com.entrust.toolkit.x509.policies

Class EntrustSigConfig

java.lang.Object

com.entrust.toolkit.x509.policies.EntrustSigConfig

Direct Known Subclasses:

EntrustSigConfig.MultipleAlgSigConfig, EntrustSigConfig.SingleAlgSigConfig

public abstract class EntrustSigConfig
extends java.lang.Object

Configuration information for a signature algorithm.

Along with a key of the appropriate type, a signature algorithm configuration provides the information necessary to instantiate and initialize a signature algorithm. There are two primary types of signature algorithm configuration:

EntrustSigConfig.SingleAlgSigConfig

Identifies a single signature algorithm.

EntrustSigConfig.MultipleAlgSigConfig

Identifies a set of signature algorithms where the algorithm to be used for a given operation depends directly on the strength of the key it is being used with. The purpose is to match key strength to hash algorithm strength. This type of configuration must first be converted to a single signature algorithm configuration via the toSingleAlgSigConfig(EntrustAsymKeyType) API before it can be used in a signature operation.

A signature algorithm configuration contains all of the following information:

• Name: String representation of the signature algorithm configuration (e.g. ECDSA-SHA256)
• Supported Key Type Algorithm: Identifies the type of keys that are supported for use with the signature algorithm (e.g. EC)
• Signature Algorithm Identifier: The algorithm identifier for the signature algorithm (e.g. ecdsa-with-Sha256 1.2.840.10045.4.3.2)
• Hash Algorithm Identifier: The algorithm identifier for the hash algorithm used by the signature algorithm (e.g. id-sha256 2.16.840.1.101.3.4.2.1)

The following signature algorithm configurations are currently supported:

Supported Signature Algorithm Configurations
Signature Algorithm Configuration	Name
RSA-based
RSA_SHA1	RSA-SHA1
RSA_SHA224	RSA-SHA224
RSA_SHA256	RSA-SHA256
RSA_SHA384	RSA-SHA384
RSA_SHA512	RSA-SHA512
RSA_RECOMMENDED	RSA-RECOMMENDED
RSA_RECOMMENDED_NO_SHA224	RSA-RECOMMENDED-NO-SHA224
RSAPSS_SHA1	RSAPSS-SHA1
RSAPSS_SHA224	RSAPSS-SHA224
RSAPSS_SHA256	RSAPSS-SHA256
RSAPSS_SHA384	RSAPSS-SHA384
RSAPSS_SHA512	RSAPSS-SHA512
RSAPSS_RECOMMENDED	RSAPSS-RECOMMENDED
RSAPSS_RECOMMENDED_NO_SHA224	RSAPSS-RECOMMENDED-NO-SHA224
EC-based
ECDSA_SHA1	ECDSA-SHA1
ECDSA_SHA224	ECDSA-SHA224
ECDSA_SHA256	ECDSA-SHA256
ECDSA_SHA384	ECDSA-SHA384
ECDSA_SHA512	ECDSA-SHA512
ECDSA_RECOMMENDED	ECDSA-RECOMMENDED
ECDSA_RECOMMENDED_NO_SHA224	ECDSA_RECOMMENDED_NO_SHA224
EC-based
DSA_SHA1	ECDSA-SHA1
DSA_RECOMMENDED	ECDSA-RECOMMENDED

Since:

8.0

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	EntrustSigConfig.MultipleAlgSigConfig A multiple algorithm signature algorithm configuration.
static class	EntrustSigConfig.SingleAlgSigConfig A single algorithm signature algorithm configuration.

