com.entrust.toolkit.security.crypto.signature

Class DigitalSignature

java.lang.Object

java.security.SignatureSpi

java.security.Signature

com.entrust.toolkit.security.crypto.signature.DigitalSignature

All Implemented Interfaces:

ExtendedSignature

Direct Known Subclasses:

DsaSignature, EcdsaSignature, RsaSignature

public abstract class DigitalSignature
extends java.security.Signature
implements ExtendedSignature

Defines Entrust's digital signature algorithm architecture; it contains all the common functionality used by Entrust's digital signature algorithms.

A digital signature algorithm is a cryptographic algorithm that provides signature generation and verification using a key pair. A digital signature is calculated over a message using a private key that is only known to the signer; the resulting signature is dependent on the private key and the content of the message. Another party can then use the corresponding public key (known to everyone) to verify that signature is valid, which indicates the message has not been modified since the signature was created and that the signer is in fact the entity that created the digital signature (data integrity, authentication, and non-repudiation). The private key must be kept secret since it provides the security of the algorithm; the algorithm itself

This architecture represents digital signature algorithms that require the original message as input to the verification algorithm. This class of digital signature algorithms are composed of two underlying components: a cryptographic hash function and an asymmetric cryptosystem.

Signature Generation
The signature generation process accepts a message and a private key as input and produces a digital signature as output. It works as follows:

1. The hash function is used to process the message producing a message hash.
2. The asymmetric cryptosystem is then used to process the message hash using the private key to produce a digital signature.
3. Both the original message and the digital signature must be made available to entities who wish to verify the digital signature.

Signature Verification
The signature verification process accepts a message, a digital signature, and a public key as input and produces a boolean indicator for whether or not the message is valid as output. It works as follows:

1. The hash function is used to process the message producing a message hash.
2. The asymmetric cryptosystem is then used to process the digital signature using the public key to produce a second message hash (a signature is simply a message hash that was protected using private key).
3. The digital signature is valid if both message hash values are equal

A positive result from the signature verification process indicates that the message has not been modified since the signature was created and that the signature was created by the entity that has the private key which corresponds to the public key used during verification. A negative result from the signature verification process indicates that the message was modified since the signature was created and/or the signature was not created by the entity that has the private key which corresponds to the public key used during verification.

A digital signature algorithm instance can be obtained using the Java Cryptography Architecture (JCA), by requesting the '<algorithm>' algorithm from the Entrust cryptographic service provider. This can be done using the following call:

Signature.getInstance("<algorithm>", "Entrust");

Note:

This class SHOULD NOT be sub-classed outside of the Toolkit.

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

Since:

7.2

Field Summary

Fields inherited from class java.security.Signature

SIGN, state, UNINITIALIZED, VERIFY

Fields inherited from class java.security.SignatureSpi

appRandom

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	DigitalSignature(java.lang.String algName, boolean internalDigestImpl, java.lang.String implSoftClassName, java.lang.String implP11ClassName, java.lang.String implCapiClassName, java.lang.String implKeychainClassName) The constructor; creates a new DigitalSignature instance.

