given stream.
A cipher builder that can also return the key it was initialized with.
Return the key we were initialized with.
all parameter classes implement this.
Interface describing a provider of cipher builders for creating decrypting ciphers.
Return a cipher builder for creating decrypting ciphers.
The algorithm details/parameters to use to create the final cipher.
A new cipher builder.
base interface for general purpose byte derivation functions.
return the message digest used as the basis for the function
Parameters for key/byte stream derivation classes
interface that a message digest conforms to.
return the algorithm name
@return the algorithm name
return the size, in bytes, of the digest produced by this message digest.
@return the size, in bytes, of the digest produced by this message digest.
return the size, in bytes, of the internal buffer used by this digest.
@return the size, in bytes, of the internal buffer used by this digest.
update the message digest with a single byte.
@param inByte the input byte to be entered.
update the message digest with a block of bytes.
@param input the byte array containing the data.
@param inOff the offset into the byte array where the data starts.
@param len the length of the data.
Close the digest, producing the final digest value. The doFinal
call leaves the digest reset.
@param output the array the digest is to be copied into.
@param outOff the offset into the out array the digest is to start at.
reset the digest back to it's initial state.
Base interface for operator factories that create stream-based digest calculators.
The algorithm details object for calculators made by this factory.
Return the size of the digest associated with this factory.
The length of the digest produced by this calculators from this factory in bytes.
Create a stream calculator for the digest associated with this factory. The stream
calculator is used for the actual operation of entering the data to be digested
and producing the digest block.
A calculator producing an IBlockResult with the final digest in it.
interface for classes implementing the Digital Signature Algorithm
initialise the signer for signature generation or signature
verification.
@param forSigning true if we are generating a signature, false
otherwise.
@param param key parameters for signature generation.
sign the passed in message (usually the output of a hash function).
@param message the message to be signed.
@return two big integers representing the r and s values respectively.
verify the message message against the signature values r and s.
@param message the message that was supposed to have been signed.
@param r the r signature value.
@param s the s signature value.
An "extended" interface for classes implementing DSA-style algorithms, that provides access
to the group order.
The order of the group that the r, s values in signatures belong to.
Base interface describing an entropy source for a DRBG.
Return whether or not this entropy source is regarded as prediction resistant.
true if this instance is prediction resistant; otherwise, false.
Return a byte array of entropy.
The entropy bytes.
Return the number of bits of entropy this source can produce.
The size, in bits, of the return value of getEntropy.
Base interface describing a provider of entropy sources.
Return an entropy source providing a block of entropy.
The size of the block of entropy required.
An entropy source providing bitsRequired blocks of entropy.
Base interface for a key unwrapper.
The parameter set used to configure this key unwrapper.
Unwrap the passed in data.
The array containing the data to be unwrapped.
The offset into cipherText at which the unwrapped data starts.
The length of the data to be unwrapped.
an IBlockResult containing the unwrapped key data.
Base interface for a key wrapper.
The parameter set used to configure this key wrapper.
Wrap the passed in key data.
The key data to be wrapped.
an IBlockResult containing the wrapped key data.
The base interface for implementations of message authentication codes (MACs).
Initialise the MAC.
@param param the key and other data required by the MAC.
@exception ArgumentException if the parameters argument is
inappropriate.
Return the name of the algorithm the MAC implements.
@return the name of the algorithm the MAC implements.
Return the block size for this MAC (in bytes).
@return the block size for this MAC in bytes.
add a single byte to the mac for processing.
@param in the byte to be processed.
@exception InvalidOperationException if the MAC is not initialised.
@param in the array containing the input.
@param inOff the index in the array the data begins at.
@param len the length of the input starting at inOff.
@exception InvalidOperationException if the MAC is not initialised.
@exception DataLengthException if there isn't enough data in in.
Compute the final stage of the MAC writing the output to the out
parameter.
doFinal leaves the MAC in the same state it was after the last init.
@param out the array the MAC is to be output to.
@param outOff the offset into the out buffer the output is to start at.
@exception DataLengthException if there isn't enough space in out.
@exception InvalidOperationException if the MAC is not initialised.
Reset the MAC. At the end of resetting the MAC should be in the
in the same state it was after the last init (if there was one).
The algorithm details object for this calculator.
Create a stream calculator for this signature calculator. The stream
calculator is used for the actual operation of entering the data to be signed
and producing the signature block.
A calculator producing an IBlockResult with a signature in it.
this exception is thrown whenever we find something we don't expect in a
message.
base constructor.
create a InvalidCipherTextException with the given message.
@param message the message to be carried with the exception.
Base interface for operators that serve as stream-based signature calculators.
The algorithm details object for this calculator.
Create a stream calculator for this signature calculator. The stream
calculator is used for the actual operation of entering the data to be signed
and producing the signature block.
A calculator producing an IBlockResult with a signature in it.
Return the name of the algorithm the signer implements.
@return the name of the algorithm the signer implements.
Initialise the signer for signing or verification.
@param forSigning true if for signing, false otherwise
@param param necessary parameters.
update the internal digest with the byte b
update the internal digest with the byte array in
Generate a signature for the message we've been loaded with using
the key we were initialised with.
return true if the internal state represents the signature described
in the passed in array.
reset the internal state
Signer with message recovery.
Returns true if the signer has recovered the full message as
part of signature verification.
@return true if full message recovered.
Returns a reference to what message was recovered (if any).
@return full/partial message, null if nothing.
Perform an update with the recovered message before adding any other data. This must
be the first update method called, and calling it will result in the signer assuming
that further calls to update will include message content past what is recoverable.
@param signature the signature that we are in the process of verifying.
@throws IllegalStateException
Base interface for cryptographic operations such as Hashes, MACs, and Signatures which reduce a stream of data
to a single value.
Return a "sink" stream which only exists to update the implementing object.
A stream to write to in order to update the implementing object.
Return the result of processing the stream. This value is only available once the stream
has been closed.
The result of processing the stream.
The interface stream ciphers conform to.
The name of the algorithm this cipher implements.
Initialise the cipher.
If true the cipher is initialised for encryption,
if false for decryption.
The key and other data required by the cipher.
If the parameters argument is inappropriate.
encrypt/decrypt a single byte returning the result.
the byte to be processed.
the result of processing the input byte.
Process a block of bytes from input putting the result into output.
The input byte array.
The offset into input where the data to be processed starts.
The number of bytes to be processed.
The output buffer the processed bytes go into.
The offset into output the processed data starts at.
If the output buffer is too small.
Reset the cipher to the same state as it was after the last init (if there was one).
Operators that reduce their input to the validation of a signature produce this type.
Return true if the passed in data matches what is expected by the verification result.
The bytes representing the signature.
true if the signature verifies, false otherwise.
Return true if the length bytes from off in the source array match the signature
expected by the verification result.
Byte array containing the signature.
The offset into the source array where the signature starts.
The number of bytes in source making up the signature.
true if the signature verifies, false otherwise.
Base interface for operators that serve as stream-based signature verifiers.
The algorithm details object for this verifier.
Create a stream calculator for this verifier. The stream
calculator is used for the actual operation of entering the data to be verified
and producing a result which can be used to verify the original signature.
A calculator producing an IVerifier which can verify the signature.
Base interface for a provider to support the dynamic creation of signature verifiers.
Return a signature verfier for signature algorithm described in the passed in algorithm details object.
The details of the signature algorithm verification is required for.
A new signature verifier.
The name of the algorithm this cipher implements.
With FIPS PUB 202 a new kind of message digest was announced which supported extendable output, or variable digest sizes.
This interface provides the extra method required to support variable output on a digest implementation.
Output the results of the final calculation for this digest to outLen number of bytes.
output array to write the output bytes to.
offset to start writing the bytes at.
the number of output bytes requested.
the number of bytes written
Start outputting the results of the final calculation for this digest. Unlike DoFinal, this method
will continue producing output until the Xof is explicitly reset, or signals otherwise.
output array to write the output bytes to.
offset to start writing the bytes at.
the number of output bytes requested.
the number of bytes written
The base class for parameters to key generators.
initialise the generator with a source of randomness
and a strength (in bits).
@param random the random byte source.
@param strength the size, in bits, of the keys we want to produce.
return the random source associated with this
generator.
@return the generators random source.
return the bit strength for keys produced by this generator,
@return the strength of the keys this generator produces (in bits).
standard CBC Block Cipher MAC - if no padding is specified the default of
pad of zeroes is used.
create a standard MAC based on a CBC block cipher. This will produce an
authentication code half the length of the block size of the cipher.
@param cipher the cipher to be used as the basis of the MAC generation.
create a standard MAC based on a CBC block cipher. This will produce an
authentication code half the length of the block size of the cipher.
@param cipher the cipher to be used as the basis of the MAC generation.
@param padding the padding to be used to complete the last block.
create a standard MAC based on a block cipher with the size of the
MAC been given in bits. This class uses CBC mode as the basis for the
MAC generation.
Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
or 16 bits if being used as a data authenticator (FIPS Publication 113),
and in general should be less than the size of the block cipher as it reduces
the chance of an exhaustive attack (see Handbook of Applied Cryptography).
@param cipher the cipher to be used as the basis of the MAC generation.
@param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
create a standard MAC based on a block cipher with the size of the
MAC been given in bits. This class uses CBC mode as the basis for the
MAC generation.
Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
or 16 bits if being used as a data authenticator (FIPS Publication 113),
and in general should be less than the size of the block cipher as it reduces
the chance of an exhaustive attack (see Handbook of Applied Cryptography).
@param cipher the cipher to be used as the basis of the MAC generation.
@param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
@param padding the padding to be used to complete the last block.
Reset the mac generator.
implements a Cipher-FeedBack (CFB) mode on top of a simple cipher.
Basic constructor.
@param cipher the block cipher to be used as the basis of the
feedback mode.
@param blockSize the block size in bits (note: a multiple of 8)
Initialise the cipher and, possibly, the initialisation vector (IV).
If an IV isn't passed as part of the parameter, the IV will be all zeros.
An IV which is too short is handled in FIPS compliant fashion.
@param param the key and other data required by the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
return the algorithm name and mode.
@return the name of the underlying algorithm followed by "/CFB"
and the block size in bits.
return the block size we are operating at.
@return the block size we are operating at (in bytes).
Process one block of input from the array in and write it to
the out array.
@param in the array containing the input data.
@param inOff offset into the in array the data starts at.
@param out the array the output data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
reset the chaining vector back to the IV and reset the underlying
cipher.
create a standard MAC based on a CFB block cipher. This will produce an
authentication code half the length of the block size of the cipher, with
the CFB mode set to 8 bits.
@param cipher the cipher to be used as the basis of the MAC generation.
create a standard MAC based on a CFB block cipher. This will produce an
authentication code half the length of the block size of the cipher, with
the CFB mode set to 8 bits.
@param cipher the cipher to be used as the basis of the MAC generation.
@param padding the padding to be used.
create a standard MAC based on a block cipher with the size of the
MAC been given in bits. This class uses CFB mode as the basis for the
MAC generation.
Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
or 16 bits if being used as a data authenticator (FIPS Publication 113),
and in general should be less than the size of the block cipher as it reduces
the chance of an exhaustive attack (see Handbook of Applied Cryptography).
@param cipher the cipher to be used as the basis of the MAC generation.
@param cfbBitSize the size of an output block produced by the CFB mode.
@param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
create a standard MAC based on a block cipher with the size of the
MAC been given in bits. This class uses CFB mode as the basis for the
MAC generation.
Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
or 16 bits if being used as a data authenticator (FIPS Publication 113),
and in general should be less than the size of the block cipher as it reduces
the chance of an exhaustive attack (see Handbook of Applied Cryptography).
@param cipher the cipher to be used as the basis of the MAC generation.
@param cfbBitSize the size of an output block produced by the CFB mode.
@param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
@param padding a padding to be used.
Reset the mac generator.
CMAC - as specified at www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
CMAC is analogous to OMAC1 - see also en.wikipedia.org/wiki/CMAC
CMAC is a NIST recomendation - see
csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
CMAC/OMAC1 is a blockcipher-based message authentication code designed and
analyzed by Tetsu Iwata and Kaoru Kurosawa.
CMAC/OMAC1 is a simple variant of the CBC MAC (Cipher Block Chaining Message
Authentication Code). OMAC stands for One-Key CBC MAC.
It supports 128- or 64-bits block ciphers, with any key size, and returns
a MAC with dimension less or equal to the block size of the underlying
cipher.
create a standard MAC based on a CBC block cipher (64 or 128 bit block).
This will produce an authentication code the length of the block size
of the cipher.
@param cipher the cipher to be used as the basis of the MAC generation.
create a standard MAC based on a block cipher with the size of the
MAC been given in bits.
Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
or 16 bits if being used as a data authenticator (FIPS Publication 113),
and in general should be less than the size of the block cipher as it reduces
the chance of an exhaustive attack (see Handbook of Applied Cryptography).
@param cipher the cipher to be used as the basis of the MAC generation.
@param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and @lt;= 128.
Reset the mac generator.
Implementation of DSTU7564 mac mode
implementation of DSTU 7624 MAC
The GMAC specialisation of Galois/Counter mode (GCM) detailed in NIST Special Publication
800-38D.
GMac is an invocation of the GCM mode where no data is encrypted (i.e. all input data to the Mac
is processed as additional authenticated data with the underlying GCM block cipher).
Creates a GMAC based on the operation of a block cipher in GCM mode.
This will produce an authentication code the length of the block size of the cipher.
the cipher to be used in GCM mode to generate the MAC.
Creates a GMAC based on the operation of a 128 bit block cipher in GCM mode.
This will produce an authentication code the length of the block size of the cipher.
the cipher to be used in GCM mode to generate the MAC.
the mac size to generate, in bits. Must be a multiple of 8, between 32 and 128 (inclusive).
Sizes less than 96 are not recommended, but are supported for specialized applications.
Initialises the GMAC - requires a
providing a and a nonce.
implementation of GOST 28147-89 MAC
HMAC implementation based on RFC2104
H(K XOR opad, H(K XOR ipad, text))
Reset the mac generator.
DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC)
This could as well be derived from CBCBlockCipherMac, but then the property mac in the base
class must be changed to protected
create a Retail-MAC based on a CBC block cipher. This will produce an
authentication code of the length of the block size of the cipher.
@param cipher the cipher to be used as the basis of the MAC generation. This must
be DESEngine.
create a Retail-MAC based on a CBC block cipher. This will produce an
authentication code of the length of the block size of the cipher.
@param cipher the cipher to be used as the basis of the MAC generation.
@param padding the padding to be used to complete the last block.
create a Retail-MAC based on a block cipher with the size of the
MAC been given in bits. This class uses single DES CBC mode as the basis for the
MAC generation.
Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
or 16 bits if being used as a data authenticator (FIPS Publication 113),
and in general should be less than the size of the block cipher as it reduces
the chance of an exhaustive attack (see Handbook of Applied Cryptography).
@param cipher the cipher to be used as the basis of the MAC generation.
@param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
create a standard MAC based on a block cipher with the size of the
MAC been given in bits. This class uses single DES CBC mode as the basis for the
MAC generation. The final block is decrypted and then encrypted using the
middle and right part of the key.
Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
or 16 bits if being used as a data authenticator (FIPS Publication 113),
and in general should be less than the size of the block cipher as it reduces
the chance of an exhaustive attack (see Handbook of Applied Cryptography).
@param cipher the cipher to be used as the basis of the MAC generation.
@param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
@param padding the padding to be used to complete the last block.
Reset the mac generator.
Poly1305 message authentication code, designed by D. J. Bernstein.
Poly1305 computes a 128-bit (16 bytes) authenticator, using a 128 bit nonce and a 256 bit key
consisting of a 128 bit key applied to an underlying cipher, and a 128 bit key (with 106
effective key bits) used in the authenticator.
The polynomial calculation in this implementation is adapted from the public domain poly1305-donna-unrolled C implementation
by Andrew M (@floodyberry).
Polynomial key
Polynomial key
Polynomial key
Polynomial key
Polynomial key
Precomputed 5 * r[1..4]
Precomputed 5 * r[1..4]
Precomputed 5 * r[1..4]
Precomputed 5 * r[1..4]
Encrypted nonce
Encrypted nonce
Encrypted nonce
Encrypted nonce
Current block of buffered input
Current offset in input buffer
Polynomial accumulator
Polynomial accumulator
Polynomial accumulator
Polynomial accumulator
Polynomial accumulator
Constructs a Poly1305 MAC, where the key passed to init() will be used directly.
Constructs a Poly1305 MAC, using a 128 bit block cipher.
Initialises the Poly1305 MAC.
a {@link ParametersWithIV} containing a 128 bit nonce and a {@link KeyParameter} with
a 256 bit key complying to the {@link Poly1305KeyGenerator Poly1305 key format}.
Implementation of SipHash as specified in "SipHash: a fast short-input PRF", by Jean-Philippe
Aumasson and Daniel J. Bernstein (https://131002.net/siphash/siphash.pdf).
"SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d are the number of
compression rounds and the number of finalization rounds. A compression round is identical to a
finalization round and this round function is called SipRound. Given a 128-bit key k and a
(possibly empty) byte string m, SipHash-c-d returns a 64-bit value..."
SipHash-2-4
SipHash-c-d
the number of compression rounds
the number of finalization rounds
Implementation of the Skein parameterised MAC function in 256, 512 and 1024 bit block sizes,
based on the Threefish tweakable block cipher.
This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3
competition in October 2010.
Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
256 bit block size - Skein-256
512 bit block size - Skein-512
1024 bit block size - Skein-1024
Constructs a Skein MAC with an internal state size and output size.
the internal state size in bits - one of or
.
the output/MAC size to produce in bits, which must be an integral number of
bytes.
Optionally initialises the Skein digest with the provided parameters.
See for details on the parameterisation of the Skein hash function.
the parameters to apply to this engine, or null to use no parameters.
This exception is thrown whenever a cipher requires a change of key, iv
or similar after x amount of bytes enciphered
implements Cipher-Block-Chaining (CBC) mode on top of a simple cipher.
Basic constructor.
@param cipher the block cipher to be used as the basis of chaining.
return the underlying block cipher that we are wrapping.
@return the underlying block cipher that we are wrapping.
Initialise the cipher and, possibly, the initialisation vector (IV).
If an IV isn't passed as part of the parameter, the IV will be all zeros.
@param forEncryption if true the cipher is initialised for
encryption, if false for decryption.
@param param the key and other data required by the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
return the algorithm name and mode.
@return the name of the underlying algorithm followed by "/CBC".
return the block size of the underlying cipher.
@return the block size of the underlying cipher.
Process one block of input from the array in and write it to
the out array.
@param in the array containing the input data.
@param inOff offset into the in array the data starts at.
@param out the array the output data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
reset the chaining vector back to the IV and reset the underlying
cipher.
Do the appropriate chaining step for CBC mode encryption.
@param in the array containing the data to be encrypted.
@param inOff offset into the in array the data starts at.
@param out the array the encrypted data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
Do the appropriate chaining step for CBC mode decryption.
@param in the array containing the data to be decrypted.
@param inOff offset into the in array the data starts at.
@param out the array the decrypted data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
Implements the Counter with Cipher Block Chaining mode (CCM) detailed in
NIST Special Publication 800-38C.
Note: this mode is a packet mode - it needs all the data up front.
Basic constructor.
@param cipher the block cipher to be used.
return the underlying block cipher that we are wrapping.
@return the underlying block cipher that we are wrapping.
Returns a byte array containing the mac calculated as part of the
last encrypt or decrypt operation.
@return the last mac calculated.
Process a packet of data for either CCM decryption or encryption.
@param in data for processing.
@param inOff offset at which data starts in the input array.
@param inLen length of the data in the input array.
@return a byte array containing the processed input..
@throws IllegalStateException if the cipher is not appropriately set up.
@throws InvalidCipherTextException if the input data is truncated or the mac check fails.
Process a packet of data for either CCM decryption or encryption.
@param in data for processing.
@param inOff offset at which data starts in the input array.
@param inLen length of the data in the input array.
@param output output array.
@param outOff offset into output array to start putting processed bytes.
@return the number of bytes added to output.
@throws IllegalStateException if the cipher is not appropriately set up.
@throws InvalidCipherTextException if the input data is truncated or the mac check fails.
@throws DataLengthException if output buffer too short.
implements a Cipher-FeedBack (CFB) mode on top of a simple cipher.
Basic constructor.
@param cipher the block cipher to be used as the basis of the
feedback mode.
@param blockSize the block size in bits (note: a multiple of 8)
return the underlying block cipher that we are wrapping.
@return the underlying block cipher that we are wrapping.
Initialise the cipher and, possibly, the initialisation vector (IV).
If an IV isn't passed as part of the parameter, the IV will be all zeros.
An IV which is too short is handled in FIPS compliant fashion.
@param forEncryption if true the cipher is initialised for
encryption, if false for decryption.
@param param the key and other data required by the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
return the algorithm name and mode.
@return the name of the underlying algorithm followed by "/CFB"
and the block size in bits.
return the block size we are operating at.
@return the block size we are operating at (in bytes).
Process one block of input from the array in and write it to
the out array.
@param in the array containing the input data.
@param inOff offset into the in array the data starts at.
@param out the array the output data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
Do the appropriate processing for CFB mode encryption.
@param in the array containing the data to be encrypted.
@param inOff offset into the in array the data starts at.
@param out the array the encrypted data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
Do the appropriate processing for CFB mode decryption.
@param in the array containing the data to be decrypted.
@param inOff offset into the in array the data starts at.
@param out the array the encrypted data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
reset the chaining vector back to the IV and reset the underlying
cipher.
A Cipher Text Stealing (CTS) mode cipher. CTS allows block ciphers to
be used to produce cipher text which is the same outLength as the plain text.
Create a buffered block cipher that uses Cipher Text Stealing
@param cipher the underlying block cipher this buffering object wraps.
return the size of the output buffer required for an update of 'length' bytes.
@param length the outLength of the input.
@return the space required to accommodate a call to update
with length bytes of input.
return the size of the output buffer required for an update plus a
doFinal with an input of length bytes.
@param length the outLength of the input.
@return the space required to accommodate a call to update and doFinal
with length bytes of input.
process a single byte, producing an output block if necessary.
@param in the input byte.
@param out the space for any output that might be produced.
@param outOff the offset from which the output will be copied.
@return the number of output bytes copied to out.
@exception DataLengthException if there isn't enough space in out.
@exception InvalidOperationException if the cipher isn't initialised.
process an array of bytes, producing output if necessary.
@param in the input byte array.
@param inOff the offset at which the input data starts.
@param length the number of bytes to be copied out of the input array.
@param out the space for any output that might be produced.
@param outOff the offset from which the output will be copied.
@return the number of output bytes copied to out.
@exception DataLengthException if there isn't enough space in out.
@exception InvalidOperationException if the cipher isn't initialised.
Process the last block in the buffer.
@param out the array the block currently being held is copied into.
@param outOff the offset at which the copying starts.
@return the number of output bytes copied to out.
@exception DataLengthException if there is insufficient space in out for
the output.
@exception InvalidOperationException if the underlying cipher is not
initialised.
@exception InvalidCipherTextException if cipher text decrypts wrongly (in
case the exception will never Get thrown).
A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and
Efficiency - by M. Bellare, P. Rogaway, D. Wagner.
http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf
EAX is an AEAD scheme based on CTR and OMAC1/CMAC, that uses a single block
cipher to encrypt and authenticate data. It's on-line (the length of a
message isn't needed to begin processing it), has good performances, it's
simple and provably secure (provided the underlying block cipher is secure).
Of course, this implementations is NOT thread-safe.
Constructor that accepts an instance of a block cipher engine.
@param cipher the engine to use
Implements the Galois/Counter mode (GCM) detailed in
NIST Special Publication 800-38D.
MAC sizes from 32 bits to 128 bits (must be a multiple of 8) are supported. The default is 128 bits.
Sizes less than 96 are not recommended, but are supported for specialized applications.
GCM-SIV Mode.
It should be noted that the specified limit of 236 bytes is not supported. This is because all bytes are
cached in a ByteArrayOutputStream object (which has a limit of a little less than 231 bytes),
and are output on the DoFinal() call (which can only process a maximum of 231 bytes).
The practical limit of 231 - 24 bytes is policed, and attempts to breach the limit will be rejected
In order to properly support the higher limit, an extended form of ByteArrayOutputStream would be needed
which would use multiple arrays to store the data. In addition, a new doOutput method would be required (similar
to that in XOF digests), which would allow the data to be output over multiple calls. Alternatively an extended
form of ByteArrayInputStream could be used to deliver the data.
The buffer length.
The halfBuffer length.
The nonce length.
The maximum data length (AEAD/PlainText). Due to implementation constraints this is restricted to the maximum
array length (https://programming.guide/java/array-maximum-length.html) minus the BUFLEN to allow for the MAC
The top bit mask.
The addition constant.
The initialisation flag.
The aeadComplete flag.
The cipher.
The multiplier.
The gHash buffer.
The reverse buffer.
The aeadHasher.
The dataHasher.
The plainDataStream.
The encryptedDataStream (decryption only).
Are we encrypting?
The initialAEAD.
The nonce.
The flags.
Constructor.
Constructor.
@param pCipher the underlying cipher
Constructor.
@param pCipher the underlying cipher
@param pMultiplier the multiplier
check AEAD status.
@param pLen the aeadLength
check status.
@param pLen the dataLength
Reset Streams.
Obtain buffer length (allowing for null).
@param pBuffer the buffere
@return the length
Check buffer.
@param pBuffer the buffer
@param pOffset the offset
@param pLen the length
@param pOutput is this an output buffer?
encrypt data stream.
@param pCounter the counter
@param pTarget the target buffer
@param pOffset the target offset
@return the length of data encrypted
decrypt data stream.
@throws InvalidCipherTextException on data too short or mac check failed
calculate tag.
@return the calculated tag
complete polyVAL.
@return the calculated value
process lengths.
perform the next GHASH step.
@param pNext the next value
xor a full block buffer.
@param pLeft the left operand and result
@param pRight the right operand
xor a partial block buffer.
@param pLeft the left operand and result
@param pRight the right operand
@param pOffset the offset in the right operand
@param pLength the length of data in the right operand
increment the counter.
@param pCounter the counter to increment
multiply by X.
@param pValue the value to adjust
Derive Keys.
@param pKey the keyGeneration key
Hash Control.
Cache.
Single byte cache.
Count of active bytes in cache.
Count of hashed bytes.
Obtain the count of bytes hashed.
@return the count
Reset the hasher.
update hash.
@param pByte the byte
update hash.
@param pBuffer the buffer
@param pOffset the offset within the buffer
@param pLen the length of data
complete hash.
implements the GOST 28147 OFB counter mode (GCTR).
Basic constructor.
@param cipher the block cipher to be used as the basis of the
counter mode (must have a 64 bit block size).
return the underlying block cipher that we are wrapping.
@return the underlying block cipher that we are wrapping.
Initialise the cipher and, possibly, the initialisation vector (IV).
If an IV isn't passed as part of the parameter, the IV will be all zeros.
An IV which is too short is handled in FIPS compliant fashion.
@param encrypting if true the cipher is initialised for
encryption, if false for decryption.
@param parameters the key and other data required by the cipher.
@exception ArgumentException if the parameters argument is inappropriate.
return the algorithm name and mode.
@return the name of the underlying algorithm followed by "/GCTR"
and the block size in bits
return the block size we are operating at (in bytes).
@return the block size we are operating at (in bytes).
Process one block of input from the array in and write it to
the out array.
@param in the array containing the input data.
@param inOff offset into the in array the data starts at.
@param out the array the output data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
reset the feedback vector back to the IV and reset the underlying
cipher.
An IAeadCipher based on an IBlockCipher.
The block size for this cipher, in bytes.
The block cipher underlying this algorithm.
A cipher mode that includes authenticated encryption with a streaming mode and optional
associated data.
Implementations of this interface may operate in a packet mode (where all input data is
buffered and processed during the call to DoFinal, or in a streaming mode (where output
data is incrementally produced with each call to ProcessByte or ProcessBytes. This is
important to consider during decryption: in a streaming mode, unauthenticated plaintext
data may be output prior to the call to DoFinal that results in an authentication failure.
The higher level protocol utilising this cipher must ensure the plaintext data is handled
appropriately until the end of data is reached and the entire ciphertext is authenticated.
The name of the algorithm this cipher implements.
Initialise the cipher.
Parameter can either be an AeadParameters or a ParametersWithIV object.
Initialise for encryption if true, for decryption if false.
The key or other data required by the cipher.
Add a single byte to the associated data check.
If the implementation supports it, this will be an online operation and will not retain the associated data.
The byte to be processed.
Add a sequence of bytes to the associated data check.
If the implementation supports it, this will be an online operation and will not retain the associated data.
The input byte array.
The offset into the input array where the data to be processed starts.
The number of bytes to be processed.
Encrypt/decrypt a single byte.
@param input the byte to be processed.
@param outBytes the output buffer the processed byte goes into.
@param outOff the offset into the output byte array the processed data starts at.
@return the number of bytes written to out.
@exception DataLengthException if the output buffer is too small.
Process a block of bytes from in putting the result into out.
@param inBytes the input byte array.
@param inOff the offset into the in array where the data to be processed starts.
@param len the number of bytes to be processed.
@param outBytes the output buffer the processed bytes go into.
@param outOff the offset into the output byte array the processed data starts at.
@return the number of bytes written to out.
@exception DataLengthException if the output buffer is too small.
Finish the operation either appending or verifying the MAC at the end of the data.
@param outBytes space for any resulting output data.
@param outOff offset into out to start copying the data at.
@return number of bytes written into out.
@throws InvalidOperationException if the cipher is in an inappropriate state.
@throws InvalidCipherTextException if the MAC fails to match.
Return the value of the MAC associated with the last stream processed.
@return MAC for plaintext data.
Return the size of the output buffer required for a ProcessBytes
an input of len bytes.
@param len the length of the input.
@return the space required to accommodate a call to ProcessBytes
with len bytes of input.
Return the size of the output buffer required for a ProcessBytes plus a
DoFinal with an input of len bytes.
@param len the length of the input.
@return the space required to accommodate a call to ProcessBytes and DoFinal
with len bytes of input.
Reset the cipher to the same state as it was after the last init (if there was one).
Base constructor. Nb value is set to 4.
base cipher to use under CCM.
Constructor allowing Nb configuration.
Nb is a parameter specified in CCM mode of DSTU7624 standard.
This parameter specifies maximum possible length of input.It should
be calculated as follows: Nb = 1 / 8 * (-3 + log[2]Nmax) + 1,
where Nmax - length of input message in bits.For practical reasons
Nmax usually less than 4Gb, e.g. for Nmax = 2^32 - 1, Nb = 4.
base cipher to use under CCM.
Nb value to use.
Implements a Gamming or Counter (CTR) mode on top of a DSTU 7624 block cipher.
Basic constructor.
@param cipher the block cipher to be used as the basis of the
feedback mode.
return the underlying block cipher that we are wrapping.
@return the underlying block cipher that we are wrapping.
Initialise the cipher and, possibly, the initialisation vector (IV).
If an IV isn't passed as part of the parameter, the IV will be all zeros.
An IV which is too short is handled in FIPS compliant fashion.
@param forEncryption if true the cipher is initialised for
encryption, if false for decryption.
@param param the key and other data required by the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
return the algorithm name and mode.
