Package de.cscc.crypto.provider

Provides the implementation of the concrete cryptographic services, their keys, algorithm parameters, generators and factories.

See:
          Description

Class Summary
DES1KeyCipherEngine This is the concret DES1Key algorithm class, it subclasses DESBaseCipherEngine, because in JCE is no possiblity to set a cipher.
DES1KeySecretKeyFactoryEngine DES1KeySecretKeyFactoryEngine Class.
DES1KeySecretKeyGeneratorEngine DES1KeySecretKeyGeneratorEngine Class provides the functionality of a DESede key generator for two keys (means 56 or 64 bit key length).
DESede2KeyCipherEngine This is the concret DESede2Key algorithm class, it subclasses DESBaseCipherEngine, because in JCE is no possiblity to set a cipher.
DESede2KeySecretKeyFactoryEngine DESede2KeySecretKeyFactoryEngine Class.
DESede2KeySecretKeyGeneratorEngine DESede2KeySecretKeyGeneratorEngine Class provides the functionality of a DESede key generator for two keys (means 112 or 128 bit key length).
DESede3KeyCipherEngine This is the concret DESede3Key algorithm class, it subclasses DESBaseCipherEngine, because in JCE is no possiblity to set a cipher.
DESede3KeySecretKeyFactoryEngine DESede3KeySecretKeyFactoryEngine Class.
DESede3KeySecretKeyGeneratorEngine DESede3KeySecretKeyGeneratorEngine Class provides the functionality of a DESede key generator for two keys (means 168 or 192 bit key length).
ISO9796Part1WithRSASignatureEngine ISO9796Part1AndRSASignatureEngine Class.
JHBCI JHBCI - the Provider Class.
JHBCI.JarVerifier  
RIPEMD160MessageDigestEngine RIPEMD160MessageDigestEngine Class.
RIPEMD160WithISO9796Part1AndRSASignatureEngine RIPEMD160WithISO9796Part1AndRSASignatureEngine Class.
RSACipherEngine RSACipherEngine Class.
RSAKeyFactoryEngine RSAKeyFactoryEngine Class.
RSAKeyPairGeneratorEngine RSAKeyPairGeneratorEngine Class.
 

Package de.cscc.crypto.provider Description

Provides the implementation of the concrete cryptographic services, their keys, algorithm parameters, generators and factories. You needn't use them directly through this package. All classes in this package have to only be used through the JCE API engine classes. This isn't valid for the subpackage de.cscc.crypto.provider.spec in this package. There are transparent key specifications and algorithm parameter specifications. You have to use them directly because they implement common types (interfaces) defined in the JCE API.

Package Specification

Related Documentation

For overviews and guids please see:

Setup the jhbci provider

There are two ways to register the provider in the JCE API, dynamic registration and static registration. You have to use the class JHBCI to register the provider in the JCE API after you have copied jar archive jhbci-provider.jar to <java.home>/lib/ext.

See the example:

For further description see: Installing JCE Providers for the J2SDK, v 1.4

Implemented Algorithms

The following algorithms are implemented and usable through the JCE engine classes: Note: The italic Strings like "DES1Key" are the algorithm names and must be used as part of the <String transformation> or <String algorithm> parameter of the static factory method getInstance method of the specific JCE API engine class.

 
DES1Key - Cipher
JCE Engine javax.crypto.Cipher
Algorithm DES1Key
Operation Mode ECB, CBC
Padding NoPadding, ISO10126OctetPadding
Defaults Transformation "DES1Key/CBC/ISO10126OctetPadding"
Default SecretKey Some random valid SecretKey.
Default Initialization Vector A 8 byte long array, that will be randomly generated by the Cipher object.
Note  

DES1Key - SecretKey
JCE Type javax.crypto.SecretKey
Algorithm DES1Key
Encoding Format RAW
Key Length 56 bit or 64 bit with parity
Note Either SecretKeyFactory supplies a SecretKey from its transparent specification, that means a DES1KeySpec object, or a KeyGenerator generates a total new random SecretKey. You can not instance a SecretKey directly. If the SecretKey is created, its only purpose is to be used in a matching Cipher object. This SecretKey is Cloneable, Serializable, overrides Object.equals(java.lang.Object), Object.hashCode() and Object.toString().