Method Summary

Modifier and Type	Method and Description
protected void	assertParametersValid(java.security.spec.AlgorithmParameterSpec params) Checks the parameters to ensure that they are valid and appropriate for this digital signature algorithm.
protected java.lang.Object	engineGetParameter(java.lang.String param) Getting algorithm parameters using this method is not supported; this API always throws an InvalidParameterException.
protected java.security.AlgorithmParameters	engineGetParameters() Return the parameters used with this signature algorithm, or null if this signature algorithm does not use any parameters.
protected void	engineInitSign(java.security.PrivateKey privateKey) Initializes this signature object with the specified private key for signing operations.
protected void	engineInitSign(java.security.PrivateKey privateKey, java.security.SecureRandom random) Initializes this signature object with the specified private key and source of randomness for signing operations.
protected void	engineInitVerify(java.security.PublicKey publicKey) Initializes this signature object with the specified public key for verification operations.
protected void	engineSetParameter(java.security.spec.AlgorithmParameterSpec params) Initializes the signature algorithm with the specified parameter set.
protected void	engineSetParameter(java.lang.String param, java.lang.Object value) Setting algorithm parameters using this method is not supported; this API always throws an InvalidParameterException.
protected byte[]	engineSign() Returns the signature bytes of all the data updated so far.
protected int	engineSign(byte[] outbuf, int offset, int len) Finishes this signature operation and stores the resulting signature bytes in the provided buffer outbuf, starting at offset.
protected void	engineUpdate(byte b) Updates the data to be signed or verified using the specified byte.
protected void	engineUpdate(byte[] b, int off, int len) Updates the data to be signed or verified, using the specified array of bytes, starting at the specified offset.
protected boolean	engineVerify(byte[] sigBytes) Verifies the passed-in signature.
protected boolean	engineVerify(byte[] sigBytes, int offset, int length) Verifies the passed-in signature in the specified array of bytes, starting at the specified offset.
protected java.security.spec.AlgorithmParameterSpec	generateDefaultParameters() Returns a default set of parameters that are valid and appropriate for this digital signature algorithm.
byte[]	getDigest() Returns the digest that was calculated during signature generation or verification.
protected abstract com.entrust.toolkit.security.crypto.signature.DigitalSignatureImpl	getDigitalSignatureImpl(java.lang.String implClassName) Instantiates the internal signature algorithm implementation from the indicated class.
protected java.security.SecureRandom	getPrng() Returns the pseudo-random number generator (PRNG) to be used for parameter generation.
protected java.security.AlgorithmParameters	toAlgorithmParameters(java.security.spec.AlgorithmParameterSpec params) Converts algorithm parameters in transparent representation into their opaque representation during a call to engineGetParameters() .

Methods inherited from class java.security.Signature

clone, getAlgorithm, getInstance, getInstance, getInstance, getParameter, getParameters, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, update, verify, verify

Methods inherited from class java.security.SignatureSpi

engineUpdate

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

DigitalSignature

protected DigitalSignature(java.lang.String algName,
                           boolean internalDigestImpl,
                           java.lang.String implSoftClassName,
                           java.lang.String implP11ClassName,
                           java.lang.String implCapiClassName,
                           java.lang.String implKeychainClassName)

The constructor; creates a new DigitalSignature instance.

FIPS 140-2:

FIPS Service: Modify Object

Although this API is externally accessible (protected), it is intended for internal use only and MUST NOT be called externally by the operator when operating in FIPS mode. Since its use is prohibited, this API is not part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Parameters:

algName - the name of the signature algorithm (JCE/JCA algorithm name)

internalDigestImpl - indicates whether this digital signature algorithm supports internal or external digest calculation

implSoftClassName - the name of the class containing the software implementation of this algorithm

implP11ClassName - the name of the class containing the PKCS#11 implementation of this algorithm

implCapiClassName - the name of the class containing the MSCAPI implementation of this algorithm

Method Detail

engineInitSign

protected final void engineInitSign(java.security.PrivateKey privateKey)
                             throws java.security.InvalidKeyException

Initializes this signature object with the specified private key for signing operations.

FIPS 140-2:

FIPS Service: Initialization

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters)
• status output interface (exceptions)

Specified by:

engineInitSign in class java.security.SignatureSpi

Parameters:

privateKey - [FIPS 140-2 data input] [FIPS 140-2 CSP] the private key of the identity whose signature will be generated.

Throws:

java.security.InvalidKeyException - [FIPS 140-2 status output] if the key is improperly encoded, parameters are missing, and so on.

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineInitSign

protected void engineInitSign(java.security.PrivateKey privateKey,
                              java.security.SecureRandom random)
                       throws java.security.InvalidKeyException

Initializes this signature object with the specified private key and source of randomness for signing operations.

FIPS 140-2:

FIPS Service: Initialization

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• data input interface (parameters)
• status output interface (exceptions)

Overrides:

engineInitSign in class java.security.SignatureSpi

Parameters:

privateKey - [FIPS 140-2 data input] [FIPS 140-2 CSP] the private key of the identity whose signature will be generated.

random - [FIPS 140-2 control input] the source of randomness

Throws:

java.security.InvalidKeyException - [FIPS 140-2 status output] if the key is improperly encoded, parameters are missing, and so on.

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineInitVerify

protected final void engineInitVerify(java.security.PublicKey publicKey)
                               throws java.security.InvalidKeyException

Initializes this signature object with the specified public key for verification operations.