Field Summary

Fields

Modifier and Type	Field and Description
static EntrustSigConfig.MultipleAlgSigConfig	DSA_RECOMMENDED Identifies the "DSA-RECOMMENDED" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	DSA_SHA1 Identifies the "DSA-SHA1" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	DSA_SHA224
static EntrustSigConfig.SingleAlgSigConfig	DSA_SHA256
static EntrustSigConfig.MultipleAlgSigConfig	ECDSA_RECOMMENDED Identifies the "ECDSA-RECOMMENDED" signature algorithm configuration.
static EntrustSigConfig.MultipleAlgSigConfig	ECDSA_RECOMMENDED_NO_SHA224 Identifies the "ECDSA-RECOMMENDED-NO-SHA224" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	ECDSA_SHA1 Identifies the "ECDSA-SHA1" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	ECDSA_SHA224 Identifies the "ECDSA-SHA224" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	ECDSA_SHA256 Identifies the "ECDSA-SHA256" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	ECDSA_SHA384 Identifies the "ECDSA-SHA384" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	ECDSA_SHA512 Identifies the "ECDSA-SHA512" signature algorithm configuration.
static EntrustSigConfig.MultipleAlgSigConfig	RSA_RECOMMENDED Identifies the "RSA-RECOMMENDED" signature algorithm configuration.
static EntrustSigConfig.MultipleAlgSigConfig	RSA_RECOMMENDED_NO_SHA224 Identifies the "RSA-RECOMMENDED-NO-SHA224" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	RSA_SHA1 Identifies the "RSA-SHA1" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	RSA_SHA224 Identifies the "RSA-SHA224" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	RSA_SHA256 Identifies the "RSA-SHA256" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	RSA_SHA384 Identifies the "RSA-SHA384" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	RSA_SHA512 Identifies the "RSA-SHA512" signature algorithm configuration.
static EntrustSigConfig.MultipleAlgSigConfig	RSAPSS_RECOMMENDED Identifies the "RSAPSS-RECOMMENDED" signature algorithm configuration.
static EntrustSigConfig.MultipleAlgSigConfig	RSAPSS_RECOMMENDED_NO_SHA224 Identifies the "RSAPSS-RECOMMENDED-NO-SHA224" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	RSAPSS_SHA1 Identifies the "RSAPSS-SHA1" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	RSAPSS_SHA224 Identifies the "RSAPSS-SHA224" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	RSAPSS_SHA256 Identifies the "RSAPSS-SHA256" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	RSAPSS_SHA384 Identifies the "RSAPSS-SHA384" signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	RSAPSS_SHA512 Identifies the "RSAPSS-SHA512" signature algorithm configuration.

Method Summary

Modifier and Type	Method and Description
static EntrustSigConfig.SingleAlgSigConfig	getInstance(AlgorithmID sigAlgorithmId) Parses a signature algorithm configuration from algorithm identifier representation.
static EntrustSigConfig	getInstance(java.lang.String name) Parses a signature algorithm configuration from string name representation.
static java.util.List<EntrustSigConfig>	getListInstance(java.lang.String sigConfigAlgs, TraceLog traceLog, java.lang.String sourceName) Parses a list of signature algorithm configurations from string list representation.
java.lang.String	getName() Gets the name of this signature algorithm configuration.
static EntrustSigConfig.SingleAlgSigConfig	getSigAlgConfig(java.security.Key key, java.util.List<EntrustSigConfig> sigAlgConfigList) Selects the signature algorithm configuration to be used with the provided key from a list of signature algorithm configurations ordered according to preference.
static java.lang.String	getSigConfigString(AlgorithmID sigAlgorithmId) Returns a string representation of the signature algorithm configuration identified by the provided algorithm identifier.
boolean	isKeyTypeSupported(EntrustAsymKeyType keyType) Indicates whether or not keys of the provided type are supported for use with this signature algorithm configuration.
abstract EntrustSigConfig.SingleAlgSigConfig	toSingleAlgSigConfig(EntrustAsymKeyType keyType) Converts this signature algorithm configuration to a single algorithm signature algorithm configuration based on the provided key type.
java.lang.String	toString() Returns the string representation of this object which is the name of this signature algorithm configuration.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

RSA_SHA1

public static final EntrustSigConfig.SingleAlgSigConfig RSA_SHA1

Identifies the "RSA-SHA1" signature algorithm configuration.

