Package de.cscc.crypto.provider
Provides the implementation of the concrete cryptographic services, their
keys, algorithm parameters, generators and factories.
See:
Description
Package de.cscc.crypto.provider Description
Provides the implementation of the concrete cryptographic services, their
keys, algorithm parameters, generators and factories. You needn't use them
directly through this package. All classes in this package have to only be used
through the JCE API engine classes. This isn't valid for the subpackage
de.cscc.crypto.provider.spec
in this package. There are transparent
key specifications and algorithm parameter specifications. You have to use them
directly because they implement common types (interfaces) defined in the JCE
API.
Package Specification
Related Documentation
For overviews and guids please see:
Setup the jhbci provider
There are two ways to register the provider in the JCE API, dynamic registration
and static registration. You have to use the class
JHBCI
to register the provider in the JCE API
after you have copied jar archive jhbci-provider.jar
to
<java.home>/lib/ext
.
See the example:
- Dynamic registration (means at runtime of your program)
import java.security.Security;
import de.cscc.crypto.provider.
public class Main {
public static void main(String[] args) {
Security.addProvider(new JHBCI());
// (...)
}
}
- Static registration (means before the jvm starts up)
You have to add just the following line in the file <java.home>lib/security/java.security
:
security.provider.<n>=de.cscc.crypto.provider.JHBCI
Where <n>
is the preference you want the provider at
(1 being the most prefered).
For further description see:
Installing JCE Providers for the J2SDK, v 1.4
Implemented Algorithms
The following algorithms are implemented and usable through the JCE engine
classes:
- Symmetric Ciphers
- Asymmetric Ciphers
- Message Digest (Hash)
- Signatures
Note: The italic Strings like "DES1Key" are the algorithm names
and must be used as part of the <String transformation>
or
<String algorithm>
parameter of the static factory method
getInstance
method of the specific JCE API engine class.
DES1Key - Cipher |
JCE Engine |
javax.crypto.Cipher |
Algorithm |
DES1Key |
Operation Mode |
ECB, CBC |
Padding |
NoPadding, ISO10126OctetPadding |
Defaults Transformation |
"DES1Key/CBC/ISO10126OctetPadding" |
Default SecretKey |
Some random valid SecretKey. |
Default Initialization Vector |
A 8 byte long array, that will be randomly generated by the Cipher object. |
Note |
|
DES1Key - KeySpec |
JCA Type |
java.security.spec.KeySpec |
Class |
de.cscc.crypto.provider.spec.DES1KeySpec |
Encoding Format |
Transparent representation of the key material. Which means you have direct
access to the binary format of the key specification via
getKey method. |
Key Length |
56 bit or 64 bit with parity |
Note |
You can direct construct a instance of this class with a byte array
that contains the key material. In this case we do check every DES
key specification for weak and semiweak keys while construction from
the byte array that contains the key material. So you don't have to do this.
We do all the work for you. The consequence in this decision is that you
can't construct a weak or semiweak DES key specification. Further more -
if a byte array contains key material that isn't parity adjusted, we do that in
every case for you. This means that getKey() won't return the same key
material as you put in to the constructor - if the parity of the key material
wasn't parity adjusted. For mor details look in to the private method:
DES1KeySpec.oddParity(byte[]) Furthermore you can use
a SecretKeyFactory - that is instanced for the DES1Key algorithm - to
create a DES1KeySpec via its getKeySpec
method. |
DES1Key - AlgorithmParameterSpec |
JCA Type |
java.security.spec.AlgorithmParameterSpec |
Class |
de.cscc.crypto.provider.spec.DESOperationModeInitializationVectorSpec |
Encoding Format |
Transparent representation of the initialization vector. Which means you
have direct access to the binary format of the algorithm parameter
specification via getKey method. You need the initialization
vector for CBC mode. |
Initialization Vector Length |
64 bit |
Note |
You can direct construct a instance of this class with a byte array
that contains the algorithm parameter material. |
DES1Key - KeyGenerator |
JCE Engine |
javax.crypto.KeyGenerator |
Algorithm |
DES1Key |
Note |
Generates a SecretKey as a random value - that is suitable
to this algorithm. We generate only keys that aren't weak or semiweak
and further we adjust also the parity in this keys. |
[ TOC ]
DESede2Key - Cipher |
JCE Engine |
javax.crypto.Cipher |
Algorithm |
DESede2Key |
Operation Mode |
ECB, CBC |
Padding |
NoPadding, ISO10126OctetPadding |
Defaults Transformation |
"DESede2Key/CBC/ISO10126OctetPadding" |
Default SecretKey |
Some random valid SecretKey. |
Default Initialization Vector |
A 8 byte long array, that will be randomly generated by the Cipher object. |
Note |
|
DESede2Key - KeySpec |
JCA Type |
java.security.spec.KeySpec |
Class |
de.cscc.crypto.provider.spec.DESede2KeySpec |
Encoding Format |
Transparent representation of the key material. Which means you have direct
access to the binary format of the key specification via
getKey method. |
Key Length |
112 bit or 128 bit with parity |
Note |
You can direct construct a instance of this class with a byte array
that contains the key material. In this case we do check every DES
key specification for weak and semiweak keys while construction from
the byte array that contains the key material. So you don't have to do this.