@return the name of the underlying algorithm followed by "/KCTR"
and the block size in bits.
return the block size we are operating at.
@return the block size we are operating at (in bytes).
Process one block of input from the array in and write it to
the out array.
@param input the array containing the input data.
@param inOff offset into the in array the data starts at.
@param output the array the output data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
reset the chaining vector back to the IV and reset the underlying
cipher.
An implementation of RFC 7253 on The OCB
Authenticated-Encryption Algorithm, licensed per:
License for
Open-Source Software Implementations of OCB (Jan 9, 2013) - 'License 1'
Under this license, you are authorized to make, use, and distribute open-source software
implementations of OCB. This license terminates for you if you sue someone over their open-source
software implementation of OCB claiming that you have a patent covering their implementation.
This is a non-binding summary of a legal document (the link above). The parameters of the license
are specified in the license document and that document is controlling.
implements a Output-FeedBack (OFB) mode on top of a simple cipher.
Basic constructor.
@param cipher the block cipher to be used as the basis of the
feedback mode.
@param blockSize the block size in bits (note: a multiple of 8)
return the underlying block cipher that we are wrapping.
@return the underlying block cipher that we are wrapping.
Initialise the cipher and, possibly, the initialisation vector (IV).
If an IV isn't passed as part of the parameter, the IV will be all zeros.
An IV which is too short is handled in FIPS compliant fashion.
@param forEncryption if true the cipher is initialised for
encryption, if false for decryption.
@param param the key and other data required by the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
return the algorithm name and mode.
@return the name of the underlying algorithm followed by "/OFB"
and the block size in bits
return the block size we are operating at (in bytes).
@return the block size we are operating at (in bytes).
Process one block of input from the array in and write it to
the out array.
@param in the array containing the input data.
@param inOff offset into the in array the data starts at.
@param out the array the output data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
reset the feedback vector back to the IV and reset the underlying
cipher.
* Implements OpenPGP's rather strange version of Cipher-FeedBack (CFB) mode
* on top of a simple cipher. This class assumes the IV has been prepended
* to the data stream already, and just accomodates the reset after
* (blockSize + 2) bytes have been read.
*
* For further info see RFC 2440.
*
Basic constructor.
@param cipher the block cipher to be used as the basis of the
feedback mode.
return the underlying block cipher that we are wrapping.
@return the underlying block cipher that we are wrapping.
return the algorithm name and mode.
@return the name of the underlying algorithm followed by "/PGPCFB"
and the block size in bits.
return the block size we are operating at.
@return the block size we are operating at (in bytes).
Process one block of input from the array in and write it to
the out array.
@param in the array containing the input data.
@param inOff offset into the in array the data starts at.
@param out the array the output data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
reset the chaining vector back to the IV and reset the underlying
cipher.
Initialise the cipher and, possibly, the initialisation vector (IV).
If an IV isn't passed as part of the parameter, the IV will be all zeros.
An IV which is too short is handled in FIPS compliant fashion.
@param forEncryption if true the cipher is initialised for
encryption, if false for decryption.
@param parameters the key and other data required by the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
Encrypt one byte of data according to CFB mode.
@param data the byte to encrypt
@param blockOff offset in the current block
@returns the encrypted byte
Do the appropriate processing for CFB IV mode encryption.
@param in the array containing the data to be encrypted.
@param inOff offset into the in array the data starts at.
@param out the array the encrypted data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
Do the appropriate processing for CFB IV mode decryption.
@param in the array containing the data to be decrypted.
@param inOff offset into the in array the data starts at.
@param out the array the encrypted data will be copied into.
@param outOff the offset into the out array the output will start at.
@exception DataLengthException if there isn't enough data in in, or
space in out.
@exception InvalidOperationException if the cipher isn't initialised.
@return the number of bytes processed and produced.
Implements the Segmented Integer Counter (SIC) mode on top of a simple
block cipher.
Basic constructor.
@param c the block cipher to be used.
return the underlying block cipher that we are wrapping.
@return the underlying block cipher that we are wrapping.
Return the digest algorithm using one of the standard JCA string
representations rather than the algorithm identifier (if possible).
Calculator factory class for signature generation in ASN.1 based profiles that use an AlgorithmIdentifier to preserve
signature algorithm details.
Base constructor.
The name of the signature algorithm to use.
The private key to be used in the signing operation.
Constructor which also specifies a source of randomness to be used if one is required.
The name of the signature algorithm to use.
The private key to be used in the signing operation.
The source of randomness to be used in signature calculation.
Allows enumeration of the signature names supported by the verifier provider.
Verifier class for signature verification in ASN.1 based profiles that use an AlgorithmIdentifier to preserve
signature algorithm details.
Base constructor.
The name of the signature algorithm to use.
The public key to be used in the verification operation.
Provider class which supports dynamic creation of signature verifiers.
Base constructor - specify the public key to be used in verification.
The public key to be used in creating verifiers provided by this object.
Allows enumeration of the signature names supported by the verifier provider.
Block cipher padders are expected to conform to this interface
Initialise the padder.
@param param parameters, if any required.
Return the name of the algorithm the cipher implements.
@return the name of the algorithm the cipher implements.
add the pad bytes to the passed in block, returning the
number of bytes added.
return the number of pad bytes present in the block.
@exception InvalidCipherTextException if the padding is badly formed
or invalid.
A padder that adds ISO10126-2 padding to a block.
Initialise the padder.
@param random a SecureRandom if available.
Return the name of the algorithm the cipher implements.
@return the name of the algorithm the cipher implements.
add the pad bytes to the passed in block, returning the
number of bytes added.
return the number of pad bytes present in the block.
A padder that adds the padding according to the scheme referenced in
ISO 7814-4 - scheme 2 from ISO 9797-1. The first byte is 0x80, rest is 0x00
Initialise the padder.
@param random - a SecureRandom if available.
Return the name of the algorithm the padder implements.
@return the name of the algorithm the padder implements.
add the pad bytes to the passed in block, returning the
number of bytes added.
return the number of pad bytes present in the block.
A wrapper class that allows block ciphers to be used to process data in
a piecemeal fashion with padding. The PaddedBufferedBlockCipher
outputs a block only when the buffer is full and more data is being added,
or on a doFinal (unless the current block in the buffer is a pad block).
The default padding mechanism used is the one outlined in Pkcs5/Pkcs7.
Create a buffered block cipher with the desired padding.
@param cipher the underlying block cipher this buffering object wraps.
@param padding the padding type.
Create a buffered block cipher Pkcs7 padding
@param cipher the underlying block cipher this buffering object wraps.
initialise the cipher.
@param forEncryption if true the cipher is initialised for
encryption, if false for decryption.
@param param the key and other data required by the cipher.
@exception ArgumentException if the parameters argument is
inappropriate.
return the minimum size of the output buffer required for an update
plus a doFinal with an input of len bytes.
@param len the length of the input.
@return the space required to accommodate a call to update and doFinal
with len bytes of input.
return the size of the output buffer required for an update
an input of len bytes.
@param len the length of the input.
@return the space required to accommodate a call to update
with len bytes of input.
process a single byte, producing an output block if necessary.
@param in the input byte.
@param out the space for any output that might be produced.
@param outOff the offset from which the output will be copied.
@return the number of output bytes copied to out.
@exception DataLengthException if there isn't enough space in out.
@exception InvalidOperationException if the cipher isn't initialised.
process an array of bytes, producing output if necessary.
@param in the input byte array.
@param inOff the offset at which the input data starts.
@param len the number of bytes to be copied out of the input array.
@param out the space for any output that might be produced.
@param outOff the offset from which the output will be copied.
@return the number of output bytes copied to out.
@exception DataLengthException if there isn't enough space in out.
@exception InvalidOperationException if the cipher isn't initialised.
Process the last block in the buffer. If the buffer is currently
full and padding needs to be added a call to doFinal will produce
2 * GetBlockSize() bytes.
@param out the array the block currently being held is copied into.
@param outOff the offset at which the copying starts.
@return the number of output bytes copied to out.
@exception DataLengthException if there is insufficient space in out for
the output or we are decrypting and the input is not block size aligned.
@exception InvalidOperationException if the underlying cipher is not
initialised.
@exception InvalidCipherTextException if padding is expected and not found.
A padder that adds Pkcs7/Pkcs5 padding to a block.
Initialise the padder.
@param random - a SecureRandom if available.
Return the name of the algorithm the cipher implements.
@return the name of the algorithm the cipher implements.
add the pad bytes to the passed in block, returning the
number of bytes added.
return the number of pad bytes present in the block.
A padder that adds Trailing-Bit-Compliment padding to a block.
This padding pads the block out compliment of the last bit
of the plain text.
Return the name of the algorithm the cipher implements.
the name of the algorithm the cipher implements.
Initialise the padder.
- a SecureRandom if available.
add the pad bytes to the passed in block, returning the
number of bytes added.
Note: this assumes that the last block of plain text is always
passed to it inside in. i.e. if inOff is zero, indicating the
entire block is to be overwritten with padding the value of in
should be the same as the last block of plain text.
return the number of pad bytes present in the block.
A padder that adds X9.23 padding to a block - if a SecureRandom is
passed in random padding is assumed, otherwise padding with zeros is used.
Initialise the padder.
@param random a SecureRandom if one is available.
Return the name of the algorithm the cipher implements.
@return the name of the algorithm the cipher implements.
add the pad bytes to the passed in block, returning the
number of bytes added.
return the number of pad bytes present in the block.
A padder that adds Null byte padding to a block.
Return the name of the algorithm the cipher implements.
the name of the algorithm the cipher implements.
Initialise the padder.
- a SecureRandom if available.
add the pad bytes to the passed in block, returning the
number of bytes added.
return the number of pad bytes present in the block.
Base constructor.
@param key key to be used by underlying cipher
@param macSize macSize in bits
@param nonce nonce to be used
Base constructor.
@param key key to be used by underlying cipher
@param macSize macSize in bits
@param nonce nonce to be used
@param associatedText associated text, if any
Base constructor.
@param key key to be used by underlying cipher
@param macSize macSize in bits
@param nonce nonce to be used
@param associatedText associated text, if any
return true if the passed in key is a DES-EDE weak key.
@param key bytes making up the key
@param offset offset into the byte array the key starts at
@param length number of bytes making up the key
return true if the passed in key is a DES-EDE weak key.
@param key bytes making up the key
@param offset offset into the byte array the key starts at
return true if the passed in key is a real 2/3 part DES-EDE key.
@param key bytes making up the key
@param offset offset into the byte array the key starts at
return true if the passed in key is a real 2 part DES-EDE key.
@param key bytes making up the key
@param offset offset into the byte array the key starts at
return true if the passed in key is a real 3 part DES-EDE key.
@param key bytes making up the key
@param offset offset into the byte array the key starts at
DES has 16 weak keys. This method will check
if the given DES key material is weak or semi-weak.
Key material that is too short is regarded as weak.
See "Applied
Cryptography" by Bruce Schneier for more information.
@return true if the given DES key material is weak or semi-weak,
false otherwise.
DES Keys use the LSB as the odd parity bit. This can
be used to check for corrupt keys.
@param bytes the byte array to set the parity on.
The minimum bitlength of the private value.
The bitlength of the private value.
Construct without a usage index, this will do a random construction of G.
@param L desired length of prime P in bits (the effective key size).
@param N desired length of prime Q in bits.
@param certainty certainty level for prime number generation.
@param random the source of randomness to use.
Construct for a specific usage index - this has the effect of using verifiable canonical generation of G.
@param L desired length of prime P in bits (the effective key size).
@param N desired length of prime Q in bits.
@param certainty certainty level for prime number generation.
@param random the source of randomness to use.
@param usageIndex a valid usage index.
return the generator - g
return private value limit - l
Parameter class for the HkdfBytesGenerator class.
Generates parameters for HKDF, specifying both the optional salt and
optional info. Step 1: Extract won't be skipped.
@param ikm the input keying material or seed
@param salt the salt to use, may be null for a salt for hashLen zeros
@param info the info to use, may be null for an info field of zero bytes
Factory method that makes the HKDF skip the extract part of the key
derivation function.
@param ikm the input keying material or seed, directly used for step 2:
Expand
@param info the info to use, may be null for an info field of zero bytes
@return HKDFParameters that makes the implementation skip step 1
Returns the input keying material or seed.
@return the keying material
Returns if step 1: extract has to be skipped or not
@return true for skipping, false for no skipping of step 1
Returns the salt, or null if the salt should be generated as a byte array
of HashLen zeros.
@return the salt, or null
Returns the info field, which may be empty (null is converted to empty).
@return the info field, never null
parameters for using an integrated cipher in stream mode.
@param derivation the derivation parameter for the KDF function.
@param encoding the encoding parameter for the KDF function.
@param macKeySize the size of the MAC key (in bits).
@param derivation the derivation parameter for the KDF function.
@param encoding the encoding parameter for the KDF function.
@param macKeySize the size of the MAC key (in bits).
@param cipherKeySize the size of the associated Cipher key (in bits).
parameters for Key derivation functions for ISO-18033
Base constructor - suffix fixed input data only.
the KDF seed
fixed input data to follow counter.
length of the counter in bits
Base constructor - prefix and suffix fixed input data.
the KDF seed
fixed input data to precede counter
fixed input data to follow counter.
length of the counter in bits.
parameters for Key derivation functions for IEEE P1363a
Parameters for mask derivation functions.
Parameters for NaccacheStern public private key generation. For details on
this cipher, please see
http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
Parameters for generating a NaccacheStern KeyPair.
@param random
The source of randomness
@param strength
The desired strength of the Key in Bits
@param certainty
the probability that the generated primes are not really prime
as integer: 2^(-certainty) is then the probability
@param countSmallPrimes
How many small key factors are desired
* Parameters for a NaccacheStern KeyPair.
*
* @param random
* The source of randomness
* @param strength
* The desired strength of the Key in Bits
* @param certainty
* the probability that the generated primes are not really prime
* as integer: 2^(-certainty) is then the probability
* @param cntSmallPrimes
* How many small key factors are desired
* @param debug
* Ignored
@return Returns the certainty.
@return Returns the countSmallPrimes.
Public key parameters for NaccacheStern cipher. For details on this cipher,
please see
http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
@param privateKey
@return Returns the g.
@return Returns the lowerSigmaBound.
@return Returns the n.
Private key parameters for NaccacheStern cipher. For details on this cipher,
please see
http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
Constructs a NaccacheSternPrivateKey
@param g
the public enryption parameter g
@param n
the public modulus n = p*q
@param lowerSigmaBound
the public lower sigma bound up to which data can be encrypted
@param smallPrimes
the small primes, of which sigma is constructed in the right
order
@param phi_n
the private modulus phi(n) = (p-1)(q-1)
Cipher parameters with a fixed salt value associated with them.
Parameters for the Skein hash function - a series of byte[] strings identified by integer tags.
Parameterised Skein can be used for:
- MAC generation, by providing a key.
- Randomised hashing, by providing a nonce.
- A hash function for digital signatures, associating a
public key with the message digest.
- A key derivation function, by providing a
key identifier.
- Personalised hashing, by providing a
recommended format or
arbitrary personalisation string.
The parameter type for a secret key, supporting MAC or KDF functions: 0
The parameter type for the Skein configuration block: 4
The parameter type for a personalisation string: 8
The parameter type for a public key: 12
The parameter type for a key identifier string: 16
The parameter type for a nonce: 20
The parameter type for the message: 48
The parameter type for the output transformation: 63
Obtains a map of type (int) to value (byte[]) for the parameters tracked in this object.
Obtains the value of the key parameter, or null if not
set.
The key.
Obtains the value of the personalisation parameter, or
null if not set.
Obtains the value of the public key parameter, or
null if not set.
Obtains the value of the key identifier parameter, or
null if not set.
Obtains the value of the nonce parameter, or null if
not set.
A builder for .
Sets a parameters to apply to the Skein hash function.
Parameter types must be in the range 0,5..62, and cannot use the value 48
(reserved for message body).
Parameters with type < 48 are processed before
the message content, parameters with type > 48
are processed after the message and prior to output.
the type of the parameter, in the range 5..62.
the byte sequence of the parameter.
Sets the parameter.
Sets the parameter.
Implements the recommended personalisation format for Skein defined in Section 4.11 of
the Skein 1.3 specification.
The format is YYYYMMDD email@address distinguisher, encoded to a byte
sequence using UTF-8 encoding.
the date the personalised application of the Skein was defined.
the email address of the creation of the personalised application.
an arbitrary personalisation string distinguishing the application.
Sets the parameter.
Sets the parameter.
Sets the parameter.
Constructs a new instance with the parameters provided to this
builder.
Private parameters for an SM2 key exchange.
The ephemeralPrivateKey is used to calculate the random point used in the algorithm.
Public parameters for an SM2 key exchange.
In this case the ephemeralPublicKey provides the random point used in the algorithm.
Parameters for tweakable block ciphers.
Gets the key.
the key to use, or null to use the current key.
Gets the tweak value.
The tweak to use, or null to use the current tweak.
super class for all Password Based Encyrption (Pbe) parameter generator classes.
base constructor.
initialise the Pbe generator.
@param password the password converted into bytes (see below).
@param salt the salt to be mixed with the password.
@param iterationCount the number of iterations the "mixing" function
is to be applied for.
return the password byte array.
@return the password byte array.
return the salt byte array.
@return the salt byte array.
return the iteration count.
@return the iteration count.
Generate derived parameters for a key of length keySize.
@param keySize the length, in bits, of the key required.
@return a parameters object representing a key.
Generate derived parameters for a key of length keySize, and
an initialisation vector (IV) of length ivSize.
@param keySize the length, in bits, of the key required.
@param ivSize the length, in bits, of the iv required.
@return a parameters object representing a key and an IV.
Generate derived parameters for a key of length keySize, specifically
for use with a MAC.
@param keySize the length, in bits, of the key required.
@return a parameters object representing a key.
converts a password to a byte array according to the scheme in
Pkcs5 (ascii, no padding)
@param password a character array representing the password.
@return a byte array representing the password.
converts a password to a byte array according to the scheme in
PKCS5 (UTF-8, no padding)
@param password a character array representing the password.
@return a byte array representing the password.
converts a password to a byte array according to the scheme in
Pkcs12 (unicode, big endian, 2 zero pad bytes at the end).
@param password a character array representing the password.
@return a byte array representing the password.
An EntropySourceProvider where entropy generation is based on a SecureRandom output using SecureRandom.generateSeed().
Create a entropy source provider based on the passed in SecureRandom.
@param secureRandom the SecureRandom to base EntropySource construction on.
@param isPredictionResistant boolean indicating if the SecureRandom is based on prediction resistant entropy or not (true if it is).
Return an entropy source that will create bitsRequired bits of entropy on
each invocation of getEntropy().
@param bitsRequired size (in bits) of entropy to be created by the provided source.
@return an EntropySource that generates bitsRequired bits of entropy on each call to its getEntropy() method.
Uses RandomNumberGenerator.Create() to get randomness generator
Random generation based on the digest with counter. Calling AddSeedMaterial will
always increase the entropy of the hash.
Internal access to the digest is synchronized so a single one of these can be shared.
A SP800-90A CTR DRBG.
Construct a SP800-90A CTR DRBG.
Minimum entropy requirement is the security strength requested.
@param engine underlying block cipher to use to support DRBG
@param keySizeInBits size of the key to use with the block cipher.
@param securityStrength security strength required (in bits)
@param entropySource source of entropy to use for seeding/reseeding.
@param personalizationString personalization string to distinguish this DRBG (may be null).
@param nonce nonce to further distinguish this DRBG (may be null).
Return the block size (in bits) of the DRBG.
@return the number of bits produced on each internal round of the DRBG.
Populate a passed in array with random data.
@param output output array for generated bits.
@param additionalInput additional input to be added to the DRBG in this step.
@param predictionResistant true if a reseed should be forced, false otherwise.
@return number of bits generated, -1 if a reseed required.
Reseed the DRBG.
@param additionalInput additional input to be added to the DRBG in this step.
Pad out a key for TDEA, setting odd parity for each byte.
@param keyMaster
@param keyOff
@param tmp
@param tmpOff
Used by both Dual EC and Hash.
A SP800-90A Hash DRBG.
Construct a SP800-90A Hash DRBG.
Minimum entropy requirement is the security strength requested.
@param digest source digest to use for DRB stream.
@param securityStrength security strength required (in bits)
@param entropySource source of entropy to use for seeding/reseeding.
@param personalizationString personalization string to distinguish this DRBG (may be null).
@param nonce nonce to further distinguish this DRBG (may be null).
Return the block size (in bits) of the DRBG.
@return the number of bits produced on each internal round of the DRBG.
Populate a passed in array with random data.
@param output output array for generated bits.
@param additionalInput additional input to be added to the DRBG in this step.
@param predictionResistant true if a reseed should be forced, false otherwise.
@return number of bits generated, -1 if a reseed required.
Reseed the DRBG.
@param additionalInput additional input to be added to the DRBG in this step.
A SP800-90A HMAC DRBG.
Construct a SP800-90A Hash DRBG.
Minimum entropy requirement is the security strength requested.
@param hMac Hash MAC to base the DRBG on.
@param securityStrength security strength required (in bits)
@param entropySource source of entropy to use for seeding/reseeding.
@param personalizationString personalization string to distinguish this DRBG (may be null).
@param nonce nonce to further distinguish this DRBG (may be null).
Return the block size (in bits) of the DRBG.
@return the number of bits produced on each round of the DRBG.
Populate a passed in array with random data.
@param output output array for generated bits.
@param additionalInput additional input to be added to the DRBG in this step.
@param predictionResistant true if a reseed should be forced, false otherwise.
@return number of bits generated, -1 if a reseed required.
Reseed the DRBG.
@param additionalInput additional input to be added to the DRBG in this step.
Interface to SP800-90A deterministic random bit generators.
Return the block size of the DRBG.
@return the block size (in bits) produced by each round of the DRBG.
Populate a passed in array with random data.
@param output output array for generated bits.
@param additionalInput additional input to be added to the DRBG in this step.
@param predictionResistant true if a reseed should be forced, false otherwise.
@return number of bits generated, -1 if a reseed required.
Reseed the DRBG.
@param additionalInput additional input to be added to the DRBG in this step.
Generate numBytes worth of entropy from the passed in entropy source.
@param entropySource the entropy source to request the data from.
@param numBytes the number of bytes of entropy requested.
@return a byte array populated with the random data.
Generic interface for objects generating random bytes.
Add more seed material to the generator.
A byte array to be mixed into the generator's state.
Add more seed material to the generator.
A long value to be mixed into the generator's state.
Fill byte array with random values.
Array to be filled.
Fill byte array with random values.
Array to receive bytes.
Index to start filling at.
Length of segment to fill.
Takes bytes generated by an underling RandomGenerator and reverses the order in
each small window (of configurable size).
Access to internals is synchronized so a single one of these can be shared.
Add more seed material to the generator.
A byte array to be mixed into the generator's state.
Add more seed material to the generator.
A long value to be mixed into the generator's state.
Fill byte array with random values.
Array to be filled.
Fill byte array with random values.
Array to receive bytes.
Index to start filling at.
Length of segment to fill.
Force a reseed of the DRBG.
optional additional input
Builder class for making SecureRandom objects based on SP 800-90A Deterministic Random Bit Generators (DRBG).
Basic constructor, creates a builder using an EntropySourceProvider based on the default SecureRandom with
predictionResistant set to false.
Any SecureRandom created from a builder constructed like this will make use of input passed to SecureRandom.setSeed() if
the default SecureRandom does for its generateSeed() call.
Construct a builder with an EntropySourceProvider based on the passed in SecureRandom and the passed in value
for prediction resistance.
Any SecureRandom created from a builder constructed like this will make use of input passed to SecureRandom.setSeed() if
the passed in SecureRandom does for its generateSeed() call.
@param entropySource
@param predictionResistant
Create a builder which makes creates the SecureRandom objects from a specified entropy source provider.
Note: If this constructor is used any calls to setSeed() in the resulting SecureRandom will be ignored.
@param entropySourceProvider a provider of EntropySource objects.
Set the personalization string for DRBG SecureRandoms created by this builder
@param personalizationString the personalisation string for the underlying DRBG.
@return the current builder.
Set the security strength required for DRBGs used in building SecureRandom objects.
@param securityStrength the security strength (in bits)
@return the current builder.
Set the amount of entropy bits required for seeding and reseeding DRBGs used in building SecureRandom objects.
@param entropyBitsRequired the number of bits of entropy to be requested from the entropy source on each seed/reseed.
@return the current builder.
Build a SecureRandom based on a SP 800-90A Hash DRBG.
@param digest digest algorithm to use in the DRBG underneath the SecureRandom.
@param nonce nonce value to use in DRBG construction.
@param predictionResistant specify whether the underlying DRBG in the resulting SecureRandom should reseed on each request for bytes.
@return a SecureRandom supported by a Hash DRBG.
Build a SecureRandom based on a SP 800-90A CTR DRBG.
@param cipher the block cipher to base the DRBG on.
@param keySizeInBits key size in bits to be used with the block cipher.
@param nonce nonce value to use in DRBG construction.
@param predictionResistant specify whether the underlying DRBG in the resulting SecureRandom should reseed on each request for bytes.
@return a SecureRandom supported by a CTR DRBG.
Build a SecureRandom based on a SP 800-90A HMAC DRBG.
@param hMac HMAC algorithm to use in the DRBG underneath the SecureRandom.
@param nonce nonce value to use in DRBG construction.
@param predictionResistant specify whether the underlying DRBG in the resulting SecureRandom should reseed on each request for bytes.
@return a SecureRandom supported by a HMAC DRBG.
A thread based seed generator - one source of randomness.
Based on an idea from Marcus Lippert.
Generate seed bytes. Set fast to false for best quality.
If fast is set to true, the code should be round about 8 times faster when
generating a long sequence of random bytes. 20 bytes of random values using
the fast mode take less than half a second on a Nokia e70. If fast is set to false,
it takes round about 2500 ms.
@param numBytes the number of bytes to generate
@param fast true if fast mode should be used
Permutation generated by code:
// First 1850 fractional digit of Pi number.
byte[] key = new BigInteger("14159265358979323846...5068006422512520511").ToByteArray();
s = 0;
P = new byte[256];
for (int i = 0; i < 256; i++)
{
P[i] = (byte) i;
}
for (int m = 0; m < 768; m++)
{
s = P[(s + P[m & 0xff] + key[m % key.length]) & 0xff];
byte temp = P[m & 0xff];
P[m & 0xff] = P[s & 0xff];
P[s & 0xff] = temp;
}
Value generated in the same way as P.
@param engine
@param entropySource
Populate a passed in array with random data.
@param output output array for generated bits.
@param predictionResistant true if a reseed should be forced, false otherwise.
@return number of bits generated, -1 if a reseed required.
Reseed the RNG.
Basic constructor, creates a builder using an EntropySourceProvider based on the default SecureRandom with
predictionResistant set to false.
Any SecureRandom created from a builder constructed like this will make use of input passed to SecureRandom.setSeed() if
the default SecureRandom does for its generateSeed() call.
Construct a builder with an EntropySourceProvider based on the passed in SecureRandom and the passed in value
for prediction resistance.
Any SecureRandom created from a builder constructed like this will make use of input passed to SecureRandom.setSeed() if
the passed in SecureRandom does for its generateSeed() call.
@param entropySource
@param predictionResistant
Create a builder which makes creates the SecureRandom objects from a specified entropy source provider.
Note: If this constructor is used any calls to setSeed() in the resulting SecureRandom will be ignored.
@param entropySourceProvider a provider of EntropySource objects.
Construct a X9.31 secure random generator using the passed in engine and key. If predictionResistant is true the
generator will be reseeded on each request.
@param engine a block cipher to use as the operator.
@param key the block cipher key to initialise engine with.
@param predictionResistant true if engine to be reseeded on each use, false otherwise.
@return a SecureRandom.
update the internal digest with the byte b
update the internal digest with the byte array in
Generate a signature for the message we've been loaded with using
the key we were initialised with.
true if the internal state represents the signature described in the passed in array.
Reset the internal state
The Digital Signature Algorithm - as described in "Handbook of Applied
Cryptography", pages 452 - 453.
Default configuration, random K values.
Configuration with an alternate, possibly deterministic calculator of K.
@param kCalculator a K value calculator.
Generate a signature for the given message using the key we were
initialised with. For conventional DSA the message should be a SHA-1
hash of the message of interest.
@param message the message that will be verified later.
return true if the value r and s represent a DSA signature for
the passed in message for standard DSA the message should be a
SHA-1 hash of the real message to be verified.
EC-DSA as described in X9.62
Default configuration, random K values.
Configuration with an alternate, possibly deterministic calculator of K.
@param kCalculator a K value calculator.
Generate a signature for the given message using the key we were
initialised with. For conventional DSA the message should be a SHA-1
hash of the message of interest.
@param message the message that will be verified later.
return true if the value r and s represent a DSA signature for
the passed in message (for standard DSA the message should be
a SHA-1 hash of the real message to be verified).
GOST R 34.10-2001 Signature Algorithm
generate a signature for the given message using the key we were
initialised with. For conventional GOST3410 the message should be a GOST3411
hash of the message of interest.
@param message the message that will be verified later.
return true if the value r and s represent a GOST3410 signature for
the passed in message (for standard GOST3410 the message should be
a GOST3411 hash of the real message to be verified).
EC-NR as described in IEEE 1363-2000
generate a signature for the given message using the key we were
initialised with. Generally, the order of the curve should be at
least as long as the hash of the message of interest, and with
ECNR it *must* be at least as long.
@param digest the digest to be signed.
@exception DataLengthException if the digest is longer than the key allows
return true if the value r and s represent a signature for the
message passed in. Generally, the order of the curve should be at
least as long as the hash of the message of interest, and with
ECNR, it *must* be at least as long. But just in case the signer
applied mod(n) to the longer digest, this implementation will
apply mod(n) during verification.
@param digest the digest to be verified.
@param r the r value of the signature.
@param s the s value of the signature.
@exception DataLengthException if the digest is longer than the key allows
initialise the signer for signing or verification.
@param forSigning
true if for signing, false otherwise
@param parameters
necessary parameters.
update the internal digest with the byte b
update the internal digest with the byte array in
Generate a signature for the message we've been loaded with using the key
we were initialised with.
return true if the internal state represents the signature described in
the passed in array.
update the internal digest with the byte b
update the internal digest with the byte array in
Generate a signature for the message we've been loaded with using
the key we were initialised with.
true if the internal state represents the signature described in the passed in array.
Reset the internal state
Gost R 34.10-94 Signature Algorithm
generate a signature for the given message using the key we were
initialised with. For conventional Gost3410 the message should be a Gost3411
hash of the message of interest.
@param message the message that will be verified later.
return true if the value r and s represent a Gost3410 signature for
the passed in message for standard Gost3410 the message should be a
Gost3411 hash of the real message to be verified.
A deterministic K calculator based on the algorithm in section 3.2 of RFC 6979.
Base constructor.
@param digest digest to build the HMAC on.
An interface for different encoding formats for DSA signatures.
Decode the (r, s) pair of a DSA signature.
The order of the group that r, s belong to.
An encoding of the (r, s) pair of a DSA signature.
The (r, s) of a DSA signature, stored in an array of exactly two elements, r followed by s.
Encode the (r, s) pair of a DSA signature.
The order of the group that r, s belong to.
The r value of a DSA signature.
The s value of a DSA signature.