• Name: "RSA-SHA1"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) with NULL parameters
• Hash Algorithm Identifier: 1.3.14.3.2.26 (id-sha1) with NULL parameters

RSA_SHA224

public static final EntrustSigConfig.SingleAlgSigConfig RSA_SHA224

Identifies the "RSA-SHA224" signature algorithm configuration.

• Name: "RSA-SHA224"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: 1.2.840.113549.1.1.14 (sha224WithRSAEncryption) with NULL parameters
• Hash Algorithm Identifier: 2.16.840.1.101.3.4.2.4 (id-sha224) with NULL parameters

RSA_SHA256

public static final EntrustSigConfig.SingleAlgSigConfig RSA_SHA256

Identifies the "RSA-SHA256" signature algorithm configuration.

• Name: "RSA-SHA256"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) with NULL parameters
• Hash Algorithm Identifier: 2.16.840.1.101.3.4.2.1 (id-sha256) with NULL parameters

RSA_SHA384

public static final EntrustSigConfig.SingleAlgSigConfig RSA_SHA384

Identifies the "RSA-SHA384" signature algorithm configuration.

• Name: "RSA-SHA384"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) with NULL parameters
• Hash Algorithm Identifier: 2.16.840.1.101.3.4.2.2 (id-sha384) with NULL parameters

RSA_SHA512

public static final EntrustSigConfig.SingleAlgSigConfig RSA_SHA512

Identifies the "RSA-SHA512" signature algorithm configuration.

• Name: "RSA-SHA512"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: 1.2.840.113549.1.1.13 (sha512WithRSAEncryption) with NULL parameters
• Hash Algorithm Identifier: 2.16.840.1.101.3.4.2.3 (id-sha512) with NULL parameters

RSA_RECOMMENDED

public static final EntrustSigConfig.MultipleAlgSigConfig RSA_RECOMMENDED

Identifies the "RSA-RECOMMENDED" signature algorithm configuration.

• Name: "RSA-RECOMMENDED"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: Variable; depends on the type of key this algorithm configuration is being used with. Call toSingleAlgSigConfig(EntrustAsymKeyType) to convert to a signature algorithm configuration with a single algorithm identifier. Refer to the table below for the mapping between key type and single algorithm signature algorithm configuration.
• Hash Algorithm Identifier: Variable (see above)

Key Type	Mapping
RSA with [1..1024]-bits (e.g. RSA-1024)	RSA_SHA1
RSA with [1025..2048]-bits (e.g. RSA-2048)	RSA_SHA224
RSA with [2049..3072]-bits (e.g. RSA-3072)	RSA_SHA256
RSA with [3073..7680]-bits (e.g. RSA-7680)	RSA_SHA384
RSA with [7681...]-bits (e.g. RSA-15360)	RSA_SHA512

RSA_RECOMMENDED_NO_SHA224

public static final EntrustSigConfig.MultipleAlgSigConfig RSA_RECOMMENDED_NO_SHA224

Identifies the "RSA-RECOMMENDED-NO-SHA224" signature algorithm configuration.

• Name: "RSA-RECOMMENDED-NO-SHA224"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: Variable; depends on the type of key this algorithm configuration is being used with. Call toSingleAlgSigConfig(EntrustAsymKeyType) to convert to a signature algorithm configuration with a single algorithm identifier. Refer to the table below for the mapping between key type and single algorithm signature algorithm configuration.
• Hash Algorithm Identifier: Variable (see above)

Key Type	Mapping
RSA with [1..1024]-bits (e.g. RSA-1024)	RSA_SHA1
RSA with [1025..3072]-bits (e.g. RSA-3072)	RSA_SHA256
RSA with [3073..7680]-bits (e.g. RSA-7680)	RSA_SHA384
RSA with [7681...]-bits (e.g. RSA-15360)	RSA_SHA512

RSAPSS_SHA1

public static final EntrustSigConfig.SingleAlgSigConfig RSAPSS_SHA1

Identifies the "RSAPSS-SHA1" signature algorithm configuration.

