com.entrust.toolkit.security.crypto.signature

Class RsaPssSignature

java.lang.Object

java.security.SignatureSpi

java.security.Signature

com.entrust.toolkit.security.crypto.signature.DigitalSignature

com.entrust.toolkit.security.crypto.signature.RsaSignature

com.entrust.toolkit.security.crypto.signature.RsaPssSignature

All Implemented Interfaces:

ExtendedSignature

Direct Known Subclasses:

RsaPssWithDigestSignature, RsaPssWithNoneSignature

public abstract class RsaPssSignature
extends RsaSignature

The RSA-PSS signature algorithm.

The RSA-PSS signature algorithm combines the RSA signature and verification primitives with the PSS encoding method. The lengths of messages on which RSA-PSS can operate is either unrestricted or constrained by a very large number, depending on the hash function used in the underlying PSS encoding method. The hash function used by the algorithm can be selected at initialization time by passing in appropriate RSA-PSS algorithm parameters.

RSA-PSS Signature Generation

1. The PSS encode operation is applied to the message m to produce an encoded message EM of length k (where k is the length in bytes of the RSA modulus n).
2. The RSA signature generation primitive is applied to EM to produce the signature S.

RSA-PSS Signature Verification

1. The RSA signature verification primitive is applied to the signature S being verified to produce the encoded message EM.
2. The PSS verification operation is applied to the message M and the encoded message EM to determine whether they are consistent.
3. If the message M and the encoded message EM are consistent; the signature is valid, otherwise the signature is invalid.

The PSS encoding and verification operations are parameterized by choice of hash function, mask generation function, and salt length. Further details on the RSA PSS encoding and verification operations are not provided here; for more information refer to PKCS #1: RSA Cryptography Standard.

RSA-PSS is different from other RSA-based signature schemes in that it is probabilistic rather than deterministic, incorporating a randomly generated salt value. The salt value enhances the security of the scheme by affording a "tighter" security proof than deterministic alternatives. RSA-PSS is the successor to RSA-PKCS1-v1_5; although no known attacks are known against RSA-PKCS1-v1_5, in the interest of robustness, RSA-PSS is recommended for eventual adoption in new applications.

This digital signature algorithm implementation requires parameters when initialized for signature generation. If algorithm parameters are not provided, a default set will automatically be used. The following algorithm parameter representations are supported:

• RsaPssParameterSpec

The default parameters are represented as an RSAPSSParameterSpec instance that with the following parameter values set.

• hashAlgorithm: sha1: {OID id-sha1 PARAMETERS NULL}
• maskGenAlgorithm: mgf1SHA1: {OID id-mgf1 PARAMETERS sha1}
• saltLength: 20
• trailerField: 1

An RSA-PSS digital signature algorithm instance can be obtained using the Java Cryptography Architecture (JCA), by requesting the '<algorithm>' digital signature from the cryptographic service provider. This can be done using the following call:

Signature.getInstance("<algorithm>", "Entrust");

This implementation calculates the hash internally, thus it is the message itself (being signed or verified) that is passed in through the update() API.

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

Since:

7.2

See Also:

PKCS #1: RSA Cryptography Standard, FIPS 186-3, Digital Signature Standard (DSS)

Field Summary

Fields inherited from class java.security.Signature

SIGN, state, UNINITIALIZED, VERIFY

Fields inherited from class java.security.SignatureSpi

appRandom

Method Summary

Methods

Modifier and Type	Method and Description
protected void	assertParametersValid(java.security.spec.AlgorithmParameterSpec params) Checks the parameters to ensure that they are valid and appropriate for this digital signature algorithm.
protected java.security.spec.AlgorithmParameterSpec	generateDefaultParameters() Returns a default set of parameters that are valid and appropriate for this digital signature algorithm.
protected java.security.AlgorithmParameters	toAlgorithmParameters(java.security.spec.AlgorithmParameterSpec paramSpec) Converts algorithm parameters in transparent representation into their opaque representation during a call to engineGetParameters() .

Methods inherited from class com.entrust.toolkit.security.crypto.signature.RsaSignature

getDigitalSignatureImpl

Methods inherited from class com.entrust.toolkit.security.crypto.signature.DigitalSignature

engineGetParameter, engineGetParameters, engineInitSign, engineInitSign, engineInitVerify, engineSetParameter, engineSetParameter, engineSign, engineSign, engineUpdate, engineUpdate, engineVerify, engineVerify, getDigest, getPrng

Methods inherited from class java.security.Signature

clone, getAlgorithm, getInstance, getInstance, getInstance, getParameter, getParameters, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, update, verify, verify

Methods inherited from class java.security.SignatureSpi

engineUpdate

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Method Detail

generateDefaultParameters

protected final java.security.spec.AlgorithmParameterSpec generateDefaultParameters()

Description copied from class: DigitalSignature

Returns a default set of parameters that are valid and appropriate for this digital signature algorithm.

This default implementation is only appropriate for algorithms that do not support algorithm parameters; it always returns null. For algorithms that do support algorithm parameters, this API must be overridden to generate a valid and appropriate set of default algorithm parameters. These parameters will automatically be used when parameters are not provided through the engineSetParameter() API and the algorithm is initialized for signature generation.

FIPS 140-2:

FIPS Service: Non-Cryptographic Operation

Although this API is externally accessible (protected), it is intended for internal use only and MUST NOT be called externally by the operator when operating in FIPS mode. Since its use is prohibited, this API is not part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Overrides:

generateDefaultParameters in class DigitalSignature

Returns:

the default set of algorithm parameters or null if this algorithm does not support parameters

assertParametersValid

protected final void assertParametersValid(java.security.spec.AlgorithmParameterSpec params)
                                    throws java.security.InvalidAlgorithmParameterException

Description copied from class: DigitalSignature

Checks the parameters to ensure that they are valid and appropriate for this digital signature algorithm.

This default implementation is only appropriate for algorithms that do not support algorithm parameters; it throws an InvalidAlgorithmParameterException indicating that parameters are not supported when non-null parameters are provided. For algorithms that do support algorithm parameters, this API must be overridden to check that the parameters that were passed in are valid and appropriate for the algorithm.

FIPS 140-2:

Although this API is externally accessible (protected), it is intended for internal use only and MUST NOT be called externally by the operator when operating in FIPS mode. Since its use is prohibited, this API is not part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Overrides:

assertParametersValid in class DigitalSignature

Parameters:

params - the parameters

Throws:

java.security.InvalidAlgorithmParameterException - if the given parameters are inappropriate for this signature algorithm

toAlgorithmParameters

protected final java.security.AlgorithmParameters toAlgorithmParameters(java.security.spec.AlgorithmParameterSpec paramSpec)

Description copied from class: DigitalSignature

Converts algorithm parameters in transparent representation into their opaque representation during a call to engineGetParameters() .

This default implementation is only appropriate for algorithms that do not support algorithm parameters; it always returns null. For algorithms that do support algorithm parameters, this API must be overridden to convert supported parameters in transparent representation to opaque representation.

FIPS 140-2:

FIPS Service: Non-Cryptographic Operation

Although this API is externally accessible (protected), it is intended for internal use only and MUST NOT be called externally by the operator when operating in FIPS mode. Since its use is prohibited, this API is not part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Overrides:

toAlgorithmParameters in class DigitalSignature

Parameters:

paramSpec - a transparent representation of the algorithm parameters

Returns:

an opaque representation of the algorithm parameters or null if this algorithm does not support parameters