RsaPkcs1v1_5Signature ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- java.security.SignatureSpi
- - java.security.Signature
  - - com.entrust.toolkit.security.crypto.signature.DigitalSignature
    - - com.entrust.toolkit.security.crypto.signature.RsaSignature
      - com.entrust.toolkit.security.crypto.signature.RsaPkcs1v1_5Signature

All Implemented Interfaces:

ExtendedSignature

Direct Known Subclasses:

Md2RsaSignature, Md5RsaSignature, Sha1RsaSignature, Sha224RsaSignature, Sha256RsaSignature, Sha384RsaSignature, Sha512RsaSignature
```
public abstract class RsaPkcs1v1_5Signature
extends RsaSignature
```
The super-class of all RSA-PKCS1-v1_5 signature algorithms in Entrust's digital signature algorithm architecture; it contains all the common functionality used by Entrust's RSA-PKCS1-v1_5 digital signature algorithms.
The RSA-PKCS1-v1_5 signature algorithm combines the RSA signature and verification primitives with the PKCS1-v1_5 encoding method. The lengths of messages on which RSA-PKCS1-v1_5 can operate is either unrestricted or constrained by a very large number, depending on the hash function used in the underlying PKCS1-v1_5 encoding method. Entrust provides several RSA-PKCS1-v1_5 signature algorithms each using a different underlying hash function.

PKCS1-v1_5 Encoding
1. The hash function is applied to the message M to produce a hash value H.
2. A DigestInfo structure is created containing the hash algorithm identifier and the hash value.
3. The DigestInfo structure is DER encoded to produce T.
4. The encoded message EM is created as follows, where EM must be the same number of bytes as the RSA key modulus:
  
  EM = 0x00 || 0x01 || 0xff || ... || 0xff || T
RSA-PKCS1-v1_5 Signature Generation
1. The PKCS1-v1_5 encoding method is applied to the message M being signed to produced the encoded message EM.
2. The RSA signature generation primitive is applied to EM to produce the signature S.
RSA-PKCS1-v1_5 Signature Verification
1. The RSA signature verification primitive is applied to the signature S being verified to produce the first encoded message EM1.
2. The PKCS1-v1_5 encoding method is applied to the message M being verified to produce the second encoded message EM2.
3. The two encoded messages EM1 and EM2 are compared; if they are the same the signature is valid, otherwise the signature is invalid.
Although no attacks are known against RSA-PKCS1-v1_5, in the interest of increased robustness, RSA-PSS is recommended for eventual adoption in new applications. RSA-PKCS1-v1_5 is included for compatibility with existing applications, and while still appropriate for new applications, a gradual transition to RSA-PSS is encouraged.

This digital signature algorithm does not use any algorithm parameters; if any are provided, an InvalidAlgorithmParameterException will result.

An RSA-PKCS1-v1_5 digital signature algorithm instance can be obtained using the Java Cryptography Architecture (JCA), by requesting the '<digestAlgorithm>withRSA' algorithm from the Entrust cryptographic service provider. This can be done using the following call:

Signature.getInstance("<digestAlgorithm>withRSA", "Entrust");

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details
Since:

7.2

See Also:
PKCS #1: RSA Cryptography Standard, FIPS 186-3, Digital Signature Standard (DSS)

- Field Summary
  - Fields inherited from class java.security.Signature
    SIGN, state, UNINITIALIZED, VERIFY
  - Fields inherited from class java.security.SignatureSpi
    appRandom
- Method Summary
  - Methods inherited from class com.entrust.toolkit.security.crypto.signature.RsaSignature
    getDigitalSignatureImpl
  - Methods inherited from class com.entrust.toolkit.security.crypto.signature.DigitalSignature
    assertParametersValid, engineGetParameter, engineGetParameters, engineInitSign, engineInitSign, engineInitVerify, engineSetParameter, engineSetParameter, engineSign, engineSign, engineUpdate, engineUpdate, engineVerify, engineVerify, generateDefaultParameters, getDigest, getPrng, toAlgorithmParameters
  - Methods inherited from class java.security.Signature
    clone, getAlgorithm, getInstance, getInstance, getInstance, getParameter, getParameters, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, update, verify, verify
  - Methods inherited from class java.security.SignatureSpi
    engineUpdate
  - Methods inherited from class java.lang.Object
    equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Class RsaPkcs1v1_5Signature

Field Summary

Fields inherited from class java.security.Signature

Fields inherited from class java.security.SignatureSpi

Method Summary

Methods inherited from class com.entrust.toolkit.security.crypto.signature.RsaSignature

Methods inherited from class com.entrust.toolkit.security.crypto.signature.DigitalSignature

Methods inherited from class java.security.Signature

Methods inherited from class java.security.SignatureSpi

Methods inherited from class java.lang.Object