FIPS 140-2:

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters)
• status output interface (exceptions)

Specified by:

engineInitVerify in class java.security.SignatureSpi

Parameters:

publicKey - [FIPS 140-2 data input] [FIPS 140-2 CSP] the public key of the identity whose signature is going to be verified.

Throws:

java.security.InvalidKeyException - [FIPS 140-2 status output] if the key is improperly encoded, parameters are missing, and so on.

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineUpdate

protected final void engineUpdate(byte b)
                           throws java.security.SignatureException

Updates the data to be signed or verified using the specified byte.

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters)
• status output interface (exceptions)

Specified by:

engineUpdate in class java.security.SignatureSpi

Parameters:

b - [FIPS 140-2 data input] the byte to use for the update

Throws:

java.security.SignatureException - [FIPS 140-2 status output] if the algorithm is not initialized properly

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineUpdate

protected final void engineUpdate(byte[] b,
                                  int off,
                                  int len)
                           throws java.security.SignatureException

Updates the data to be signed or verified, using the specified array of bytes, starting at the specified offset.

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters)
• status output interface (exceptions)

Specified by:

engineUpdate in class java.security.SignatureSpi

Parameters:

b - [FIPS 140-2 data input] the array of bytes

off - [FIPS 140-2 data input] the offset to start from in the array of bytes

len - [FIPS 140-2 data input] the number of bytes to use, starting at offset

Throws:

java.security.SignatureException - [FIPS 140-2 status output] if the algorithm is not initialized properly

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineSign

protected final byte[] engineSign()
                           throws java.security.SignatureException

Returns the signature bytes of all the data updated so far.

The format of the signature depends on the underlying signature scheme.

FIPS 140-2:

FIPS Service: Digital Signature Generation/Verification

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data output interface (return value)
• status output interface (exceptions)

Specified by:

engineSign in class java.security.SignatureSpi

Returns:

[FIPS 140-2 data output] the signature bytes of the signing operation's result

Throws:

java.security.SignatureException - [FIPS 140-2 status output] if the algorithm is not initialized properly

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineSign

protected final int engineSign(byte[] outbuf,
                               int offset,
                               int len)
                        throws java.security.SignatureException

Finishes this signature operation and stores the resulting signature bytes in the provided buffer outbuf, starting at offset.

The format of the signature depends on the underlying signature scheme.

The signature implementation is reset to its initial state (the state it was in after a call to one of the engineInitSign methods) and can be reused to generate further signatures with the same private key.

FIPS 140-2:

FIPS Service: Digital Signature Generation/Verification

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters)
• data output interface (parameters, return value)
• status output interface (exceptions)

Overrides:

engineSign in class java.security.SignatureSpi

Parameters:

outbuf - [FIPS 140-2 data output] buffer for the signature result

offset - [FIPS 140-2 data input] offset into outbuf where the signature is stored

len - [FIPS 140-2 data input] number of bytes within outbuf allotted for the signature. This implementation does not return partial digests. If the value of this parameter is less than the actual signature length, this method will throw a SignatureException. This parameter is ignored if its value is greater than or equal to the actual signature length.

Returns:

[FIPS 140-2 data output] the number of bytes placed into outbuf

Throws:

java.security.SignatureException - [FIPS 140-2 status output] if the algorithm is not initialized properly, or an error occurs or len is less than the actual signature length

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineVerify

protected final boolean engineVerify(byte[] sigBytes)
                              throws java.security.SignatureException

Verifies the passed-in signature.

FIPS 140-2:

FIPS Service: Digital Signature Generation/Verification

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters value)
• data output interface (return value)
• status output interface (exceptions)

Specified by:

engineVerify in class java.security.SignatureSpi

Parameters:

sigBytes - [FIPS 140-2 data input] the signature bytes to be verified

Returns:

[FIPS 140-2 data output] true if the signature was verified, false if not

Throws:

java.security.SignatureException - [FIPS 140-2 status output] if the algorithm is not initialized properly, or the passed-in signature is improperly encoded or of the wrong type, etc.

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineVerify

protected final boolean engineVerify(byte[] sigBytes,
                                     int offset,
                                     int length)
                              throws java.security.SignatureException

Verifies the passed-in signature in the specified array of bytes, starting at the specified offset.

