RSASignature ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- java.security.SignatureSpi
- - java.security.Signature
  - - iaik.security.rsa.RSASignature

Direct Known Subclasses:

Md2RSASignature, Md5RSASignature, ShaRSASignature

Deprecated.
since 8.0; use RsaPkcs1v1_5Signature instead
```
public abstract class RSASignature
extends java.security.Signature
```
This class extends the java.security.Signature class for providing the functionality of the RSA digital signature algorithm, featured by any proper hash algorithm.
Within the IAIK-JCE environment, this class is extended by Md2RSASignature, Md5RSASignature, ShaRSASignature and SSLRSASignature for supporting the "MD2 with RSA", "MD5 with RSA" (as described in PKCS#1) and "SHA with RSA" signature algorithms, and a particular signature scheme to be used within the Secure Sockets Layer SSLv3 protocol.
Digital signatures are used for ensuring data authentication and data integrity. RSA based signature algorithms use a proper hash function (like MD2, MD5 or SHA) for creating a message digest of the message to be signed. Subsequently this message digest is encrypted with the RSA private key of the entity going to sign the message. Message and encrypted message digest together are sent to the intended receiver that verifies the signature by decrypting the received encrypted message digest with the corresponding RSA public key, and comparing it with the hash value derived from the received original message after hashing it with the same hash function as used by the entity that has sent the message.
This class follows the guidelines presented in PKCS #1: RSA Encryption Version 1.5 (RFC 2313)) for implementing a signature algorithm based on the RSA encryption method for being used in signing X.509/PEM certificates, certificate-revocation lists, PKCS#6 extended certificates, and other objects employing digital signatures such as X.401 message tokens. The algorithms presented in PKCS#1 are not intended to be used in PKCS#7, where signatures (encrypted message digests) are treated as octet strings, in contrast to the bit string interpretation of PKCS#1.
For implementing a RSASignature with a specific hash algorithm you only have to extend this class and supply the variable "hash" with an instance of the desired hash algorithm, see Md2RSASignature, Md5RSASignature, ShaRSASignature.
An application wishing to sign some message or to verify some signature, generally has to perform three steps (in the following example, HASH has to be replaced by the name of the desired hash algorithm):
- First an instance of the desired signature algorithm has to be created using a proper getInstance method, e.g.:
```
 Signature hash_rsa = Signature.getInstance("HASH/RSA");
 
```
- Second, the Signature object just created has to be properly initialized for signing a message respectively verifying a signature using a RSA private respectively RSA public key, e.g.:
  - Initialize for Signing: hash_rsa.initSign(rsaPrivateKey);
  - Initialize for Verifying: hash_rsa.initVerify(rsaPublicKey);
- Finally, if the Signature object has been initialized for signing, the data to be signed is supplied to it and subsequently the signature is created by calling the sign method returning the signature as DER encoded byte array. Otherwise, if the Signature object has been initialized for verifying, first the data to be verified is supplied to the Signature object, and subsequently the signature is verified by calling the verify method, supplied with the DER encoded byte array holding the corresponding signature:
  - Supply the data to be signed, and subsequently sign it:
    hash_rsa.update(data); byte[] signature = hash_rsa.sign();
  - Supply the data to be verified, and verify the signature:
    hash_rsa.update(data); System.out.println("Signature " + (hash_rsa.verify(signature) ? "correct!" : "not correct!"));
See Also:

Md2RSASignature, Md5RSASignature, ShaRSASignature, SslRsaSignature, Signature

Field Summary

Fields
Modifier and Type	Field and Description
`protected java.security.MessageDigest`	`hash` Deprecated. The MessageDigest used to hash the data; supplied with an instance of the desired MessageDigest algorithm by any extending subclass.

Fields inherited from class java.security.Signature
SIGN, state, UNINITIALIZED, VERIFY

Fields inherited from class java.security.SignatureSpi
appRandom

Constructor Summary

Constructors
Modifier	Constructor and Description
`protected`	`RSASignature(AlgorithmID algorithm, java.security.MessageDigest hash)` Deprecated. Creates a RSA Signature object with a specified hash algorithm.