We do all the work for you. The consequence in this decision is that you
can't construct a weak or semiweak DES key specification. Further more -
if a byte array contains key material that isn't parity adjusted, we do that in
every case for you. This means that getKey() won't return the same key
material as you put in to the constructor - if the parity of the key material
wasn't parity adjusted. For mor details look in to the private method:
DES1KeySpec.oddParity(byte[]) Furthermore you can use
a SecretKeyFactory - that is instanced for the DESede2Key algorithm - to
create a DESede2KeySpec via its getKeySpec
method. |
DESede2Key - AlgorithmParameterSpec |
JCA Type |
java.security.spec.AlgorithmParameterSpec |
Class |
de.cscc.crypto.provider.spec.DESOperationModeInitializationVectorSpec |
Encoding Format |
Transparent representation of the initialization vector. Which means you
have direct access to the binary format of the algorithm parameter
specification via getKey method. You need the initialization
vector for CBC mode. |
Initialization Vector Length |
64 bit |
Note |
You can direct construct a instance of this class with a byte array
that contains the algorithm parameter material. |
DESede2Key - KeyGenerator |
JCE Engine |
javax.crypto.KeyGenerator |
Algorithm |
DESede2Key |
Note |
Generates a SecretKey as a random value - that is suitable
to this algorithm. We generate only keys, where each 64 bit DES key
aren't weak or semiweak and further we adjust also the parity of each 64 bit
DES Key. |
[ TOC ]
DESede3Key - Cipher |
JCE Engine |
javax.crypto.Cipher |
Algorithm |
DESede3Key |
Operation Mode |
ECB, CBC |
Padding |
NoPadding, ISO10126OctetPadding |
Defaults Transformation |
"DESede3Key/CBC/ISO10126OctetPadding" |
Default SecretKey |
Some random valid SecretKey. |
Default Initialization Vector |
A 8 byte long array, that will be randomly generated by the Cipher object. |
Note |
|
DESede3Key - KeySpec |
JCA Type |
java.security.spec.KeySpec |
Class |
de.cscc.crypto.provider.spec.DESede3KeySpec |
Encoding Format |
Transparent representation of the key material. Which means you have direct
access to the binary format of the key specification via
getKey method. |
Key Length |
168 bit or 192 bit with parity |
Note |
You can direct construct a instance of this class with a byte array
that contains the key material. In this case we do check every DES
key specification for weak and semiweak keys while construction from
the byte array that contains the key material. So you don't have to do this.
We do all the work for you. The consequence in this decision is that you
can't construct a weak or semiweak DES key specification. Further more -
if a byte array contains key material that isn't parity adjusted, we do that in
every case for you. This means that getKey() won't return the same key
material as you put in to the constructor - if the parity of the key material
wasn't parity adjusted. For mor details look in to the private method:
DES1KeySpec.oddParity(byte[]) Furthermore you can use
a SecretKeyFactory - that is instanced for the DESede3Key algorithm - to
create a DESede3KeySpec via its getKeySpec
method. |
DESede3Key - AlgorithmParameterSpec |
JCA Type |
java.security.spec.AlgorithmParameterSpec |
Class |
de.cscc.crypto.provider.spec.DESOperationModeInitializationVectorSpec |
Encoding Format |
Transparent representation of the initialization vector. Which means you
have direct access to the binary format of the algorithm parameter
specification via getKey method. You need the initialization
vector for CBC mode. |
Initialization Vector Length |
64 bit |
Note |
You can direct construct a instance of this class with a byte array
that contains the algorithm parameter material. |
DESede3Key - KeyGenerator |
JCE Engine |
javax.crypto.KeyGenerator |
Algorithm |
DESede3Key |
Note |
Generates a SecretKey as a random value - that is suitable
to this algorithm. We generate only keys, where each 64 bit DES key
aren't weak or semiweak and further we adjust also the parity of each 64 bit
DES Key. |
[ TOC ]
RSA - PrivateKey, RSAPrivateKey |
JCA Type |
java.security.PrivateKey ,
java.security.interfaces.RSAPrivateKey |
Algorithm |
RSA |
Encoding Format |
null , We do not support encoding for RSA keys at this time. |
Key Length |
Variable key length. |
Note |
KeyFactory supplies a
RSAPrivateKey from its transparent specification, that means a
RSAPrivateKeySpec object.