An encoding of the DSA signature given by the provided (r, s) pair.
Interface define calculators of K values for DSA/ECDSA.
Return true if this calculator is deterministic, false otherwise.
@return true if deterministic, otherwise false.
Non-deterministic initialiser.
@param n the order of the DSA group.
@param random a source of randomness.
Deterministic initialiser.
@param n the order of the DSA group.
@param d the DSA private value.
@param message the message being signed.
Return the next valid value of K.
@return a K value.
ISO9796-2 - mechanism using a hash function with recovery (scheme 2 and 3).
Note: the usual length for the salt is the length of the hash
function used in bytes.
Return a reference to the recoveredMessage message.
The full/partial recoveredMessage message.
Generate a signer with either implicit or explicit trailers for ISO9796-2, scheme 2 or 3.
base cipher to use for signature creation/verification
digest to use.
length of salt in bytes.
whether or not the trailer is implicit or gives the hash.
Constructor for a signer with an explicit digest trailer.
cipher to use.
digest to sign with.
length of salt in bytes.
Initialise the signer.
true if for signing, false if for verification.
parameters for signature generation/verification. If the
parameters are for generation they should be a ParametersWithRandom,
a ParametersWithSalt, or just an RsaKeyParameters object. If RsaKeyParameters
are passed in a SecureRandom will be created.
if wrong parameter type or a fixed
salt is passed in which is the wrong length.
compare two byte arrays - constant time.
clear possible sensitive data
update the internal digest with the byte b
update the internal digest with the byte array in
reset the internal state
Generate a signature for the loaded message using the key we were
initialised with.
return true if the signature represents a ISO9796-2 signature
for the passed in message.
Return true if the full message was recoveredMessage.
true on full message recovery, false otherwise, or if not sure.
int to octet string.
int to octet string.
long to octet string.
mask generator function, as described in Pkcs1v2.
ISO9796-2 - mechanism using a hash function with recovery (scheme 1)
Return a reference to the recoveredMessage message.
The full/partial recoveredMessage message.
Generate a signer with either implicit or explicit trailers for ISO9796-2.
base cipher to use for signature creation/verification
digest to use.
whether or not the trailer is implicit or gives the hash.
Constructor for a signer with an explicit digest trailer.
cipher to use.
digest to sign with.
compare two byte arrays - constant time.
clear possible sensitive data
update the internal digest with the byte b
update the internal digest with the byte array in
reset the internal state
Generate a signature for the loaded message using the key we were
initialised with.
return true if the signature represents a ISO9796-2 signature
for the passed in message.
Return true if the full message was recoveredMessage.
true on full message recovery, false otherwise.
RSA-PSS as described in Pkcs# 1 v 2.1.
Note: the usual value for the salt length is the number of
bytes in the hash function.
Basic constructor
the asymmetric cipher to use.
the digest to use.
the length of the salt to use (in bytes).
Basic constructor
the asymmetric cipher to use.
the digest to use.
the fixed salt to be used.
clear possible sensitive data
update the internal digest with the byte b
update the internal digest with the byte array in
reset the internal state
Generate a signature for the message we've been loaded with using
the key we were initialised with.
return true if the internal state represents the signature described
in the passed in array.
int to octet string.
mask generator function, as described in Pkcs1v2.
Load oid table.
Initialise the signer for signing or verification.
@param forSigning true if for signing, false otherwise
@param param necessary parameters.
update the internal digest with the byte b
update the internal digest with the byte array in
Generate a signature for the message we've been loaded with using
the key we were initialised with.
return true if the internal state represents the signature described
in the passed in array.
The SM2 Digital Signature algorithm.
X9.31-1998 - signing using a hash.
The message digest hash, H, is encapsulated to form a byte string as follows
EB = 06 || PS || 0xBA || H || TRAILER
where PS is a string of bytes all of value 0xBB of length such that |EB|=|n|, and TRAILER is the ISO/IEC 10118 part number†for the digest. The byte string, EB, is converted to an integer value, the message representative, f.
Generate a signer with either implicit or explicit trailers for X9.31.
@param cipher base cipher to use for signature creation/verification
@param digest digest to use.
@param implicit whether or not the trailer is implicit or gives the hash.
Constructor for a signer with an explicit digest trailer.
@param cipher cipher to use.
@param digest digest to sign with.
clear possible sensitive data
update the internal digest with the byte b
update the internal digest with the byte array in
reset the internal state
generate a signature for the loaded message using the key we were
initialised with.
return true if the signature represents a ISO9796-2 signature
for the passed in message.
A simple block result object which just carries a byte array.
Base constructor - a wrapper for the passed in byte array.
The byte array to be wrapped.
Return the number of bytes in the result
The length of the result in bytes.
Return the final result of the operation.
A block of bytes, representing the result of an operation.
Store the final result of the operation by copying it into the destination array.
The number of bytes copied into destination.
The byte array to copy the result into.
The offset into destination to start copying the result at.
a wrapper for block ciphers with a single byte block size, so that they
can be treated like stream ciphers.
basic constructor.
@param cipher the block cipher to be wrapped.
@exception ArgumentException if the cipher has a block size other than
one.
initialise the underlying cipher.
@param forEncryption true if we are setting up for encryption, false otherwise.
@param param the necessary parameters for the underlying cipher to be initialised.
return the name of the algorithm we are wrapping.
@return the name of the algorithm we are wrapping.
encrypt/decrypt a single byte returning the result.
@param in the byte to be processed.
@return the result of processing the input byte.
process a block of bytes from in putting the result into out.
@param in the input byte array.
@param inOff the offset into the in array where the data to be processed starts.
@param len the number of bytes to be processed.
@param out the output buffer the processed bytes go into.
@param outOff the offset into the output byte array the processed data stars at.
@exception DataLengthException if the output buffer is too small.
reset the underlying cipher. This leaves it in the same state
it was at after the last init (if there was one).
RFC 5246 7.2
This message notifies the recipient that the sender will not send any more messages on this
connection. Note that as of TLS 1.1, failure to properly close a connection no longer
requires that a session not be resumed. This is a change from TLS 1.0 ("The session becomes
unresumable if any connection is terminated without proper close_notify messages with level
equal to warning.") to conform with widespread implementation practice.
An inappropriate message was received. This alert is always fatal and should never be
observed in communication between proper implementations.
This alert is returned if a record is received with an incorrect MAC. This alert also MUST be
returned if an alert is sent because a TLSCiphertext decrypted in an invalid way: either it
wasn't an even multiple of the block length, or its padding values, when checked, weren't
correct. This message is always fatal and should never be observed in communication between
proper implementations (except when messages were corrupted in the network).
This alert was used in some earlier versions of TLS, and may have permitted certain attacks
against the CBC mode [CBCATT]. It MUST NOT be sent by compliant implementations.
A TLSCiphertext record was received that had a length more than 2^14+2048 bytes, or a record
decrypted to a TLSCompressed record with more than 2^14+1024 bytes. This message is always
fatal and should never be observed in communication between proper implementations (except
when messages were corrupted in the network).
The decompression function received improper input (e.g., data that would expand to excessive
length). This message is always fatal and should never be observed in communication between
proper implementations.
Reception of a handshake_failure alert message indicates that the sender was unable to
negotiate an acceptable set of security parameters given the options available. This is a
fatal error.
This alert was used in SSLv3 but not any version of TLS. It MUST NOT be sent by compliant
implementations.
A certificate was corrupt, contained signatures that did not verify correctly, etc.
A certificate was of an unsupported type.
A certificate was revoked by its signer.
A certificate has expired or is not currently valid.
Some other (unspecified) issue arose in processing the certificate, rendering it
unacceptable.
A field in the handshake was out of range or inconsistent with other fields. This message is
always fatal.
A valid certificate chain or partial chain was received, but the certificate was not accepted
because the CA certificate could not be located or couldn't be matched with a known, trusted
CA. This message is always fatal.
A valid certificate was received, but when access control was applied, the sender decided not
to proceed with negotiation. This message is always fatal.
A message could not be decoded because some field was out of the specified range or the
length of the message was incorrect. This message is always fatal and should never be
observed in communication between proper implementations (except when messages were corrupted
in the network).
A handshake cryptographic operation failed, including being unable to correctly verify a
signature or validate a Finished message. This message is always fatal.
This alert was used in some earlier versions of TLS. It MUST NOT be sent by compliant
implementations.
The protocol version the client has attempted to negotiate is recognized but not supported.
(For example, old protocol versions might be avoided for security reasons.) This message is
always fatal.
Returned instead of handshake_failure when a negotiation has failed specifically because the
server requires ciphers more secure than those supported by the client. This message is
always fatal.
An internal error unrelated to the peer or the correctness of the protocol (such as a memory
allocation failure) makes it impossible to continue. This message is always fatal.
This handshake is being canceled for some reason unrelated to a protocol failure. If the user
cancels an operation after the handshake is complete, just closing the connection by sending
a close_notify is more appropriate. This alert should be followed by a close_notify. This
message is generally a warning.
Sent by the client in response to a hello request or by the server in response to a client
hello after initial handshaking. Either of these would normally lead to renegotiation; when
that is not appropriate, the recipient should respond with this alert. At that point, the
original requester can decide whether to proceed with the connection. One case where this
would be appropriate is where a server has spawned a process to satisfy a request; the
process might receive security parameters (key length, authentication, etc.) at startup, and
it might be difficult to communicate changes to these parameters after that point. This
message is always a warning.
Sent by clients that receive an extended server hello containing an extension that they did
not put in the corresponding client hello. This message is always fatal.
This alert is sent by servers who are unable to retrieve a certificate chain from the URL
supplied by the client (see Section 3.3). This message MAY be fatal - for example if client
authentication is required by the server for the handshake to continue and the server is
unable to retrieve the certificate chain, it may send a fatal alert.
This alert is sent by servers that receive a server_name extension request, but do not
recognize the server name. This message MAY be fatal.
This alert is sent by clients that receive an invalid certificate status response (see
Section 3.6). This message is always fatal.
This alert is sent by servers when a certificate hash does not match a client provided
certificate_hash. This message is always fatal.
If the server does not recognize the PSK identity, it MAY respond with an
"unknown_psk_identity" alert message.
If TLS_FALLBACK_SCSV appears in ClientHello.cipher_suites and the highest protocol version
supported by the server is higher than the version indicated in ClientHello.client_version,
the server MUST respond with a fatal inappropriate_fallback alert [..].
RFC 5246 7.2
RFC 2246
Note that the values here are implementation-specific and arbitrary. It is recommended not to
depend on the particular values (e.g. serialization).
A queue for bytes.
This file could be more optimized.
The smallest number which can be written as 2^x which is bigger than i.
The initial size for our buffer.
The buffer where we store our data.
How many bytes at the beginning of the buffer are skipped.
How many bytes in the buffer are valid data.
Add some data to our buffer.
A byte-array to read data from.
How many bytes to skip at the beginning of the array.
How many bytes to read from the array.
The number of bytes which are available in this buffer.
Copy some bytes from the beginning of the data to the provided Stream.
The Stream to copy the bytes to.
How many bytes to copy.
If insufficient data is available.
If there is a problem copying the data.
Read data from the buffer.
The buffer where the read data will be copied to.
How many bytes to skip at the beginning of buf.
How many bytes to read at all.
How many bytes from our data to skip.
Return a MemoryStream over some bytes at the beginning of the data.
How many bytes will be readable.
A MemoryStream over the data.
If insufficient data is available.
Remove some bytes from our data from the beginning.
How many bytes to remove.
Parsing and encoding of a Certificate struct from RFC 4346.
opaque ASN.1Cert<2^24-1>;
struct {
ASN.1Cert certificate_list<0..2^24-1>;
} Certificate;
@see Org.BouncyCastle.Asn1.X509.X509CertificateStructure
The certificates.
@return an array of {@link org.bouncycastle.asn1.x509.Certificate} representing a certificate
chain.
@return true if this certificate chain contains no certificates, or
false otherwise.
Encode this {@link Certificate} to a {@link Stream}.
@param output the {@link Stream} to encode to.
@throws IOException
Parse a {@link Certificate} from a {@link Stream}.
@param input the {@link Stream} to parse from.
@return a {@link Certificate} object.
@throws IOException
Parsing and encoding of a CertificateRequest struct from RFC 4346.
struct {
ClientCertificateType certificate_types<1..2^8-1>;
DistinguishedName certificate_authorities<3..2^16-1>
} CertificateRequest;
@see ClientCertificateType
@see X509Name
@param certificateTypes see {@link ClientCertificateType} for valid constants.
@param certificateAuthorities an {@link IList} of {@link X509Name}.
@return an array of certificate types
@see {@link ClientCertificateType}
@return an {@link IList} of {@link SignatureAndHashAlgorithm} (or null before TLS 1.2).
@return an {@link IList} of {@link X509Name}
Encode this {@link CertificateRequest} to a {@link Stream}.
@param output the {@link Stream} to encode to.
@throws IOException
Parse a {@link CertificateRequest} from a {@link Stream}.
@param context
the {@link TlsContext} of the current connection.
@param input
the {@link Stream} to parse from.
@return a {@link CertificateRequest} object.
@throws IOException
Encode this {@link CertificateStatus} to a {@link Stream}.
@param output
the {@link Stream} to encode to.
@throws IOException
Parse a {@link CertificateStatus} from a {@link Stream}.
@param input
the {@link Stream} to parse from.
@return a {@link CertificateStatus} object.
@throws IOException
Encode this {@link CertificateStatusRequest} to a {@link Stream}.
@param output
the {@link Stream} to encode to.
@throws IOException
Parse a {@link CertificateStatusRequest} from a {@link Stream}.
@param input
the {@link Stream} to parse from.
@return a {@link CertificateStatusRequest} object.
@throws IOException
RFC 6091
@param type
see {@link CertChainType} for valid constants.
@param urlAndHashList
a {@link IList} of {@link UrlAndHash}.
@return {@link CertChainType}
@return an {@link IList} of {@link UrlAndHash}
Encode this {@link CertificateUrl} to a {@link Stream}.
@param output the {@link Stream} to encode to.
@throws IOException
Parse a {@link CertificateUrl} from a {@link Stream}.
@param context
the {@link TlsContext} of the current connection.
@param input
the {@link Stream} to parse from.
@return a {@link CertificateUrl} object.
@throws IOException
draft-ietf-tls-chacha20-poly1305-04
RFC 2246 A.5
RFC 2246
Note that the values here are implementation-specific and arbitrary. It is recommended not to
depend on the particular values (e.g. serialization).
A combined hash, which implements md5(m) || sha1(m).
@see org.bouncycastle.crypto.Digest#update(byte[], int, int)
@see org.bouncycastle.crypto.Digest#doFinal(byte[], int)
@see org.bouncycastle.crypto.Digest#reset()
RFC 2246 6.1
RFC 2246
Note that the values here are implementation-specific and arbitrary. It is recommended not to
depend on the particular values (e.g. serialization).
RFC 2246 6.2.1
Accept various standard DH groups with 'P' at least DefaultMinimumPrimeBits bits.
Accept various standard DH groups with 'P' at least the specified number of bits.
Accept a custom set of group parameters, subject to a minimum bitlength for 'P'.
An IList of acceptable DHParameters.
The minimum acceptable bitlength of the 'P' parameter.
Accept only the group parameters specified in RFC 5054 Appendix A.
Specify a custom set of acceptable group parameters.
@param groups a {@link Vector} of acceptable {@link SRP6GroupParameters}
Buffers input until the hash algorithm is determined.
@return a {@link SignatureAndHashAlgorithm} (or null before TLS 1.2).
Encode this {@link DigitallySigned} to a {@link Stream}.
@param output
the {@link Stream} to encode to.
@throws IOException
Parse a {@link DigitallySigned} from a {@link Stream}.
@param context
the {@link TlsContext} of the current connection.
@param input
the {@link Stream} to parse from.
@return a {@link DigitallySigned} object.
@throws IOException
Check that there are no "extra" messages left in the current inbound flight
RFC 4347 4.1.2.5 Anti-replay
Support fast rejection of duplicate records by maintaining a sliding receive window
Check whether a received record with the given sequence number should be rejected as a duplicate.
@param seq the 48-bit DTLSPlainText.sequence_number field of a received record.
@return true if the record should be discarded without further processing.
Report that a received record with the given sequence number passed authentication checks.
@param seq the 48-bit DTLSPlainText.sequence_number field of an authenticated record.
When a new epoch begins, sequence numbers begin again at 0
RFC 4492 5.4. (Errata ID: 2389)
RFC 4492 5.4
Indicates the elliptic curve domain parameters are conveyed verbosely, and the
underlying finite field is a prime field.
Indicates the elliptic curve domain parameters are conveyed verbosely, and the
underlying finite field is a characteristic-2 field.
Indicates that a named curve is used. This option SHOULD be used when applicable.
RFC 4492 5.1.2
RFC 2246
Note that the values here are implementation-specific and arbitrary. It is recommended not to
depend on the particular values (e.g. serialization).
RFC 5705
RFC 5246 7.4.1.4.1
Encode this {@link HeartbeatExtension} to a {@link Stream}.
@param output
the {@link Stream} to encode to.
@throws IOException
Parse a {@link HeartbeatExtension} from a {@link Stream}.
@param input
the {@link Stream} to parse from.
@return a {@link HeartbeatExtension} object.
@throws IOException
Encode this {@link HeartbeatMessage} to a {@link Stream}.
@param output
the {@link Stream} to encode to.
@throws IOException
Parse a {@link HeartbeatMessage} from a {@link Stream}.
@param input
the {@link Stream} to parse from.
@return a {@link HeartbeatMessage} object.
@throws IOException
RFC 2246
Note that the values here are implementation-specific and arbitrary. It is recommended not to
depend on the particular values (e.g. serialization).
RFC 2246
Note that the values here are implementation-specific and arbitrary. It is recommended not to
depend on the particular values (e.g. serialization).
RFC 4492 5.1.1
The named curves defined here are those specified in SEC 2 [13]. Note that many of
these curves are also recommended in ANSI X9.62 [7] and FIPS 186-2 [11]. Values 0xFE00
through 0xFEFF are reserved for private use. Values 0xFF01 and 0xFF02 indicate that the
client supports arbitrary prime and characteristic-2 curves, respectively (the curve
parameters must be encoded explicitly in ECParameters).
Encode this {@link NewSessionTicket} to a {@link Stream}.
@param output the {@link Stream} to encode to.
@throws IOException
Parse a {@link NewSessionTicket} from a {@link Stream}.
@param input the {@link Stream} to parse from.
@return a {@link NewSessionTicket} object.
@throws IOException
RFC 3546 3.6
@param responderIDList
an {@link IList} of {@link ResponderID}, specifying the list of trusted OCSP
responders. An empty list has the special meaning that the responders are
implicitly known to the server - e.g., by prior arrangement.
@param requestExtensions
OCSP request extensions. A null value means that there are no extensions.
@return an {@link IList} of {@link ResponderID}
@return OCSP request extensions
Encode this {@link OcspStatusRequest} to a {@link Stream}.
@param output
the {@link Stream} to encode to.
@throws IOException
Parse a {@link OcspStatusRequest} from a {@link Stream}.
@param input
the {@link Stream} to parse from.
@return an {@link OcspStatusRequest} object.
@throws IOException
RFC 5246
Note that the values here are implementation-specific and arbitrary. It is recommended not to
depend on the particular values (e.g. serialization).
An implementation of the TLS 1.0/1.1/1.2 record layer, allowing downgrade to SSLv3.
RFC 5246 E.1. "Earlier versions of the TLS specification were not fully clear on what the
record layer version number (TLSPlaintext.version) should contain when sending ClientHello
(i.e., before it is known which version of the protocol will be employed). Thus, TLS servers
compliant with this specification MUST accept any value {03,XX} as the record layer version
number for ClientHello."
@return {@link ConnectionEnd}
@return {@link CipherSuite}
@return {@link CompressionMethod}
@return {@link PRFAlgorithm}
Encode this {@link ServerName} to a {@link Stream}.
@param output
the {@link Stream} to encode to.
@throws IOException
Parse a {@link ServerName} from a {@link Stream}.
@param input
the {@link Stream} to parse from.
@return a {@link ServerName} object.
@throws IOException
@param serverNameList an {@link IList} of {@link ServerName}.
@return an {@link IList} of {@link ServerName}.
Encode this {@link ServerNameList} to a {@link Stream}.
@param output
the {@link Stream} to encode to.
@throws IOException
Parse a {@link ServerNameList} from a {@link Stream}.
@param input
the {@link Stream} to parse from.
@return a {@link ServerNameList} object.
@throws IOException
Encode this {@link ServerSRPParams} to an {@link OutputStream}.
@param output
the {@link OutputStream} to encode to.
@throws IOException
Parse a {@link ServerSRPParams} from an {@link InputStream}.
@param input
the {@link InputStream} to parse from.
@return a {@link ServerSRPParams} object.
@throws IOException
RFC 5246 7.4.1.4.1 (in RFC 2246, there were no specific values assigned)
RFC 5246 7.4.1.4.1
@param hash {@link HashAlgorithm}
@param signature {@link SignatureAlgorithm}
@return {@link HashAlgorithm}
@return {@link SignatureAlgorithm}
Encode this {@link SignatureAndHashAlgorithm} to a {@link Stream}.
@param output the {@link Stream} to encode to.
@throws IOException
Parse a {@link SignatureAndHashAlgorithm} from a {@link Stream}.
@param input the {@link Stream} to parse from.
@return a {@link SignatureAndHashAlgorithm} object.
@throws IOException
An implementation of {@link TlsSRPIdentityManager} that simulates the existence of "unknown" identities
to obscure the fact that there is no verifier for them.
Create a {@link SimulatedTlsSRPIdentityManager} that implements the algorithm from RFC 5054 2.5.1.3
@param group the {@link SRP6GroupParameters} defining the group that SRP is operating in
@param seedKey the secret "seed key" referred to in RFC 5054 2.5.1.3
@return an instance of {@link SimulatedTlsSRPIdentityManager}
HMAC implementation based on original internet draft for HMAC (RFC 2104)
The difference is that padding is concatentated versus XORed with the key
H(K + opad, H(K + ipad, text))
Base constructor for one of the standard digest algorithms that the byteLength of
the algorithm is know for. Behaviour is undefined for digests other than MD5 or SHA1.
@param digest the digest.
Reset the mac generator.
RFC 4680
Called by the protocol handler to report the server certificate.
This method is responsible for certificate verification and validation
The server received
Return client credentials in response to server's certificate request
A containing server certificate request details
A to be used for client authentication
(or null for no client authentication)
A generic TLS 1.0-1.2 / SSLv3 block cipher. This can be used for AES or 3DES for example.
Called at the start of a new TLS session, before any other methods.
A
Return the session this client wants to resume, if any.
Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.
A representing the resumable session to be used for this connection,
or null to use a new session.
Return the to use for the TLSPlaintext.version field prior to
receiving the server version. NOTE: This method is not called for DTLS.
See RFC 5246 E.1.: "TLS clients that wish to negotiate with older servers MAY send any value
{03,XX} as the record layer version number. Typical values would be {03,00}, the lowest
version number supported by the client, and the value of ClientHello.client_version. No
single value will guarantee interoperability with all old servers, but this is a complex
topic beyond the scope of this document."
The to use.
Get the list of cipher suites that this client supports.
An array of values, each specifying a supported cipher suite.
Get the list of compression methods that this client supports.
An array of values, each specifying a supported compression method.
Get the (optional) table of client extensions to be included in (extended) client hello.
A (Int32 -> byte[]). May be null.
Notifies the client of the session_id sent in the ServerHello.
An array of
Report the cipher suite that was selected by the server.
The protocol handler validates this value against the offered cipher suites
A
Report the compression method that was selected by the server.
The protocol handler validates this value against the offered compression methods
A
Report the extensions from an extended server hello.
Will only be called if we returned a non-null result from .
A (Int32 -> byte[])
A list of
Return an implementation of to negotiate the key exchange
part of the protocol.
A
Return an implementation of to handle authentication
part of the protocol.
A list of
RFC 5077 3.3. NewSessionTicket Handshake Message
This method will be called (only) when a NewSessionTicket handshake message is received. The
ticket is opaque to the client and clients MUST NOT examine the ticket under the assumption
that it complies with e.g. RFC 5077 4. Recommended Ticket Construction.
The ticket
Constructor for blocking mode.
@param stream The bi-directional stream of data to/from the server
@param secureRandom Random number generator for various cryptographic functions
Constructor for blocking mode.
@param input The stream of data from the server
@param output The stream of data to the server
@param secureRandom Random number generator for various cryptographic functions
Constructor for non-blocking mode.
When data is received, use {@link #offerInput(java.nio.ByteBuffer)} to
provide the received ciphertext, then use
{@link #readInput(byte[], int, int)} to read the corresponding cleartext.
Similarly, when data needs to be sent, use
{@link #offerOutput(byte[], int, int)} to provide the cleartext, then use
{@link #readOutput(byte[], int, int)} to get the corresponding
ciphertext.
@param secureRandom
Random number generator for various cryptographic functions
Initiates a TLS handshake in the role of client.
In blocking mode, this will not return until the handshake is complete.
In non-blocking mode, use {@link TlsPeer#NotifyHandshakeComplete()} to
receive a callback when the handshake is complete.
@param tlsClient The {@link TlsClient} to use for the handshake.
@throws IOException If in blocking mode and handshake was not successful.
Used to get the resumable session, if any, used by this connection. Only available after the
handshake has successfully completed.
@return A {@link TlsSession} representing the resumable session used by this connection, or
null if no resumable session available.
@see TlsPeer#NotifyHandshakeComplete()
Export keying material according to RFC 5705: "Keying Material Exporters for TLS".
@param asciiLabel indicates which application will use the exported keys.
@param context_value allows the application using the exporter to mix its own data with the TLS PRF for
the exporter output.
@param length the number of bytes to generate
@return a pseudorandom bit string of 'length' bytes generated from the master_secret.
(D)TLS DH key exchange.
An interface for verifying that Diffie-Hellman parameters are acceptable.
Verify that the given DHParameters are acceptable.
The DHParameters to verify.
true if (and only if) the specified parameters are acceptable.
(D)TLS ECDHE key exchange (see RFC 4492).
(D)TLS ECDH key exchange (see RFC 4492).
A generic interface for key exchange implementations in (D)TLS.
A generic TLS MAC implementation, acting as an HMAC based on some underlying Digest.
Generate a new instance of an TlsMac.
@param context the TLS client context
@param digest The digest to use.
@param key A byte-array where the key for this MAC is located.
@param keyOff The number of bytes to skip, before the key starts in the buffer.
@param keyLen The length of the key.
@return the MAC write secret
@return The output length of this MAC.
Calculate the MAC for some given data.
@param type The message type of the message.
@param message A byte-buffer containing the message.
@param offset The number of bytes to skip, before the message starts.
@param length The length of the message.
@return A new byte-buffer containing the MAC value.
This exception will be thrown(only) when the connection is closed by the peer without sending a
close_notify warning alert.
If this happens, the TLS protocol cannot rule out truncation of the connection data (potentially
malicious). It may be possible to check for truncation via some property of a higher level protocol
built upon TLS, e.g.the Content-Length header for HTTPS.
A NULL CipherSuite, with optional MAC.
Specify the timeout, in milliseconds, to use for the complete handshake process.
Negative values are not allowed. A timeout of zero means an infinite timeout (i.e. the
handshake will never time out). NOTE: Currently only respected by DTLS protocols.
This implementation supports RFC 7627 and will always negotiate the extended_master_secret
extension where possible.
When connecting to a peer that does not offer/accept this extension, it is recommended to
abort the handshake. This option is provided for interoperability with legacy peers,
although some TLS features will be disabled in that case (see RFC 7627 5.4).
true if the handshake should be aborted when the peer does not negotiate the
extended_master_secret extension, or false to support legacy interoperability.
draft-mathewson-no-gmtunixtime-00 2. "If existing users of a TLS implementation may rely on
gmt_unix_time containing the current time, we recommend that implementors MAY provide the
ability to set gmt_unix_time as an option only, off by default."
true if the current time should be used in the gmt_unix_time field of
Random, or false if gmt_unix_time should contain a cryptographically
random value.
Report whether the server supports secure renegotiation
The protocol handler automatically processes the relevant extensions
A , true if the server supports secure renegotiation
Return an implementation of to handle record compression.
A
Return an implementation of to use for encryption/decryption.
A
This method will be called when an alert is raised by the protocol.
A human-readable message explaining what caused this alert. May be null.
The Exception that caused this alert to be raised. May be null.
This method will be called when an alert is received from the remote peer.
Notifies the peer that the handshake has been successfully completed.
This method is called, when a change cipher spec message is received.
@throws IOException If the message has an invalid content or the handshake is not in the correct
state.
Read data from the network. The method will return immediately, if there is still some data
left in the buffer, or block until some application data has been read from the network.
@param buf The buffer where the data will be copied to.
@param offset The position where the data will be placed in the buffer.
@param len The maximum number of bytes to read.
@return The number of bytes read.
@throws IOException If something goes wrong during reading data.
Send some application data to the remote system.
The method will handle fragmentation internally.
@param buf The buffer with the data.
@param offset The position in the buffer where the data is placed.
@param len The length of the data.
@throws IOException If something goes wrong during sending.
The secure bidirectional stream for this connection
Only allowed in blocking mode.
Should be called in non-blocking mode when the input data reaches EOF.
Equivalent to OfferInput(input, 0, input.length)
@see TlsProtocol#OfferInput(byte[], int, int)
@param input The input buffer to offer
@throws IOException If an error occurs while decrypting or processing a record
Offer input from an arbitrary source. Only allowed in non-blocking mode.
This method will decrypt and process all records that are fully available.
If only part of a record is available, the buffer will be retained until the
remainder of the record is offered.
If any records containing application data were processed, the decrypted data
can be obtained using {@link #readInput(byte[], int, int)}. If any records
containing protocol data were processed, a response may have been generated.
You should always check to see if there is any available output after calling
this method by calling {@link #getAvailableOutputBytes()}.
@param input The input buffer to offer
@param inputOff The offset within the input buffer that input begins
@param inputLen The number of bytes of input being offered
@throws IOException If an error occurs while decrypting or processing a record
Gets the amount of received application data. A call to {@link #readInput(byte[], int, int)}
is guaranteed to be able to return at least this much data.
Only allowed in non-blocking mode.
@return The number of bytes of available application data
Retrieves received application data. Use {@link #getAvailableInputBytes()} to check
how much application data is currently available. This method functions similarly to
{@link InputStream#read(byte[], int, int)}, except that it never blocks. If no data
is available, nothing will be copied and zero will be returned.
Only allowed in non-blocking mode.
@param buffer The buffer to hold the application data
@param offset The start offset in the buffer at which the data is written
@param length The maximum number of bytes to read
@return The total number of bytes copied to the buffer. May be less than the
length specified if the length was greater than the amount of available data.
Offer output from an arbitrary source. Only allowed in non-blocking mode.
After this method returns, the specified section of the buffer will have been
processed. Use {@link #readOutput(byte[], int, int)} to get the bytes to
transmit to the other peer.
This method must not be called until after the handshake is complete! Attempting
to call it before the handshake is complete will result in an exception.
@param buffer The buffer containing application data to encrypt
@param offset The offset at which to begin reading data
@param length The number of bytes of data to read
@throws IOException If an error occurs encrypting the data, or the handshake is not complete
Gets the amount of encrypted data available to be sent. A call to
{@link #readOutput(byte[], int, int)} is guaranteed to be able to return at
least this much data.