• Name: "RSAPSS-SHA1"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: 1.2.840.113549.1.1.10 (id-RSASSA-PSS) with RSASSA-PSS-params parameters
• RSASSA-PSS-params:
• hashAlgorithm: absent (defaults to: 1.3.14.3.2.26 (id-sha1) with NULL parameters)
• maskGenAlgorithm: absent (defaults to: 1.2.840.113549.1.1.8 (id-mgf1) with HashAlgorithm parameters where HashAlgorithm is the algorithm identifier 1.3.14.3.2.26 (id-sha1) with NULL parameters)
• saltLength: absent (defaults to: 20)
• trailerField: absent (defaults to: trailerFieldBC(1))
• Hash Algorithm Identifier: 1.3.14.3.2.26 (id-sha1) with NULL parameters

RSAPSS_SHA224

public static final EntrustSigConfig.SingleAlgSigConfig RSAPSS_SHA224

Identifies the "RSAPSS-SHA224" signature algorithm configuration.

• Name: "RSAPSS-SHA224"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: 1.2.840.113549.1.1.10 (id-RSASSA-PSS) with RSASSA-PSS-params parameters
• RSASSA-PSS-params:
• hashAlgorithm: 2.16.840.1.101.3.4.2.4 (id-sha224) with NULL parameters
• maskGenAlgorithm: 1.2.840.113549.1.1.8 (id-mgf1) with HashAlgorithm parameters where HashAlgorithm is the algorithm identifier 2.16.840.1.101.3.4.2.4 (id-sha224) with NULL parameters
• saltLength: 28
• trailerField: absent (defaults to: trailerFieldBC(1))
• Hash Algorithm Identifier: 2.16.840.1.101.3.4.2.4 (id-sha224) with NULL parameters

RSAPSS_SHA256

public static final EntrustSigConfig.SingleAlgSigConfig RSAPSS_SHA256

Identifies the "RSAPSS-SHA256" signature algorithm configuration.

• Name: "RSAPSS-SHA256"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: 1.2.840.113549.1.1.10 (id-RSASSA-PSS) with RSASSA-PSS-params parameters
• RSASSA-PSS-params:
• hashAlgorithm: 2.16.840.1.101.3.4.2.1 (id-sha256) with NULL parameters
• maskGenAlgorithm: 1.2.840.113549.1.1.8 (id-mgf1) with HashAlgorithm parameters where HashAlgorithm is the algorithm identifier 2.16.840.1.101.3.4.2.1 (id-sha256) with NULL parameters
• saltLength: 32
• trailerField: absent (defaults to: trailerFieldBC(1))
• Hash Algorithm Identifier: 2.16.840.1.101.3.4.2.1 (id-sha256) with NULL parameters

RSAPSS_SHA384

public static final EntrustSigConfig.SingleAlgSigConfig RSAPSS_SHA384

Identifies the "RSAPSS-SHA384" signature algorithm configuration.

• Name: "RSAPSS-SHA384"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: 1.2.840.113549.1.1.10 (id-RSASSA-PSS) with RSASSA-PSS-params parameters
• RSASSA-PSS-params:
• hashAlgorithm: 2.16.840.1.101.3.4.2.2 (id-sha384) with NULL parameters
• maskGenAlgorithm: 1.2.840.113549.1.1.8 (id-mgf1) with HashAlgorithm parameters where HashAlgorithm is the algorithm identifier 2.16.840.1.101.3.4.2.2 (id-sha384) with NULL parameters
• saltLength: 48
• trailerField: absent (defaults to: trailerFieldBC(1))
• Hash Algorithm Identifier: 2.16.840.1.101.3.4.2.2 (id-sha384) with NULL parameters

RSAPSS_SHA512

public static final EntrustSigConfig.SingleAlgSigConfig RSAPSS_SHA512

Identifies the "RSAPSS-SHA512" signature algorithm configuration.