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`protected java.lang.Object`	`engineGetParameter(java.lang.String param)` Deprecated. This method is not implemented and only throws an InvalidParameterException
`protected void`	`engineInitSign(java.security.PrivateKey pk)` Deprecated. SPI: Initializes this Signature object with the given RSA private key for going to sign some data.
`protected void`	`engineInitVerify(java.security.PublicKey pk)` Deprecated. SPI: Initializes this Signature object with the given RSA public key for performing a signature verification.
`protected void`	`engineSetParameter(java.lang.String param, java.lang.Object value)` Deprecated. This method is not implemented and only throws an InvalidParameterException
`protected byte[]`	`engineSign()` Deprecated. SPI: Returns a byte array holding the signature resulting from all already performed data update operations.
`protected void`	`engineUpdate(byte b)` Deprecated. SPI: Updates the data to be signed or verified with the specified byte.
`protected void`	`engineUpdate(byte[] b, int off, int len)` Deprecated. SPI: Updates the data to be signed or verified with the specified number of bytes, beginning at the specified offset within the given byte array.
`protected boolean`	`engineVerify(byte[] sigBytes)` Deprecated. Verifies the given signature of a message according to PKCS#1.

Methods inherited from class java.security.Signature
clone, getAlgorithm, getInstance, getInstance, getInstance, getParameter, getParameters, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, update, verify, verify

Methods inherited from class java.security.SignatureSpi
engineGetParameters, engineInitSign, engineSetParameter, engineSign, engineUpdate, engineVerify

Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Field Detail
  - hash
```
protected java.security.MessageDigest hash
```
    Deprecated.
    
    The MessageDigest used to hash the data; supplied with an instance of the desired MessageDigest algorithm by any extending subclass.
    
    See Also:
    
    Md2RSASignature, Md5RSASignature, ShaRSASignature
- Constructor Detail
  - RSASignature
```
protected RSASignature(AlgorithmID algorithm,
                       java.security.MessageDigest hash)
```
    Deprecated.
    Creates a RSA Signature object with a specified hash algorithm.
    This constructor is called from subclasses to represent a RSA signature with a defined hash algorithm like Md2, Md5 or Sha.
    Applications use
    Signature.getInstance("HASHwithRSA");
    for creating a Signature object, where HASH has to be replaced by the name of the desired hash algorithm.
    Parameters:
    
    algorithm - the hash algorithm to use
    
    See Also:
    
    Md2RSASignature, Md5RSASignature, ShaRSASignature, Signature.getInstance(java.lang.String)
- Method Detail
  - engineInitVerify
```
protected void engineInitVerify(java.security.PublicKey pk)
                         throws java.security.InvalidKeyException
```
    Deprecated.
    
    SPI: Initializes this Signature object with the given RSA public key for performing a signature verification.
    
    Specified by:
    
    engineInitVerify in class java.security.SignatureSpi
    
    Parameters:
    
    pk - the RSA public key belonging to the RSA private key that has been used for signing.
    
    Throws:
    
    java.security.InvalidKeyException - if a key encoding error occurs
  - engineInitSign
```
protected void engineInitSign(java.security.PrivateKey pk)
                       throws java.security.InvalidKeyException
```
    Deprecated.
    
    SPI: Initializes this Signature object with the given RSA private key for going to sign some data.
    
    Specified by:
    
    engineInitSign in class java.security.SignatureSpi
    
    Parameters:
    
    pk - the RSA private key to be used for signing.
    