DES1Key - KeySpec
JCA Type java.security.spec.KeySpec
Class de.cscc.crypto.provider.spec.DES1KeySpec
Encoding Format Transparent representation of the key material. Which means you have direct access to the binary format of the key specification via getKey method.
Key Length 56 bit or 64 bit with parity
Note You can direct construct a instance of this class with a byte array that contains the key material. In this case we do check every DES key specification for weak and semiweak keys while construction from the byte array that contains the key material. So you don't have to do this. We do all the work for you. The consequence in this decision is that you can't construct a weak or semiweak DES key specification. Further more - if a byte array contains key material that isn't parity adjusted, we do that in every case for you. This means that getKey() won't return the same key material as you put in to the constructor - if the parity of the key material wasn't parity adjusted. For mor details look in to the private method: DES1KeySpec.oddParity(byte[]) Furthermore you can use a SecretKeyFactory - that is instanced for the DES1Key algorithm - to create a DES1KeySpec via its getKeySpec method.

DES1Key - AlgorithmParameterSpec
JCA Type java.security.spec.AlgorithmParameterSpec
Class de.cscc.crypto.provider.spec.DESOperationModeInitializationVectorSpec
Encoding Format Transparent representation of the initialization vector. Which means you have direct access to the binary format of the algorithm parameter specification via getKey method. You need the initialization vector for CBC mode.
Initialization Vector Length 64 bit
Note You can direct construct a instance of this class with a byte array that contains the algorithm parameter material.

DES1Key - KeyGenerator
JCE Engine javax.crypto.KeyGenerator
Algorithm DES1Key
Note Generates a SecretKey as a random value - that is suitable to this algorithm. We generate only keys that aren't weak or semiweak and further we adjust also the parity in this keys.

DES1Key - SecretKeyFactory
JCE Engine javax.crypto.SecretKeyFactory
Algorithm DES1Key
Note Supplies a SecretKey from its transparent specification, that means a DES1KeySpec object.
[ TOC ]

 
DESede2Key - Cipher
JCE Engine javax.crypto.Cipher
Algorithm DESede2Key
Operation Mode ECB, CBC
Padding NoPadding, ISO10126OctetPadding
Defaults Transformation "DESede2Key/CBC/ISO10126OctetPadding"
Default SecretKey Some random valid SecretKey.
Default Initialization Vector A 8 byte long array, that will be randomly generated by the Cipher object.
Note  

DESede2Key - SecretKey
JCE Type javax.crypto.SecretKey
Algorithm DESede2Key
Encoding Format RAW
Key Length 112 bit or 128 bit with parity
Note Either SecretKeyFactory supplies a SecretKey from its transparent specification, that means a DESede2KeySpec object, or a KeyGenerator generates a total new random SecretKey. You can not instance a SecretKey directly. If the SecretKey is created, its only purpose is to be used in a matching Cipher object. This SecretKey is Cloneable, Serializable, overrides Object.equals(java.lang.Object), Object.hashCode() and Object.toString().

DESede2Key - KeySpec
JCA Type java.security.spec.KeySpec
Class de.cscc.crypto.provider.spec.DESede2KeySpec
Encoding Format Transparent representation of the key material. Which means you have direct access to the binary format of the key specification via getKey method.
Key Length 112 bit or 128 bit with parity
Note You can direct construct a instance of this class with a byte array that contains the key material. In this case we do check every DES key specification for weak and semiweak keys while construction from the byte array that contains the key material. So you don't have to do this. We do all the work for you. The consequence in this decision is that you can't construct a weak or semiweak DES key specification. Further more - if a byte array contains key material that isn't parity adjusted, we do that in every case for you. This means that getKey() won't return the same key material as you put in to the constructor - if the parity of the key material wasn't parity adjusted. For mor details look in to the private method: DES1KeySpec.oddParity(byte[]) Furthermore you can use a SecretKeyFactory - that is instanced for the DESede2Key algorithm - to create a DESede2KeySpec via its getKeySpec method.