• Name: "RSAPSS-SHA512"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: 1.2.840.113549.1.1.10 (id-RSASSA-PSS) with RSASSA-PSS-params parameters
• RSASSA-PSS-params:
• hashAlgorithm: 2.16.840.1.101.3.4.2.3 (id-sha512) with NULL parameters
• maskGenAlgorithm: 1.2.840.113549.1.1.8 (id-mgf1) with HashAlgorithm parameters where HashAlgorithm is the algorithm identifier 2.16.840.1.101.3.4.2.3 (id-sha512) with NULL parameters
• saltLength: 64
• trailerField: absent (defaults to: trailerFieldBC(1))
• Hash Algorithm Identifier: 2.16.840.1.101.3.4.2.3 (id-sha512) with NULL parameters

RSAPSS_RECOMMENDED

public static final EntrustSigConfig.MultipleAlgSigConfig RSAPSS_RECOMMENDED

Identifies the "RSAPSS-RECOMMENDED" signature algorithm configuration.

• Name: "RSAPSS-RECOMMENDED"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: Variable; depends on the type of key this algorithm configuration is being used with. Call toSingleAlgSigConfig(EntrustAsymKeyType) to convert to a signature algorithm configuration with a single algorithm identifier. Refer to the table below for the mapping between key type and single algorithm signature algorithm configuration.
• Hash Algorithm Identifier: Variable (see above)

Key Type	Mapping
RSA with [1..1024]-bits (e.g. RSA-1024)	RSAPSS_SHA1
RSA with [1025..2048]-bits (e.g. RSA-2048)	RSAPSS_SHA224
RSA with [2049..3072]-bits (e.g. RSA-3072)	RSAPSS_SHA256
RSA with [3073..7680]-bits (e.g. RSA-7680)	RSAPSS_SHA384
RSA with [7681...]-bits (e.g. RSA-15360)	RSAPSS_SHA512

RSAPSS_RECOMMENDED_NO_SHA224

public static final EntrustSigConfig.MultipleAlgSigConfig RSAPSS_RECOMMENDED_NO_SHA224

Identifies the "RSAPSS-RECOMMENDED-NO-SHA224" signature algorithm configuration.

• Name: "RSAPSS-RECOMMENDED-NO_SHA224"
• Supported Key Type Algorithm: RSA
• Signature Algorithm Identifier: Variable; depends on the type of key this algorithm configuration is being used with. Call toSingleAlgSigConfig(EntrustAsymKeyType) to convert to a signature algorithm configuration with a single algorithm identifier. Refer to the table below for the mapping between key type and single algorithm signature algorithm configuration.
• Hash Algorithm Identifier: Variable (see above)

Key Type	Mapping
RSA with [1..1024]-bits (e.g. RSA-1024)	RSAPSS_SHA1
RSA with [1025..3072]-bits (e.g. RSA-3072)	RSAPSS_SHA256
RSA with [3073..7680]-bits (e.g. RSA-7680)	RSAPSS_SHA384
RSA with [7681...]-bits (e.g. RSA-15360)	RSAPSS_SHA512

ECDSA_SHA1

public static final EntrustSigConfig.SingleAlgSigConfig ECDSA_SHA1

Identifies the "ECDSA-SHA1" signature algorithm configuration.

• Name: "ECDA-SHA1"
• Supported Key Type Algorithm: EC (and ECDSA)
• Signature Algorithm Identifier: 1.2.840.10045.4.1 (ecdsa-with-Sha1) with NULL parameters
• Hash Algorithm Identifier: 1.3.14.3.2.26 (id-sha1) with NULL parameters

ECDSA_SHA224

public static final EntrustSigConfig.SingleAlgSigConfig ECDSA_SHA224

Identifies the "ECDSA-SHA224" signature algorithm configuration.