Only allowed in non-blocking mode.
@return The number of bytes of available encrypted data
Retrieves encrypted data to be sent. Use {@link #getAvailableOutputBytes()} to check
how much encrypted data is currently available. This method functions similarly to
{@link InputStream#read(byte[], int, int)}, except that it never blocks. If no data
is available, nothing will be copied and zero will be returned.
Only allowed in non-blocking mode.
@param buffer The buffer to hold the encrypted data
@param offset The start offset in the buffer at which the data is written
@param length The maximum number of bytes to read
@return The total number of bytes copied to the buffer. May be less than the
length specified if the length was greater than the amount of available data.
Closes this connection.
@throws IOException If something goes wrong during closing.
Make sure the InputStream 'buf' now empty. Fail otherwise.
@param buf The InputStream to check.
@throws IOException If 'buf' is not empty.
'sender' only relevant to SSLv3
Both streams can be the same object
(D)TLS PSK key exchange (RFC 4279).
(D)TLS and SSLv3 RSA key exchange.
A (Int32 -> byte[]). Will never be null.
Get the (optional) table of server extensions to be included in (extended) server hello.
A (Int32 -> byte[]). May be null.
A (). May be null.
This method will be called (only) if the server included an extension of type
"status_request" with empty "extension_data" in the extended server hello. See RFC 3546
3.6. Certificate Status Request. If a non-null is returned, it
is sent to the client as a handshake message of type "certificate_status".
A to be sent to the client (or null for none).
()
Called by the protocol handler to report the client certificate, only if GetCertificateRequest
returned non-null.
Note: this method is responsible for certificate verification and validation.
the effective client certificate (may be an empty chain).
RFC 5077 3.3. NewSessionTicket Handshake Message.
This method will be called (only) if a NewSessionTicket extension was sent by the server. See
RFC 5077 4. Recommended Ticket Construction for recommended format and protection.
The ticket)
Constructor for blocking mode.
@param stream The bi-directional stream of data to/from the client
@param output The stream of data to the client
@param secureRandom Random number generator for various cryptographic functions
Constructor for blocking mode.
@param input The stream of data from the client
@param output The stream of data to the client
@param secureRandom Random number generator for various cryptographic functions
Constructor for non-blocking mode.
When data is received, use {@link #offerInput(java.nio.ByteBuffer)} to
provide the received ciphertext, then use
{@link #readInput(byte[], int, int)} to read the corresponding cleartext.
Similarly, when data needs to be sent, use
{@link #offerOutput(byte[], int, int)} to provide the cleartext, then use
{@link #readOutput(byte[], int, int)} to get the corresponding
ciphertext.
@param secureRandom
Random number generator for various cryptographic functions
Receives a TLS handshake in the role of server.
In blocking mode, this will not return until the handshake is complete.
In non-blocking mode, use {@link TlsPeer#notifyHandshakeComplete()} to
receive a callback when the handshake is complete.
@param tlsServer
@throws IOException If in blocking mode and handshake was not successful.
Check whether the given SRP group parameters are acceptable for use.
@param group the {@link SRP6GroupParameters} to check
@return true if (and only if) the specified group parameters are acceptable
Lookup the {@link TlsSRPLoginParameters} corresponding to the specified identity.
NOTE: To avoid "identity probing", unknown identities SHOULD be handled as recommended in RFC
5054 2.5.1.3. {@link SimulatedTlsSRPIdentityManager} is provided for this purpose.
@param identity
the SRP identity sent by the connecting client
@return the {@link TlsSRPLoginParameters} for the specified identity, or else 'simulated'
parameters if the identity is not recognized. A null value is also allowed, but not
recommended.
(D)TLS SRP key exchange (RFC 5054).
RFC 5764 DTLS Extension to Establish Keys for SRTP.
Some helper functions for MicroTLS.
Add a 'signature_algorithms' extension to existing extensions.
@param extensions A {@link Hashtable} to add the extension to.
@param supportedSignatureAlgorithms {@link Vector} containing at least 1 {@link SignatureAndHashAlgorithm}.
@throws IOException
Get a 'signature_algorithms' extension from extensions.
@param extensions A {@link Hashtable} to get the extension from, if it is present.
@return A {@link Vector} containing at least 1 {@link SignatureAndHashAlgorithm}, or null.
@throws IOException
Create a 'signature_algorithms' extension value.
@param supportedSignatureAlgorithms A {@link Vector} containing at least 1 {@link SignatureAndHashAlgorithm}.
@return A byte array suitable for use as an extension value.
@throws IOException
Read 'signature_algorithms' extension data.
@param extensionData The extension data.
@return A {@link Vector} containing at least 1 {@link SignatureAndHashAlgorithm}.
@throws IOException
RFC 6066 5.
Encode this {@link UrlAndHash} to a {@link Stream}.
@param output the {@link Stream} to encode to.
@throws IOException
Parse a {@link UrlAndHash} from a {@link Stream}.
@param context
the {@link TlsContext} of the current connection.
@param input
the {@link Stream} to parse from.
@return a {@link UrlAndHash} object.
@throws IOException
RFC 4681
RFC 5764 4.1.1
@param protectionProfiles see {@link SrtpProtectionProfile} for valid constants.
@param mki valid lengths from 0 to 255.
@return see {@link SrtpProtectionProfile} for valid constants.
@return valid lengths from 0 to 255.
Create an AlgorithmIdentifier for the passed in encryption algorithm.
@param encryptionOID OID for the encryption algorithm
@param keySize key size in bits (-1 if unknown)
@param random SecureRandom to use for parameter generation.
@return a full AlgorithmIdentifier including parameters
@throws IllegalArgumentException if encryptionOID cannot be matched
A basic alphabet mapper that just creates a mapper based on the
passed in array of characters.
Base constructor.
@param alphabet a string of characters making up the alphabet.
Base constructor.
@param alphabet an array of characters making up the alphabet.
Create a key generator for the passed in Object Identifier.
@param algorithm the Object Identifier indicating the algorithn the generator is for.
@param random a source of random to initialise the generator with.
@return an initialised CipherKeyGenerator.
@throws IllegalArgumentException if the algorithm cannot be identified.
Use KeyTransRecipientInfoGenerator
return a = a + b - b preserved.
unsigned comparison on two arrays - note the arrays may
start with leading zeros.
return z = x / y - done in place (z value preserved, x contains the
remainder)
return whether or not a BigInteger is probably prime with a
probability of 1 - (1/2)**certainty.
From Knuth Vol 2, pg 395.
Calculate the numbers u1, u2, and u3 such that:
u1 * a + u2 * b = u3
where u3 is the greatest common divider of a and b.
a and b using the extended Euclid algorithm (refer p. 323
of The Art of Computer Programming vol 2, 2nd ed).
This also seems to have the side effect of calculating
some form of multiplicative inverse.
@param a First number to calculate gcd for
@param b Second number to calculate gcd for
@param u1Out the return object for the u1 value
@return The greatest common divisor of a and b
return w with w = x * x - w is assumed to have enough space.
return x with x = y * z - x is assumed to have enough space.
Calculate mQuote = -m^(-1) mod b with b = 2^32 (32 = word size)
Montgomery multiplication: a = x * y * R^(-1) mod m
Based algorithm 14.36 of Handbook of Applied Cryptography.
m, x, y should have length n
a should have length (n + 1)
b = 2^32, R = b^n
The result is put in x
NOTE: the indices of x, y, m, a different in HAC and in Java
return x = x % y - done in place (y value preserved)
do a left shift - this returns a new array.
do a right shift - this does it in place.
do a right shift by one - this does it in place.
returns x = x - y - we assume x is >= y
Class representing a simple version of a big decimal. A
SimpleBigDecimal is basically a
{@link java.math.BigInteger BigInteger} with a few digits on the right of
the decimal point. The number of (binary) digits on the right of the decimal
point is called the scale of the SimpleBigDecimal.
Unlike in {@link java.math.BigDecimal BigDecimal}, the scale is not adjusted
automatically, but must be set manually. All SimpleBigDecimals
taking part in the same arithmetic operation must have equal scale. The
result of a multiplication of two SimpleBigDecimals returns a
SimpleBigDecimal with double scale.
Returns a SimpleBigDecimal representing the same numerical
value as value.
@param value The value of the SimpleBigDecimal to be
created.
@param scale The scale of the SimpleBigDecimal to be
created.
@return The such created SimpleBigDecimal.
Constructor for SimpleBigDecimal. The value of the
constructed SimpleBigDecimal Equals bigInt /
2scale.
@param bigInt The bigInt value parameter.
@param scale The scale of the constructed SimpleBigDecimal.
Class holding methods for point multiplication based on the window
τ-adic nonadjacent form (WTNAF). The algorithms are based on the
paper "Improved Algorithms for Arithmetic on Anomalous Binary Curves"
by Jerome A. Solinas. The paper first appeared in the Proceedings of
Crypto 1997.
The window width of WTNAF. The standard value of 4 is slightly less
than optimal for running time, but keeps space requirements for
precomputation low. For typical curves, a value of 5 or 6 results in
a better running time. When changing this value, the
αu's must be computed differently, see
e.g. "Guide to Elliptic Curve Cryptography", Darrel Hankerson,
Alfred Menezes, Scott Vanstone, Springer-Verlag New York Inc., 2004,
p. 121-122
24
The αu's for a=0 as an array
of ZTauElements.
The αu's for a=0 as an array
of TNAFs.
The αu's for a=1 as an array
of ZTauElements.
The αu's for a=1 as an array
of TNAFs.
Computes the norm of an element λ of
Z[τ].
@param mu The parameter μ of the elliptic curve.
@param lambda The element λ of
Z[τ].
@return The norm of λ.
Computes the norm of an element λ of
R[τ], where λ = u + vτ
and u and u are real numbers (elements of
R).
@param mu The parameter μ of the elliptic curve.
@param u The real part of the element λ of
R[τ].
@param v The τ-adic part of the element
λ of R[τ].
@return The norm of λ.
Rounds an element λ of R[τ]
to an element of Z[τ], such that their difference
has minimal norm. λ is given as
λ = λ0 + λ1τ.
@param lambda0 The component λ0.
@param lambda1 The component λ1.
@param mu The parameter μ of the elliptic curve. Must
equal 1 or -1.
@return The rounded element of Z[τ].
@throws ArgumentException if lambda0 and
lambda1 do not have same scale.
Approximate division by n. For an integer
k, the value λ = s k / n is
computed to c bits of accuracy.
@param k The parameter k.
@param s The curve parameter s0 or
s1.
@param vm The Lucas Sequence element Vm.
@param a The parameter a of the elliptic curve.
@param m The bit length of the finite field
Fm.
@param c The number of bits of accuracy, i.e. the scale of the returned
SimpleBigDecimal.
@return The value λ = s k / n computed to
c bits of accuracy.
Computes the τ-adic NAF (non-adjacent form) of an
element λ of Z[τ].
@param mu The parameter μ of the elliptic curve.
@param lambda The element λ of
Z[τ].
@return The τ-adic NAF of λ.
Applies the operation τ() to an
AbstractF2mPoint.
@param p The AbstractF2mPoint to which τ() is applied.
@return τ(p)
Returns the parameter μ of the elliptic curve.
@param curve The elliptic curve from which to obtain μ.
The curve must be a Koblitz curve, i.e. a Equals
0 or 1 and b Equals
1.
@return μ of the elliptic curve.
@throws ArgumentException if the given ECCurve is not a Koblitz
curve.
Calculates the Lucas Sequence elements Uk-1 and
Uk or Vk-1 and
Vk.
@param mu The parameter μ of the elliptic curve.
@param k The index of the second element of the Lucas Sequence to be
returned.
@param doV If set to true, computes Vk-1 and
Vk, otherwise Uk-1 and
Uk.
@return An array with 2 elements, containing Uk-1
and Uk or Vk-1
and Vk.
Computes the auxiliary value tw. If the width is
4, then for mu = 1, tw = 6 and for
mu = -1, tw = 10
@param mu The parameter μ of the elliptic curve.
@param w The window width of the WTNAF.
@return the auxiliary value tw
Computes the auxiliary values s0 and
s1 used for partial modular reduction.
@param curve The elliptic curve for which to compute
s0 and s1.
@throws ArgumentException if curve is not a
Koblitz curve (Anomalous Binary Curve, ABC).
Partial modular reduction modulo
(τm - 1)/(τ - 1).
@param k The integer to be reduced.
@param m The bitlength of the underlying finite field.
@param a The parameter a of the elliptic curve.
@param s The auxiliary values s0 and
s1.
@param mu The parameter μ of the elliptic curve.
@param c The precision (number of bits of accuracy) of the partial
modular reduction.
@return ρ := k partmod (τm - 1)/(τ - 1)
Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint}
by a BigInteger using the reduced τ-adic
NAF (RTNAF) method.
@param p The AbstractF2mPoint to Multiply.
@param k The BigInteger by which to Multiply p.
@return k * p
Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint}
by an element λ of Z[τ]
using the τ-adic NAF (TNAF) method.
@param p The AbstractF2mPoint to Multiply.
@param lambda The element λ of
Z[τ].
@return λ * p
Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint}
by an element λ of Z[τ]
using the τ-adic NAF (TNAF) method, given the TNAF
of λ.
@param p The AbstractF2mPoint to Multiply.
@param u The the TNAF of λ..
@return λ * p
Computes the [τ]-adic window NAF of an element
λ of Z[τ].
@param mu The parameter μ of the elliptic curve.
@param lambda The element λ of
Z[τ] of which to compute the
[τ]-adic NAF.
@param width The window width of the resulting WNAF.
@param pow2w 2width.
@param tw The auxiliary value tw.
@param alpha The αu's for the window width.
@return The [τ]-adic window NAF of
λ.
Does the precomputation for WTNAF multiplication.
@param p The ECPoint for which to do the precomputation.
@param a The parameter a of the elliptic curve.
@return The precomputation array for p.
Class representing an element of Z[τ]. Let
λ be an element of Z[τ]. Then
λ is given as λ = u + vτ. The
components u and v may be used directly, there
are no accessor methods.
Immutable class.
The "real" part of λ.
The "τ-adic" part of λ.
Constructor for an element λ of
Z[τ].
@param u The "real" part of λ.
@param v The "τ-adic" part of
λ.
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve the curve to use
@param x affine x co-ordinate
@param y affine y co-ordinate
@deprecated Use ECCurve.CreatePoint to construct points
Create a point that encodes with or without point compresion.
@param curve the curve to use
@param x affine x co-ordinate
@param y affine y co-ordinate
@param withCompression if true encode with point compression
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.createPoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(bool)}
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.createPoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(boolean)}
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.CreatePoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(bool)}
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.CreatePoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(bool)}
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.CreatePoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(bool)}
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.createPoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(bool)}
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.createPoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(bool)}
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.createPoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(bool)}
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.createPoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(bool)}
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.createPoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(bool)}
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.createPoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(bool)}
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.createPoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(bool)}
return a sqrt root - the routine verifies that the calculation returns the right value - if
none exists it returns null.
Create a point which encodes with point compression.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@deprecated Use ECCurve.createPoint to construct points
Create a point that encodes with or without point compresion.
@param curve
the curve to use
@param x
affine x co-ordinate
@param y
affine y co-ordinate
@param withCompression
if true encode with point compression
@deprecated per-point compression property will be removed, refer
{@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
@deprecated Use ECCurve.createPoint to construct points
@deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)}
Simple shift-and-add multiplication. Serves as reference implementation to verify (possibly
faster) implementations, and for very small scalars. CAUTION: This implementation is NOT
constant-time in any way. It is only intended to be used for diagnostics.
@param p
The point to multiply.
@param k
The multiplier.
@return The result of the point multiplication kP.
Base class for an elliptic curve.
Compute a PreCompInfo for a point on this curve, under a given name. Used by
ECMultipliers to save the precomputation for this ECPoint for use
by subsequent multiplication.
@param point
The ECPoint to store precomputations for.
@param name
A String used to index precomputations of different types.
@param callback
Called to calculate the PreCompInfo.
Normalization ensures that any projective coordinate is 1, and therefore that the x, y
coordinates reflect those of the equivalent point in an affine coordinate system. Where more
than one point is to be normalized, this method will generally be more efficient than
normalizing each point separately.
@param points
An array of points that will be updated in place with their normalized versions,
where necessary
Normalization ensures that any projective coordinate is 1, and therefore that the x, y
coordinates reflect those of the equivalent point in an affine coordinate system. Where more
than one point is to be normalized, this method will generally be more efficient than
normalizing each point separately. An (optional) z-scaling factor can be applied; effectively
each z coordinate is scaled by this value prior to normalization (but only one
actual multiplication is needed).
@param points
An array of points that will be updated in place with their normalized versions,
where necessary
@param off
The start of the range of points to normalize
@param len
The length of the range of points to normalize
@param iso
The (optional) z-scaling factor - can be null
Create a cache-safe lookup table for the specified sequence of points. All the points MUST
belong to this ECCurve instance, and MUST already be normalized.
Sets the default ECMultiplier, unless already set.
We avoid locking for performance reasons, so there is no uniqueness guarantee.
Decode a point on this curve from its ASN.1 encoding. The different
encodings are taken account of, including point compression for
Fp (X9.62 s 4.2.1 pg 17).
@return The decoded point.
Elliptic curve over Fp
The auxiliary values s0 and
s1 used for partial modular reduction for
Koblitz curves.
Solves a quadratic equation z2 + z = beta(X9.62
D.1.6) The other solution is z + 1.
@param beta
The value to solve the quadratic equation for.
@return the solution for z2 + z = beta or
null if no solution exists.
@return the auxiliary values s0 and
s1 used for partial modular reduction for
Koblitz curves.
Returns true if this is a Koblitz curve (ABC curve).
@return true if this is a Koblitz curve (ABC curve), false otherwise
Elliptic curves over F2m. The Weierstrass equation is given by
y2 + xy = x3 + ax2 + b.
The exponent m of F2m.
TPB: The integer k where xm +
xk + 1 represents the reduction polynomial
f(z).
PPB: The integer k1 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
TPB: Always set to 0
PPB: The integer k2 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
TPB: Always set to 0
PPB: The integer k3 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
The point at infinity on this curve.
Constructor for Trinomial Polynomial Basis (TPB).
@param m The exponent m of
F2m.
@param k The integer k where xm +
xk + 1 represents the reduction
polynomial f(z).
@param a The coefficient a in the Weierstrass equation
for non-supersingular elliptic curves over
F2m.
@param b The coefficient b in the Weierstrass equation
for non-supersingular elliptic curves over
F2m.
Constructor for Trinomial Polynomial Basis (TPB).
@param m The exponent m of
F2m.
@param k The integer k where xm +
xk + 1 represents the reduction
polynomial f(z).
@param a The coefficient a in the Weierstrass equation
for non-supersingular elliptic curves over
F2m.
@param b The coefficient b in the Weierstrass equation
for non-supersingular elliptic curves over
F2m.
@param order The order of the main subgroup of the elliptic curve.
@param cofactor The cofactor of the elliptic curve, i.e.
#Ea(F2m) = h * n.
Constructor for Pentanomial Polynomial Basis (PPB).
@param m The exponent m of
F2m.
@param k1 The integer k1 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@param k2 The integer k2 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@param k3 The integer k3 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@param a The coefficient a in the Weierstrass equation
for non-supersingular elliptic curves over
F2m.
@param b The coefficient b in the Weierstrass equation
for non-supersingular elliptic curves over
F2m.
Constructor for Pentanomial Polynomial Basis (PPB).
@param m The exponent m of
F2m.
@param k1 The integer k1 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@param k2 The integer k2 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@param k3 The integer k3 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@param a The coefficient a in the Weierstrass equation
for non-supersingular elliptic curves over
F2m.
@param b The coefficient b in the Weierstrass equation
for non-supersingular elliptic curves over
F2m.
@param order The order of the main subgroup of the elliptic curve.
@param cofactor The cofactor of the elliptic curve, i.e.
#Ea(F2m) = h * n.
Return true if curve uses a Trinomial basis.
@return true if curve Trinomial, false otherwise.
return the field name for this field.
@return the string "Fp".
return a sqrt root - the routine verifies that the calculation
returns the right value - if none exists it returns null.
Class representing the Elements of the finite field
F2m in polynomial basis (PB)
representation. Both trinomial (Tpb) and pentanomial (Ppb) polynomial
basis representations are supported. Gaussian normal basis (GNB)
representation is not supported.
Indicates gaussian normal basis representation (GNB). Number chosen
according to X9.62. GNB is not implemented at present.
Indicates trinomial basis representation (Tpb). Number chosen
according to X9.62.
Indicates pentanomial basis representation (Ppb). Number chosen
according to X9.62.
Tpb or Ppb.
The exponent m of F2m.
The LongArray holding the bits.
Constructor for Ppb.
@param m The exponent m of
F2m.
@param k1 The integer k1 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@param k2 The integer k2 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@param k3 The integer k3 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@param x The BigInteger representing the value of the field element.
Constructor for Tpb.
@param m The exponent m of
F2m.
@param k The integer k where xm +
xk + 1 represents the reduction
polynomial f(z).
@param x The BigInteger representing the value of the field element.
Checks, if the ECFieldElements a and b
are elements of the same field F2m
(having the same representation).
@param a field element.
@param b field element to be compared.
@throws ArgumentException if a and b
are not elements of the same field
F2m (having the same
representation).
@return the representation of the field
F2m, either of
{@link F2mFieldElement.Tpb} (trinomial
basis representation) or
{@link F2mFieldElement.Ppb} (pentanomial
basis representation).
@return the degree m of the reduction polynomial
f(z).
@return Tpb: The integer k where xm +
xk + 1 represents the reduction polynomial
f(z).
Ppb: The integer k1 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@return Tpb: Always returns 0
Ppb: The integer k2 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
@return Tpb: Always set to 0
Ppb: The integer k3 where xm +
xk3 + xk2 + xk1 + 1
represents the reduction polynomial f(z).
base class for points on elliptic curves.
Returns the affine x-coordinate after checking that this point is normalized.
@return The affine x-coordinate of this point
@throws IllegalStateException if the point is not normalized
Returns the affine y-coordinate after checking that this point is normalized
@return The affine y-coordinate of this point
@throws IllegalStateException if the point is not normalized
Returns the x-coordinate.
Caution: depending on the curve's coordinate system, this may not be the same value as in an
affine coordinate system; use Normalize() to get a point where the coordinates have their
affine values, or use AffineXCoord if you expect the point to already have been normalized.
@return the x-coordinate of this point
Returns the y-coordinate.
Caution: depending on the curve's coordinate system, this may not be the same value as in an
affine coordinate system; use Normalize() to get a point where the coordinates have their
affine values, or use AffineYCoord if you expect the point to already have been normalized.
@return the y-coordinate of this point
Normalization ensures that any projective coordinate is 1, and therefore that the x, y
coordinates reflect those of the equivalent point in an affine coordinate system.
@return a new ECPoint instance representing the same point, but with normalized coordinates
return the field element encoded with point compression. (S 4.3.6)
Multiplies this ECPoint by the given number.
@param k The multiplicator.
@return k * this.
Elliptic curve points over Fp
Create a point which encodes without point compression.
@param curve the curve to use
@param x affine x co-ordinate
@param y affine y co-ordinate
Create a point that encodes with or without point compression.
@param curve the curve to use
@param x affine x co-ordinate
@param y affine y co-ordinate
@param withCompression if true encode with point compression
Elliptic curve points over F2m
@param curve base curve
@param x x point
@param y y point
@param curve base curve
@param x x point
@param y y point
@param withCompression true if encode with point compression.
Joye's double-add algorithm.
Interface for classes encapsulating a point multiplication algorithm
for ECPoints.
Multiplies the ECPoint p by k, i.e.
p is added k times to itself.
@param p The ECPoint to be multiplied.
@param k The factor by which p is multiplied.
@return p multiplied by k.
Class holding precomputation data for fixed-point multiplications.
Lookup table for the precomputed ECPoints used for a fixed point multiplication.
The width used for the precomputation. If a larger width precomputation
is already available this may be larger than was requested, so calling
code should refer to the actual width.
Class implementing the NAF (Non-Adjacent Form) multiplication algorithm (right-to-left) using
mixed coordinates.
By default, addition will be done in Jacobian coordinates, and doubling will be done in
Modified Jacobian coordinates (independent of the original coordinate system of each point).
Montgomery ladder.
Class implementing the NAF (Non-Adjacent Form) multiplication algorithm (left-to-right).
Class implementing the NAF (Non-Adjacent Form) multiplication algorithm (right-to-left).
Interface for classes storing precomputation data for multiplication
algorithms. Used as a Memento (see GOF patterns) for
WNafMultiplier.
Class implementing the WNAF (Window Non-Adjacent Form) multiplication
algorithm.
Multiplies this by an integer k using the
Window NAF method.
@param k The integer by which this is multiplied.
@return A new ECPoint which equals this
multiplied by k.
Class holding precomputation data for the WNAF (Window Non-Adjacent Form)
algorithm.
Array holding the precomputed ECPoints used for a Window
NAF multiplication.
Array holding the negations of the precomputed ECPoints used
for a Window NAF multiplication.
Holds an ECPoint representing Twice(this). Used for the
Window NAF multiplication to create or extend the precomputed values.
Computes the Window NAF (non-adjacent Form) of an integer.
@param width The width w of the Window NAF. The width is
defined as the minimal number w, such that for any
w consecutive digits in the resulting representation, at
most one is non-zero.
@param k The integer of which the Window NAF is computed.
@return The Window NAF of the given width, such that the following holds:
k = ∑i=0l-1 ki2i
, where the ki denote the elements of the
returned byte[].
Determine window width to use for a scalar multiplication of the given size.
@param bits the bit-length of the scalar to multiply by
@return the window size to use
Determine window width to use for a scalar multiplication of the given size.
@param bits the bit-length of the scalar to multiply by
@param maxWidth the maximum window width to return
@return the window size to use
Determine window width to use for a scalar multiplication of the given size.
@param bits the bit-length of the scalar to multiply by
@param windowSizeCutoffs a monotonically increasing list of bit sizes at which to increment the window width
@return the window size to use
Determine window width to use for a scalar multiplication of the given size.
@param bits the bit-length of the scalar to multiply by
@param windowSizeCutoffs a monotonically increasing list of bit sizes at which to increment the window width
@param maxWidth the maximum window width to return
@return the window size to use
Class implementing the WTNAF (Window
τ-adic Non-Adjacent Form) algorithm.
Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint}
by k using the reduced τ-adic NAF (RTNAF)
method.
@param p The AbstractF2mPoint to multiply.
@param k The integer by which to multiply k.
@return p multiplied by k.
Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint}
by an element λ of Z[τ] using
the τ-adic NAF (TNAF) method.
@param p The AbstractF2mPoint to multiply.
@param lambda The element λ of
Z[τ] of which to compute the
[τ]-adic NAF.
@return p multiplied by λ.
Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint}
by an element λ of Z[τ]
using the window τ-adic NAF (TNAF) method, given the
WTNAF of λ.
@param p The AbstractF2mPoint to multiply.
@param u The the WTNAF of λ..
@return λ * p
Class holding precomputation data for the WTNAF (Window
τ-adic Non-Adjacent Form) algorithm.
Array holding the precomputed AbstractF2mPoints used for the
WTNAF multiplication in
{@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
WTauNafMultiplier.multiply()}.
'Zeroless' Signed Digit Left-to-Right.
'Zeroless' Signed Digit Right-to-Left.
Utility methods for generating primes and testing for primality.
Used to return the output from the
{@linkplain Primes#enhancedMRProbablePrimeTest(BigInteger, SecureRandom, int) Enhanced
Miller-Rabin Probabilistic Primality Test}
Used to return the output from the {@linkplain Primes#generateSTRandomPrime(Digest, int, byte[]) Shawe-Taylor Random_Prime Routine}
FIPS 186-4 C.6 Shawe-Taylor Random_Prime Routine
Construct a provable prime number using a hash function.
@param hash
the {@link Digest} instance to use (as "Hash()"). Cannot be null.
@param length
the length (in bits) of the prime to be generated. Must be at least 2.
@param inputSeed
the seed to be used for the generation of the requested prime. Cannot be null or
empty.
@return an {@link STOutput} instance containing the requested prime.
FIPS 186-4 C.3.2 Enhanced Miller-Rabin Probabilistic Primality Test
Run several iterations of the Miller-Rabin algorithm with randomly-chosen bases. This is an
alternative to {@link #isMRProbablePrime(BigInteger, SecureRandom, int)} that provides more
information about a composite candidate, which may be useful when generating or validating
RSA moduli.
@param candidate
the {@link BigInteger} instance to test for primality.
@param random
the source of randomness to use to choose bases.
@param iterations
the number of randomly-chosen bases to perform the test for.
@return an {@link MROutput} instance that can be further queried for details.
A fast check for small divisors, up to some implementation-specific limit.
@param candidate
the {@link BigInteger} instance to test for division by small factors.
@return true if the candidate is found to have any small factors,
false otherwise.
FIPS 186-4 C.3.1 Miller-Rabin Probabilistic Primality Test
Run several iterations of the Miller-Rabin algorithm with randomly-chosen bases.
@param candidate
the {@link BigInteger} instance to test for primality.
@param random
the source of randomness to use to choose bases.
@param iterations
the number of randomly-chosen bases to perform the test for.
@return false if any witness to compositeness is found amongst the chosen bases
(so candidate is definitely NOT prime), or else true
(indicating primality with some probability dependent on the number of iterations
that were performed).
FIPS 186-4 C.3.1 Miller-Rabin Probabilistic Primality Test (to a fixed base).
Run a single iteration of the Miller-Rabin algorithm against the specified base.
@param candidate
the {@link BigInteger} instance to test for primality.
@param baseValue
the base value to use for this iteration.
@return false if the specified base is a witness to compositeness (so
candidate is definitely NOT prime), or else true.
BasicOcspResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
}
The DER encoding of the tbsResponseData field.
In the event of an encoding error.
The certificates, if any, associated with the response.
In the event of an encoding error.
Verify the signature against the tbsResponseData object we contain.
The ASN.1 encoded representation of this object.
Generator for basic OCSP response objects.
basic constructor
construct with the responderID to be the SHA-1 keyHash of the passed in public key.
Add a response for a particular Certificate ID.
@param certID certificate ID details
@param certStatus status of the certificate - null if okay
Add a response for a particular Certificate ID.
@param certID certificate ID details
@param certStatus status of the certificate - null if okay
@param singleExtensions optional extensions
Add a response for a particular Certificate ID.
@param certID certificate ID details
@param nextUpdate date when next update should be requested
@param certStatus status of the certificate - null if okay
@param singleExtensions optional extensions
Add a response for a particular Certificate ID.
@param certID certificate ID details
@param thisUpdate date this response was valid on
@param nextUpdate date when next update should be requested
@param certStatus status of the certificate - null if okay
@param singleExtensions optional extensions
Set the extensions for the response.
@param responseExtensions the extension object to carry.
Generate the signed response using the passed in signature calculator.
Implementation of signing calculator factory.
The certificate chain associated with the response signer.
"produced at" date.
Return an IEnumerable of the signature names supported by the generator.
@return an IEnumerable containing recognised names.
create from an issuer certificate and the serial number of the
certificate it signed.
@exception OcspException if any problems occur creating the id fields.
return the serial number for the certificate associated
with this request.
