Package se.swedenconnect.signservice.signature.signer.crypto

Class PkCrypto

java.lang.Object

se.swedenconnect.signservice.signature.signer.crypto.PkCrypto

public class PkCrypto
extends Object

Public key crypto implementations used to generate signature values

Constructor Summary

Constructors

Constructor	Description
PkCrypto()

Method Summary

Modifier and Type	Method	Description
static EcdsaSigValue	ecdsaSignData(byte[] data, PrivateKey privKey, se.swedenconnect.security.algorithms.Algorithm sigAlgo)	Sign data using ECDSA
static boolean	ecdsaVerifyDigest(byte[] digest, EcdsaSigValue signature, PublicKey pubKey)	Verify ECDSA signature value against a signed digest value
static boolean	ecdsaVerifySignedData(byte[] data, EcdsaSigValue signature, PublicKey pubKey, se.swedenconnect.security.algorithms.MessageDigestAlgorithm digestAlgo, se.swedenconnect.security.algorithms.AlgorithmRegistry algorithmRegistry)	Verify signed data against an ECDSA signature value
static se.swedenconnect.security.algorithms.Algorithm	getAlgorithmFromTypeAndDigestMethod(se.swedenconnect.security.algorithms.MessageDigestAlgorithm digestAlgo, String keyType, se.swedenconnect.security.algorithms.AlgorithmRegistry algorithmRegistry)	Get the signature algorithm supported by a specific key type and digest algorithm
static byte[]	rsaSign(byte[] data, PrivateKey privateKey)	Sign data (encrypt) using RSA.
static byte[]	rsaSignEncodedMessage(byte[] data, PrivateKey privKey)	Raw RSA encryption of data
static byte[]	rsaVerify(byte[] data, PublicKey pubKey)	Decrypts data with RSA using the RSA public key (used in signature verification process)
static byte[]	rsaVerifyEncodedMessage(byte[] data, PublicKey pubKey)	Raw decrypts data with RSA using the RSA public key disregaring any padding structrue

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

PkCrypto

public PkCrypto()

Method Details

rsaSign

public static byte[] rsaSign(byte[] data,
 PrivateKey privateKey)
                      throws NoSuchAlgorithmException,
NoSuchPaddingException,
InvalidKeyException,
IllegalBlockSizeException,
BadPaddingException

Sign data (encrypt) using RSA. Default method when signing data that is prepared according to PKCS#1 v1.5

Parameters:

data - data to be encrypted (signed)

privateKey - the private encryption key

Returns:

encrypted RSA data

Throws:

NoSuchAlgorithmException - unsupported algorithm

NoSuchPaddingException - unsupported padding

InvalidKeyException - invalid key

IllegalBlockSizeException - illegal block size

BadPaddingException - bad padding

rsaVerify

public static byte[] rsaVerify(byte[] data,
 PublicKey pubKey)
                        throws NoSuchAlgorithmException,
NoSuchPaddingException,
InvalidKeyException,
IllegalBlockSizeException,
BadPaddingException

Decrypts data with RSA using the RSA public key (used in signature verification process)

Parameters:

data - RSA signature (RSA encrypted block) to be decrypted

pubKey - public key for decryption

Returns:

decrypted data

Throws:

NoSuchAlgorithmException - unsupported algorithm

NoSuchPaddingException - unsupported padding

InvalidKeyException - invalid key

IllegalBlockSizeException - illegal block size

BadPaddingException - bad padding

rsaSignEncodedMessage

public static byte[] rsaSignEncodedMessage(byte[] data,
 PrivateKey privKey)
                                    throws NoSuchAlgorithmException,
NoSuchPaddingException,
InvalidKeyException,
IllegalBlockSizeException,
BadPaddingException

Raw RSA encryption of data

Parameters:

data - preformatted data to be encrypted as provided

privKey - private RSA key

Returns:

encrypted data

Throws:

NoSuchAlgorithmException - unsupported algorithm

NoSuchPaddingException - unsupported padding

InvalidKeyException - invalid key

IllegalBlockSizeException - illegal block size

BadPaddingException - bad padding

rsaVerifyEncodedMessage

public static byte[] rsaVerifyEncodedMessage(byte[] data,
 PublicKey pubKey)
                                      throws NoSuchAlgorithmException,
NoSuchPaddingException,
InvalidKeyException,
IllegalBlockSizeException,
BadPaddingException

Raw decrypts data with RSA using the RSA public key disregaring any padding structrue

Parameters:

data - RSA signature (RSA encrypted block) to be decrypted

pubKey - public key for decryption

Returns:

decrypted data

Throws:

NoSuchAlgorithmException - unsupported algorithm

NoSuchPaddingException - unsupported padding

InvalidKeyException - invalid key

IllegalBlockSizeException - illegal block size

BadPaddingException - bad padding

ecdsaVerifyDigest

public static boolean ecdsaVerifyDigest(byte[] digest,
 EcdsaSigValue signature,
 PublicKey pubKey)
                                 throws InvalidKeyException,
IOException

Verify ECDSA signature value against a signed digest value

Parameters:

digest - signed digest value

signature - signature value

pubKey - public validation key

Returns:

true if the digest can be validated using the public validation key

Throws:

InvalidKeyException - the validation key is invalid

IOException - invalid input data

ecdsaSignData

public static EcdsaSigValue ecdsaSignData(byte[] data,
 PrivateKey privKey,
 se.swedenconnect.security.algorithms.Algorithm sigAlgo)
                                   throws NoSuchAlgorithmException,
NoSuchProviderException,
InvalidKeyException,
SignatureException,
IOException

Sign data using ECDSA

Parameters:

data - data to be signed

privKey - private signing key

sigAlgo - signature algorithm

Returns:

signature value

Throws:

NoSuchAlgorithmException - unsupported algorithm

NoSuchProviderException - unsupported crypto provider

InvalidKeyException - invalid key

SignatureException - failure to generate signature value

IOException - bad input data

ecdsaVerifySignedData

public static boolean ecdsaVerifySignedData(byte[] data,
 EcdsaSigValue signature,
 PublicKey pubKey,
 se.swedenconnect.security.algorithms.MessageDigestAlgorithm digestAlgo,
 se.swedenconnect.security.algorithms.AlgorithmRegistry algorithmRegistry)
                                     throws IOException,
NoSuchAlgorithmException,
NoSuchProviderException,
InvalidKeyException,
SignatureException

Verify signed data against an ECDSA signature value

Parameters:

data - signed data

signature - signature value

pubKey - public verification key

digestAlgo - digest algorithm used in signing process

algorithmRegistry - algorithm registry holding supported algorithms

Returns:

true if the provided data can be verified by the proved signature using the provided public key

Throws:

NoSuchAlgorithmException - unsupported algorithm

NoSuchProviderException - unsupported crypto provider

InvalidKeyException - invalid key

SignatureException - failure to generate signature value

IOException - bad input data

getAlgorithmFromTypeAndDigestMethod

public static se.swedenconnect.security.algorithms.Algorithm getAlgorithmFromTypeAndDigestMethod(se.swedenconnect.security.algorithms.MessageDigestAlgorithm digestAlgo,
 String keyType,
 se.swedenconnect.security.algorithms.AlgorithmRegistry algorithmRegistry)

Get the signature algorithm supported by a specific key type and digest algorithm

Parameters:

digestAlgo - signature digest algorithm

keyType - key type

algorithmRegistry - algorithm registry holding supported algorithms

Returns:

signature algorithm, or null if no matching algorithm could be found