• Name: "ECDA-SHA224"
• Supported Key Type Algorithm: EC (and ECDSA)
• Signature Algorithm Identifier: 1.2.840.10045.4.3.1 (ecdsa-with-Sha224) with NULL parameters
• Hash Algorithm Identifier: 2.16.840.1.101.3.4.2.4 (id-sha224) with NULL parameters

ECDSA_SHA256

public static final EntrustSigConfig.SingleAlgSigConfig ECDSA_SHA256

Identifies the "ECDSA-SHA256" signature algorithm configuration.

• Name: "ECDA-SHA256"
• Supported Key Type Algorithm: EC (and ECDSA)
• Signature Algorithm Identifier: 1.2.840.10045.4.3.2 (ecdsa-with-Sha256) with NULL parameters
• Hash Algorithm Identifier: 2.16.840.1.101.3.4.2.1 (id-sha256) with NULL parameters

ECDSA_SHA384

public static final EntrustSigConfig.SingleAlgSigConfig ECDSA_SHA384

Identifies the "ECDSA-SHA384" signature algorithm configuration.

• Name: "ECDA-SHA384"
• Supported Key Type Algorithm: EC (and ECDSA)
• Signature Algorithm Identifier: 1.2.840.10045.4.3.3 (ecdsa-with-Sha384) with NULL parameters
• Hash Algorithm Identifier: 2.16.840.1.101.3.4.2.2 (id-sha384) with NULL parameters

ECDSA_SHA512

public static final EntrustSigConfig.SingleAlgSigConfig ECDSA_SHA512

Identifies the "ECDSA-SHA512" signature algorithm configuration.

• Name: "ECDA-SHA512"
• Supported Key Type Algorithm: EC (and ECDSA)
• Signature Algorithm Identifier: 1.2.840.10045.4.3.4 (ecdsa-with-Sha512) with NULL parameters
• Hash Algorithm Identifier: 2.16.840.1.101.3.4.2.3 (id-sha512) with NULL parameters

ECDSA_RECOMMENDED

public static final EntrustSigConfig.MultipleAlgSigConfig ECDSA_RECOMMENDED

Identifies the "ECDSA-RECOMMENDED" signature algorithm configuration.

• Name: "ECDSA-RECOMMENDED"
• Supported Key Type Algorithm: EC (and ECDSA)
• Signature Algorithm Identifier: Variable; depends on the type of key this algorithm configuration is being used with. Call toSingleAlgSigConfig(EntrustAsymKeyType) to convert to a signature algorithm configuration with a single algorithm identifier. Refer to the table below for the mapping between key type and single algorithm signature algorithm configuration.
• Hash Algorithm Identifier: Variable (see above)

Key Type	Mapping
EC with [1..160]-bits (e.g. EC-ansix9p160r2)	ECDSA_SHA1
EC with [161..224]-bits (e.g. EC-P-192 or EC-P-224)	ECDSA_SHA224
EC with [225..256]-bits (e.g. EC-P-256)	ECDSA_SHA256
EC with [257..384]-bits (e.g. EC-P-384)	ECDSA_SHA384
EC with [385...]-bits (e.g. EC-P-521)	ECDSA_SHA512

ECDSA_RECOMMENDED_NO_SHA224

public static final EntrustSigConfig.MultipleAlgSigConfig ECDSA_RECOMMENDED_NO_SHA224

Identifies the "ECDSA-RECOMMENDED-NO-SHA224" signature algorithm configuration.

