com.entrust.toolkit.security.crypto.rsa

Class RsaCipher

java.lang.Object

javax.crypto.CipherSpi

com.entrust.toolkit.security.crypto.cipher.AsymmetricCipher

com.entrust.toolkit.security.crypto.rsa.RsaCipher

Direct Known Subclasses:

RsaCipher.EsOaep, RsaCipher.EsPkcs1v15, RsaCipher.SsaPkcs1v15

public class RsaCipher
extends AsymmetricCipher

An implementation of the RSA asymmetric cipher.

The RSA public-key cryptosystem was invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman; the algorithm is defined in PKCS #1: RSA Cryptography Standard. The security of the algorithm is based on the intractability of the integer factorization.

RSA requires two keys, an RSA public key and an RSA private key, which together form an RSA key pair. The keys used with RSA (an RSA key pair) are defined as follows:

Public key

• n: the modulus
• e: the public exponent

Private key

• n: the modulus
• d: the private exponent

The RSA public-key cryptosystem can be used for different purposes: encryption and decryption; and signature and verification. For each purpose the RSA algorithm is employed in a different manner; this is referred to as RSA primitive operations. The encryption primitive produces ciphertext from a message under the control of a public key (public key encipherment), and the decryption primitive recovers the message from the ciphertext (private key decipherment) under the control of the corresponding private key. These operations are defined in PKCS #1 as follows:

Encryption Primitive

Input:

RSA public key (n, e)

message m; message must be an integer in the interval [0 .. n - 1]

Operation:

c = me mod n

Output:

ciphertext c; ciphertext will be an integer in the interval [0 .. n - 1]

Decryption Primitive

Input:

RSA private key (n, d)

ciphertext c; ciphertext must be an integer in the interval [0 .. n - 1]

Operation:

m = cd mod n

Output:

message m; message will be an integer in the interval [0 .. n - 1]

The signature primitive produces a signature from a message under the control of a private key (private key encipherment), and a verification primitive recovers the message from the signature under the control of the corresponding public key (public key decipherment). These operations are defined in PKCS #1 as follows:

Signature Primitive

Input:

RSA private key (n, d)

message m; message must be an integer in the interval [0 .. n - 1]

Operation:

s = md mod n

Output:

signature s; signature will be an integer in the interval [0 .. n - 1]

Verification Primitive

Input:

RSA public key (n, e)

signature s; signature must be an integer in the interval [0 .. n - 1]

Operation:

m = se mod n

Output:

message m; message will be an integer in the interval [0 .. n - 1]

If either primitive that employs decipherment (decryption or verification primitive) was used alone, it would be impossible to determine the length of the original message unless some sort of message padding (encoding) is employed. For this reason, PKCS #1 defines encoding methods that address this problem. Together, the primitive operation pairs and an encoding method form a cryptographic scheme (encryption scheme or signature scheme). This RSA implementation provides support for the following schemes:

Encryption schemes:

RSAES-OAEP

RSAESPKCS1-v1_5

Signature schemes:

RSASSA-PKCS1-v1_5

An RSA cipher algorithm instance operating according to any of the above schemes can be obtained using the Java Cryptography Architecture (JCA), by requesting 'RSA/<scheme>' cipher from the Entrust cryptographic service provider. This can be done for each scheme using the following calls:

RSAES-OAEP

Cipher.getInstance("RSA/OAEP/PKCS1Padding", "Entrust");

RSAESPKCS1-v1_5

Cipher.getInstance("RSA/2/PKCS1Padding", "Entrust");

RSASSA-PKCS1-v1_5

Cipher.getInstance("RSA/1/PKCS1Padding", "Entrust");

The following calls are also supported; in both cases, the algorithm will operate according to the either RSAESPKCS1-v1_5 or RSASSA-PKCS1-v1_5, automatically selecting the appropriate scheme based on the type of key (public or private) and the operation being performed (encipherment or decipherment)

Cipher.getInstance("RSA", "Entrust");
Cipher.getInstance("RSA/ECB/PKCS1Padding", "Entrust");

One disadvantage of RSA is that the message being encrypted cannot be larger than the modulus n. Also, because RSA requires modular exponentiation operations, the RSA public-key cryptosystem is substantially slower at processing data than most symmetric cipher algorithms. Because of these factors, RSA is typically used in conjunction with a symmetric cipher algorithm. Usually, RSA is used to protect a symmetric key, which in turn is used to protect the data.