You can not instance a RSAPrivateKey
directly. If the RSAPrivateKey is created, its only purpose is
to be used in a matching Cipher or Signature
object. This RSAPrivateKey is Serializable and
overrides Object.equals(java.lang.Object) ,
Object.hashCode() and Object.toString() .
If you want to turn a RSAPrivateCrtKey in to a RSAPrivateKey, you have
to construct a new RSAPrivateKeySpec from the RSAPrivateCrtKey's
modulus and its privateExponent . Then you can
produce a new RSAPrivateKey from its RSAPrivateKeySpec with the RSA
KeyFactory.
|
RSA - KeyPairGenerator |
JCA Engine |
java.security.KeyPairGenerator |
Algorithm |
RSA |
Note |
Generates a RSA KeyPair that contains a new randomly generated
RSAPublicKey and its corresponding
RSAPrivateCrtKey . The generated Keys are strong primes that
that will be found with the Gordon algorithm. The key length starts at 768
bit and can be increased in 256 bit steps to larger values. There is no
limit for higher values, the CPU is the only bottleneck.
The generation of a 4096 bit long strong prime keypair on my 1300 MHz Athlon
will take up to 50 min, a 768 bit key will take around 10 seconds. This
class can also be logged to see what is going on while key generation. The
log level are FINER and FINEST We use the new
Java logging API from java.util.logging.* .
The RSA KeyPairGenerator will only generate keypairs that contains a
RSAPublicKey/RSAPrivateCrtKey Pair. If you want to use an RSAPrivateKey
instead of a RSAPrivateCrtKey, you have to convert it with help of a
RSAPrivateKeySpec and a RSA KeyFactory into an RSAPrivateKey.
|
[ TOC ]
RIPEMD160 - MessageDigest |
JCA Engine |
java.security.MessageDigest |
Algorithm |
RIPEMD160 |
Default Initialization Vector |
0x0123456789ABCDEFFEDCBA9876543210F0E1D2C3 in little endian notation. |
Note |
|
[ TOC ]
[ TOC ]
RIPEMD160WithISO9796-1AndRSA - Signature
|
JCA Engine |
java.security.Signature |
Algorithm |
RIPEMD160WithISO9796-1AndRSA |
Note |
|
[ TOC ]
Sample Code
You can use the package in the following way:
package com.foo.bar;
import java.security.Security;
import java.security.NoSuchAlgorithmException;
import javax.crypto.NoSuchPaddingException;
import java.security.NoSuchProviderException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.SecretKey;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKeyFactory;
import javax.crypto.Cipher;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import de.cscc.crypto.util.ByteUtil;
import de.cscc.crypto.provider.JHBCI;
import de.cscc.crypto.provider.spec.DESede2KeySpec;
import de.cscc.crypto.provider.spec.DESOperationModeInitializationVectorSpec;
/** Main Class
*
* @author Uwe Guenther
* @version $Revision: 1.8 $
*/
public class Main {
/** Creates new Main */
public Main () {
}
/**
* @param args the command line arguments
*/
public static void main (String[] args) {
Security.addProvider(new JHBCI());
/*
* Encryption Code
*/
//Produce a KeyGenrator.
KeyGenerator encryptKeyGenerator = null;
try {
encryptKeyGenerator =
KeyGenerator.getInstance("DESede2Key", "JHBCI");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
}
//Generate a Secret Key.
SecretKey encryptKey = encryptKeyGenerator.generateKey();
//Definie the Initailization Vector Material
//The byte array have to 8 bytes long.
byte[] encryptIvMaterial = {
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00
};
//Construct a new transparent algorithm parameter specification,
//this means an initialization vector for the CBC operation mode.