• Name: "ECDSA-RECOMMENDED-NO-SHA224"
• Supported Key Type Algorithm: EC (and ECDSA)
• Signature Algorithm Identifier: Variable; depends on the type of key this algorithm configuration is being used with. Call toSingleAlgSigConfig(EntrustAsymKeyType) to convert to a signature algorithm configuration with a single algorithm identifier. Refer to the table below for the mapping between key type and single algorithm signature algorithm configuration.
• Hash Algorithm Identifier: Variable (see above)

Key Type	Mapping
EC with [1..160]-bits (e.g. EC-ansix9p160r2)	ECDSA_SHA1
EC with [161..256]-bits (e.g. EC-P-256)	ECDSA_SHA256
EC with [257..384]-bits (e.g. EC-P-384)	ECDSA_SHA384
EC with [385...]-bits (e.g. EC-P-521)	ECDSA_SHA512

DSA_SHA1

public static final EntrustSigConfig.SingleAlgSigConfig DSA_SHA1

Identifies the "DSA-SHA1" signature algorithm configuration.

• Name: "DSA-SHA1"
• Supported Key Type Algorithm: DSA
• Signature Algorithm Identifier: 1.2.840.10040.4.3 (id_dsa_with_sha1) with NULL parameters
• Hash Algorithm Identifier: 1.3.14.3.2.26 (id-sha1) with NULL parameters

DSA_SHA224

public static final EntrustSigConfig.SingleAlgSigConfig DSA_SHA224

DSA_SHA256

public static final EntrustSigConfig.SingleAlgSigConfig DSA_SHA256

DSA_RECOMMENDED

public static final EntrustSigConfig.MultipleAlgSigConfig DSA_RECOMMENDED

Identifies the "DSA-RECOMMENDED" signature algorithm configuration.

• Name: "DSA-RECOMMENDED"
• Supported Key Type Algorithm: DSA
• Signature Algorithm Identifier: Variable; depends on the type of key this algorithm configuration is being used with. Call toSingleAlgSigConfig(EntrustAsymKeyType) to convert to a signature algorithm configuration with a single algorithm identifier. Refer to the table below for the mapping between key type and single algorithm signature algorithm configuration.
• Hash Algorithm Identifier: Variable (see above)

Key Type	Mapping
DSA with [1...]-bits (e.g. DSA-1024)	DSA_SHA1
DSA with [1...]-bits (e.g. DSA-2048)	DSA_SHA256

Method Detail

getInstance

public static EntrustSigConfig getInstance(java.lang.String name)

Parses a signature algorithm configuration from string name representation.

All algorithms listed in the class documentation of EntrustSigConfig are supported by this API.

Parameters:

name - name of the signature algorithm configuration

Returns:

the signature algorithm configuration (parsed from string representation)

Throws:

java.lang.IllegalArgumentException - if the provided name is invalid (invalid string name or alias for a signature algorithm configuration)

getInstance

public static EntrustSigConfig.SingleAlgSigConfig getInstance(AlgorithmID sigAlgorithmId)

Parses a signature algorithm configuration from algorithm identifier representation.

All algorithms listed in the class documentation of EntrustSigConfig are supported by this API. Additionally, the RSAPSS-CUSTOM signature algorithm configuration is also supported. RSAPSS-CUSTOM represents the RSAPSS algorithm with custom PSS algorithm parameters (PSS parameters that do not correspond to one of the standard RSAPSS signature algorithm configurations).

Parameters:

sigAlgorithmId - the algorithm identifier of the signature algorithm configuration

Returns:

the signature algorithm configuration (parsed from algorithm identifier representation)

Throws:

java.lang.IllegalArgumentException - if the provided algorithm identifier is invalid (does not identify a supported signature algorithm configuration)

getSigConfigString

public static java.lang.String getSigConfigString(AlgorithmID sigAlgorithmId)

Returns a string representation of the signature algorithm configuration identified by the provided algorithm identifier.

The string representation is the signature algorithm configuration name for supported signature algorithms (see getName()) or the string 'UNSUPPORTED (oid)' for unsupported signature algorithms (where oid is the object identifier from the algorithm identifier).

All signature algorithm configurations supported by the getInstance(AlgorithmID) are also supported by this API. This API was designed for use in exception messages and log messages.