FIPS 140-2:

FIPS Service: Digital Signature Generation/Verification

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters value)
• data output interface (return value)
• status output interface (exceptions)

Overrides:

engineVerify in class java.security.SignatureSpi

Parameters:

sigBytes - [FIPS 140-2 data input] the signature bytes to be verified

offset - [FIPS 140-2 data input] the offset to start from in the array of bytes

length - [FIPS 140-2 data input] the number of bytes to use, starting at offset

Returns:

[FIPS 140-2 data output] true if the signature was verified, false if not

Throws:

java.security.SignatureException - [FIPS 140-2 status output] if the algorithm is not initialized properly, or the passed-in signature is improperly encoded or of the wrong type, etc.

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineSetParameter

protected final void engineSetParameter(java.lang.String param,
                                        java.lang.Object value)
                                 throws java.security.InvalidParameterException

Setting algorithm parameters using this method is not supported; this API always throws an InvalidParameterException.

Use engineSetParameter(AlgorithmParameterSpec) instead.

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters value)
• status output interface (exceptions)

Specified by:

engineSetParameter in class java.security.SignatureSpi

Parameters:

param - [FIPS 140-2 data input] ignored

value - [FIPS 140-2 data input] ignored

Throws:

java.security.InvalidParameterException - [FIPS 140-2 status output] always thrown; this method of setting parameters is not supported

engineSetParameter

protected final void engineSetParameter(java.security.spec.AlgorithmParameterSpec params)
                                 throws java.security.InvalidAlgorithmParameterException

Initializes the signature algorithm with the specified parameter set.

IMPORTANT: Following this call, the algorithm must be initialized before it can be used for signature generation or verification. This ensures the algorithm is always operating with the proper parameters. If this procedure is not obeyed, a SignatureException will result during the signature generation or verification attempt.

This approach is taken to workaround flaws in Java's Signature architecture; specifically the fact that parameters are not passed in with an initialize call and instead are passed in with a separate set call.

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters value)
• status output interface (exceptions)

Overrides:

engineSetParameter in class java.security.SignatureSpi

Parameters:

params - [FIPS 140-2 data input] the parameters

Throws:

java.security.InvalidAlgorithmParameterException - [FIPS 140-2 status output] if the given parameters are inappropriate for this signature algorithm

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineGetParameter

protected final java.lang.Object engineGetParameter(java.lang.String param)
                                             throws java.security.InvalidParameterException

Getting algorithm parameters using this method is not supported; this API always throws an InvalidParameterException.

Use engineGetParameters() instead.

FIPS 140-2:

FIPS Service: Query Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters value)
• status output interface (exceptions)

Specified by:

engineGetParameter in class java.security.SignatureSpi

Parameters:

param - [FIPS 140-2 data input] ignored

Returns:

no return value; exception always thrown

Throws:

java.security.InvalidParameterException - [FIPS 140-2 status output] always thrown; this method of getting parameters is not supported

engineGetParameters

protected final java.security.AlgorithmParameters engineGetParameters()

Return the parameters used with this signature algorithm, or null if this signature algorithm does not use any parameters.

The returned parameters may be the same that were used to initialize this signature algorithm, or may contain a combination of default and randomly generated parameter values used by the underlying signature implementation if this signature algorithm requires algorithm parameters but was not initialized with any.

FIPS 140-2:

FIPS Service: Query Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data output interface (return value)
• status output interface (exceptions)

Overrides:

engineGetParameters in class java.security.SignatureSpi

Returns:

[FIPS 140-2 data output] the parameters used with this signature algorithm, or null if this signature algorithm does not use any parameters

Throws:

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

getDigest

public final byte[] getDigest()

Description copied from interface: ExtendedSignature

Returns the digest that was calculated during signature generation or verification.

During both a signature generation and verification operation a digest is calculated over the message; this digest is then used as an input to the signature generation or verification process. This API simply provides access to the digest once it has been calculated; it always returns the digest from the last operation. If a signature generation or verification operation has not yet been executed or is in the process of being executed, null is returned.

To ensure a non-null result, this method should only be called after Signature.sign() or Signature.verify() has called.