Create a new CertificateID for a new serial number derived from a previous one
calculated for the same CA certificate.
@param original the previously calculated CertificateID for the CA.
@param newSerialNumber the serial number for the new certificate of interest.
@return a new CertificateID for newSerialNumber
OcspRequest ::= SEQUENCE {
tbsRequest TBSRequest,
optionalSignature [0] EXPLICIT Signature OPTIONAL }
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
Signature ::= SEQUENCE {
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL}
Version ::= INTEGER { v1(0) }
Request ::= SEQUENCE {
reqCert CertID,
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
Return the DER encoding of the tbsRequest field.
@return DER encoding of tbsRequest
@throws OcspException in the event of an encoding error.
return the object identifier representing the signature algorithm
If the request is signed return a possibly empty CertStore containing the certificates in the
request. If the request is not signed the method returns null.
@return null if not signed, a CertStore otherwise
@throws OcspException
Return whether or not this request is signed.
@return true if signed false otherwise.
Verify the signature against the TBSRequest object we contain.
return the ASN.1 encoded representation of this object.
Add a request for the given CertificateID.
@param certId certificate ID of interest
Add a request with extensions
@param certId certificate ID of interest
@param singleRequestExtensions the extensions to attach to the request
Set the requestor name to the passed in X509Principal
@param requestorName a X509Principal representing the requestor name.
Generate an unsigned request
@return the OcspReq
@throws OcspException
Return an IEnumerable of the signature names supported by the generator.
@return an IEnumerable containing recognised names.
return the ASN.1 encoded representation of this object.
base generator for an OCSP response - at the moment this only supports the
generation of responses containing BasicOCSP responses.
note 4 is not used.
Carrier for a ResponderID.
wrapper for the RevokedInfo object
return the revocation reason. Note: this field is optional, test for it
with hasRevocationReason() first.
@exception InvalidOperationException if a reason is asked for and none is avaliable
Return the status object for the response - null indicates good.
@return the status object for the response, null if it is good.
return the NextUpdate value - note: this is an optional field so may
be returned as null.
@return nextUpdate, or null if not present.
wrapper for the UnknownInfo object
Utility class for creating IBasicAgreement objects from their names/Oids
Cipher Utility class contains methods that can not be specifically grouped into other classes.
Returns a ObjectIdentifier for a give encoding.
A string representation of the encoding.
A DerObjectIdentifier, null if the Oid is not available.
Utility class for creating IDigest objects from their names/Oids
Returns a ObjectIdentifier for a given digest mechanism.
A string representation of the digest meanism.
A DerObjectIdentifier, null if the Oid is not available.
A class containing methods to interface the BouncyCastle world to the .NET Crypto world.
Create an System.Security.Cryptography.X509Certificate from an X509Certificate Structure.
A System.Security.Cryptography.X509Certificate.
Utility class for creating HMac object from their names/Oids
Returns a ObjectIdentifier for a give encoding.
A string representation of the encoding.
A DerObjectIdentifier, null if the Oid is not available.
Create and auto-seed an instance based on the given algorithm.
Equivalent to GetInstance(algorithm, true)
e.g. "SHA256PRNG"
Create an instance based on the given algorithm, with optional auto-seeding
e.g. "SHA256PRNG"
If true, the instance will be auto-seeded.
To replicate existing predictable output, replace with GetInstance("SHA1PRNG", false), followed by SetSeed(seed)
Use the specified instance of IRandomGenerator as random source.
This constructor performs no seeding of either the IRandomGenerator or the
constructed SecureRandom. It is the responsibility of the client to provide
proper seed material as necessary/appropriate for the given IRandomGenerator
implementation.
The source to generate all random bytes from.
base constructor.
create a SecurityUtilityException with the given message.
@param message the message to be carried with the exception.
Signer Utility class contains methods that can not be specifically grouped into other classes.
Returns an ObjectIdentifier for a given encoding.
A string representation of the encoding.
A DerObjectIdentifier, null if the OID is not available.
Utility class for creating IWrapper objects from their names/Oids
PEM generator for the original set of PEM objects used in Open SSL.
Class for reading OpenSSL PEM encoded streams containing
X509 certificates, PKCS8 encoded keys and PKCS7 objects.
In the case of PKCS7 objects the reader will return a CMS ContentInfo object. Keys and
Certificates will be returned using the appropriate java.security type.
Create a new PemReader
@param reader the Reader
Create a new PemReader with a password finder
@param reader the Reader
@param pFinder the password finder
Reads in a X509Certificate.
@return the X509Certificate
@throws IOException if an I/O error occured
Reads in a X509CRL.
@return the X509Certificate
@throws IOException if an I/O error occured
Reads in a PKCS10 certification request.
@return the certificate request.
@throws IOException if an I/O error occured
Reads in a X509 Attribute Certificate.
@return the X509 Attribute Certificate
@throws IOException if an I/O error occured
Reads in a PKCS7 object. This returns a ContentInfo object suitable for use with the CMS
API.
@return the X509Certificate
@throws IOException if an I/O error occured
Read a Key Pair
General purpose writer for OpenSSL PEM objects.
The TextWriter object to write the output to.
Constructor for an unencrypted private key PEM object.
@param key private key to be encoded.
Constructor for an encrypted private key PEM object.
@param key private key to be encoded
@param algorithm encryption algorithm to use
@param provider provider to use
@throws NoSuchAlgorithmException if algorithm/mode cannot be found
A class for verifying and creating Pkcs10 Certification requests.
CertificationRequest ::= Sequence {
certificationRequestInfo CertificationRequestInfo,
signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
signature BIT STRING
}
CertificationRequestInfo ::= Sequence {
version Integer { v1(0) } (v1,...),
subject Name,
subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
attributes [0] Attributes{{ CRIAttributes }}
}
Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }}
Attr { ATTRIBUTE:IOSet } ::= Sequence {
type ATTRIBUTE.&id({IOSet}),
values Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
}
see
Instantiate a Pkcs10CertificationRequest object with the necessary credentials.
Name of Sig Alg.
X509Name of subject eg OU="My unit." O="My Organisatioin" C="au"
Public Key to be included in cert reqest.
ASN1Set of Attributes.
Matching Private key for nominated (above) public key to be used to sign the request.
Instantiate a Pkcs10CertificationRequest object with the necessary credentials.
The factory for signature calculators to sign the PKCS#10 request with.
X509Name of subject eg OU="My unit." O="My Organisatioin" C="au"
Public Key to be included in cert reqest.
ASN1Set of Attributes.
Ignored.
Instantiate a Pkcs10CertificationRequest object with the necessary credentials.
The factory for signature calculators to sign the PKCS#10 request with.
X509Name of subject eg OU="My unit." O="My Organisatioin" C="au"
Public Key to be included in cert reqest.
ASN1Set of Attributes.
Get the public key.
The public key.
Verify Pkcs10 Cert Request is valid.
true = valid.
Returns X509Extensions if the Extensions Request attribute can be found and returns the extensions block.
X509Extensions block or null if one cannot be found.
A class for creating and verifying Pkcs10 Certification requests (this is an extension on ).
The requests are made using delay signing. This is useful for situations where
the private key is in another environment and not directly accessible (e.g. HSM)
So the first step creates the request, then the signing is done outside this
object and the signature is then used to complete the request.
CertificationRequest ::= Sequence {
certificationRequestInfo CertificationRequestInfo,
signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
signature BIT STRING
}
CertificationRequestInfo ::= Sequence {
version Integer { v1(0) } (v1,...),
subject Name,
subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
attributes [0] Attributes{{ CRIAttributes }}
}
Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }}
Attr { ATTRIBUTE:IOSet } ::= Sequence {
type ATTRIBUTE.&id({IOSet}),
values Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
}
see
Instantiate a Pkcs10CertificationRequest object with the necessary credentials.
Name of Sig Alg.
X509Name of subject eg OU="My unit." O="My Organisatioin" C="au"
Public Key to be included in cert reqest.
ASN1Set of Attributes.
After the object is constructed use the and finally the
SignRequest methods to finalize the request.
simply return the cert entry for the private key
Utility class for reencoding PKCS#12 files to definite length.
Just re-encode the outer layer of the PKCS#12 file to definite length encoding.
@param berPKCS12File - original PKCS#12 file
@return a byte array representing the DER encoding of the PFX structure
@throws IOException
Re-encode the PKCS#12 structure to definite length encoding at the inner layer
as well, recomputing the MAC accordingly.
@param berPKCS12File - original PKCS12 file.
@param provider - provider to use for MAC calculation.
@return a byte array representing the DER encoding of the PFX structure.
@throws IOException on parsing, encoding errors.
A holding class for a PKCS#8 encrypted private key info object that allows for its decryption.
Base constructor from a PKCS#8 EncryptedPrivateKeyInfo object.
A PKCS#8 EncryptedPrivateKeyInfo object.
Base constructor from a BER encoding of a PKCS#8 EncryptedPrivateKeyInfo object.
A BER encoding of a PKCS#8 EncryptedPrivateKeyInfo objects.
Returns the underlying ASN.1 structure inside this object.
Return the EncryptedPrivateKeyInfo structure in this object.
Returns a copy of the encrypted data in this structure.
Return a copy of the encrypted data in this object.
Return a binary ASN.1 encoding of the EncryptedPrivateKeyInfo structure in this object.
A byte array containing the encoded object.
Get a decryptor from the passed in provider and decrypt the encrypted private key info, returning the result.
A provider to query for decryptors for the object.
The decrypted private key info structure.
Create the encrypted private key info using the passed in encryptor.
The encryptor to use.
An encrypted private key info containing the original private key info.
Base exception for PKCS related issues.
Base exception for parsing related issues in the PKCS namespace.
Create a PrivateKeyInfo representation of a private key with attributes.
@param privateKey the key to be encoded into the info object.
@param attributes the set of attributes to be included.
@return the appropriate PrivateKeyInfo
@throws java.io.IOException on an error encoding the key
Returns the revocationDate.
Returns the certStatus.
Returns an immutable Set of X.509 attribute certificate
extensions that this PkixAttrCertChecker supports or
null if no extensions are supported.
Each element of the set is a String representing the
Object Identifier (OID) of the X.509 extension that is supported.
All X.509 attribute certificate extensions that a
PkixAttrCertChecker might possibly be able to process
should be included in the set.
@return an immutable Set of X.509 extension OIDs (in
String format) supported by this
PkixAttrCertChecker, or null if no
extensions are supported
Performs checks on the specified attribute certificate. Every handled
extension is rmeoved from the unresolvedCritExts
collection.
@param attrCert The attribute certificate to be checked.
@param certPath The certificate path which belongs to the attribute
certificate issuer public key certificate.
@param holderCertPath The certificate path which belongs to the holder
certificate.
@param unresolvedCritExts a Collection of OID strings
representing the current set of unresolved critical extensions
@throws CertPathValidatorException if the specified attribute certificate
does not pass the check.
Returns a clone of this object.
@return a copy of this PkixAttrCertChecker
Build and validate a CertPath using the given parameter.
@param params PKIXBuilderParameters object containing all information to
build the CertPath
CertPathValidatorSpi implementation for X.509 Attribute Certificates la RFC 3281.
@see org.bouncycastle.x509.ExtendedPkixParameters
Validates an attribute certificate with the given certificate path.
params must be an instance of
ExtendedPkixParameters.
The target constraints in the params must be an
X509AttrCertStoreSelector with at least the attribute
certificate criterion set. Obey that also target informations may be
necessary to correctly validate this attribute certificate.
The attribute certificate issuer must be added to the trusted attribute
issuers with {@link ExtendedPkixParameters#setTrustedACIssuers(Set)}.
@param certPath The certificate path which belongs to the attribute
certificate issuer public key certificate.
@param params The PKIX parameters.
@return A PKIXCertPathValidatorResult of the result of
validating the certPath.
@throws InvalidAlgorithmParameterException if params is
inappropriate for this validator.
@throws CertPathValidatorException if the verification fails.
Summary description for PkixBuilderParameters.
Returns an instance of PkixBuilderParameters.
This method can be used to get a copy from other
PKIXBuilderParameters, PKIXParameters,
and ExtendedPKIXParameters instances.
@param pkixParams The PKIX parameters to create a copy of.
@return An PkixBuilderParameters instance.
Excluded certificates are not used for building a certification path.
the excluded certificates.
Sets the excluded certificates which are not used for building a
certification path. If the ISet is null an
empty set is assumed.
The given set is cloned to protect it against subsequent modifications.
The excluded certificates to set.
Can alse handle ExtendedPKIXBuilderParameters and
PKIXBuilderParameters.
@param params Parameters to set.
@see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters)
Makes a copy of this PKIXParameters object. Changes to the
copy will not affect the original and vice versa.
@return a copy of this PKIXParameters object
An immutable sequence of certificates (a certification path).
This is an abstract class that defines the methods common to all CertPaths.
Subclasses can handle different kinds of certificates (X.509, PGP, etc.).
All CertPath objects have a type, a list of Certificates, and one or more
supported encodings. Because the CertPath class is immutable, a CertPath
cannot change in any externally visible way after being constructed. This
stipulation applies to all public fields and methods of this class and any
added or overridden by subclasses.
The type is a string that identifies the type of Certificates in the
certification path. For each certificate cert in a certification path
certPath, cert.getType().equals(certPath.getType()) must be true.
The list of Certificates is an ordered List of zero or more Certificates.
This List and all of the Certificates contained in it must be immutable.
Each CertPath object must support one or more encodings so that the object
can be translated into a byte array for storage or transmission to other
parties. Preferably, these encodings should be well-documented standards
(such as PKCS#7). One of the encodings supported by a CertPath is considered
the default encoding. This encoding is used if no encoding is explicitly
requested (for the {@link #getEncoded()} method, for instance).
All CertPath objects are also Serializable. CertPath objects are resolved
into an alternate {@link CertPathRep} object during serialization. This
allows a CertPath object to be serialized into an equivalent representation
regardless of its underlying implementation.
CertPath objects can be created with a CertificateFactory or they can be
returned by other classes, such as a CertPathBuilder.
By convention, X.509 CertPaths (consisting of X509Certificates), are ordered
starting with the target certificate and ending with a certificate issued by
the trust anchor. That is, the issuer of one certificate is the subject of
the following one. The certificate representing the
{@link TrustAnchor TrustAnchor} should not be included in the certification
path. Unvalidated X.509 CertPaths may not follow these conventions. PKIX
CertPathValidators will detect any departure from these conventions that
cause the certification path to be invalid and throw a
CertPathValidatorException.
Concurrent Access
All CertPath objects must be thread-safe. That is, multiple threads may
concurrently invoke the methods defined in this class on a single CertPath
object (or more than one) with no ill effects. This is also true for the List
returned by CertPath.getCertificates.
Requiring CertPath objects to be immutable and thread-safe allows them to be
passed around to various pieces of code without worrying about coordinating
access. Providing this thread-safety is generally not difficult, since the
CertPath and List objects in question are immutable.
@see CertificateFactory
@see CertPathBuilder
CertPath implementation for X.509 certificates.
@param certs
Creates a CertPath of the specified type.
This constructor is protected because most users should use
a CertificateFactory to create CertPaths.
@param type the standard name of the type of Certificatesin this path
Creates a CertPath of the specified type.
This constructor is protected because most users should use
a CertificateFactory to create CertPaths.
@param type the standard name of the type of Certificatesin this path
Returns an iteration of the encodings supported by this
certification path, with the default encoding
first. Attempts to modify the returned Iterator via its
remove method result in an UnsupportedOperationException.
@return an Iterator over the names of the supported encodings (as Strings)
Compares this certification path for equality with the specified object.
Two CertPaths are equal if and only if their types are equal and their
certificate Lists (and by implication the Certificates in those Lists)
are equal. A CertPath is never equal to an object that is not a CertPath.
This algorithm is implemented by this method. If it is overridden, the
behavior specified here must be maintained.
@param other
the object to test for equality with this certification path
@return true if the specified object is equal to this certification path,
false otherwise
@see Object#hashCode() Object.hashCode()
Returns the encoded form of this certification path, using
the default encoding.
@return the encoded bytes
@exception CertificateEncodingException if an encoding error occurs
Returns the encoded form of this certification path, using
the specified encoding.
@param encoding the name of the encoding to use
@return the encoded bytes
@exception CertificateEncodingException if an encoding error
occurs or the encoding requested is not supported
Returns the list of certificates in this certification
path.
Return a DERObject containing the encoded certificate.
@param cert the X509Certificate object to be encoded
@return the DERObject
Implements the PKIX CertPathBuilding algorithm for BouncyCastle.
@see CertPathBuilderSpi
Build and validate a CertPath using the given parameter.
@param params PKIXBuilderParameters object containing all information to
build the CertPath
Summary description for PkixCertPathBuilderException.
Summary description for PkixCertPathBuilderResult.
* Initializes the internal state of this PKIXCertPathChecker.
*
* The forward flag specifies the order that certificates
* will be passed to the {@link #check check} method (forward or reverse). A
* PKIXCertPathChecker must support reverse checking
* and may support forward checking.
*
*
* @param forward
* the order that certificates are presented to the
* check method. If true,
* certificates are presented from target to most-trusted CA
* (forward); if false, from most-trusted CA to
* target (reverse).
* @exception CertPathValidatorException
* if this PKIXCertPathChecker is unable to
* check certificates in the specified order; it should never
* be thrown if the forward flag is false since reverse
* checking must be supported
Indicates if forward checking is supported. Forward checking refers to
the ability of the PKIXCertPathChecker to perform its
checks when certificates are presented to the check method
in the forward direction (from target to most-trusted CA).
@return true if forward checking is supported,
false otherwise
* Returns an immutable Set of X.509 certificate extensions
* that this PKIXCertPathChecker supports (i.e. recognizes,
* is able to process), or null if no extensions are
* supported.
*
* Each element of the set is a String representing the
* Object Identifier (OID) of the X.509 extension that is supported. The OID
* is represented by a set of nonnegative integers separated by periods.
*
* All X.509 certificate extensions that a PKIXCertPathChecker
* might possibly be able to process should be included in the set.
*
*
* @return an immutable Set of X.509 extension OIDs (in
* String format) supported by this
* PKIXCertPathChecker, or null if no
* extensions are supported
Performs the check(s) on the specified certificate using its internal
state and removes any critical extensions that it processes from the
specified collection of OID strings that represent the unresolved
critical extensions. The certificates are presented in the order
specified by the init method.
@param cert
the Certificate to be checked
@param unresolvedCritExts
a Collection of OID strings representing the
current set of unresolved critical extensions
@exception CertPathValidatorException
if the specified certificate does not pass the check
Returns a clone of this object. Calls the Object.clone()
method. All subclasses which maintain state must support and override
this method, if necessary.
@return a copy of this PKIXCertPathChecker
The Service Provider Interface (SPI)
for the {@link CertPathValidator CertPathValidator} class. All
CertPathValidator implementations must include a class (the
SPI class) that extends this class (CertPathValidatorSpi)
and implements all of its methods. In general, instances of this class
should only be accessed through the CertPathValidator class.
For details, see the Java Cryptography Architecture.
Concurrent Access
Instances of this class need not be protected against concurrent
access from multiple threads. Threads that need to access a single
CertPathValidatorSpi instance concurrently should synchronize
amongst themselves and provide the necessary locking before calling the
wrapping CertPathValidator object.
However, implementations of CertPathValidatorSpi may still
encounter concurrency issues, since multiple threads each
manipulating a different CertPathValidatorSpi instance need not
synchronize.
CertPathValidatorSpi implementation for X.509 Certificate validation a la RFC
3280.
An exception indicating one of a variety of problems encountered when
validating a certification path.
A CertPathValidatorException provides support for wrapping
exceptions. The {@link #getCause getCause} method returns the throwable,
if any, that caused this exception to be thrown.
A CertPathValidatorException may also include the
certification path that was being validated when the exception was thrown
and the index of the certificate in the certification path that caused the
exception to be thrown. Use the {@link #getCertPath getCertPath} and
{@link #getIndex getIndex} methods to retrieve this information.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not
thread-safe. Multiple threads that need to access a single
object concurrently should synchronize amongst themselves and
provide the necessary locking. Multiple threads each manipulating
separate objects need not synchronize.
@see CertPathValidator
Creates a PkixCertPathValidatorException with the given detail
message. A detail message is a String that describes this
particular exception.
the detail message
Creates a PkixCertPathValidatorException with the specified
detail message and cause.
the detail message
the cause (which is saved for later retrieval by the
{@link #getCause getCause()} method). (A null
value is permitted, and indicates that the cause is
nonexistent or unknown.)
Creates a PkixCertPathValidatorException with the specified
detail message, cause, certification path, and index.
the detail message (or null if none)
the cause (or null if none)
the certification path that was in the process of being
validated when the error was encountered
the index of the certificate in the certification path that *
Returns the detail message for this CertPathValidatorException.
the detail message, or null if neither the message nor cause were specified
Returns the certification path that was being validated when the
exception was thrown.
@return the CertPath that was being validated when the
exception was thrown (or null if not specified)
Returns the index of the certificate in the certification path that
caused the exception to be thrown. Note that the list of certificates in
a CertPath is zero based. If no index has been set, -1 is
returned.
@return the index that has been set, or -1 if none has been set
Summary description for PkixCertPathValidatorResult.
Summary description for PkixCertPathValidatorUtilities.
key usage bits
Search the given Set of TrustAnchor's for one that is the
issuer of the given X509 certificate.
the X509 certificate
a Set of TrustAnchor's
the TrustAnchor object if found or
null if not.
@exception
Returns the issuer of an attribute certificate or certificate.
The attribute certificate or certificate.
The issuer as X500Principal.
Return the next working key inheriting DSA parameters if necessary.
This methods inherits DSA parameters from the indexed certificate or
previous certificates in the certificate chain to the returned
PublicKey. The list is searched upwards, meaning the end
certificate is at position 0 and previous certificates are following.
If the indexed certificate does not contain a DSA key this method simply
returns the public key. If the DSA key already contains DSA parameters
the key is also only returned.
@param certs The certification path.
@param index The index of the certificate which contains the public key
which should be extended with DSA parameters.
@return The public key of the certificate in list position
index extended with DSA parameters if applicable.
@throws Exception if DSA parameters cannot be inherited.
Return a Collection of all certificates or attribute certificates found
in the X509Store's that are matching the certSelect criteriums.
a {@link Selector} object that will be used to select
the certificates
a List containing only X509Store objects. These
are used to search for certificates.
a Collection of all found or
objects.
May be empty but never null.
Add the CRL issuers from the cRLIssuer field of the distribution point or
from the certificate if not given to the issuer criterion of the
selector.
The issuerPrincipals are a collection with a single
X500Principal for X509Certificates. For
{@link X509AttributeCertificate}s the issuer may contain more than one
X500Principal.
@param dp The distribution point.
@param issuerPrincipals The issuers of the certificate or attribute
certificate which contains the distribution point.
@param selector The CRL selector.
@param pkixParams The PKIX parameters containing the cert stores.
@throws Exception if an exception occurs while processing.
@throws ClassCastException if issuerPrincipals does not
contain only X500Principals.
Fetches complete CRLs according to RFC 3280.
@param dp The distribution point for which the complete CRL
@param cert The X509Certificate or
{@link org.bouncycastle.x509.X509AttributeCertificate} for
which the CRL should be searched.
@param currentDate The date for which the delta CRLs must be valid.
@param paramsPKIX The extended PKIX parameters.
@return A Set of X509CRLs with complete
CRLs.
@throws Exception if an exception occurs while picking the CRLs
or no CRLs are found.
Fetches delta CRLs according to RFC 3280 section 5.2.4.
@param currentDate The date for which the delta CRLs must be valid.
@param paramsPKIX The extended PKIX parameters.
@param completeCRL The complete CRL the delta CRL is for.
@return A Set of X509CRLs with delta CRLs.
@throws Exception if an exception occurs while picking the delta
CRLs.
Find the issuer certificates of a given certificate.
@param cert
The certificate for which an issuer should be found.
@param pkixParams
@return A Collection object containing the issuer
X509Certificates. Never null.
@exception Exception
if an error occurs.
Extract the value of the given extension, if it exists.
The extension object.
The object identifier to obtain.
Asn1Object
if the extension cannot be read.
crl checking
Return a Collection of all CRLs found in the X509Store's that are
matching the crlSelect criteriums.
a {@link X509CRLStoreSelector} object that will be used
to select the CRLs
a List containing only {@link org.bouncycastle.x509.X509Store
X509Store} objects. These are used to search for CRLs
a Collection of all found {@link X509CRL X509CRL} objects. May be
empty but never null.
Returns the intersection of the permitted IP ranges in
permitted with ip.
@param permitted A Set of permitted IP addresses with
their subnet mask as byte arrays.
@param ips The IP address with its subnet mask.
@return The Set of permitted IP ranges intersected with
ip.
Returns the union of the excluded IP ranges in excluded
with ip.
@param excluded A Set of excluded IP addresses with their
subnet mask as byte arrays.
@param ip The IP address with its subnet mask.
@return The Set of excluded IP ranges unified with
ip as byte arrays.
Calculates the union if two IP ranges.
@param ipWithSubmask1 The first IP address with its subnet mask.
@param ipWithSubmask2 The second IP address with its subnet mask.
@return A Set with the union of both addresses.
Calculates the interesction if two IP ranges.
@param ipWithSubmask1 The first IP address with its subnet mask.
@param ipWithSubmask2 The second IP address with its subnet mask.
@return A Set with the single IP address with its subnet
mask as a byte array or an empty Set.
Concatenates the IP address with its subnet mask.
@param ip The IP address.
@param subnetMask Its subnet mask.
@return The concatenated IP address with its subnet mask.
Splits the IP addresses and their subnet mask.
@param ipWithSubmask1 The first IP address with the subnet mask.
@param ipWithSubmask2 The second IP address with the subnet mask.
@return An array with two elements. Each element contains the IP address
and the subnet mask in this order.
Based on the two IP addresses and their subnet masks the IP range is
computed for each IP address - subnet mask pair and returned as the
minimum IP address and the maximum address of the range.
@param ip1 The first IP address.
@param subnetmask1 The subnet mask of the first IP address.
@param ip2 The second IP address.
@param subnetmask2 The subnet mask of the second IP address.
@return A array with two elements. The first/second element contains the
min and max IP address of the first/second IP address and its
subnet mask.
Checks if the IP address ip is constrained by
constraint.
@param constraint The constraint. This is an IP address concatenated with
its subnetmask.
@param ip The IP address.
@return true if constrained, false
otherwise.
Checks if the IP ip is included in the permitted ISet
permitted.
@param permitted A Set of permitted IP addresses with
their subnet mask as byte arrays.
@param ip The IP address.
@throws PkixNameConstraintValidatorException
if the IP is not permitted.
Checks if the IP ip is included in the excluded ISet
excluded.
@param excluded A Set of excluded IP addresses with their
subnet mask as byte arrays.
@param ip The IP address.
@throws PkixNameConstraintValidatorException
if the IP is excluded.
The common part of email1 and email2 is
added to the union union. If email1 and
email2 have nothing in common they are added both.
@param email1 Email address constraint 1.
@param email2 Email address constraint 2.
@param union The union.
The most restricting part from email1 and
email2 is added to the intersection intersect.
@param email1 Email address constraint 1.
@param email2 Email address constraint 2.
@param intersect The intersection.
Checks if the given GeneralName is in the permitted ISet.
@param name The GeneralName
@throws PkixNameConstraintValidatorException
If the name
Check if the given GeneralName is contained in the excluded ISet.
@param name The GeneralName.
@throws PkixNameConstraintValidatorException
If the name is
excluded.
Updates the permitted ISet of these name constraints with the intersection
with the given subtree.
@param permitted The permitted subtrees
Adds a subtree to the excluded ISet of these name constraints.
@param subtree A subtree with an excluded GeneralName.
Returns the maximum IP address.
@param ip1 The first IP address.
@param ip2 The second IP address.
@return The maximum IP address.
Returns the minimum IP address.
@param ip1 The first IP address.
@param ip2 The second IP address.
@return The minimum IP address.
Compares IP address ip1 with ip2. If ip1
is equal to ip2 0 is returned. If ip1 is bigger 1 is returned, -1
otherwise.
@param ip1 The first IP address.
@param ip2 The second IP address.
@return 0 if ip1 is equal to ip2, 1 if ip1 is bigger, -1 otherwise.
Returns the logical OR of the IP addresses ip1 and
ip2.
@param ip1 The first IP address.
@param ip2 The second IP address.
@return The OR of ip1 and ip2.
Stringifies an IPv4 or v6 address with subnet mask.
@param ip The IP with subnet mask.
@return The stringified IP address.
Summary description for PkixParameters.
This is the default PKIX validity model. Actually there are two variants
of this: The PKIX model and the modified PKIX model. The PKIX model
verifies that all involved certificates must have been valid at the
current time. The modified PKIX model verifies that all involved
certificates were valid at the signing time. Both are indirectly choosen
with the {@link PKIXParameters#setDate(java.util.Date)} method, so this
methods sets the Date when all certificates must have been
valid.
This model uses the following validity model. Each certificate must have
been valid at the moment where is was used. That means the end
certificate must have been valid at the time the signature was done. The
CA certificate which signed the end certificate must have been valid,
when the end certificate was signed. The CA (or Root CA) certificate must
have been valid, when the CA certificate was signed and so on. So the
{@link PKIXParameters#setDate(java.util.Date)} method sets the time, when
the end certificate must have been valid. It is used e.g.
in the German signature law.
Creates an instance of PKIXParameters with the specified Set of
most-trusted CAs. Each element of the set is a TrustAnchor.
Note that the Set is copied to protect against subsequent modifications.
@param trustAnchors
a Set of TrustAnchors
@exception InvalidAlgorithmParameterException
if the specified Set is empty
(trustAnchors.isEmpty() == true)
@exception NullPointerException
if the specified Set is null
@exception ClassCastException
if any of the elements in the Set are not of type
java.security.cert.TrustAnchor
Returns the required constraints on the target certificate. The
constraints are returned as an instance of CertSelector. If
null, no constraints are defined.
Note that the CertSelector returned is cloned to protect against
subsequent modifications.
@return a CertSelector specifying the constraints on the target
certificate (or null)
@see #setTargetCertConstraints(CertSelector)
Sets the required constraints on the target certificate. The constraints
are specified as an instance of CertSelector. If null, no constraints are
defined.
Note that the CertSelector specified is cloned to protect against
subsequent modifications.
@param selector
a CertSelector specifying the constraints on the target
certificate (or null)
@see #getTargetCertConstraints()
Returns an immutable Set of initial policy identifiers (OID strings),
indicating that any one of these policies would be acceptable to the
certificate user for the purposes of certification path processing. The
default return value is an empty Set, which is
interpreted as meaning that any policy would be acceptable.
@return an immutable Set of initial policy OIDs in String
format, or an empty Set (implying any policy is
acceptable). Never returns null.
@see #setInitialPolicies(java.util.Set)
Sets the Set of initial policy identifiers (OID strings),
indicating that any one of these policies would be acceptable to the
certificate user for the purposes of certification path processing. By
default, any policy is acceptable (i.e. all policies), so a user that
wants to allow any policy as acceptable does not need to call this
method, or can call it with an empty Set (or
null).
Note that the Set is copied to protect against subsequent modifications.