Parameters:

sigAlgorithmId - the algorithm identifier of the signature algorithm configuration

Returns:

string representation of the signature algorithm configuration

getListInstance

public static java.util.List<EntrustSigConfig> getListInstance(java.lang.String sigConfigAlgs,
                                                               TraceLog traceLog,
                                                               java.lang.String sourceName)

Parses a list of signature algorithm configurations from string list representation.

String list representation is a comma-delimited, case-insensitive, list of signature algorithm configuration names. Unsupported values are ignored, but when encountered, the unsupported value is logged to traceLog.

Samples:

• RSA-RECOMMENDED
• RSA-RECOMMENDED, ECDSA-RECOMMENDED, DSA-RECOMMENDED
• RSA-RECOMMENDED, RSA-SHA1, ECDSA-RECOMMENDED, ECDSA-SHA1, DSA-RECOMMENDED

Parameters:

sigConfigAlgs - comma-delimited string list of signature algorithm configuration names

traceLog - trace log; unsupported values are recorded here

sourceName - indicates the source of the string list (used in trace log to identify source of unsupported values, e.g. 'main policy certificate')

getSigAlgConfig

public static EntrustSigConfig.SingleAlgSigConfig getSigAlgConfig(java.security.Key key,
                                                                  java.util.List<EntrustSigConfig> sigAlgConfigList)

Selects the signature algorithm configuration to be used with the provided key from a list of signature algorithm configurations ordered according to preference.

The first entry from the signature algorithm configuration list that is suitable for the provided key is returned. A signing algorithm is deemed suitable if it can be used with the provided key in a digital signature operation (both must use the same cryptosystem (e.g. EC)).

Parameters:

key - the key (public or private) to be used with the signature algorithm configuration

sigAlgConfigList - a list of signature algorithm configurations ordered according to preference

Returns:

the signature algorithm configuration to be used; null if the key is not supported for use with any of the signature algorithm configurations

Throws:

java.lang.IllegalArgumentException - if the provided key is unsupported

Since:

8.0 Patch

getName

public final java.lang.String getName()

Gets the name of this signature algorithm configuration.

Returns:

the configuration name

isKeyTypeSupported

public final boolean isKeyTypeSupported(EntrustAsymKeyType keyType)

Indicates whether or not keys of the provided type are supported for use with this signature algorithm configuration.

Parameters:

keyType - a key type

Returns:

true if the keys of the provided type are supported for use with this signature algorithm configuration; false otherwise

toString

public final java.lang.String toString()

Returns the string representation of this object which is the name of this signature algorithm configuration.

Overrides:

toString in class java.lang.Object

Returns:

the string representation of this object

toSingleAlgSigConfig

public abstract EntrustSigConfig.SingleAlgSigConfig toSingleAlgSigConfig(EntrustAsymKeyType keyType)
                                                                  throws java.security.KeyException

Converts this signature algorithm configuration to a single algorithm signature algorithm configuration based on the provided key type.

There are two main classes of signature algorithm configuration objects; 'single algorithm' and 'multiple algorithm'. A single algorithm configuration identifies a single algorithm and is not dependent on the strength of the key it is being used with. A multiple algorithm configuration identifies a set of algorithms and the actual algorithm to be used depends on the strength of the key being used.

In order to perform a signature operation using the algorithm identified by a signature algorithm configuration it must be first converted to a single algorithm configuration; this API performs that task. When called on a multiple algorithm configuration, the appropriate algorithm is selected from the set by examining the key strength. When called on a single algorithm configuration, the same single algorithm configuration is simply returned (essentially a no-op).

Parameters:

keyType - the key type of the key that will be used to perform the signature operation

Returns:

a single algorithm signature configuration

Throws:

java.security.KeyException - if the key type is not supported by this signature algorithm configuration (e.g. the key type is EC-based, but the signature algorithm configuration is RSA-based)