DESOperationModeInitializationVectorSpec encryptIv = null;
try {
encryptIv =
new DESOperationModeInitializationVectorSpec(encryptIvMaterial);
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
}
//Produce a Cipher.
Cipher encryptCipher = null;
try {
encryptCipher =
Cipher.getInstance("DESede2Key/CBC/ISO10126OctetPadding", "JHBCI");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
}
//Initialize the Cipher for encryption.
try {
encryptCipher.init(Cipher.ENCRYPT_MODE, encryptKey, encryptIv);
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
}
//Setup the plain text message that we will encrypt.
byte[] plainText = "Now is the time for all ".getBytes();
//Encrypt of the plain text message.
byte[] cipherText = null;
try {
cipherText = encryptCipher.doFinal(plainText);
} catch (IllegalStateException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
//Prepare key for transporting e.g. over the network.
byte[] decryptKeyMaterial = encryptKey.getEncoded();
//Prepare initialization vector for transporting e.g. over the network.
byte[] decryptIvMaterial = encryptCipher.getIV();
//Print out the key in binary Hex notation.
System.out.println("decryptKeyMaterial: " +
ByteUtil.toHex(decryptKeyMaterial));
//Print out the initialization vector in binary Hex notation.
System.out.println("decryptIvMaterial: " +
ByteUtil.toHex(decryptIvMaterial));
//Print out the plainText in binary Hex notation.
System.out.println("plainText: " +
ByteUtil.toHex(plainText));
//Print out the cipherText in binary Hex notation.
System.out.println("cipherText: " +
ByteUtil.toHex(cipherText));
//Print a new line.
System.out.println();
/*
* Decryption Code
*/
//Produce a SecretKeyFactory.
SecretKeyFactory decryptSecretKeyFactory = null;
try {
decryptSecretKeyFactory =
SecretKeyFactory.getInstance("DESede2Key", "JHBCI");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
}
//Construct a transparent key specification from the key material
DESede2KeySpec decryptKeySpec = null;
try {
decryptKeySpec = new DESede2KeySpec(decryptKeyMaterial);
} catch (InvalidKeyException e) {
e.printStackTrace();
}
//Produce the SecretKey.
SecretKey decryptKey = null;
try {
decryptKey = decryptSecretKeyFactory.generateSecret(decryptKeySpec);
} catch (InvalidKeySpecException e) {
e.printStackTrace();
}
//Produce a Cipher.
Cipher decryptCipher = null;
try {
decryptCipher =
Cipher.getInstance("DESede2Key/CBC/ISO10126OctetPadding", "JHBCI");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
}
//Construct a new transparent algorithm parameter specification,
//this means an initialization vector for the CBC operation mode.
DESOperationModeInitializationVectorSpec decryptIv = null;
try {
decryptIv =
new DESOperationModeInitializationVectorSpec(decryptIvMaterial);
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
}
//Initialize the Cipher for decryption.
try {
decryptCipher.init(Cipher.DECRYPT_MODE, decryptKey, decryptIv);
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
}
//Decrypt of the plain text message.
byte[] decryptedCipherText = null;
try {
decryptedCipherText = decryptCipher.doFinal(cipherText);
} catch (IllegalStateException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
//Print out the plainText in binary Hex notation.
System.out.println("decryptedCipherText: " +
ByteUtil.toHex(decryptedCipherText));
//Print out the cipherText in binary Hex notation.
System.out.println("decryptedCipherText as String: " +
'"' + new String(decryptedCipherText) + '"');
}
}
The output could be as below, depend on the random generated SecretKey
:
decryptKeyMaterial: 0xad85f2baa75d3b3107f1aee07040d0c7
decryptIvMaterial: 0x0000000000000000
plainText: 0x4e6f77206973207468652074696d6520666f7220616c6c20
cipherText: 0x6bece31c1d0c5f082f6d4491fd19f4391f726a9a623776d9eac9d0bdcab02636
decryptedCipherText: 0x4e6f77206973207468652074696d6520666f7220616c6c20
decryptedCipherText as String: "Now is the time for all "
If you want to know how all implemented algorithms will be used se the source
code for the sample program
CryptoTool.
- Author:
- Uwe Günther
Copyright © 2001, 2002 by Uwe Günther. See the COPYING file for more details. Browse the source as HTML.