DESede2Key - AlgorithmParameterSpec
JCA Type java.security.spec.AlgorithmParameterSpec
Class de.cscc.crypto.provider.spec.DESOperationModeInitializationVectorSpec
Encoding Format Transparent representation of the initialization vector. Which means you have direct access to the binary format of the algorithm parameter specification via getKey method. You need the initialization vector for CBC mode.
Initialization Vector Length 64 bit
Note You can direct construct a instance of this class with a byte array that contains the algorithm parameter material.

DESede2Key - KeyGenerator
JCE Engine javax.crypto.KeyGenerator
Algorithm DESede2Key
Note Generates a SecretKey as a random value - that is suitable to this algorithm. We generate only keys, where each 64 bit DES key aren't weak or semiweak and further we adjust also the parity of each 64 bit DES Key.

DESede2Key - SecretKeyFactory
JCE Engine javax.crypto.SecretKeyFactory
Algorithm DESede2Key
Note Supplies a SecretKey from its transparent specification, that means a DESede2KeySpec object
[ TOC ]

 
DESede3Key - Cipher
JCE Engine javax.crypto.Cipher
Algorithm DESede3Key
Operation Mode ECB, CBC
Padding NoPadding, ISO10126OctetPadding
Defaults Transformation "DESede3Key/CBC/ISO10126OctetPadding"
Default SecretKey Some random valid SecretKey.
Default Initialization Vector A 8 byte long array, that will be randomly generated by the Cipher object.
Note  

DESede3Key - SecretKey
JCE Type javax.crypto.SecretKey
Algorithm DESede3Key
Encoding Format RAW
Key Length 168 bit or 192 bit with parity
Note Either SecretKeyFactory supplies a SecretKey from its transparent specification, that means a DESede3KeySpec object, or a KeyGenerator generates a total new random SecretKey. You can not instance a SecretKey directly. If the SecretKey is created, its only purpose is to be used in a matching Cipher object. This SecretKey is Cloneable, Serializable, overrides Object.equals(java.lang.Object), Object.hashCode() and Object.toString().

DESede3Key - KeySpec
JCA Type java.security.spec.KeySpec
Class de.cscc.crypto.provider.spec.DESede3KeySpec
Encoding Format Transparent representation of the key material. Which means you have direct access to the binary format of the key specification via getKey method.
Key Length 168 bit or 192 bit with parity
Note You can direct construct a instance of this class with a byte array that contains the key material. In this case we do check every DES key specification for weak and semiweak keys while construction from the byte array that contains the key material. So you don't have to do this. We do all the work for you. The consequence in this decision is that you can't construct a weak or semiweak DES key specification. Further more - if a byte array contains key material that isn't parity adjusted, we do that in every case for you. This means that getKey() won't return the same key material as you put in to the constructor - if the parity of the key material wasn't parity adjusted. For mor details look in to the private method: DES1KeySpec.oddParity(byte[]) Furthermore you can use a SecretKeyFactory - that is instanced for the DESede3Key algorithm - to create a DESede3KeySpec via its getKeySpec method.

DESede3Key - AlgorithmParameterSpec
JCA Type java.security.spec.AlgorithmParameterSpec
Class de.cscc.crypto.provider.spec.DESOperationModeInitializationVectorSpec
Encoding Format Transparent representation of the initialization vector. Which means you have direct access to the binary format of the algorithm parameter specification via getKey method. You need the initialization vector for CBC mode.
Initialization Vector Length 64 bit
Note You can direct construct a instance of this class with a byte array that contains the algorithm parameter material.

DESede3Key - KeyGenerator
JCE Engine javax.crypto.KeyGenerator
Algorithm DESede3Key
Note Generates a SecretKey as a random value - that is suitable to this algorithm. We generate only keys, where each 64 bit DES key aren't weak or semiweak and further we adjust also the parity of each 64 bit DES Key.