    Throws:
    
    java.security.InvalidKeyException - if a key encoding error occurs
  - engineSign
```
protected byte[] engineSign()
                     throws java.security.SignatureException
```
    Deprecated.
    SPI: Returns a byte array holding the signature resulting from all already performed data update operations.
    The signature is returned as defined in PKCS #1: RSA Encryption Version 1.5 (RFC 2313), claiming for an ASN.1 BIT STRING object. For building the signature according to PKCS#1, the data resulting from the several update operations is digested using the defined message digest algorithm. Subsequently, from message digest and message-digest AlgorithmID an ASN.1 DigestInfo object is created and DER encoded as required by PKCS#1:
    DigestInfo ::= SEQUENCE { digestAlgorithm DigestAlgorithmIdentifier, digest Digest } DigestAlgorithmIdentifier ::= AlgorithmIdentifier Digest ::= OCTET STRING
    Subsequently the RSA encryption is performed with the signer's RSA private key and the resulting octet string is converted to the bit string yielding the desired PKCS#1 signature.
    Please notice that calling this sign method will return the signature value resulting from encrypting the BER encoded DigestInfo onject. The conversion to a bit string is left to the calling application.
    Specified by:
    
    engineSign in class java.security.SignatureSpi
    
    Returns:
    
    a byte array holding the signature
    
    Throws:
    
    java.security.SignatureException - if an error occurs when creating the signature
  - engineVerify
```
protected boolean engineVerify(byte[] sigBytes)
                        throws java.security.SignatureException
```
    Deprecated.
    
    Verifies the given signature of a message according to PKCS#1.
    PKCS #1: RSA Encryption Version 1.5 (RFC 2313) defines a signature as bit string, which has to be converted into an octet string, RSA decrypted with the signer's RSA public key, and DER decoded for giving an ASN.1 DigestInfo. From this DigestInfo the message digest shall be taken for comparing it with the message digest derived from hashing the original message with the same message digest algorithm.
    Please notice that first step of bit-string-to-octet-string conversion already has to be done when calling this verify method. In this way the supplied sigBytes value has to be the octet string signature value.
    
    Specified by:
    
    engineVerify in class java.security.SignatureSpi
    
    Parameters:
    
    sigBytes - the signature bytes to be verified
    
    Returns:
    
    true if signature is OK, false otherwise
    
    Throws:
    
    java.security.SignatureException - if an error occurs when verifying the signature
  - engineUpdate
```
protected void engineUpdate(byte b)
```
    Deprecated.
    
    SPI: Updates the data to be signed or verified with the specified byte.
    
    Specified by:
    
    engineUpdate in class java.security.SignatureSpi
    
    Parameters:
    
    b - the byte to be used for updating.
  - engineUpdate
```
protected void engineUpdate(byte[] b,
                            int off,
                            int len)
```
    Deprecated.
    
    SPI: Updates the data to be signed or verified with the specified number of bytes, beginning at the specified offset within the given byte array.
    
    Specified by:
    
    engineUpdate in class java.security.SignatureSpi
    
    Parameters:
    
    b - the byte array holding the data to be used for this update operation.
    
    off - the offset, indicating the start position within the given byte array.
    
    len - the number of bytes to be obtained from the given byte array, starting at the given position.
  - engineSetParameter
```
protected void engineSetParameter(java.lang.String param,
                                  java.lang.Object value)
                           throws java.security.InvalidParameterException
```
    Deprecated.
    
    This method is not implemented and only throws an InvalidParameterException
    
    Specified by:
    
    engineSetParameter in class java.security.SignatureSpi
    
    Throws:
    
    java.security.InvalidParameterException - This Method is not supported
  - engineGetParameter
```
protected java.lang.Object engineGetParameter(java.lang.String param)
                                       throws java.security.InvalidParameterException
```
    Deprecated.
    
    This method is not implemented and only throws an InvalidParameterException
    
    Specified by:
    
    engineGetParameter in class java.security.SignatureSpi
    
    Throws:
    
    java.security.InvalidParameterException - This Method is not supported

Class RSASignature

Field Summary

Fields inherited from class java.security.Signature

Fields inherited from class java.security.SignatureSpi

Constructor Summary

Method Summary

Methods inherited from class java.security.Signature

Methods inherited from class java.security.SignatureSpi

Methods inherited from class java.lang.Object

Field Detail

hash

Constructor Detail

RSASignature

Method Detail

engineInitVerify

engineInitSign

engineSign

engineVerify

engineUpdate

engineUpdate

engineSetParameter

engineGetParameter