This implementation has been designed to support the following RSA key types:

• Standard RSA public and private keys (software keys); instances of java.security.interfaces.RSAPrivateKey or java.security.interfaces.RSAPublicKey.
• Entrust confined RSA private keys (secure software keys); instances of RsaConfinedPrivateKey.
• RSA private keys that reside on smart cards and are accessible via PKCS #11 (token keys); instance of TokenRSAPrivateKey .
• RSA private keys that reside in CAPI and are accessible via the Microsoft CryptoAPI (CAPI keys); instance of CapiRsaPrivateKey.

When the cipher is initialized with a key, an appropriate underlying RSA algorithm implementation is automatically selected based on the type of key passed in. For token keys and CAPI keys, the requested scheme is always ignored; instead the RSAESPKCS1-v1_5 encryption scheme or RSASSA-PKCS1-v1_5 signature scheme is automatically used (for these types of keys RSAES-OAEP is not yet supported).

This class SHOULD NOT be used directly; it should only be used through the JCA/JCE.

Note:

This class SHOULD NOT be sub-classed outside of the Toolkit.

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

See Also:

RSAPrivateKey, RSAPublicKey

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	RsaCipher.EsOaep An implementation of the RSA asymmetric cipher algorithm configured for operation as the RSAES-OAEP encryption scheme.
static class	RsaCipher.EsPkcs1v15 An implementation of the RSA asymmetric cipher algorithm configured for operation as the RSAESPKCS1-v1_5 encryption scheme.
static class	RsaCipher.SsaPkcs1v15 An implementation of the RSA asymmetric cipher algorithm configured for operation as the RSASSA-PKCS1-v1_5 signature scheme.

Constructor Summary

Constructors

Constructor and Description
RsaCipher() The constructor; creates a new instance of the RSA asymmetric cipher algorithm.

Method Summary

Methods

Modifier and Type	Method and Description
protected int	engineGetKeySize(java.security.Key key) (non-Javadoc)
protected java.security.AlgorithmParameters	engineGetParameters() Returns the parameters used with this cipher.
protected void	engineSetMode(java.lang.String mode) Sets the block mode of this cipher.
protected void	engineSetPadding(java.lang.String padding) Sets the padding type of this cipher.
protected int	implGetOutputSize(int inputLen) Determines the maximum amount of data in bytes that will be output by a 'process data' operation.
protected int	implInit(int opmode, java.security.Key key, java.security.AlgorithmParameters opaqueParams, java.security.spec.AlgorithmParameterSpec transparentParams) Initializes the underlying asymmetric cipher implementation.
protected byte[]	implProcessData(byte[] input, int inputOffset, int inputLen) Processes the data using the underlying asymmetric cipher implementation.

Methods inherited from class com.entrust.toolkit.security.crypto.cipher.AsymmetricCipher

engineDoFinal, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetOutputSize, engineInit, engineInit, engineInit, engineUnwrap, engineUpdate, engineUpdate, engineWrap, getPrng

Methods inherited from class javax.crypto.CipherSpi

engineDoFinal, engineUpdate, engineUpdateAAD, engineUpdateAAD

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RsaCipher

public RsaCipher()

The constructor; creates a new instance of the RSA asymmetric cipher algorithm.

Applications should never use this constructor, instead the symmetric cipher algorithm should be requested from the appropriate JCA/JCE cryptographic service provider as follows: Cipher.getInstance("RSA", "Entrust").

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• status output interface (exceptions)

Method Detail

engineSetPadding

protected final void engineSetPadding(java.lang.String padding)
                               throws javax.crypto.NoSuchPaddingException

Description copied from class: AsymmetricCipher

Sets the padding type of this cipher.

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• status output interface (exceptions)

Specified by:

engineSetPadding in class AsymmetricCipher

Parameters:

padding - [FIPS 140-2 control input] the padding type

Throws:

javax.crypto.NoSuchPaddingException - [FIPS 140-2 status output] if the requested padding type does not exist

engineSetMode

protected final void engineSetMode(java.lang.String mode)
                            throws java.security.NoSuchAlgorithmException

Description copied from class: AsymmetricCipher

Sets the block mode of this cipher.