DESede3Key - SecretKeyFactory
JCE Engine javax.crypto.SecretKeyFactory
Algorithm DESede3Key
Note Supplies a SecretKey from its transparent specification, that means a DESede3KeySpec object
[ TOC ]

 
RSA - Cipher
JCE Engine javax.crypto.Cipher
Algorithm RSA
Note You can't use the javax.crypto.Cipher methods update() and doFinal() with this provider. For DES key warapping and unwrapping you can use the javax.crypto.Cipher methods wrap() and unwrap().

RSA - PublicKey, RSAPublicKey
JCA Type java.security.PublicKey, java.security.interfaces.RSAPublicKey
Algorithm RSA
Encoding Format null, We do not support encoding for RSA keys at this time.
Key Length Variable key length.
Note Either KeyFactory supplies a RSAPublicKey from its transparent specification, that means a RSAPublicKeySpec object, or a KeyPairGenerator generates a total new random KeyPair that will contain a RSAPublicKey. You can not instance a RSAPublicKey directly. If the RSAPublicKey is created, its only purpose is to be used in a matching Cipher or Signature object. This RSAPublicKey is Serializable and overrides Object.equals(java.lang.Object), Object.hashCode() and Object.toString().

RSA - PrivateKey, RSAPrivateKey
JCA Type java.security.PrivateKey, java.security.interfaces.RSAPrivateKey
Algorithm RSA
Encoding Format null, We do not support encoding for RSA keys at this time.
Key Length Variable key length.
Note KeyFactory supplies a RSAPrivateKey from its transparent specification, that means a RSAPrivateKeySpec object. You can not instance a RSAPrivateKey directly. If the RSAPrivateKey is created, its only purpose is to be used in a matching Cipher or Signature object. This RSAPrivateKey is Serializable and overrides Object.equals(java.lang.Object), Object.hashCode() and Object.toString().
If you want to turn a RSAPrivateCrtKey in to a RSAPrivateKey, you have to construct a new RSAPrivateKeySpec from the RSAPrivateCrtKey's modulus and its privateExponent. Then you can produce a new RSAPrivateKey from its RSAPrivateKeySpec with the RSA KeyFactory.

RSA - PrivateKey, RSAPrivateKey, RSAPrivateCrtKey
JCA Type java.security.PrivateKey, java.security.interfaces.RSAPrivateKey, java.security.interfaces.RSAPrivateCrtKey
Algorithm RSA
Encoding Format null, We do not support encoding for RSA keys at this time.
Key Length Variable key length.
Note Either KeyFactory supplies a RSAPrivateCrtKey from its transparent specification, that means a RSAPrivateCrtKeySpec object, or a KeyPairGenerator generates a total new random KeyPair that will contain a RSAPrivateCrtKey. You can not instance a RSAPrivateCrtKey directly. If the RSAPrivateCrtKey is created, its only purpose is to be used in a matching Cipher or Signature object. This RSAPrivateCrtKey is Serializable and overrides Object.equals(java.lang.Object), Object.hashCode() and Object.toString().

RSA - KeyPairGenerator
JCA Engine java.security.KeyPairGenerator
Algorithm RSA
Note Generates a RSA KeyPair that contains a new randomly generated RSAPublicKey and its corresponding RSAPrivateCrtKey. The generated Keys are strong primes that that will be found with the Gordon algorithm. The key length starts at 768 bit and can be increased in 256 bit steps to larger values. There is no limit for higher values, the CPU is the only bottleneck.

The generation of a 4096 bit long strong prime keypair on my 1300 MHz Athlon will take up to 50 min, a 768 bit key will take around 10 seconds. This class can also be logged to see what is going on while key generation. The log level are FINER and FINEST We use the new Java logging API from java.util.logging.*.

The RSA KeyPairGenerator will only generate keypairs that contains a RSAPublicKey/RSAPrivateCrtKey Pair. If you want to use an RSAPrivateKey instead of a RSAPrivateCrtKey, you have to convert it with help of a RSAPrivateKeySpec and a RSA KeyFactory into an RSAPrivateKey.


