public abstract class RsaSignature extends DigitalSignature
All RSA signature algorithms use the RSA asymmetric cryptosystem. The RSA public-key cryptosystem was invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman; the algorithm is defined in PKCS #1: RSA Cryptography Standard. The security of the algorithm is based on the intractability of the integer factorization.
RSA requires two keys, an RSA public key and an RSA private key, which together form an RSA key pair. The keys used with RSA (an RSA key pair) are defined as follows:
n: the moduluse: the public exponentn: the modulusd: the private exponentThe RSA public-key cryptosystem can be used for different purposes, two of which are signature and verification. For each purpose the RSA algorithm is employed in a different manner; this is referred to as RSA primitive operations. The signature primitive produces a signature from a message under the control of a private key (private key encipherment), and a verification primitive recovers the message from the signature under the control of the corresponding public key (public key decipherment). These operations are defined in PKCS #1 as follows:
(n, d)m; message must be an integer in the interval
[0 .. n - 1]s = md mod ns; signature will be an integer in the interval
[0 .. n - 1](n, e)s; signature must be an integer in the interval
[0 .. n - 1]m = se mod nm; message will be an integer in the interval
[0 .. n - 1]The cryptographic primitives (signature or verification), together with an encoding method, form the RSA signature algorithm. The RSA signature algorithm operates by first applying the encoding method to message, and then applying the cryptographic primitive. An encoding operation is composed of a hash function (reduces the message size) and some encoding operation. Its main purpose is to map messages of varying sizes to encoded messages of a specified length. The encoding operation may introduce some randomness, so that different applications of the encoding operation to the same message will produce different encoded messages, which has benefits for provable security.
This implementation has been designed to support the following RSA key types:
java.security.interfaces.RSAPrivateKey or
java.security.interfaces.RSAPublicKey.RsaConfinedPrivateKey.TokenRSAPrivateKey
.CapiRsaPrivateKey.When the signature algorithm is initialized with a key, an appropriate underlying RSA algorithm implementation is automatically selected based on the type of key passed in.
An RSA digital signature algorithm instance can be obtained using the Java
Cryptography Architecture (JCA), by requesting the '<algorithm>'
algorithm from the Entrust cryptographic service provider. This can be done using the following
call:
Signature.getInstance("<algorithm>", "Entrust");
| Modifier and Type | Method and Description |
|---|---|
protected com.entrust.toolkit.security.crypto.signature.DigitalSignatureImpl |
getDigitalSignatureImpl(java.lang.String implClassName)
Instantiates the internal signature algorithm implementation from the
indicated class.
|
assertParametersValid, engineGetParameter, engineGetParameters, engineInitSign, engineInitSign, engineInitVerify, engineSetParameter, engineSetParameter, engineSign, engineSign, engineUpdate, engineUpdate, engineVerify, engineVerify, generateDefaultParameters, getDigest, getPrng, toAlgorithmParametersprotected final com.entrust.toolkit.security.crypto.signature.DigitalSignatureImpl getDigitalSignatureImpl(java.lang.String implClassName)
throws java.lang.RuntimeException
DigitalSignatureThis API is necessary so that the signature algorithm implementation classes can exist in a different package and not require public constructors.
getDigitalSignatureImpl in class DigitalSignatureimplClassName - the name of the class for the signature algorithm
implementationjava.lang.RuntimeException - if the signature algorithm implementation could not be
instantiated