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• status output interface (exceptions)

Specified by:

engineSetMode in class AsymmetricCipher

Parameters:

mode - [FIPS 140-2 control input] the cipher block mode

Throws:

java.security.NoSuchAlgorithmException - [FIPS 140-2 status output] if the requested cipher block mode is not supported

engineGetParameters

protected final java.security.AlgorithmParameters engineGetParameters()

Description copied from class: AsymmetricCipher

Returns the parameters used with this cipher.

The returned parameters may be the same that were used to initialize this cipher, or may contain a combination of default and random parameter values used by the underlying cipher implementation if this cipher requires algorithm parameters but was not initialized with any.

FIPS 140-2:

FIPS Service: Query Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data output interface (return value)
• status output interface (exceptions)

Specified by:

engineGetParameters in class AsymmetricCipher

Returns:

[FIPS 140-2 data output] the parameters used with this cipher, or null if this cipher does not use any parameters

engineGetKeySize

protected final int engineGetKeySize(java.security.Key key)
                              throws java.security.InvalidKeyException

(non-Javadoc)

Specified by:

engineGetKeySize in class AsymmetricCipher

Parameters:

key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the key object

Returns:

[FIPS 140-2 data output] the key size of the given key object

Throws:

java.security.InvalidKeyException - [FIPS 140-2 status output] if key is invalid

See Also:

AsymmetricCipher.engineGetKeySize(java.security.Key)

implInit

protected int implInit(int opmode,
           java.security.Key key,
           java.security.AlgorithmParameters opaqueParams,
           java.security.spec.AlgorithmParameterSpec transparentParams)
                throws java.security.InvalidKeyException,
                       java.security.InvalidAlgorithmParameterException

Description copied from class: AsymmetricCipher

Initializes the underlying asymmetric cipher implementation.

FIPS 140-2:

FIPS Service: Modify Object

Although this API is externally accessible (protected), it is intended for internal use only and MUST NOT be called externally by the operator when operating in FIPS mode. Since its use is prohibited, this API is not part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Specified by:

implInit in class AsymmetricCipher

key - the key

opaqueParams - the algorithm parameters in opaque format

transparentParams - the algorithm parameters in transparent format

Returns:

the maximum amount of input that can be process (and thus may need to be buffered)

Throws:

java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher

java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher, or if this cipher is being initialized for decryption and requires algorithm parameters and params is null.

implProcessData

protected final byte[] implProcessData(byte[] input,
                     int inputOffset,
                     int inputLen)
                                throws javax.crypto.BadPaddingException,
                                       javax.crypto.IllegalBlockSizeException

Description copied from class: AsymmetricCipher

Processes the data using the underlying asymmetric cipher implementation.

FIPS 140-2:

FIPS Service: Cryptographic Operation

Although this API is externally accessible (protected), it is intended for internal use only and MUST NOT be called externally by the operator when operating in FIPS mode. Since its use is prohibited, this API is not part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Specified by:

implProcessData in class AsymmetricCipher

Parameters:

input - the input buffer

inputOffset - the offset in input where the input starts

inputLen - the input length

Returns:

the new buffer with the result

Throws:

javax.crypto.BadPaddingException - if this cipher is in decryption mode, but the decrypted data is not bounded by the appropriate padding bytes

javax.crypto.IllegalBlockSizeException - if the amount of data (plaintext or ciphertext) provided to the underlying asymmetric cipher implementation is in appropriate for the key being used

implGetOutputSize

protected final int implGetOutputSize(int inputLen)

Description copied from class: AsymmetricCipher

Determines the maximum amount of data in bytes that will be output by a 'process data' operation.

FIPS 140-2:

FIPS Service: Query Object

Although this API is externally accessible (protected), it is intended for internal use only and MUST NOT be called externally by the operator when operating in FIPS mode. Since its use is prohibited, this API is not part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Specified by:

implGetOutputSize in class AsymmetricCipher

Parameters:

inputLen - the input length (in bytes)

Returns:

the required output buffer size (in bytes)