@param initialPolicies
a Set of initial policy OIDs in String format (or
null)
@exception ClassCastException
if any of the elements in the set are not of type String
@see #getInitialPolicies()
Sets a List of additional certification path checkers. If
the specified List contains an object that is not a PKIXCertPathChecker,
it is ignored.
Each PKIXCertPathChecker specified implements additional
checks on a certificate. Typically, these are checks to process and
verify private extensions contained in certificates. Each
PKIXCertPathChecker should be instantiated with any
initialization parameters needed to execute the check.
This method allows sophisticated applications to extend a PKIX
CertPathValidator or CertPathBuilder. Each
of the specified PKIXCertPathCheckers will be called, in turn, by a PKIX
CertPathValidator or CertPathBuilder for
each certificate processed or validated.
Regardless of whether these additional PKIXCertPathCheckers are set, a
PKIX CertPathValidator or CertPathBuilder
must perform all of the required PKIX checks on each certificate. The one
exception to this rule is if the RevocationEnabled flag is set to false
(see the {@link #setRevocationEnabled(boolean) setRevocationEnabled}
method).
Note that the List supplied here is copied and each PKIXCertPathChecker
in the list is cloned to protect against subsequent modifications.
@param checkers
a List of PKIXCertPathCheckers. May be null, in which case no
additional checkers will be used.
@exception ClassCastException
if any of the elements in the list are not of type
java.security.cert.PKIXCertPathChecker
@see #getCertPathCheckers()
Returns the List of certification path checkers. Each PKIXCertPathChecker
in the returned IList is cloned to protect against subsequent modifications.
@return an immutable List of PKIXCertPathCheckers (may be empty, but not
null)
@see #setCertPathCheckers(java.util.List)
Adds a PKIXCertPathChecker to the list of certification
path checkers. See the {@link #setCertPathCheckers setCertPathCheckers}
method for more details.
Note that the PKIXCertPathChecker is cloned to protect
against subsequent modifications.
@param checker a PKIXCertPathChecker to add to the list of
checks. If null, the checker is ignored (not added to list).
Method to support Clone() under J2ME.
super.Clone() does not exist and fields are not copied.
@param params Parameters to set. If this are
ExtendedPkixParameters they are copied to.
Whether delta CRLs should be used for checking the revocation status.
Defaults to false.
The validity model.
@see #CHAIN_VALIDITY_MODEL
@see #PKIX_VALIDITY_MODEL
Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute
certificates or cross certificates.
The IList is cloned.
@param stores A list of stores to use.
@see #getStores
@throws ClassCastException if an element of stores is not
a {@link Store}.
Adds a Bouncy Castle {@link Store} to find CRLs, certificates, attribute
certificates or cross certificates.
This method should be used to add local stores, like collection based
X.509 stores, if available. Local stores should be considered first,
before trying to use additional (remote) locations, because they do not
need possible additional network traffic.
If store is null it is ignored.
@param store The store to add.
@see #getStores
Adds an additional Bouncy Castle {@link Store} to find CRLs, certificates,
attribute certificates or cross certificates.
You should not use this method. This method is used for adding additional
X.509 stores, which are used to add (remote) locations, e.g. LDAP, found
during X.509 object processing, e.g. in certificates or CRLs. This method
is used in PKIX certification path processing.
If store is null it is ignored.
@param store The store to add.
@see #getStores()
Returns an IList of additional Bouncy Castle
Stores used for finding CRLs, certificates, attribute
certificates or cross certificates.
@return an immutable IList of additional Bouncy Castle
Stores. Never null.
@see #addAddionalStore(Store)
Returns an IList of Bouncy Castle
Stores used for finding CRLs, certificates, attribute
certificates or cross certificates.
@return an immutable IList of Bouncy Castle
Stores. Never null.
@see #setStores(IList)
Returns if additional {@link X509Store}s for locations like LDAP found
in certificates or CRLs should be used.
@return Returns true if additional stores are used.
Sets if additional {@link X509Store}s for locations like LDAP found in
certificates or CRLs should be used.
@param enabled true if additional stores are used.
Returns the required constraints on the target certificate or attribute
certificate. The constraints are returned as an instance of
IX509Selector. If null, no constraints are
defined.
The target certificate in a PKIX path may be a certificate or an
attribute certificate.
Note that the IX509Selector returned is cloned to protect
against subsequent modifications.
@return a IX509Selector specifying the constraints on the
target certificate or attribute certificate (or null)
@see #setTargetConstraints
@see X509CertStoreSelector
@see X509AttributeCertStoreSelector
Sets the required constraints on the target certificate or attribute
certificate. The constraints are specified as an instance of
IX509Selector. If null, no constraints are
defined.
The target certificate in a PKIX path may be a certificate or an
attribute certificate.
Note that the IX509Selector specified is cloned to protect
against subsequent modifications.
@param selector a IX509Selector specifying the constraints on
the target certificate or attribute certificate (or
null)
@see #getTargetConstraints
@see X509CertStoreSelector
@see X509AttributeCertStoreSelector
Returns the trusted attribute certificate issuers. If attribute
certificates is verified the trusted AC issuers must be set.
The returned ISet consists of TrustAnchors.
The returned ISet is immutable. Never null
@return Returns an immutable set of the trusted AC issuers.
Sets the trusted attribute certificate issuers. If attribute certificates
is verified the trusted AC issuers must be set.
The trustedACIssuers must be a ISet of
TrustAnchor
The given set is cloned.
@param trustedACIssuers The trusted AC issuers to set. Is never
null.
@throws ClassCastException if an element of stores is not
a TrustAnchor.
Returns the necessary attributes which must be contained in an attribute
certificate.
The returned ISet is immutable and contains
Strings with the OIDs.
@return Returns the necessary AC attributes.
Sets the necessary which must be contained in an attribute certificate.
The ISet must contain Strings with the
OIDs.
The set is cloned.
@param necessaryACAttributes The necessary AC attributes to set.
@throws ClassCastException if an element of
necessaryACAttributes is not a
String.
Returns the attribute certificates which are not allowed.
The returned ISet is immutable and contains
Strings with the OIDs.
@return Returns the prohibited AC attributes. Is never null.
Sets the attribute certificates which are not allowed.
The ISet must contain Strings with the
OIDs.
The set is cloned.
@param prohibitedACAttributes The prohibited AC attributes to set.
@throws ClassCastException if an element of
prohibitedACAttributes is not a
String.
Returns the attribute certificate checker. The returned set contains
{@link PKIXAttrCertChecker}s and is immutable.
@return Returns the attribute certificate checker. Is never
null.
Sets the attribute certificate checkers.
All elements in the ISet must a {@link PKIXAttrCertChecker}.
The given set is cloned.
@param attrCertCheckers The attribute certificate checkers to set. Is
never null.
@throws ClassCastException if an element of attrCertCheckers
is not a PKIXAttrCertChecker.
Summary description for PkixPolicyNode.
Constructors
This class helps to handle CRL revocation reasons mask. Each CRL handles a
certain set of revocation reasons.
Constructs are reason mask with the reasons.
The reasons.
A reason mask with no reason.
A mask with all revocation reasons.
Adds all reasons from the reasons mask to this mask.
@param mask The reasons mask to add.
Returns true if this reasons mask contains all possible
reasons.
true if this reasons mask contains all possible reasons.
Intersects this mask with the given reasons mask.
mask The mask to intersect with.
The intersection of this and teh given mask.
Returns true if the passed reasons mask has new reasons.
The reasons mask which should be tested for new reasons.
true if the passed reasons mask has new reasons.
Returns the reasons in this mask.
If the complete CRL includes an issuing distribution point (IDP) CRL
extension check the following:
(i) If the distribution point name is present in the IDP CRL extension
and the distribution field is present in the DP, then verify that one of
the names in the IDP matches one of the names in the DP. If the
distribution point name is present in the IDP CRL extension and the
distribution field is omitted from the DP, then verify that one of the
names in the IDP matches one of the names in the cRLIssuer field of the
DP.
(ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL
extension, verify that the certificate does not include the basic
constraints extension with the cA boolean asserted.
(iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL
extension, verify that the certificate includes the basic constraints
extension with the cA boolean asserted.
(iv) Verify that the onlyContainsAttributeCerts boolean is not asserted.
@param dp The distribution point.
@param cert The certificate.
@param crl The CRL.
@throws AnnotatedException if one of the conditions is not met or an error occurs.
If the DP includes cRLIssuer, then verify that the issuer field in the
complete CRL matches cRLIssuer in the DP and that the complete CRL
contains an
g distribution point extension with the indirectCRL
boolean asserted. Otherwise, verify that the CRL issuer matches the
certificate issuer.
@param dp The distribution point.
@param cert The certificate ot attribute certificate.
@param crl The CRL for cert.
@throws AnnotatedException if one of the above conditions does not apply or an error
occurs.
Obtain and validate the certification path for the complete CRL issuer.
If a key usage extension is present in the CRL issuer's certificate,
verify that the cRLSign bit is set.
@param crl CRL which contains revocation information for the certificate
cert.
@param cert The attribute certificate or certificate to check if it is
revoked.
@param defaultCRLSignCert The issuer certificate of the certificate cert.
@param defaultCRLSignKey The public key of the issuer certificate
defaultCRLSignCert.
@param paramsPKIX paramsPKIX PKIX parameters.
@param certPathCerts The certificates on the certification path.
@return A Set with all keys of possible CRL issuer
certificates.
@throws AnnotatedException if the CRL is not valid or the status cannot be checked or
some error occurs.
Checks a distribution point for revocation information for the
certificate cert.
@param dp The distribution point to consider.
@param paramsPKIX PKIX parameters.
@param cert Certificate to check if it is revoked.
@param validDate The date when the certificate revocation status should be
checked.
@param defaultCRLSignCert The issuer certificate of the certificate cert.
@param defaultCRLSignKey The public key of the issuer certificate
defaultCRLSignCert.
@param certStatus The current certificate revocation status.
@param reasonMask The reasons mask which is already checked.
@param certPathCerts The certificates of the certification path.
@throws AnnotatedException if the certificate is revoked or the status cannot be checked
or some error occurs.
Checks a certificate if it is revoked.
@param paramsPKIX PKIX parameters.
@param cert Certificate to check if it is revoked.
@param validDate The date when the certificate revocation status should be
checked.
@param sign The issuer certificate of the certificate cert.
@param workingPublicKey The public key of the issuer certificate sign.
@param certPathCerts The certificates of the certification path.
@throws AnnotatedException if the certificate is revoked or the status cannot be checked
or some error occurs.
If use-deltas is set, verify the issuer and scope of the delta CRL.
@param deltaCRL The delta CRL.
@param completeCRL The complete CRL.
@param pkixParams The PKIX paramaters.
@throws AnnotatedException if an exception occurs.
Checks if an attribute certificate is revoked.
@param attrCert Attribute certificate to check if it is revoked.
@param paramsPKIX PKIX parameters.
@param issuerCert The issuer certificate of the attribute certificate
attrCert.
@param validDate The date when the certificate revocation status should
be checked.
@param certPathCerts The certificates of the certification path to be
checked.
@throws CertPathValidatorException if the certificate is revoked or the
status cannot be checked or some error occurs.
Searches for a holder public key certificate and verifies its
certification path.
@param attrCert the attribute certificate.
@param pkixParams The PKIX parameters.
@return The certificate path of the holder certificate.
@throws Exception if
- no public key certificate can be found although holder
information is given by an entity name or a base certificate
ID
- support classes cannot be created
- no certification path for the public key certificate can
be built
Checks a distribution point for revocation information for the
certificate attrCert.
@param dp The distribution point to consider.
@param attrCert The attribute certificate which should be checked.
@param paramsPKIX PKIX parameters.
@param validDate The date when the certificate revocation status should
be checked.
@param issuerCert Certificate to check if it is revoked.
@param reasonMask The reasons mask which is already checked.
@param certPathCerts The certificates of the certification path to be
checked.
@throws Exception if the certificate is revoked or the status
cannot be checked or some error occurs.
A trust anchor or most-trusted Certification Authority (CA).
This class represents a "most-trusted CA", which is used as a trust anchor
for validating X.509 certification paths. A most-trusted CA includes the
public key of the CA, the CA's name, and any constraints upon the set of
paths which may be validated using this key. These parameters can be
specified in the form of a trusted X509Certificate or as individual
parameters.
Creates an instance of TrustAnchor with the specified X509Certificate and
optional name constraints, which are intended to be used as additional
constraints when validating an X.509 certification path.
The name constraints are specified as a byte array. This byte array
should contain the DER encoded form of the name constraints, as they
would appear in the NameConstraints structure defined in RFC 2459 and
X.509. The ASN.1 definition of this structure appears below.
NameConstraints ::= SEQUENCE {
permittedSubtrees [0] GeneralSubtrees OPTIONAL,
excludedSubtrees [1] GeneralSubtrees OPTIONAL }
GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
GeneralSubtree ::= SEQUENCE {
base GeneralName,
minimum [0] BaseDistance DEFAULT 0,
maximum [1] BaseDistance OPTIONAL }
BaseDistance ::= INTEGER (0..MAX)
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER}
Note that the name constraints byte array supplied is cloned to protect
against subsequent modifications.
a trusted X509Certificate
a byte array containing the ASN.1 DER encoding of a
NameConstraints extension to be used for checking name
constraints. Only the value of the extension is included, not
the OID or criticality flag. Specify null to omit the
parameter.
if the specified X509Certificate is null
Creates an instance of TrustAnchor where the
most-trusted CA is specified as an X500Principal and public key.
Name constraints are an optional parameter, and are intended to be used
as additional constraints when validating an X.509 certification path.
The name constraints are specified as a byte array. This byte array
contains the DER encoded form of the name constraints, as they
would appear in the NameConstraints structure defined in RFC 2459
and X.509. The ASN.1 notation for this structure is supplied in the
documentation for the other constructors.
Note that the name constraints byte array supplied here is cloned to
protect against subsequent modifications.
the name of the most-trusted CA as X509Name
the public key of the most-trusted CA
a byte array containing the ASN.1 DER encoding of a NameConstraints extension to
be used for checking name constraints. Only the value of the extension is included,
not the OID or criticality flag. Specify null to omit the parameter.
if caPrincipal or pubKey is null
Creates an instance of TrustAnchor where the most-trusted
CA is specified as a distinguished name and public key. Name constraints
are an optional parameter, and are intended to be used as additional
constraints when validating an X.509 certification path.
The name constraints are specified as a byte array. This byte array
contains the DER encoded form of the name constraints, as they would
appear in the NameConstraints structure defined in RFC 2459 and X.509.
the X.500 distinguished name of the most-trusted CA in RFC
2253 string format
the public key of the most-trusted CA
a byte array containing the ASN.1 DER encoding of a
NameConstraints extension to be used for checking name
constraints. Only the value of the extension is included, not
the OID or criticality flag. Specify null to omit the
parameter.
throws NullPointerException, IllegalArgumentException
Returns the most-trusted CA certificate.
Returns the name of the most-trusted CA as an X509Name.
Returns the name of the most-trusted CA in RFC 2253 string format.
Returns the public key of the most-trusted CA.
Decode the name constraints and clone them if not null.
Returns a formatted string describing the TrustAnchor.
a formatted string describing the TrustAnchor
Base class for a TLS client.
an of (or null).
The default implementation calls this to determine which named
groups to include in the supported_groups extension for the ClientHello.
The named group roles for which there should
be at least one supported group. By default this is inferred from the offered cipher suites and signature
algorithms.
an of . See for group constants.
Base class for supporting a TLS key exchange implementation.
Base class for supporting a TLS key exchange factory implementation.
Base class for a TLS client or server.
Get the values that are supported by this peer.
WARNING: Mixing DTLS and TLS versions in the returned array is currently NOT supported. Use a separate
(sub-)class for each case.
an array of supported values.
Base class for a TLS server.
RFC 5246 7.2.
This message notifies the recipient that the sender will not send any more messages on this
connection.
Note that as of TLS 1.1, failure to properly close a connection no longer requires that a session not be
resumed. This is a change from TLS 1.0 ("The session becomes unresumable if any connection is terminated
without proper close_notify messages with level equal to warning.") to conform with widespread
implementation practice.
An inappropriate message was received.
This alert is always fatal and should never be observed in communication between proper implementations.
This alert is returned if a record is received with an incorrect MAC.
This alert also MUST be returned if an alert is sent because a TLSCiphertext decrypted in an invalid way:
either it wasn't an even multiple of the block length, or its padding values, when checked, weren't
correct. This message is always fatal and should never be observed in communication between proper
implementations (except when messages were corrupted in the network).
This alert was used in some earlier versions of TLS, and may have permitted certain attacks against the CBC
mode [CBCATT]. It MUST NOT be sent by compliant implementations.
A TLSCiphertext record was received that had a length more than 2^14+2048 bytes, or a record
decrypted to a TLSCompressed record with more than 2^14+1024 bytes.
This message is always fatal and should never be observed in communication between proper implementations
(except when messages were corrupted in the network).
The decompression function received improper input (e.g., data that would expand to excessive
length).
This message is always fatal and should never be observed in communication between proper implementations.
Reception of a handshake_failure alert message indicates that the sender was unable to negotiate
an acceptable set of security parameters given the options available.
This is a fatal error.
This alert was used in SSLv3 but not any version of TLS. It MUST NOT be sent by compliant implementations.
A certificate was corrupt, contained signatures that did not verify correctly, etc.
A certificate was of an unsupported type.
A certificate was revoked by its signer.
A certificate has expired or is not currently valid.
Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable.
A field in the handshake was out of range or inconsistent with other fields.
This message is always fatal.
A valid certificate chain or partial chain was received, but the certificate was not accepted
because the CA certificate could not be located or couldn't be matched with a known, trusted CA.
This message is always fatal.
A valid certificate was received, but when access control was applied, the sender decided not to
proceed with negotiation.
This message is always fatal.
A message could not be decoded because some field was out of the specified range or the length of
the message was incorrect.
This message is always fatal and should never be observed in communication between proper
implementations (except when messages were corrupted in the network).
A handshake cryptographic operation failed, including being unable to correctly verify a signature
or validate a Finished message.
This message is always fatal.
This alert was used in some earlier versions of TLS. It MUST NOT be sent by compliant implementations.
The protocol version the client has attempted to negotiate is recognized but not supported.
(For example, old protocol versions might be avoided for security reasons.) This message is always fatal.
Returned instead of handshake_failure when a negotiation has failed specifically because the
server requires ciphers more secure than those supported by the client.
This message is always fatal.
An internal error unrelated to the peer or the correctness of the protocol (such as a memory
allocation failure) makes it impossible to continue.
This message is always fatal.
This handshake is being canceled for some reason unrelated to a protocol failure.
If the user cancels an operation after the handshake is complete, just closing the connection by sending a
close_notify is more appropriate. This alert should be followed by a close_notify. This message is
generally a warning.
Sent by the client in response to a hello request or by the server in response to a client hello
after initial handshaking.
Either of these would normally lead to renegotiation; when that is not appropriate, the recipient should
respond with this alert. At that point, the original requester can decide whether to proceed with the
connection. One case where this would be appropriate is where a server has spawned a process to satisfy a
request; the process might receive security parameters (key length, authentication, etc.) at startup, and
it might be difficult to communicate changes to these parameters after that point. This message is always a
warning.
Sent by clients that receive an extended server hello containing an extension that they did not
put in the corresponding client hello.
This message is always fatal.
This alert is sent by servers who are unable to retrieve a certificate chain from the URL supplied
by the client(see Section 3.3).
This message MAY be fatal - for example if client authentication is required by the server for the
handshake to continue and the server is unable to retrieve the certificate chain, it may send a fatal
alert.
This alert is sent by servers that receive a server_name extension request, but do not recognize
the server name.
This message MAY be fatal.
This alert is sent by clients that receive an invalid certificate status response (see Section 3.6
).
This message is always fatal.
This alert is sent by servers when a certificate hash does not match a client provided
certificate_hash.
This message is always fatal.
If the server does not recognize the PSK identity, it MAY respond with an "unknown_psk_identity"
alert message.
In the event that the server supports no protocols that the client advertises, then the server
SHALL respond with a fatal "no_application_protocol" alert.
If TLS_FALLBACK_SCSV appears in ClientHello.cipher_suites and the highest protocol version
supported by the server is higher than the version indicated in ClientHello.client_version, the server MUST
respond with a fatal inappropriate_fallback alert[..].
Sent by endpoints that receive a handshake message not containing an extension that is mandatory
to send for the offered TLS version or other negotiated parameters.
Sent by servers when a client certificate is desired but none was provided by the client.
RFC 5246 7.2
A basic PSK Identity holder.
A basic SRP Identity holder.
A queue for bytes. This file could be more optimized.
The smallest number which can be written as 2^x which is bigger than i.
The buffer where we store our data.
How many bytes at the beginning of the buffer are skipped.
How many bytes in the buffer are valid data.
Add some data to our buffer.
A byte-array to read data from.
How many bytes to skip at the beginning of the array.
How many bytes to read from the array.
The number of bytes which are available in this buffer.
Copy some bytes from the beginning of the data to the provided .
The to copy the bytes to.
How many bytes to copy.
Read data from the buffer.
The buffer where the read data will be copied to.
How many bytes to skip at the beginning of buf.
How many bytes to read at all.
How many bytes from our data to skip.
Return a over some bytes at the beginning of the data.
How many bytes will be readable.
A over the data.
Remove some bytes from our data from the beginning.
How many bytes to remove.
Remove data from the buffer.
The buffer where the removed data will be copied to.
How many bytes to skip at the beginning of buf.
How many bytes to read at all.
How many bytes from our data to skip.
OutputStream based on a ByteQueue implementation.
Implementation of the RFC 3546 3.3. CertChainType.
Parsing and encoding of a Certificate struct from RFC 4346.
opaque ASN.1Cert<2^24-1>;
struct {
ASN.1Cert certificate_list<0..2^24-1>;
} Certificate;
an array of representing a certificate chain.
true if this certificate chain contains no certificates, or false otherwise.
Encode this to a , and optionally calculate the
"end point hash" (per RFC 5929's tls-server-end-point binding).
the of the current connection.
the to encode to.
the to write the "end point hash" to (or null).
Parse a from a .
the to apply during parsing.
the of the current connection.
the to parse from.
the to write the "end point hash" to (or null).
a object.
Parsing and encoding of a CertificateRequest struct from RFC 4346.
struct {
ClientCertificateType certificate_types<1..2^8-1>;
DistinguishedName certificate_authorities<3..2^16-1>;
} CertificateRequest;
Updated for RFC 5246:
struct {
ClientCertificateType certificate_types <1..2 ^ 8 - 1>;
SignatureAndHashAlgorithm supported_signature_algorithms <2 ^ 16 - 1>;
DistinguishedName certificate_authorities <0..2 ^ 16 - 1>;
} CertificateRequest;
Revised for RFC 8446:
struct {
opaque certificate_request_context <0..2 ^ 8 - 1>;
Extension extensions <2..2 ^ 16 - 1>;
} CertificateRequest;
see for valid constants.
an of .
an array of certificate types
an of (or null before TLS 1.2).
an optional of . May be non-null from
TLS 1.3 onwards.
an of .
Encode this to a .
the of the current connection.
the to encode to.
Parse a from a
the of the current connection.
the to parse from.
a object.
an of (possibly null) .
Encode this to a .
the to encode to.
Parse a from a .
the of the current connection.
the to parse from.
a object.
Implementation of the RFC 3546 3.6. CertificateStatusRequest.
Encode this to a .
the to encode to.
Parse a from a .
the to parse from.
a object.
Implementation of the RFC 6961 2.2. CertificateStatusRequestItemV2.
Encode this to a .
the to encode to.
Parse a from a .
the to parse from.
a object.
RFC 6091
RFC 3546 3.3
see for valid constants.
an of .
an of .
Encode this to a .
the to encode to.
Parse a from a .
the of the current connection.
the to parse from.
a object.
RFC 5056
Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the
particular values (e.g.serialization).
RFC 2246 A.5
RFC 2246
Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the
particular values (e.g. serialization).
Encode this to a .
the of the current connection.
the to encode to.
Parse a from a .
the to parse from.
for DTLS this should be non-null; the input is copied to this
, minus the cookie field.
a object.
A combined hash, which implements md5(m) || sha1(m).
RFC 2246 6.1
RFC 2246
Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the
particular values(e.g.serialization).
RFC 2246 6.2.1
Carrier class for Diffie-Hellman group parameters.
Base constructor with the prime factor of (p - 1).
the prime modulus.
specifies the prime factor of (p - 1).
the base generator.
Standard Diffie-Hellman groups from various IETF specifications.
Base class for a TlsCrypto implementation that provides some needed methods from elsewhere in the impl
package.
Base class for a TlsSecret implementation which captures common code and fields.
Base constructor.
the byte[] making up the secret value.
Credentialed class generating agreed secrets from a peer's public key for our end of the TLS connection
using the BC light-weight API.
Credentialed class decrypting RSA encrypted secrets sent from a peer for our end of the TLS connection
using the BC light-weight API.
Credentialed class for generating signatures based on the use of primitives from the BC light-weight API.
HMAC implementation based on original internet draft for HMAC (RFC 2104).
The difference is that padding is concatenated versus XORed with the key, e.g:
H(K + opad, H(K + ipad, text))
Base constructor for one of the standard digest algorithms for which the byteLength is known.
Behaviour is undefined for digests other than MD5 or SHA1.
the digest.
Reset the mac generator.
Implementation class for a single X.509 certificate based on the BC light-weight API.
Class for providing cryptographic services for TLS based on implementations in the BC light-weight API.
This class provides default implementations for everything. If you need to customise it, extend the class
and override the appropriate methods.
Support class for ephemeral Diffie-Hellman using the BC light-weight library.
BC light-weight support class for Diffie-Hellman key pair generation and key agreement over a
specified Diffie-Hellman configuration.
Implementation class for generation of the raw DSA signature type using the BC light-weight API.
Implementation class for the verification of the raw DSA signature type using the BC light-weight API.
BC light-weight base class for the signers implementing the two DSA style algorithms from FIPS PUB
186-4: DSA and ECDSA.
BC light-weight base class for the verifiers supporting the two DSA style algorithms from FIPS PUB
186-4: DSA and ECDSA.
Support class for ephemeral Elliptic Curve Diffie-Hellman using the BC light-weight library.
EC domain class for generating key pairs and performing key agreement.
Implementation class for generation of ECDSA signatures in TLS 1.3+ using the BC light-weight API.
Implementation class for verification of ECDSA signatures in TLS 1.3+ using the BC light-weight API.
Implementation class for generation of the raw ECDSA signature type using the BC light-weight API.
Implementation class for the verification of the raw ECDSA signature type using the BC light-weight
API.
Operator supporting the generation of RSASSA-PSS signatures using the BC light-weight API.
Operator supporting the verification of RSASSA-PSS signatures using the BC light-weight API.
Operator supporting the generation of RSASSA-PKCS1-v1_5 signatures using the BC light-weight API.
Operator supporting the verification of RSASSA-PKCS1-v1_5 signatures using the BC light-weight API.
BC light-weight support class for handling TLS secrets and deriving key material and other secrets
from them.
Support class for X25519 using the BC light-weight library.
Support class for X448 using the BC light-weight library.
A generic TLS 1.2 AEAD cipher.
Base interface for services supporting AEAD encryption/decryption.
Set the key to be used by the AEAD cipher implementation supporting this service.
array holding the AEAD cipher key.
offset into the array the key starts at.
length of the key in the array.
Initialise the parameters for the AEAD operator.
the nonce.
MAC size in bytes.
any additional data to be included in the MAC calculation.
if the parameters are inappropriate.
Return the maximum size of the output for input of inputLength bytes.
the length (in bytes) of the proposed input.
the maximum size of the output.
Perform the cipher encryption/decryption returning the output in output.
Note: we have to use DoFinal() here as it is the only way to guarantee output from the underlying cipher.
array holding input data to the cipher.
offset into input array data starts at.
length of the input data in the array.
array to hold the cipher output.
offset into output array to start saving output.
the amount of data written to output.
in case of failure.
A generic TLS 1.0-1.2 block cipher. This can be used for AES or 3DES for example.
Interface for block cipher services.
Set the key to be used by the block cipher implementation supporting this service.
array holding the block cipher key.
offset into the array the key starts at.
length of the key in the array.
Initialise the parameters for operator.
array holding the initialization vector (IV).
offset into the array the IV starts at.
length of the IV in the array.
if the parameters are inappropriate.
Perform the cipher encryption/decryption returning the output in output.
Note: we have to use DoFinal() here as it is the only way to guarantee output from the underlying cipher.
array holding input data to the cipher.
offset into input array data starts at.
length of the input data in the array.
array to hold the cipher output.
offset into output array to start saving output.
the amount of data written to output.
in case of failure.
Return the blocksize (in bytes) of the underlying block cipher.
the cipher's blocksize.
Useful utility methods.
The NULL cipher.
A generic TLS MAC implementation, acting as an HMAC based on some underlying Digest.
Generate a new instance of a TlsMac.
the TLS client context specific crypto parameters.
The MAC to use.
Base interface for a generic TLS MAC implementation for use with a bulk cipher.
Return the output length (in bytes) of this MAC.
The output length of this MAC.
Calculate the MAC for some given data.
The sequence number of the record.
The content type of the message.
A byte array containing the message.
The number of bytes to skip, before the message starts.
The length of the message.
A new byte array containing the MAC value.
Constant time calculation of the MAC for some given data with a given expected length.
The sequence number of the record.
The content type of the message.
A byte array containing the message.
The number of bytes to skip, before the message starts.
The length of the message.
The expected length of the full message.
Random data for padding out the MAC calculation if required.
A new byte array containing the MAC value.
Carrier class for SRP-6 group parameters.
Base constructor.
the n value.
the g value.
A selection of standard groups for SRP-6.
Base interface for ephemeral key agreement calculator.
Generate an ephemeral key pair, returning the encoding of the public key.
a byte encoding of the public key.
Pass in the public key for the peer to the agreement calculator.
a byte encoding of the peer public key.
Calculate the agreed secret based on the calculator's current state.
the calculated secret.
Interface providing the functional representation of a single X.509 certificate.
Return an encryptor based on the public key in this certificate.
a based on this certificate's public key.
the OID of this certificate's 'signatureAlgorithm', as a string.
true if (and only if) this certificate can be used to verify the given signature algorithm.
Base interface for a TLS bulk cipher.
Return the maximum input size for a ciphertext given a maximum output size for the plaintext of
plaintextLimit bytes.
the maximum output size for the plaintext.
the maximum input size of the ciphertext for plaintextlimit bytes of output.
Return the maximum output size for a ciphertext given an actual input plaintext size of
plaintextLength bytes and a maximum input plaintext size of plaintextLimit bytes.
the actual input size for the plaintext.
the maximum input size for the plaintext.
the maximum output size of the ciphertext for plaintextlimit bytes of input.
Return the maximum size for the plaintext given ciphertextlimit bytes of ciphertext.
the maximum number of bytes of ciphertext.
the maximum size of the plaintext for ciphertextlimit bytes of input.
Encode the passed in plaintext using the current bulk cipher.
sequence number of the message represented by plaintext.
content type of the message represented by plaintext.
used for the record.
extra bytes to allocate at start of returned byte array.
array holding input plaintext to the cipher.
offset into input array the plaintext starts at.
length of the plaintext in the array.
A containing the result of encoding (after 'headerAllocation' unused
bytes).
