com.entrust.toolkit.security.crypto.signature

Class SslRsaSignature

java.lang.Object

java.security.SignatureSpi

java.security.Signature

com.entrust.toolkit.security.crypto.signature.DigitalSignature

com.entrust.toolkit.security.crypto.signature.RsaSignature

com.entrust.toolkit.security.crypto.signature.SslRsaSignature

All Implemented Interfaces:

ExtendedSignature

public final class SslRsaSignature
extends RsaSignature

The RSA signature algorithm as defined for use in the SSL protocol.

This is a modified version of the RSA-PKCS1-v1_5 signature algorithm. The only difference between RSA-PKCS1-v1_5 and the SSL/RSA is the encoding method employed. For SSL/RSA a 36-byte structure of two hashes (one SHA and one MD5) is used as the message hash during encoding and a DigestInfo is not created.

SSL Encoding

1. The SHA and MD5 hash functions are applied to the message M to produce a hash value H, where H = SHA1(M) || MD5(M).
2. The encoded message EM is created as follows, where EM must be the same number of bytes as the RSA key modulus:
   
   EM = 0x00 || 0x01 || 0xff || ... || 0xff || T

This implementation calculates the hash internally, thus it is the message itself (being signed or verified) that is passed in through the update() API.

An instance of this algorithm can be obtained using the Java Cryptography Architecture (JCA), by requesting a 'SSL/RSA' digital signature from the Entrust cryptographic service provider. This can be done using the following call:

Signature.getInstance("SSL/RSA", "Entrust");

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

Since:

7.0

See Also:

RsaPkcs1v1_5Signature, The SSL Protocol Version 3.0

Field Summary

Fields inherited from class java.security.Signature

SIGN, state, UNINITIALIZED, VERIFY

Fields inherited from class java.security.SignatureSpi

appRandom

Constructor Summary

Constructors

Constructor and Description
SslRsaSignature() The constructor; creates a new instance of the SSL/RSA digital signature algorithm instance.

Method Summary

Methods inherited from class com.entrust.toolkit.security.crypto.signature.RsaSignature

getDigitalSignatureImpl

Methods inherited from class com.entrust.toolkit.security.crypto.signature.DigitalSignature

assertParametersValid, engineGetParameter, engineGetParameters, engineInitSign, engineInitSign, engineInitVerify, engineSetParameter, engineSetParameter, engineSign, engineSign, engineUpdate, engineUpdate, engineVerify, engineVerify, generateDefaultParameters, getDigest, getPrng, toAlgorithmParameters

Methods inherited from class java.security.Signature

clone, getAlgorithm, getInstance, getInstance, getInstance, getParameter, getParameters, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, update, verify, verify

Methods inherited from class java.security.SignatureSpi

engineUpdate

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SslRsaSignature

public SslRsaSignature()

The constructor; creates a new instance of the SSL/RSA digital signature algorithm instance.

Applications should not use this constructor, instead the signature algorithm should be requested from the appropriate JCA/JCE cryptographic service provider as follows: Signature.getInstance("SSL/RSA", "Entrust")