RSA - KeyFactory
JCA Engine java.security.KeyFactory
Algorithm RSA
Note Supplies a RSAPublicKey, a RSAPrivateKey or a RSAPrivateCrtKey from its transparent specification, that means a RSAPublicKeySpec, RSAPrivateKeySpec or a RSAPrivateCrtKeySpec object
[ TOC ]

 
RIPEMD160 - MessageDigest
JCA Engine java.security.MessageDigest
Algorithm RIPEMD160
Default Initialization Vector 0x0123456789ABCDEFFEDCBA9876543210F0E1D2C3 in little endian notation.
Note  
[ TOC ]

 
ISO9796-1WithRSA - Signature
JCA Engine java.security.Signature
Algorithm ISO9796-1WithRSA
Note  
[ TOC ]

 
RIPEMD160WithISO9796-1AndRSA - Signature
JCA Engine java.security.Signature
Algorithm RIPEMD160WithISO9796-1AndRSA
Note  
[ TOC ]

Sample Code

You can use the package in the following way:
 
package com.foo.bar;

import java.security.Security;
import java.security.NoSuchAlgorithmException;
import javax.crypto.NoSuchPaddingException;
import java.security.NoSuchProviderException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import java.security.spec.InvalidKeySpecException;

import javax.crypto.SecretKey;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKeyFactory;
import javax.crypto.Cipher;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import de.cscc.crypto.util.ByteUtil;
import de.cscc.crypto.provider.JHBCI;
import de.cscc.crypto.provider.spec.DESede2KeySpec;
import de.cscc.crypto.provider.spec.DESOperationModeInitializationVectorSpec;


/** Main Class
 *
 * @author  Uwe Guenther 
 * @version $Revision: 1.8 $
 */
public class Main {

    /** Creates new Main */
    public Main () {
    }

    /**
    * @param args the command line arguments
    */
    public static void main (String[] args) {
        
        Security.addProvider(new JHBCI());
        
        /*
         * Encryption Code
         */
        
        //Produce a KeyGenrator.
        KeyGenerator encryptKeyGenerator = null;
        try {
            encryptKeyGenerator = 
                    KeyGenerator.getInstance("DESede2Key", "JHBCI");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (NoSuchProviderException e) {
            e.printStackTrace();
        } 
        
        //Generate a Secret Key.
        SecretKey encryptKey = encryptKeyGenerator.generateKey();
        
        //Definie the Initailization Vector Material
        //The byte array have to 8 bytes long.
        byte[] encryptIvMaterial = {
            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
            (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00
        };
        
        //Construct a new transparent algorithm parameter specification,
        //this means an initialization vector for the CBC operation mode.
        DESOperationModeInitializationVectorSpec encryptIv = null;
        try {
            encryptIv = 
                new DESOperationModeInitializationVectorSpec(encryptIvMaterial); 
        } catch (IllegalBlockSizeException e) {
            e.printStackTrace();
        }
        
        //Produce a Cipher.
        Cipher encryptCipher = null;
        try {
            encryptCipher = 
                Cipher.getInstance("DESede2Key/CBC/ISO10126OctetPadding", "JHBCI");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (NoSuchProviderException e) {
            e.printStackTrace();
        } catch (NoSuchPaddingException e) {
            e.printStackTrace();
        }
        
        //Initialize the Cipher for encryption.
        try {
            encryptCipher.init(Cipher.ENCRYPT_MODE, encryptKey, encryptIv);
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (InvalidAlgorithmParameterException e) {
            e.printStackTrace();
        }
        
        //Setup the plain text message that we will encrypt.
        byte[] plainText = "Now is the time for all ".getBytes();
                
        //Encrypt of the plain text message.
        byte[] cipherText = null;
        try {
            cipherText = encryptCipher.doFinal(plainText);
        } catch (IllegalStateException e) {
            e.printStackTrace();
        } catch (IllegalBlockSizeException e) {
            e.printStackTrace();
        } catch (BadPaddingException e) {
            e.printStackTrace();
        }
        
        //Prepare key for transporting e.g. over the network.
        byte[] decryptKeyMaterial = encryptKey.getEncoded();
                