Decode the passed in ciphertext using the current bulk cipher.
sequence number of the message represented by ciphertext.
content type used in the record for this message.
used for the record.
array holding input ciphertext to the cipher.
offset into input array the ciphertext starts at.
length of the ciphertext in the array.
A containing the result of decoding.
Service and object creation interface for the primitive types and services that are associated with
cryptography in the API.
Return true if this TlsCrypto can perform raw signatures and verifications for all supported
algorithms.
true if this instance can perform raw signatures and verifications for all supported algorithms,
false otherwise.
Return true if this TlsCrypto can support DH key agreement.
true if this instance can support DH key agreement, false otherwise.
Return true if this TlsCrypto can support ECDH key agreement.
true if this instance can support ECDH key agreement, false otherwise.
Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.
the algorithm of interest.
true if encryptionAlgorithm is supported, false otherwise.
Return true if this TlsCrypto can support the passed in hash algorithm.
the algorithm of interest.
true if cryptoHashAlgorithm is supported, false otherwise.
Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in
combination with EVERY hash algorithm).
the algorithm of interest.
true if cryptoSignatureAlgorithm is supported, false otherwise.
Return true if this TlsCrypto can support the passed in MAC algorithm.
the algorithm of interest.
true if macAlgorithm is supported, false otherwise.
Return true if this TlsCrypto supports the passed in named group
value.
true if this instance supports the passed in named group value.
Return true if this TlsCrypto can support RSA encryption/decryption.
true if this instance can support RSA encryption/decryption, false otherwise.
Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in
combination with EVERY hash algorithm).
true if signatureAlgorithm is supported, false otherwise.
Return true if this TlsCrypto can support the passed in signature algorithm.
the algorithm of interest.
true if sigAndHashAlgorithm is supported, false otherwise.
Return true if this TlsCrypto can support the passed in signature scheme.
the scheme of interest.
true if signatureScheme is supported, false otherwise.
Return true if this TlsCrypto can support SRP authentication.
true if this instance can support SRP authentication, false otherwise.
Create a TlsSecret object based on provided data.
the data to base the TlsSecret on.
a TlsSecret based on the provided data.
Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret
the client version to place in the first 2 bytes
a TlsSecret containing the PreMasterSecret.
Return the primary (safest) SecureRandom for this crypto.
a SecureRandom suitable for key generation.
Create a TlsCertificate from an ASN.1 binary encoding of an X.509 certificate.
DER/BER encoding of the certificate of interest.
a TlsCertificate.
if there is an issue on decoding or constructing the certificate.
Create a cipher for the specified encryption and MAC algorithms.
See enumeration classes , for appropriate
argument values.
context specific parameters.
the encryption algorithm to be employed by the cipher.
the MAC algorithm to be employed by the cipher.
a implementing the encryption and MAC algorithms.
Create a domain object supporting the domain parameters described in dhConfig.
the config describing the DH parameters to use.
a TlsDHDomain supporting the parameters in dhConfig.
Create a domain object supporting the domain parameters described in ecConfig.
the config describing the EC parameters to use.
a TlsECDomain supporting the parameters in ecConfig.
Adopt the passed in secret, creating a new copy of it.
the secret to make a copy of.
a TlsSecret based on the original secret.
Create a suitable hash for the hash algorithm identifier passed in.
See enumeration class for appropriate argument values.
the hash algorithm the hash needs to implement.
a .
Create a suitable HMAC for the MAC algorithm identifier passed in.
See enumeration class for appropriate argument values.
the MAC algorithm the HMAC needs to match.
a .
Create a suitable HMAC using the hash algorithm identifier passed in.
See enumeration class for appropriate argument values.
the hash algorithm the HMAC should use.
a .
Create a nonce generator.
Each call should construct a new generator, and the generator should be returned from this call only after
automatically seeding from this 's entropy source, and from the provided additional
seed material. The output of each returned generator must be completely independent of the others.
context-specific seed material
a .
Create an SRP-6 client.
client config.
an initialised SRP6 client object.
Create an SRP-6 server.
server config.
the SRP6 verifier value.
an initialised SRP6 server object.
Create an SRP-6 verifier generator.
generator config.
an initialized SRP6 verifier generator.
Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen
zeroes.
the hash algorithm to instantiate HMAC with. See
for values.
Basic exception class for crypto services to pass back a cause.
Carrier class for context-related parameters needed for creating secrets and ciphers.
Base constructor.
the context for this parameters object.
Basic config for Diffie-Hellman.
Domain interface to service factory for creating Diffie-Hellman operators.
Return an agreement operator suitable for ephemeral Diffie-Hellman.
a key agreement operator.
Carrier class for Elliptic Curve parameter configuration.
Return the group used.
the named group used.
Domain interface to service factory for creating Elliptic-Curve (EC) based operators.
Return an agreement operator suitable for ephemeral EC Diffie-Hellman.
a key agreement operator.
Base interface for an encryptor.
Encrypt data from the passed in input array.
byte array containing the input data.
offset into input where the data starts.
the length of the data to encrypt.
the encrypted data.
Interface for message digest, or hash, services.
Update the hash with the passed in input.
input array containing the data.
offset into the input array the input starts at.
the length of the input data.
Return calculated hash for any input passed in.
the hash value.
Return a clone of this hash object representing its current state.
a clone of the current hash.
Reset the hash underlying this service.
Interface for MAC services based on HMAC.
Return the internal block size for the message digest underlying this HMAC service.
the internal block size for the digest (in bytes).
Interface for MAC services.
Set the key to be used by the MAC implementation supporting this service.
array holding the MAC key.
offset into the array the key starts at.
length of the key in the array.
Update the MAC with the passed in input.
input array containing the data.
offset into the input array the input starts at.
the length of the input data.
Return calculated MAC for any input passed in.
the MAC value.
Write the calculated MAC to an output buffer.
output array to write the MAC to.
offset into the output array to write the MAC to.
Return the length of the MAC generated by this service.
the MAC length.
Reset the MAC underlying this service.
Generate a nonce byte[] string.
the length, in bytes, of the nonce to generate.
the nonce value.
The cipher for TLS_NULL_WITH_NULL_NULL.
Interface supporting the generation of key material and other SSL/TLS secret values from PRFs.
Calculate an HMAC with this secret's data as the key.
the hash algorithm to instantiate HMAC with. See
for values.
array containing the input data.
offset into the input array the input starts at.
the length of the input data.
Return a new secret based on applying a PRF to this one.
PRF algorithm to use.
the label details.
the seed details.
the size (in bytes) of the secret to generate.
the new secret.
Destroy the internal state of the secret.
After this call, any attempt to use the will result in an
being thrown.
Return an encrypted copy of the data this secret is based on.
the encryptor to use for protecting the internal data.
an encrypted copy of this secret's internal data.
Return the internal data from this secret.
The does not keep a copy of the data. After this call, any attempt to use the
will result in an being thrown.
the secret's internal data.
RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').
the hash algorithm to instantiate HMAC with. See
for values.
optional context and application specific information (can be zero-length).
length of output keying material in octets.
output keying material (of 'length' octets).
RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'.
The does not keep a copy of the data. After this call, any attempt to use
the will result in an being thrown.
the hash algorithm to instantiate HMAC with. See
for values.
input keying material.
a pseudo-random key (of HashLen octets).
Base interface for a TLS signer that works on raw message digests.
Generate an encoded signature based on the passed in hash.
the signature algorithm to use.
the hash calculated for the signature.
an encoded signature.
in case of an exception processing the hash.
Basic interface for an SRP-6 client implementation.
Generates the secret S given the server's credentials
The server's credentials
Client's verification message for the server
If server's credentials are invalid
Generates client's credentials given the client's salt, identity and password
The salt used in the client's verifier.
The user's identity (eg. username)
The user's password
Client's public value to send to server
Basic interface for an SRP-6 server implementation.
Generates the server's credentials that are to be sent to the client.
The server's public value to the client
Processes the client's credentials. If valid the shared secret is generated and returned.
The client's credentials.
A shared secret .
If client's credentials are invalid.
Base interface for a generator for SRP-6 verifiers.
Creates a new SRP-6 verifier value.
The salt to use, generally should be large and random
The user's identifying information (eg. username)
The user's password
A new verifier for use in future SRP authentication
Basic config for SRP.
Return the (N, g) values used in SRP-6.
(N, g) as a BigInteger array (N=[0], g=[1]).
Set the (N, g) values used for SRP-6.
(N, g) as a BigInteger array (N=[0], g=[1]).
Base interface for a TLS verifier that works with signatures and either raw message digests, or entire
messages.
Return true if the passed in signature and hash represent a real signature.
the signature object containing the signature to be verified.
the hash calculated for the signature.
true if signature verifies, false otherwise.
in case of an exception verifying signature.
Base interface for an object sending and receiving DTLS data.
Container class for generating signatures that carries the signature type, parameters, public key
certificate and public key's associated signer object.
Accept named groups and various standard DH groups with 'P' at least
bits.
Accept named groups and various standard DH groups with 'P' at least the specified number of bits.
the minimum bitlength of 'P'.
Accept named groups and a custom set of group parameters, subject to a minimum bitlength for 'P'.
a list of acceptable s.
the minimum bitlength of 'P'.
Accept only the group parameters specified in RFC 5054 Appendix A.
Specify a custom set of acceptable group parameters.
an of acceptable .
Buffers input until the hash algorithm is determined.
a (or null before TLS 1.2).
Encode this to a .
the to encode to.
Parse a from a .
the of the current connection.
the to parse from.
a object.
Check that there are no "extra" messages left in the current inbound flight
RFC 4347 4.1.2.5 Anti-replay
Support fast rejection of duplicate records by maintaining a sliding receive window
Check whether a received record with the given sequence number should be rejected as a duplicate.
the 48-bit DTLSPlainText.sequence_number field of a received record.
true if the record should be discarded without further processing.
Report that a received record with the given sequence number passed authentication checks.
the 48-bit DTLSPlainText.sequence_number field of an authenticated record.
RFC 4492 5.4
Indicates the elliptic curve domain parameters are conveyed verbosely, and the
underlying finite field is a prime field.
Indicates the elliptic curve domain parameters are conveyed verbosely, and the
underlying finite field is a characteristic-2 field.
Indicates that a named curve is used. This option SHOULD be used when applicable.
RFC 4492 5.1.2
RFC 2246
Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the
particular values (e.g. serialization).
RFC 5705
RFC 5246 7.4.1.4.1
Encode this to a .
the to encode to.
Parse a from a .
the to parse from.
a object.
Encode this to a .
the to encode to.
Parse a from a .
the to parse from.
a object.
RFC 6520 3.
RFC 6066
RFC 2246
Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the
particular values (e.g. serialization).
Encode this to a .
the to encode to.
Parse a from a .
the to parse from.
a object.
RFC 8446 4.6.3
RFC 2246
Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the
particular values (e.g. serialization).
RFC 7919
Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the
particular values (e.g. serialization).
Encode this to a .
the to encode to.
Parse a from a .
the to parse from.
a object.
RFC 3546 3.6
an of , specifying the list of
trusted OCSP responders. An empty list has the special meaning that the responders are implicitly known to
the server - e.g., by prior arrangement.
OCSP request extensions. A null value means that there are no extensions.
an of .
OCSP request extensions.
Encode this to a .
the to encode to.
Parse an from a .
the to parse from.
an object.
RFC 5246
Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the
particular values (e.g. serialization).
RFC 7301 Represents a protocol name for use with ALPN.
Encode this to a .
the to encode to.
Parse a from a .
the to parse from.
a object.
An implementation of the TLS 1.0/1.1/1.2 record layer.
Encode this to a .
the of the current connection.
the to encode to.
Parse a from a .
the to parse from.
a object.
RFC 6066 3. Server Name Indication
Current implementation uses this guidance: "For backward compatibility, all future data structures associated
with new NameTypes MUST begin with a 16-bit length field. TLS MAY treat provided server names as opaque data
and pass the names and types to the application.". RFC 6066 specifies ASCII encoding for host_name (possibly
using A-labels for IDNs), but note that the previous version (RFC 4366) specified UTF-8 encoding (see RFC 6066
Appendix A). For maximum compatibility, it is recommended that client code tolerate receiving UTF-8 from the
peer, but only generate ASCII itself.
Encode this to a .
the to encode to.
Parse a from a .
the to parse from.
a object.
an of .
an of .
Encode this to a .
the to encode to .
Parse a from a .
the to parse from.
a object.
Encode this to a .
the to encode to.
Parse a from a .
the to parse from.
a object.
RFC 5246 7.4.1.4.1 (in RFC 2246, there were no specific values assigned)
RFC 5246 7.4.1.4.1
Encode this to a .
the to encode to.
Parse a from a .
the to parse from.
a object.
For TLS 1.3+ usage, some signature schemes are constrained to use a particular
({@link NamedGroup}. Not relevant for TLS 1.2 and below.
An implementation of that simulates the existence of "unknown"
identities to obscure the fact that there is no verifier for them.
Create a that implements the algorithm from RFC 5054
2.5.1.3.
the defining the group that SRP is operating in.
the secret "seed key" referred to in RFC 5054 2.5.1.3.
an instance of .
RFC 4680
Base interface to provide TLS authentication credentials.
Called by the protocol handler to report the server certificate.
Note: this method is responsible for certificate verification and validation.
the server certificate received.
Return client credentials in response to server's certificate request.
The returned value may be null, or else it MUST implement exactly one of
, , or
, depending on the key exchange that was negotiated and the details of
the .
details of the certificate request.
a object or null for no client authentication.
Return the session this client wants to resume, if any.
Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.
A representing the resumable session to be used for this connection, or
null to use a new session.
Return the external PSKs to offer in the ClientHello.
This will only be called when TLS 1.3 or higher is amongst the offered protocol versions.
an of instances, or null if none should be
offered.
(Int32 -> byte[])
If this client is offering TLS 1.3 or higher, this method may be called to determine for which
groups a key share should be included in the initial ClientHello.
Groups that were not included in the supported_groups extension (by will
be ignored. The protocol will then add a suitable key_share extension to the ClientHello extensions.
an of named group values, possibly empty or null.
Notifies the client of the session that will be offered in ClientHello for resumption, if any.
This will be either the session returned from {@link #getSessionToResume()} or null if that session was
unusable. NOTE: the actual negotiated session_id is notified by .
The representing the resumable session to be offered for
this connection, or null if there is none.
Notifies the client of the session_id sent in the ServerHello.
The protocol implementation validates that any server extensions received correspond to client
extensions sent.
If further processing of the server extensions is needed, it can be done in this callback. NOTE: This is
not called for session resumption handshakes.
(Int32 -> byte[])
(SupplementalDataEntry)
(SupplementalDataEntry)
RFC 5077 3.3. NewSessionTicket Handshake Message
This method will be called (only) when a NewSessionTicket handshake message is received. The ticket is
opaque to the client and clients MUST NOT examine the ticket under the assumption that it complies with e.g.
RFC 5077 4. "Recommended Ticket Construction".
The ticket.
Marker interface to distinguish a TLS client context.
Constructor for non-blocking mode.
When data is received, use to provide the received ciphertext,
then use to read the corresponding cleartext.
Similarly, when data needs to be sent, use
to provide the cleartext, then use to get the
corresponding ciphertext.
Constructor for blocking mode.
The of data to/from the server.
Constructor for blocking mode.
The of data from the server.
The of data to the server.
Initiates a TLS handshake in the role of client.
In blocking mode, this will not return until the handshake is complete. In non-blocking mode, use
to receive a callback when the handshake is complete.
The to use for the handshake.
If in blocking mode and handshake was not successful.
Base interface for a TLS context implementation.
Return true if this context is for a server, false otherwise.
true for a server based context, false for a client based one.
Used to get the resumable session, if any, used by this connection.
Only available after the handshake has successfully completed.
A representing the resumable session used by this connection, or null if
no resumable session available.
Used to get the session information for this connection.
Only available after the handshake has successfully completed. Use
to find out if the session is resumable.
A representing the session used by this connection.
Export the value of the specified channel binding.
Only available after the handshake has successfully completed.
A constant specifying the channel binding to
export.
A copy of the channel binding data as a byte[], or null if the binding could not be
determined.
Export (early data) keying material according to RFC 5705: "Keying Material Exporters for TLS", as
updated for TLS 1.3 (RFC 8446).
NOTE: for use in settings where an exporter is needed for 0-RTT data.
indicates which application will use the exported keys.
allows the application using the exporter to mix its own data with the TLS PRF
for the exporter output.
the number of bytes to generate.
a pseudorandom bit string of 'length' bytes generated from the (exporter_)master_secret.
Export keying material according to RFC 5705: "Keying Material Exporters for TLS", as updated for
TLS 1.3 (RFC 8446) when negotiated.
indicates which application will use the exported keys.
allows the application using the exporter to mix its own data with the TLS PRF
for the exporter output.
the number of bytes to generate.
a pseudorandom bit string of 'length' bytes generated from the (exporter_)master_secret.
Support interface for generating a secret based on the credentials sent by a TLS peer.
Calculate an agreed secret based on our credentials and the public key credentials of our peer.
public key certificate of our TLS peer.
the agreed secret.
in case of an exception on generation of the secret.
Base interface for a class that decrypts TLS secrets.
Decrypt the passed in cipher text using the parameters available.
the parameters to use for the decryption.
the cipher text containing the secret.
a TLS secret.
on a parsing or decryption error.
Support interface for generating a signature based on our private credentials.
Generate a signature against the passed in hash.
a message digest calculated across the message the signature is to apply to.
an encoded signature.
if the hash cannot be processed, or there is an issue with the private
credentials.
Return the algorithm IDs for the signature algorithm and the associated hash it uses.
the full algorithm details for the signature.
Base interface for interfaces/classes carrying TLS credentials.
Return the certificate structure representing our identity.
our certificate structure.
(D)TLS DH_anon key exchange.
Interface for verifying explicit Diffie-Hellman group parameters.
Check whether the given DH group is acceptable for use.
the to check.
true if (and only if) the specified group is acceptable.
(D)TLS DH key exchange.
(D)TLS ECDH_anon key exchange (see RFC 4492).
(D)TLS ECDHE key exchange (see RFC 4492).
(D)TLS ECDH key exchange (see RFC 4492).
(Int32 -> byte[])
an of .
an of .
an of .
an of .
Base interface for an object that can calculate a handshake hash.
A generic interface for key exchange implementations in (D)TLS.
Interface for a key exchange factory offering a variety of specific algorithms.
This exception will be thrown (only) when the connection is closed by the peer without sending a
close_notify warning alert.
If this happens, the TLS protocol cannot rule out truncation of the connection data (potentially
malicious). It may be possible to check for truncation via some property of a higher level protocol
built upon TLS, e.g.the Content-Length header for HTTPS.
Object Identifiers associated with TLS extensions.
RFC 7633
Base interface for a (D)TLS endpoint.
Notifies the peer that a new handshake is about to begin.
Specify the timeout, in milliseconds, to use for the complete handshake process.
NOTE: Currently only respected by DTLS protocols. Negative values are not allowed. A timeout of zero means
an infinite timeout (i.e.the handshake will never time out).
the handshake timeout, in milliseconds.
This option is provided as a last resort for interoperability with TLS peers that fail to correctly send a
close_notify alert at end of stream. Implementations SHOULD return true; caution is advised if returning
false without a full understanding of the implications.
This implementation supports RFC 7627 and will always negotiate the extended_master_secret
extension where possible. When connecting to a peer that does not offer/accept this extension, it is
recommended to abort the handshake.This option is provided for interoperability with legacy peers, although
some TLS features will be disabled in that case (see RFC 7627 5.4).
true if the handshake should be aborted when the peer does not negotiate the
extended_master_secret extension, or false to support legacy interoperability.
See RFC 5246 6.2.3.2. Controls whether block cipher encryption may randomly add extra padding
beyond the minimum.
Note that in configurations where this is known to be potential security risk this setting will be ignored
(and extended padding disabled). Extra padding is always supported when decrypting received records.
true if random extra padding should be added during block cipher encryption, or
false to always use the minimum amount of required padding.
draft-mathewson-no-gmtunixtime-00 2. "If existing users of a TLS implementation may rely on
gmt_unix_time containing the current time, we recommend that implementors MAY provide the ability to set
gmt_unix_time as an option only, off by default.".
NOTE: For a server that has negotiated TLS 1.3 (or later), or a client that has offered TLS 1.3 (or later),
this is not called and gmt_unix_time is not used.
true if the current time should be used in the gmt_unix_time field of Random, or
false if gmt_unix_time should contain a cryptographically random value.
RFC 5746 3.4/3.6. In case this is false, peers may want to terminate the handshake instead of
continuing; see Section 4.1/4.3 for discussion.
NOTE: TLS 1.3 forbids renegotiation, so this is never called when TLS 1.3 (or later) was negotiated.
This method will be called when an alert is raised by the protocol.
A human-readable message explaining what caused this alert. May be null.
The that caused this alert to be raised. May be null.
This method will be called when an alert is received from the remote peer.
Notifies the peer that the handshake has been successfully completed.
Return a instance that will control the generation of heartbeats
locally (if permitted by the remote peer), or null to not generate heartbeats. Heartbeats are described in
RFC 6520.
an instance of .
Return the heartbeat mode applicable to the remote peer. Heartbeats are described in RFC 6520.
See enumeration class for appropriate return values.
the value.
This method is called, when a change cipher spec message is received.
If the message has an invalid content or the handshake is not in the correct
state.
Read data from the network.
The method will return immediately, if there is still some data left in the buffer, or block until some
application data has been read from the network.
The buffer where the data will be copied to.
The position where the data will be placed in the buffer.
The maximum number of bytes to read.
The number of bytes read.
If something goes wrong during reading data.
Write some application data.
Fragmentation is handled internally. Usable in both blocking/non-blocking modes.
In blocking mode, the output will be automatically sent via the underlying transport. In non-blocking mode,
call to get the output bytes to send to the peer.
This method must not be called until after the initial handshake is complete. Attempting to call it earlier
will result in an .
The buffer containing application data to send.
The offset at which the application data begins
The number of bytes of application data.
If called before the initial handshake has completed.
If connection is already closed, or for encryption or transport errors.
The secure bidirectional stream for this connection
Only allowed in blocking mode.
Should be called in non-blocking mode when the input data reaches EOF.
Equivalent to OfferInput(input, 0, input.Length).
The input buffer to offer.
Offer input from an arbitrary source.
Only allowed in non-blocking mode.
This method will decrypt and process all records that are fully available. If only part of a record is
available, the buffer will be retained until the remainder of the record is offered.
If any records containing application data were processed, the decrypted data can be obtained using
. If any records containing protocol data were processed, a
response may have been generated. You should always check to see if there is any available output after
calling this method by calling .
The input buffer to offer.
The offset within the input buffer that input begins.
The number of bytes of input being offered.
If an error occurs while decrypting or processing a record.
Gets the amount of received application data.
A call to is guaranteed to be able to return at least
this much data.
Only allowed in non-blocking mode.
The number of bytes of available application data.
Retrieves received application data.
Use to check how much application data is currently available. This
method functions similarly to , except that it never blocks. If
no data is available, nothing will be copied and zero will be returned.
Only allowed in non-blocking mode.
The buffer to hold the application data.
The start offset in the buffer at which the data is written.
The maximum number of bytes to read.
The total number of bytes copied to the buffer. May be less than the length specified if the
length was greater than the amount of available data.
Gets the amount of encrypted data available to be sent.
A call to is guaranteed to be able to return at least this much
data. Only allowed in non-blocking mode.
The number of bytes of available encrypted data.
Retrieves encrypted data to be sent.
Use to check how much encrypted data is currently available. This
method functions similarly to , except that it never blocks. If
no data is available, nothing will be copied and zero will be returned. Only allowed in non-blocking mode.
The buffer to hold the encrypted data.
The start offset in the buffer at which the data is written.
The maximum number of bytes to read.
The total number of bytes copied to the buffer. May be less than the length specified if the
length was greater than the amount of available data.
Make sure the 'buf' is now empty. Fail otherwise.
The to check.
Processor interface for a PSK identity.
Base interface for an object that can process a PSK identity.
(D)TLS PSK key exchange (RFC 4279).
(D)TLS RSA key exchange.
Interface describing a TLS server endpoint.
Return the specified session, if available.
Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.
the ID of the session to resume.
A with the specified session ID, or null.
Return the external PSK to select from the ClientHello.
WARNING: EXPERIMENTAL FEATURE, UNSTABLE API
Note that this will only be called when TLS 1.3 or higher is amongst the offered protocol versions, and one
or more PSKs are actually offered.
an of instances.
The corresponding to the selected identity, or null to not select
any.
(Int32 -> byte[])
(Int32 -> byte[])
(Int32 -> byte[])
(SupplementalDataEntry)
Return server credentials to use.
The returned value may be null, or else it MUST implement exactly one of
, , or
, depending on the key exchange that was negotiated.
a object or null for anonymous key exchanges.
This method will be called (only) if the server included an extension of type "status_request" with empty
"extension_data" in the extended server hello. See RFC 3546 3.6. Certificate Status Request. If a
non-null is returned, it is sent to the client as a handshake message of
type "certificate_status".
A to be sent to the client (or null for none).
(SupplementalDataEntry)
Called by the protocol handler to report the client certificate, only if
returned non-null.
Note: this method is responsible for certificate verification and validation.
the effective client certificate (may be an empty chain).
RFC 5077 3.3. NewSessionTicket Handshake Message.
This method will be called (only) if a NewSessionTicket extension was sent by the server. See RFC 5077
4. Recommended Ticket Construction for recommended format and protection.
The ticket.
Server certificate carrier interface.
Marker interface to distinguish a TLS server context.
Constructor for non-blocking mode.
When data is received, use to provide the received ciphertext,
then use to read the corresponding cleartext.
Similarly, when data needs to be sent, use
to provide the cleartext, then use to get the
corresponding ciphertext.
Constructor for blocking mode.
The of data to/from the server.
Constructor for blocking mode.
The of data from the server.
The of data to the server.
Receives a TLS handshake in the role of server.
In blocking mode, this will not return until the handshake is complete. In non-blocking mode, use
to receive a callback when the handshake is complete.
The to use for the handshake.
If in blocking mode and handshake was not successful.
Base interface for a carrier object for a TLS session.
Interface for verifying SRP config needs to conform to.
Check whether the given SRP configuration is acceptable for use.
the to check.
true if (and only if) the specified configuration is acceptable.
Processor interface for an SRP identity.
Base interface for an object that can return login parameters from an SRP identity.
Lookup the corresponding to the specified identity.
NOTE: To avoid "identity probing", unknown identities SHOULD be handled as recommended in RFC 5054 2.5.1.3.
is provided for this purpose.
the SRP identity sent by the connecting client.
the for the specified identity, or else 'simulated' parameters
if the identity is not recognized. A null value is also allowed, but not recommended.
(D)TLS SRP key exchange (RFC 5054).
RFC 5764 DTLS Extension to Establish Keys for SRTP.
Whether a server can select the specified cipher suite given the available signature algorithms
for ServerKeyExchange.
Check the signature algorithm for certificates in the peer's CertPath as specified in RFC 5246
7.4.2, 7.4.4, 7.4.6 and similar rules for earlier TLS versions.
The supplied CertPath should include the trust anchor (its signature algorithm isn't checked, but in the
general case checking a certificate requires the issuer certificate).
if any certificate in the CertPath (excepting the trust anchor) has a
signature algorithm that is not one of the locally supported signature algorithms.
Generate a pre_master_secret and send it encrypted to the server.
Encode this to a .
the to encode to.
Parse a from a .
the to parse from.
a object.
RFC 6066 5.
Encode this to a .
the to encode to.
Parse a from a .
the of the current connection.
the to parse from.
a object.
RFC 4681
RFC 5764 4.1.1
see for valid constants.
valid lengths from 0 to 255.
see for valid constants.
valid lengths from 0 to 255.
Base class for an RFC 3161 Time Stamp Request.
Create a TimeStampRequest from the past in byte array.
@param req byte array containing the request.
@throws IOException if the request is malformed.
Create a TimeStampRequest from the past in input stream.
@param in input stream containing the request.
@throws IOException if the request is malformed.
Validate the timestamp request, checking the digest to see if it is of an
accepted type and whether it is of the correct length for the algorithm specified.
@param algorithms a set of string OIDS giving accepted algorithms.
@param policies if non-null a set of policies we are willing to sign under.
@param extensions if non-null a set of extensions we are willing to accept.
@throws TspException if the request is invalid, or processing fails.
return the ASN.1 encoded representation of this object.
Generator for RFC 3161 Time Stamp Request objects.
add a given extension field for the standard extensions tag (tag 3)
@throws IOException
add a given extension field for the standard extensions tag
The value parameter becomes the contents of the octet string associated
with the extension.
add a given extension field for the standard extensions tag (tag 3)
@throws IOException
add a given extension field for the standard extensions tag
The value parameter becomes the contents of the octet string associated
with the extension.
Base class for an RFC 3161 Time Stamp Response object.
Create a TimeStampResponse from a byte array containing an ASN.1 encoding.
@param resp the byte array containing the encoded response.
@throws TspException if the response is malformed.
@throws IOException if the byte array doesn't represent an ASN.1 encoding.
Create a TimeStampResponse from an input stream containing an ASN.1 encoding.
@param input the input stream containing the encoded response.
@throws TspException if the response is malformed.
@throws IOException if the stream doesn't represent an ASN.1 encoding.
Check this response against to see if it a well formed response for
the passed in request. Validation will include checking the time stamp
token if the response status is GRANTED or GRANTED_WITH_MODS.
@param request the request to be checked against
@throws TspException if the request can not match this response.
return the ASN.1 encoded representation of this object.
Generator for RFC 3161 Time Stamp Responses.
Return an appropriate TimeStampResponse.
If genTime is null a timeNotAvailable error response will be returned.
@param request the request this response is for.
@param serialNumber serial number for the response token.
@param genTime generation time for the response token.
@param provider provider to use for signature calculation.
@return
@throws NoSuchAlgorithmException
@throws NoSuchProviderException
@throws TSPException
Generate a TimeStampResponse with chosen status and FailInfoField.
@param status the PKIStatus to set.
@param failInfoField the FailInfoField to set.
@param statusString an optional string describing the failure.
@return a TimeStampResponse with a failInfoField and optional statusString
@throws TSPException in case the response could not be created
Validate the time stamp token.
To be valid the token must be signed by the passed in certificate and
the certificate must be the one referred to by the SigningCertificate
attribute included in the hashed attributes of the token. The
certificate must also have the ExtendedKeyUsageExtension with only
KeyPurposeID.IdKPTimeStamping and have been valid at the time the
timestamp was created.
A successful call to validate means all the above are true.
Return the underlying CmsSignedData object.
@return the underlying CMS structure.
Return a ASN.1 encoded byte stream representing the encoded object.
@throws IOException if encoding fails.
return the ASN.1 encoded representation of this object using the specified encoding.
@param encoding the ASN.1 encoding format to use ("BER" or "DER").
basic creation - only the default attributes will be included here.
create with a signer with extra signed/unsigned attributes.
@return the nonce value, null if there isn't one.
Recognised hash algorithms for the time stamp protocol.
Fetches the signature time-stamp attributes from a SignerInformation object.
Checks that the MessageImprint for each time-stamp matches the signature field.
(see RFC 3161 Appendix A).