FIPS 140-2:

FIPS Service: Query Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data output interface (return value)
• status output interface (exceptions)

Specified by:

getDigest in interface ExtendedSignature

Returns:

[FIPS 140-2 data output] the digest that was calculated during signature generation or verification

getPrng

protected final java.security.SecureRandom getPrng()
                                            throws java.lang.IllegalStateException

Returns the pseudo-random number generator (PRNG) to be used for parameter generation.

If a PRNG was manually specified during initialization, this PRNG is returned; otherwise an implementation of Entrust's default PRNG is returned. This can be used in generateDefaultParameters to provide the source of randomness that may be required during generation of default algorithm parameters.

FIPS 140-2:

FIPS Service: Query Object

Although this API is externally accessible (protected), it is intended for internal use only and MUST NOT be called externally by the operator when operating in FIPS mode. Since its use is prohibited, this API is not part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Returns:

the pseudo-random number generator

Throws:

java.lang.IllegalStateException - if this method is called prior to initializing the algorithm

assertParametersValid

protected void assertParametersValid(java.security.spec.AlgorithmParameterSpec params)
                              throws java.security.InvalidAlgorithmParameterException

Checks the parameters to ensure that they are valid and appropriate for this digital signature algorithm.

This default implementation is only appropriate for algorithms that do not support algorithm parameters; it throws an InvalidAlgorithmParameterException indicating that parameters are not supported when non-null parameters are provided. For algorithms that do support algorithm parameters, this API must be overridden to check that the parameters that were passed in are valid and appropriate for the algorithm.

FIPS 140-2:

Although this API is externally accessible (protected), it is intended for internal use only and MUST NOT be called externally by the operator when operating in FIPS mode. Since its use is prohibited, this API is not part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Parameters:

params - the parameters

Throws:

java.security.InvalidAlgorithmParameterException - if the given parameters are inappropriate for this signature algorithm

generateDefaultParameters

protected java.security.spec.AlgorithmParameterSpec generateDefaultParameters()

Returns a default set of parameters that are valid and appropriate for this digital signature algorithm.

This default implementation is only appropriate for algorithms that do not support algorithm parameters; it always returns null. For algorithms that do support algorithm parameters, this API must be overridden to generate a valid and appropriate set of default algorithm parameters. These parameters will automatically be used when parameters are not provided through the engineSetParameter() API and the algorithm is initialized for signature generation.

FIPS 140-2:

FIPS Service: Non-Cryptographic Operation

Although this API is externally accessible (protected), it is intended for internal use only and MUST NOT be called externally by the operator when operating in FIPS mode. Since its use is prohibited, this API is not part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Returns:

the default set of algorithm parameters or null if this algorithm does not support parameters

toAlgorithmParameters

protected java.security.AlgorithmParameters toAlgorithmParameters(java.security.spec.AlgorithmParameterSpec params)

Converts algorithm parameters in transparent representation into their opaque representation during a call to engineGetParameters() .

This default implementation is only appropriate for algorithms that do not support algorithm parameters; it always returns null. For algorithms that do support algorithm parameters, this API must be overridden to convert supported parameters in transparent representation to opaque representation.

FIPS 140-2:

FIPS Service: Non-Cryptographic Operation

Although this API is externally accessible (protected), it is intended for internal use only and MUST NOT be called externally by the operator when operating in FIPS mode. Since its use is prohibited, this API is not part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Parameters:

params - a transparent representation of the algorithm parameters

Returns:

an opaque representation of the algorithm parameters or null if this algorithm does not support parameters

getDigitalSignatureImpl

protected abstract com.entrust.toolkit.security.crypto.signature.DigitalSignatureImpl getDigitalSignatureImpl(java.lang.String implClassName)
                                                                                                       throws java.lang.RuntimeException

Instantiates the internal signature algorithm implementation from the indicated class.

This API is necessary so that the signature algorithm implementation classes can exist in a different package and not require public constructors.

FIPS 140-2:

FIPS Service: Query Object

Although this API is externally accessible (protected), it is intended for internal use only and MUST NOT be called externally by the operator when operating in FIPS mode. Since its use is prohibited, this API is not part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Parameters:

implClassName - the name of the class for the signature algorithm implementation

Returns:

the signature algorithm implementation

Throws:

java.lang.RuntimeException - if the signature algorithm implementation could not be instantiated