        //Prepare initialization vector for transporting e.g. over the network.
        byte[] decryptIvMaterial = encryptCipher.getIV();        
        
        //Print out the key in binary Hex notation.
        System.out.println("decryptKeyMaterial: " + 
                           ByteUtil.toHex(decryptKeyMaterial));
        
        //Print out the initialization vector in binary Hex notation.
        System.out.println("decryptIvMaterial: " + 
                            ByteUtil.toHex(decryptIvMaterial));
        
        //Print out the plainText in binary Hex notation.
        System.out.println("plainText: " + 
                            ByteUtil.toHex(plainText));        
        
        //Print out the cipherText in binary Hex notation.
        System.out.println("cipherText: " + 
                            ByteUtil.toHex(cipherText));

        //Print a new line.
        System.out.println();
        
        
        /*
         * Decryption Code
         */
             
        //Produce a SecretKeyFactory.
        SecretKeyFactory decryptSecretKeyFactory = null;
        try {
            decryptSecretKeyFactory = 
                    SecretKeyFactory.getInstance("DESede2Key", "JHBCI");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (NoSuchProviderException e) {
            e.printStackTrace();
        } 
        
        //Construct a transparent key specification from the key material
        DESede2KeySpec decryptKeySpec = null;
        try {
            decryptKeySpec = new DESede2KeySpec(decryptKeyMaterial);
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        }
        
        //Produce the SecretKey.
        SecretKey decryptKey = null;
        try {
            decryptKey = decryptSecretKeyFactory.generateSecret(decryptKeySpec);
        } catch (InvalidKeySpecException e) {
            e.printStackTrace();
        }
        
        //Produce a Cipher.
        Cipher decryptCipher = null;
        try {
            decryptCipher = 
                Cipher.getInstance("DESede2Key/CBC/ISO10126OctetPadding", "JHBCI");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (NoSuchProviderException e) {
            e.printStackTrace();
        } catch (NoSuchPaddingException e) {
            e.printStackTrace();
        }
        
        //Construct a new transparent algorithm parameter specification,
        //this means an initialization vector for the CBC operation mode.
        DESOperationModeInitializationVectorSpec decryptIv = null;
        try {
            decryptIv = 
                new DESOperationModeInitializationVectorSpec(decryptIvMaterial); 
        } catch (IllegalBlockSizeException e) {
            e.printStackTrace();
        }        
        
        //Initialize the Cipher for decryption.
        try {
            decryptCipher.init(Cipher.DECRYPT_MODE, decryptKey, decryptIv);
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (InvalidAlgorithmParameterException e) {
            e.printStackTrace();
        }      
        
        //Decrypt of the plain text message.
        byte[] decryptedCipherText = null;
        try {
            decryptedCipherText = decryptCipher.doFinal(cipherText);
        } catch (IllegalStateException e) {
            e.printStackTrace();
        } catch (IllegalBlockSizeException e) {
            e.printStackTrace();
        } catch (BadPaddingException e) {
            e.printStackTrace();
        } 
        
        //Print out the plainText in binary Hex notation.
        System.out.println("decryptedCipherText: " + 
                           ByteUtil.toHex(decryptedCipherText));        
        
        //Print out the cipherText in binary Hex notation.
        System.out.println("decryptedCipherText as String: " + 
                            '"' + new String(decryptedCipherText) + '"');        
        
    }
}

The output could be as below, depend on the random generated SecretKey:

decryptKeyMaterial: 0xad85f2baa75d3b3107f1aee07040d0c7
decryptIvMaterial: 0x0000000000000000
plainText: 0x4e6f77206973207468652074696d6520666f7220616c6c20
cipherText: 0x6bece31c1d0c5f082f6d4491fd19f4391f726a9a623776d9eac9d0bdcab02636

decryptedCipherText: 0x4e6f77206973207468652074696d6520666f7220616c6c20
decryptedCipherText as String: "Now is the time for all "
If you want to know how all implemented algorithms will be used se the source code for the sample program CryptoTool.

Author:
Uwe Günther


Copyright © 2001, 2002 by Uwe GŁnther. See the COPYING file for more details. Browse the source as HTML.