@param signerInfo a SignerInformation to search for time-stamps
@return a collection of TimeStampToken objects
@throws TSPValidationException
Validate the passed in certificate as being of the correct type to be used
for time stamping. To be valid it must have an ExtendedKeyUsage extension
which has a key purpose identifier of id-kp-timeStamping.
@param cert the certificate of interest.
@throws TspValidationException if the certicate fails on one of the check points.
Return the digest algorithm using one of the standard JCA string
representations rather than the algorithm identifier (if possible).
Exception thrown if a TSP request or response fails to validate.
If a failure code is associated with the exception it can be retrieved using
the getFailureCode() method.
Return the failure code associated with this exception - if one is set.
@return the failure code if set, -1 otherwise.
General array utilities.
Are two arrays equal.
Left side.
Right side.
True if equal.
A constant time equals comparison - does not terminate early if
test will fail.
first array
second array
true if arrays equal, false otherwise.
Make a copy of a range of bytes from the passed in data array. The range can
extend beyond the end of the input array, in which case the return array will
be padded with zeroes.
@param data the array from which the data is to be copied.
@param from the start index at which the copying should take place.
@param to the final index of the range (exclusive).
@return a new byte array containing the range given.
BigInteger utilities.
Return the passed in value as an unsigned byte array.
@param value the value to be converted.
@return a byte array without a leading zero byte if present in the signed encoding.
Return the passed in value as an unsigned byte array of the specified length, padded with
leading zeros as necessary.
@param length the fixed length of the result.
@param n the value to be converted.
@return a byte array padded to a fixed length with leading zeros.
Write the passed in value as unsigned bytes to the specified buffer range, padded with
leading zeros as necessary.
@param value
the value to be converted.
@param buf
the buffer to which the value is written.
@param off
the start offset in array buf at which the data is written.
@param len
the fixed length of data written (possibly padded with leading zeros).
Creates a Random BigInteger from the secure random of a given bit length.
Return a random BigInteger not less than 'min' and not greater than 'max'
@param min the least value that may be generated
@param max the greatest value that may be generated
@param random the source of randomness
@return a random BigInteger value in the range [min,max]
Return the number of milliseconds since the Unix epoch (1 Jan., 1970 UTC) for a given DateTime value.
A UTC DateTime value not before epoch.
Number of whole milliseconds after epoch.
'dateTime' is before epoch.
Create a DateTime value from the number of milliseconds since the Unix epoch (1 Jan., 1970 UTC).
Number of milliseconds since the epoch.
A UTC DateTime value
Return the current number of milliseconds since the Unix epoch (1 Jan., 1970 UTC).
encode the input data producing a base 64 encoded byte array.
@return a byte array containing the base 64 encoded data.
encode the input data producing a base 64 encoded byte array.
@return a byte array containing the base 64 encoded data.
Encode the byte data to base 64 writing it to the given output stream.
@return the number of bytes produced.
Encode the byte data to base 64 writing it to the given output stream.
@return the number of bytes produced.
decode the base 64 encoded input data. It is assumed the input data is valid.
@return a byte array representing the decoded data.
decode the base 64 encoded string data - whitespace will be ignored.
@return a byte array representing the decoded data.
decode the base 64 encoded string data writing it to the given output stream,
whitespace characters will be ignored.
@return the number of bytes produced.
encode the input data producing a base 64 output stream.
@return the number of bytes produced.
decode the base 64 encoded byte data writing it to the given output stream,
whitespace characters will be ignored.
@return the number of bytes produced.
decode the base 64 encoded string data writing it to the given output stream,
whitespace characters will be ignored.
@return the number of bytes produced.
A buffering class to allow translation from one format to another to
be done in discrete chunks.
Create a buffered Decoder.
The translater to use.
The size of the buffer.
Process one byte of data.
Data in.
Byte array for the output.
The offset in the output byte array to start writing from.
The amount of output bytes.
Process data from a byte array.
The input data.
Start position within input data array.
Amount of data to process from input data array.
Array to store output.
Position in output array to start writing from.
The amount of output bytes.
A class that allows encoding of data using a specific encoder to be processed in chunks.
Create.
The translator to use.
Size of the chunks.
Process one byte of data.
The byte.
An array to store output in.
Offset within output array to start writing from.
Process data from a byte array.
Input data Byte array containing data to be processed.
Start position within input data array.
Amount of input data to be processed.
Output data array.
Offset within output data array to start writing to.
The amount of data written.
Class to decode and encode Hex.
encode the input data producing a Hex encoded byte array.
@return a byte array containing the Hex encoded data.
encode the input data producing a Hex encoded byte array.
@return a byte array containing the Hex encoded data.
Hex encode the byte data writing it to the given output stream.
@return the number of bytes produced.
Hex encode the byte data writing it to the given output stream.
@return the number of bytes produced.
decode the Hex encoded input data. It is assumed the input data is valid.
@return a byte array representing the decoded data.
decode the Hex encoded string data - whitespace will be ignored.
@return a byte array representing the decoded data.
decode the Hex encoded string data writing it to the given output stream,
whitespace characters will be ignored.
@return the number of bytes produced.
Decode the hexadecimal-encoded string strictly i.e. any non-hexadecimal characters will be
considered an error.
@return a byte array representing the decoded data.
Decode the hexadecimal-encoded string strictly i.e. any non-hexadecimal characters will be
considered an error.
@return a byte array representing the decoded data.
encode the input data producing a Hex output stream.
@return the number of bytes produced.
decode the Hex encoded byte data writing it to the given output stream,
whitespace characters will be ignored.
@return the number of bytes produced.
decode the Hex encoded string data writing it to the given output stream,
whitespace characters will be ignored.
@return the number of bytes produced.
A hex translator.
Return encoded block size.
2
Encode some data.
Input data array.
Start position within input data array.
The amount of data to process.
The output data array.
The offset within the output data array to start writing from.
Amount of data encoded.
Returns the decoded block size.
1
Decode data from a byte array.
The input data array.
Start position within input data array.
The amounty of data to process.
The output data array.
The position within the output data array to start writing from.
The amount of data written.
Encode and decode byte arrays (typically from binary to 7-bit ASCII
encodings).
Translator interface.
Convert binary data to and from UrlBase64 encoding. This is identical to
Base64 encoding, except that the padding character is "." and the other
non-alphanumeric characters are "-" and "_" instead of "+" and "/".
The purpose of UrlBase64 encoding is to provide a compact encoding of binary
data that is safe for use as an URL parameter. Base64 encoding does not
produce encoded values that are safe for use in URLs, since "/" can be
interpreted as a path delimiter; "+" is the encoded form of a space; and
"=" is used to separate a name from the corresponding value in an URL
parameter.
Encode the input data producing a URL safe base 64 encoded byte array.
@return a byte array containing the URL safe base 64 encoded data.
Encode the byte data writing it to the given output stream.
@return the number of bytes produced.
Decode the URL safe base 64 encoded input data - white space will be ignored.
@return a byte array representing the decoded data.
decode the URL safe base 64 encoded byte data writing it to the given output stream,
whitespace characters will be ignored.
@return the number of bytes produced.
decode the URL safe base 64 encoded string data - whitespace will be ignored.
@return a byte array representing the decoded data.
Decode the URL safe base 64 encoded string data writing it to the given output stream,
whitespace characters will be ignored.
@return the number of bytes produced.
Convert binary data to and from UrlBase64 encoding. This is identical to
Base64 encoding, except that the padding character is "." and the other
non-alphanumeric characters are "-" and "_" instead of "+" and "/".
The purpose of UrlBase64 encoding is to provide a compact encoding of binary
data that is safe for use as an URL parameter. Base64 encoding does not
produce encoded values that are safe for use in URLs, since "/" can be
interpreted as a path delimiter; "+" is the encoded form of a space; and
"=" is used to separate a name from the corresponding value in an URL
parameter.
Produce a copy of this object with its configuration and in its current state.
The returned object may be used simply to store the state, or may be used as a similar object
starting from the copied state.
Restore a copied object state into this object.
Implementations of this method should try to avoid or minimise memory allocation to perform the reset.
an object originally {@link #copy() copied} from an object of the same type as this instance.
if the provided object is not of the correct type.
if the other parameter is in some other way invalid.
A
A
A
A
Seek ':" up to the limit.
Consume the dashes
Skip white space leave char in stream.
Read forward consuming the expected string.
expected string
false if not consumed
Consume until dash.
true if stream end not met
A generic PEM writer, based on RFC 1421
Base constructor.
@param out output stream to use.
Return the number of bytes or characters required to contain the
passed in object if it is PEM encoded.
@param obj pem object to be output
@return an estimate of the number of bytes
Write the full contents of inStr to the destination stream outStr.
Source stream.
Destination stream.
In case of IO failure.
Write the full contents of inStr to the destination stream outStr.
Source stream.
Destination stream.
The size of temporary buffer to use.
In case of IO failure.
Pipe all bytes from inStr to outStr, throwing StreamFlowException if greater
than limit bytes in inStr.
A
A
A
The number of bytes actually transferred, if not greater than limit
Exception to be thrown on a failure to reset an object implementing Memoable.
The exception extends InvalidCastException to enable users to have a single handling case,
only introducing specific handling of this one if required.
Basic Constructor.
@param msg message to be associated with this exception.
Validate the given IPv4 or IPv6 address.
@param address the IP address as a string.
@return true if a valid address, false otherwise
Validate the given IPv4 or IPv6 address and netmask.
@param address the IP address as a string.
@return true if a valid address with netmask, false otherwise
Validate the given IPv4 address.
@param address the IP address as a string.
@return true if a valid IPv4 address, false otherwise
Validate the given IPv6 address.
@param address the IP address as a string.
@return true if a valid IPv4 address, false otherwise
General string utilities.
Summary description for DeflaterOutputStream.
Summary description for DeflaterOutputStream.
The Holder object.
Holder ::= SEQUENCE {
baseCertificateID [0] IssuerSerial OPTIONAL,
-- the issuer and serial number of
-- the holder's Public Key Certificate
entityName [1] GeneralNames OPTIONAL,
-- the name of the claimant or role
objectDigestInfo [2] ObjectDigestInfo OPTIONAL
-- used to directly authenticate the holder,
-- for example, an executable
}
Constructs a holder for v2 attribute certificates with a hash value for
some type of object.
digestedObjectType can be one of the following:
- 0 - publicKey - A hash of the public key of the holder must be
passed.
- 1 - publicKeyCert - A hash of the public key certificate of the
holder must be passed.
- 2 - otherObjectDigest - A hash of some other object type must be
passed.
otherObjectTypeID must not be empty.
This cannot be used if a v1 attribute certificate is used.
@param digestedObjectType The digest object type.
@param digestAlgorithm The algorithm identifier for the hash.
@param otherObjectTypeID The object type ID if
digestedObjectType is
otherObjectDigest.
@param objectDigest The hash value.
Returns the digest object type if an object digest info is used.
- 0 - publicKey - A hash of the public key of the holder must be
passed.
- 1 - publicKeyCert - A hash of the public key certificate of the
holder must be passed.
- 2 - otherObjectDigest - A hash of some other object type must be
passed.
otherObjectTypeID must not be empty.
@return The digest object type or -1 if no object digest info is set.
Returns the other object type ID if an object digest info is used.
@return The other object type ID or null if no object
digest info is set.
Returns the hash if an object digest info is used.
@return The hash or null if no object digest info is set.
Returns the digest algorithm ID if an object digest info is used.
@return The digest algorithm ID or null if no object
digest info is set.
Return any principal objects inside the attribute certificate holder entity names field.
@return an array of IPrincipal objects (usually X509Name), null if no entity names field is set.
Return the principals associated with the issuer attached to this holder
@return an array of principals, null if no BaseCertificateID is set.
Return the serial number associated with the issuer attached to this holder.
@return the certificate serial number, null if no BaseCertificateID is set.
Carrying class for an attribute certificate issuer.
Set the issuer directly with the ASN.1 structure.
@param issuer The issuer
Return any principal objects inside the attribute certificate issuer object.
An array of IPrincipal objects (usually X509Principal).
A high level authority key identifier.
Constructor which will take the byte[] returned from getExtensionValue()
@param encodedValue a DER octet encoded string with the extension structure in it.
@throws IOException on parsing errors.
Create an AuthorityKeyIdentifier using the passed in certificate's public
key, issuer and serial number.
@param certificate the certificate providing the information.
@throws CertificateParsingException if there is a problem processing the certificate
Create an AuthorityKeyIdentifier using just the hash of the
public key.
@param pubKey the key to generate the hash from.
@throws InvalidKeyException if there is a problem using the key.
A high level subject key identifier.
Constructor which will take the byte[] returned from getExtensionValue()
@param encodedValue a DER octet encoded string with the extension structure in it.
@throws IOException on parsing errors.
Interface for an X.509 Attribute Certificate.
The version number for the certificate.
The serial number for the certificate.
The UTC DateTime before which the certificate is not valid.
The UTC DateTime after which the certificate is not valid.
The holder of the certificate.
The issuer details for the certificate.
Return the attributes contained in the attribute block in the certificate.
An array of attributes.
Return the attributes with the same type as the passed in oid.
The object identifier we wish to match.
An array of matched attributes, null if there is no match.
Return an ASN.1 encoded byte array representing the attribute certificate.
An ASN.1 encoded byte array.
If the certificate cannot be encoded.
Get all critical extension values, by oid
IDictionary with string (OID) keys and Asn1OctetString values
Get all non-critical extension values, by oid
IDictionary with string (OID) keys and Asn1OctetString values
A utility class that will extract X509Principal objects from X.509 certificates.
Use this in preference to trying to recreate a principal from a string, not all
DNs are what they should be, so it's best to leave them encoded where they
can be.
Return the issuer of the given cert as an X509Principal.
Return the subject of the given cert as an X509Principal.
Return the issuer of the given CRL as an X509Principal.
This class is an Selector like implementation to select
attribute certificates from a given set of criteria.
@see org.bouncycastle.x509.X509AttributeCertificate
@see org.bouncycastle.x509.X509Store
Decides if the given attribute certificate should be selected.
The attribute certificate to be checked.
true if the object matches this selector.
The attribute certificate which must be matched.
If null is given, any will do.
The criteria for validity
If null is given any will do.
The holder.
If null is given any will do.
The issuer.
If null is given any will do.
The serial number.
If null is given any will do.
Adds a target name criterion for the attribute certificate to the target
information extension criteria. The X509AttributeCertificate
must contain at least one of the specified target names.
Each attribute certificate may contain a target information extension
limiting the servers where this attribute certificate can be used. If
this extension is not present, the attribute certificate is not targeted
and may be accepted by any server.
@param name The name as a GeneralName (not null)
Adds a target name criterion for the attribute certificate to the target
information extension criteria. The X509AttributeCertificate
must contain at least one of the specified target names.
Each attribute certificate may contain a target information extension
limiting the servers where this attribute certificate can be used. If
this extension is not present, the attribute certificate is not targeted
and may be accepted by any server.
@param name a byte array containing the name in ASN.1 DER encoded form of a GeneralName
@throws IOException if a parsing error occurs.
Adds a collection with target names criteria. If null is
given any will do.
The collection consists of either GeneralName objects or byte[] arrays representing
DER encoded GeneralName structures.
@param names A collection of target names.
@throws IOException if a parsing error occurs.
@see #AddTargetName(byte[])
@see #AddTargetName(GeneralName)
Gets the target names. The collection consists of Lists
made up of an Integer in the first entry and a DER encoded
byte array or a String in the second entry.
The returned collection is immutable.
@return The collection of target names
@see #setTargetNames(Collection)
Adds a target group criterion for the attribute certificate to the target
information extension criteria. The X509AttributeCertificate
must contain at least one of the specified target groups.
Each attribute certificate may contain a target information extension
limiting the servers where this attribute certificate can be used. If
this extension is not present, the attribute certificate is not targeted
and may be accepted by any server.
@param group The group as GeneralName form (not null)
Adds a target group criterion for the attribute certificate to the target
information extension criteria. The X509AttributeCertificate
must contain at least one of the specified target groups.
Each attribute certificate may contain a target information extension
limiting the servers where this attribute certificate can be used. If
this extension is not present, the attribute certificate is not targeted
and may be accepted by any server.
@param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName
@throws IOException if a parsing error occurs.
Adds a collection with target groups criteria. If null is
given any will do.
The collection consists of GeneralName objects or byte[]
representing DER encoded GeneralNames.
@param names A collection of target groups.
@throws IOException if a parsing error occurs.
@see #AddTargetGroup(byte[])
@see #AddTargetGroup(GeneralName)
Gets the target groups. The collection consists of Lists
made up of an Integer in the first entry and a DER encoded
byte array or a String in the second entry.
The returned collection is immutable.
@return The collection of target groups.
@see #setTargetGroups(Collection)
This class is an IX509Selector implementation to select
certificate pairs, which are e.g. used for cross certificates. The set of
criteria is given from two X509CertStoreSelector objects,
each of which, if present, must match the respective component of a pair.
The certificate pair which is used for testing on equality.
The certificate selector for the forward part.
The certificate selector for the reverse part.
Decides if the given certificate pair should be selected. If
obj is not a X509CertificatePair, this method
returns false.
The X509CertificatePair to be tested.
true if the object matches this selector.
An ISet of DerObjectIdentifier objects.
A simple collection backed store.
Basic constructor.
@param collection - initial contents for the store, this is copied.
Return the matches in the collection for the passed in selector.
@param selector the selector to match against.
@return a possibly empty collection of matching objects.
This class contains a collection for collection based X509Stores.
Constructor.
The collection is copied.
The collection containing X.509 object types.
If collection is null.
Returns a copy of the ICollection.
Returns a formatted string describing the parameters.
An ICollection of X509Name objects
The attribute certificate being checked. This is not a criterion.
Rather, it is optional information that may help a {@link X509Store} find
CRLs that would be relevant when checking revocation for the specified
attribute certificate. If null is specified, then no such
optional information is provided.
@param attrCert the IX509AttributeCertificate being checked (or
null)
@see #getAttrCertificateChecking()
If true only complete CRLs are returned. Defaults to
false.
@return true if only complete CRLs are returned.
Returns if this selector must match CRLs with the delta CRL indicator
extension set. Defaults to false.
@return Returns true if only CRLs with the delta CRL
indicator extension are selected.
The issuing distribution point.
The issuing distribution point extension is a CRL extension which
identifies the scope and the distribution point of a CRL. The scope
contains among others information about revocation reasons contained in
the CRL. Delta CRLs and complete CRLs must have matching issuing
distribution points.
The byte array is cloned to protect against subsequent modifications.
You must also enable or disable this criteria with
{@link #setIssuingDistributionPointEnabled(bool)}.
@param issuingDistributionPoint The issuing distribution point to set.
This is the DER encoded OCTET STRING extension value.
@see #getIssuingDistributionPoint()
Whether the issuing distribution point criteria should be applied.
Defaults to false.
You may also set the issuing distribution point criteria if not a missing
issuing distribution point should be assumed.
@return Returns if the issuing distribution point check is enabled.
The maximum base CRL number. Defaults to null.
@return Returns the maximum base CRL number.
@see #setMaxBaseCRLNumber(BigInteger)
A factory to produce Public Key Info Objects.
Create a Subject Public Key Info object for a given public key.
One of ElGammalPublicKeyParameters, DSAPublicKeyParameter, DHPublicKeyParameters, RsaKeyParameters or ECPublicKeyParameters
A subject public key info object.
Throw exception if object provided is not one of the above.
Create loading data from byte array.
Create loading data from byte array.
Generates a certificate object and initializes it with the data
read from the input stream inStream.
Returns a (possibly empty) collection view of the certificates
read from the given input stream inStream.
Class for carrying the values in an X.509 Attribute.
@param at an object representing an attribute.
Create an X.509 Attribute with the type given by the passed in oid and
the value represented by an ASN.1 Set containing value.
@param oid type of the attribute
@param value value object to go into the atribute's value set.
Create an X.59 Attribute with the type given by the passed in oid and the
value represented by an ASN.1 Set containing the objects in value.
@param oid type of the attribute
@param value vector of values to go in the attribute's value set.
An Object representing an X509 Certificate.
Has static methods for loading Certificates encoded in many forms that return X509Certificate Objects.
Return true if the current time is within the start and end times nominated on the certificate.
true id certificate is valid for the current time.
Return true if the nominated time is within the start and end times nominated on the certificate.
The time to test validity against.
True if certificate is valid for nominated time.
Checks if the current date is within certificate's validity period.
Checks if the given date is within certificate's validity period.
if the certificate is expired by given date
if the certificate is not yet valid on given date
Return the certificate's version.
An integer whose value Equals the version of the cerficate.
Return a BigInteger containing the serial number.
The Serial number.
Get the Issuer Distinguished Name. (Who signed the certificate.)
And X509Object containing name and value pairs.
Get the subject of this certificate.
An X509Name object containing name and value pairs.
The time that this certificate is valid from.
A DateTime object representing that time in the local time zone.
The time that this certificate is valid up to.
A DateTime object representing that time in the local time zone.
Return the Der encoded TbsCertificate data.
This is the certificate component less the signature.
To Get the whole certificate call the GetEncoded() member.
A byte array containing the Der encoded Certificate component.
The signature.
A byte array containg the signature of the certificate.
A meaningful version of the Signature Algorithm. (EG SHA1WITHRSA)
A sting representing the signature algorithm.
Get the Signature Algorithms Object ID.
A string containg a '.' separated object id.
Get the signature algorithms parameters. (EG DSA Parameters)
A byte array containing the Der encoded version of the parameters or null if there are none.
Get the issuers UID.
A DerBitString.
Get the subjects UID.
A DerBitString.
Get a key usage guidlines.
Get the public key of the subject of the certificate.
The public key parameters.
Return the DER encoding of this certificate.
A byte array containing the DER encoding of this certificate.
If there is an error encoding the certificate.
Verify the certificate's signature using the nominated public key.
An appropriate public key parameter object, RsaPublicKeyParameters, DsaPublicKeyParameters or ECDsaPublicKeyParameters
True if the signature is valid.
If key submitted is not of the above nominated types.
Verify the certificate's signature using a verifier created using the passed in verifier provider.
An appropriate provider for verifying the certificate's signature.
True if the signature is valid.
If verifier provider is not appropriate or the certificate algorithm is invalid.
This class contains a cross certificate pair. Cross certificates pairs may
contain two cross signed certificates from two CAs. A certificate from the
other CA to this CA is contained in the forward certificate, the certificate
from this CA to the other CA is contained in the reverse certificate.
Constructor
Certificate from the other CA to this CA.
Certificate from this CA to the other CA.
Constructor from a ASN.1 CertificatePair structure.
The CertificatePair ASN.1 object.
Returns the certificate from the other CA to this CA.
Returns the certificate from this CA to the other CA.
class for dealing with X509 certificates.
At the moment this will deal with "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----"
base 64 encoded certs, as well as the BER binaries of certificates and some classes of PKCS#7
objects.
Create loading data from byte array.
Create loading data from byte array.
Generates a certificate object and initializes it with the data
read from the input stream inStream.
Returns a (possibly empty) collection view of the certificates
read from the given input stream inStream.
Create loading data from byte array.
Create loading data from byte array.
The following extensions are listed in RFC 2459 as relevant to CRLs
Authority Key Identifier
Issuer Alternative Name
CRL Number
Delta CRL Indicator (critical)
Issuing Distribution Point (critical)
Verify the CRL's signature using a verifier created using the passed in verifier provider.
An appropriate provider for verifying the CRL's signature.
True if the signature is valid.
If verifier provider is not appropriate or the CRL algorithm is invalid.
Return the DER encoding of this CRL.
A byte array containing the DER encoding of this CRL.
If there is an error encoding the CRL.
Returns a string representation of this CRL.
@return a string representation of this CRL.
Checks whether the given certificate is on this CRL.
@param cert the certificate to check for.
@return true if the given certificate is on this CRL,
false otherwise.
The following extensions are listed in RFC 2459 as relevant to CRL Entries
ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer
(critical)
Constructor for CRLEntries of indirect CRLs. If isIndirect
is false {@link #getCertificateIssuer()} will always
return null, previousCertificateIssuer is
ignored. If this isIndirect is specified and this CrlEntry
has no certificate issuer CRL entry extension
previousCertificateIssuer is returned by
{@link #getCertificateIssuer()}.
@param c
TbsCertificateList.CrlEntry object.
@param isIndirect
true if the corresponding CRL is a indirect
CRL.
@param previousCertificateIssuer
Certificate issuer of the previous CrlEntry.
Create loading data from byte array.
Create loading data from byte array.
Generates a certificate revocation list (CRL) object and initializes
it with the data read from the input stream inStream.
Returns a (possibly empty) collection view of the CRLs read from
the given input stream inStream.
The inStream may contain a sequence of DER-encoded CRLs, or
a PKCS#7 CRL set. This is a PKCS#7 SignedData object, with the
only significant field being crls. In particular the signature
and the contents are ignored.
Get non critical extensions.
A set of non critical extension oids.
Get any critical extensions.
A sorted list of critical entension.
Get the value of a given extension.
The object ID of the extension.
An Asn1OctetString object if that extension is found or null if not.
A holding class for constructing an X509 Key Usage extension.
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
Basic constructor.
@param usage - the bitwise OR of the Key Usage flags giving the
allowed uses for the key.
e.g. (X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment)
Return the digest algorithm using one of the standard JCA string
representations rather than the algorithm identifier (if possible).
Class to Generate X509V1 Certificates.
Default Constructor.
Reset the generator.
Set the certificate's serial number.
Make serial numbers long, if you have no serial number policy make sure the number is at least 16 bytes of secure random data.
You will be surprised how ugly a serial number collision can get.
The serial number.
Set the issuer distinguished name.
The issuer is the entity whose private key is used to sign the certificate.
The issuers DN.
Set the date that this certificate is to be valid from.
Set the date after which this certificate will no longer be valid.
Set the subject distinguished name.
The subject describes the entity associated with the public key.
Set the public key that this certificate identifies.
Set the signature algorithm that will be used to sign this certificate.
This can be either a name or an OID, names are treated as case insensitive.
string representation of the algorithm name
Generate a new X509Certificate.
The private key of the issuer used to sign this certificate.
An X509Certificate.
Generate a new X509Certificate specifying a SecureRandom instance that you would like to use.
The private key of the issuer used to sign this certificate.
The Secure Random you want to use.
An X509Certificate.
Generate a new X509Certificate using the passed in SignatureCalculator.
A signature calculator factory with the necessary algorithm details.
An X509Certificate.
Allows enumeration of the signature names supported by the generator.
An implementation of a version 2 X.509 Attribute Certificate.
Verify the certificate's signature using a verifier created using the passed in verifier provider.
An appropriate provider for verifying the certificate's signature.
True if the signature is valid.
If verifier provider is not appropriate or the certificate algorithm is invalid.
Class to produce an X.509 Version 2 AttributeCertificate.
Reset the generator
Set the Holder of this Attribute Certificate.
Set the issuer.
Set the serial number for the certificate.
Set the signature algorithm. This can be either a name or an OID, names
are treated as case insensitive.
The algorithm name.
Add an attribute.
Add a given extension field for the standard extensions tag.
Add a given extension field for the standard extensions tag.
The value parameter becomes the contents of the octet string associated
with the extension.
Generate an X509 certificate, based on the current issuer and subject.
Generate an X509 certificate, based on the current issuer and subject,
using the supplied source of randomness, if required.
Generate a new X.509 Attribute Certificate using the passed in SignatureCalculator.
A signature calculator factory with the necessary algorithm details.
An IX509AttributeCertificate.
Allows enumeration of the signature names supported by the generator.
class to produce an X.509 Version 2 CRL.
reset the generator
Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
certificate.
Reason being as indicated by CrlReason, i.e. CrlReason.KeyCompromise
or 0 if CrlReason is not to be used
Add a CRL entry with an Invalidity Date extension as well as a CrlReason extension.
Reason being as indicated by CrlReason, i.e. CrlReason.KeyCompromise
or 0 if CrlReason is not to be used
Add a CRL entry with extensions.
Add the CRLEntry objects contained in a previous CRL.
@param other the X509Crl to source the other entries from.
Set the signature algorithm that will be used to sign this CRL.
add a given extension field for the standard extensions tag (tag 0)
add a given extension field for the standard extensions tag (tag 0)
add a given extension field for the standard extensions tag (tag 0)
add a given extension field for the standard extensions tag (tag 0)
Generate an X.509 CRL, based on the current issuer and subject.
The private key of the issuer that is signing this certificate.
An X509Crl.
Generate an X.509 CRL, based on the current issuer and subject using the specified secure random.
The private key of the issuer that is signing this certificate.
Your Secure Random instance.
An X509Crl.
Generate a new X509Crl using the passed in SignatureCalculator.
A signature calculator factory with the necessary algorithm details.
An X509Crl.
Allows enumeration of the signature names supported by the generator.
A class to Generate Version 3 X509Certificates.
Reset the Generator.
Set the certificate's serial number.
Make serial numbers long, if you have no serial number policy make sure the number is at least 16 bytes of secure random data.
You will be surprised how ugly a serial number collision can Get.
The serial number.
Set the distinguished name of the issuer.
The issuer is the entity which is signing the certificate.
The issuer's DN.
Set the date that this certificate is to be valid from.
Set the date after which this certificate will no longer be valid.
Set the DN of the entity that this certificate is about.
Set the public key that this certificate identifies.
Set the signature algorithm that will be used to sign this certificate.
Set the subject unique ID - note: it is very rare that it is correct to do this.
Set the issuer unique ID - note: it is very rare that it is correct to do this.
Add a given extension field for the standard extensions tag (tag 3).
string containing a dotted decimal Object Identifier.
Is it critical.
The value.
Add an extension to this certificate.
Its Object Identifier.
Is it critical.
The value.
Add an extension using a string with a dotted decimal OID.
string containing a dotted decimal Object Identifier.
Is it critical.
byte[] containing the value of this extension.
Add an extension to this certificate.
Its Object Identifier.
Is it critical.
byte[] containing the value of this extension.
Add a given extension field for the standard extensions tag (tag 3),
copying the extension value from another certificate.
add a given extension field for the standard extensions tag (tag 3)
copying the extension value from another certificate.
@throws CertificateParsingException if the extension cannot be extracted.
Generate an X509Certificate.
The private key of the issuer that is signing this certificate.
An X509Certificate.
Generate an X509Certificate using your own SecureRandom.
The private key of the issuer that is signing this certificate.
You Secure Random instance.
An X509Certificate.
Generate a new X509Certificate using the passed in SignatureCalculator.
A signature calculator factory with the necessary algorithm details.
An X509Certificate.
Allows enumeration of the signature names supported by the generator.
Base class for both the compress and decompress classes.
Holds common arrays, and static data.
@author Keiron Liddle
An input stream that decompresses from the BZip2 format (with the file
header chars) to be read as any other stream.
@author Keiron Liddle
NB: note this class has been modified to read the leading BZ from the
start of the BZIP2 stream to make it compatible with other PGP programs.
An output stream that compresses into the BZip2 format (with the file
header chars) into another stream.
@author Keiron Liddle
TODO: Update to BZip2 1.0.1
NB: note this class has been modified to add a leading BZ to the
start of the BZIP2 stream to make it compatible with other PGP programs.
modified by Oliver Merkel, 010128
A simple class the hold and calculate the CRC for sanity checking
of the data.
@author Keiron Liddle
Return a salted hash based on PBKDF2 for the UTF-8 encoding of the argument text.
Provided key text
Base64 encoded string representing the salt