Class PKCS1V15Padding
java.lang.Object
se.swedenconnect.signservice.signature.signer.crypto.PKCS1V15Padding
Provides functions to create and verify RSA Padded data according to PKCS#1 version 1.5
Note that PKCS#1 padding includes the digest algorithm as BER encoded AlgorithmIdentifier. This means that there are multiple ways to encode the same hash algorithm as 1) BER encoding is not distinguished and 2) the encoding of certain hash algorithms may differ. One example of this is whether the absent parameters of SHA256 that MUST be absent, in some cases are implemented as a NULL value resulting in different encoding
For this reason, proper validation always require that the decrypted padded data is inspected and parsed to extract the hash algorithm OID as well asn the encrypted hash value
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic byte[]
getRSAPkcs1DigestInfo
(se.swedenconnect.security.algorithms.MessageDigestAlgorithm digestAlgo, byte[] hashValue) Prepare the PKCS#1 version 1.5 padding of the hash of the data to be signed.static boolean
verifyMessageDigest
(byte[] paddedDigest, byte[] digest, se.swedenconnect.security.algorithms.MessageDigestAlgorithm messageDigestAlgorithm) Verifies that message digest value match PKCS#1 padded data
-
Constructor Details
-
PKCS1V15Padding
public PKCS1V15Padding()
-
-
Method Details
-
getRSAPkcs1DigestInfo
public static byte[] getRSAPkcs1DigestInfo(@Nonnull se.swedenconnect.security.algorithms.MessageDigestAlgorithm digestAlgo, @Nonnull byte[] hashValue) throws IOException Prepare the PKCS#1 version 1.5 padding of the hash of the data to be signed.- Parameters:
digestAlgo
- signature hash algorithmhashValue
- hash value of the data to be signed- Returns:
- padded data to be signed hash
- Throws:
IOException
- illegal input data
-
verifyMessageDigest
public static boolean verifyMessageDigest(@Nonnull byte[] paddedDigest, @Nonnull byte[] digest, @Nonnull se.swedenconnect.security.algorithms.MessageDigestAlgorithm messageDigestAlgorithm) throws IOException Verifies that message digest value match PKCS#1 padded data- Parameters:
paddedDigest
- PKCS#1 padded digest valuedigest
- the digest value that should be verified against the PKCS#1 padded digestmessageDigestAlgorithm
- the message digest algorithm that was used to create the message digest value- Returns:
- true on match otherwise false
- Throws:
IOException
- error in input data
-