iaik.security.md

Class Md2

java.lang.Object

java.security.MessageDigestSpi

java.security.MessageDigest

iaik.security.md.Md2

All Implemented Interfaces:

java.io.Serializable, java.lang.Cloneable

public class Md2
extends java.security.MessageDigest
implements java.lang.Cloneable, java.io.Serializable

This class implements the MD2 message digest algorithm.

by Ron Rivest's MD2 algorithm is described by Burt Kaliski in RFC 1319 (and previously in RFC 1115). It is a secure hash function that takes input of arbitrary length and produces an output of exactly 16 bytes (128 bit).

It is designed for 8 bit machines and therefore does not deliver optimum performance on todays processors with a wordsize of 32 and more bits. Additionally, some weaknesses have been found in the compression function employed by MD2, although the algorithm can still be considered secure because of a checksum that is appended to the data. Nevertheless we recommend using MD5 or even better SHA-1 both for speed and security reasons. Basically MD2 is implemented only to allow certain certificates from RSA Inc. and Verisign to be verified.

An excerpt from the original RFC1319 follows:

 This document describes the MD2 message-digest algorithm. The
 algorithm takes as input a message of arbitrary length and produces
 as output a 128-bit "fingerprint" or "message digest" of the input.
 It is conjectured that it is computationally infeasible to produce
 two messages having the same message digest, or to produce any
 message having a given prespecified target message digest. The MD2
 algorithm is intended for digital signature applications, where a
 large file must be "compressed" in a secure manner before being
 signed with a private (secret) key under a public-key cryptosystem
 such as RSA.
 

This class extends the java.security.MessageDigest class and applications should use one of the getInstance methods presented there to create a MessageDigest-MD2 object. Generally, an application wishing to compute the message digest of some data has to perform three steps:

• First an instance of the desired message digest algorithm has to be created using a proper getInstance method, e.g.:

       MessageDigest md2 = MessageDigest.getInstance("MD2", "IAIK");
       

• Second, the data to be hashed is supplied to the MessageDigest object just created by one or more calls to one of the update methods, e.g:
  

       md2.update(m1);
       md2.update(m2);
       ...
       

• Finally, the hash value can be computed using one of the digest methods:
  

       byte[] hash_value = md2.digest();
       

  
  

There are several ways for combining update and digest methods for computing a message digest. Since this class implements the Cloneable interface, MD2 MessageDigest objects may be used for compute intermediate hashes through cloning (see http://java.sun.com/products/JDK/1.1/docs/guide/security/CryptoSpec.html).

When the hash value successfully has been computed, the MD2 MessageDigest object automatically resets for being able to be supplied with new data to be hashed.

The MD2 algorithm may be combined with a public-key algorithm (e.g. RSA) to be used as digital signature algorithm (see iaik.security.rsa.Md2RSASignature).

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

Version:

1.0

See Also:

Md2RSASignature, SHA1, MD5, Serialized Form

Constructor Summary

Constructors

Constructor and Description
Md2() The constructor; creates a new instance of the MD2 message digest algorithm.

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.Object	clone() Creates and returns a copy of this object.
void	destroyCriticalData() Clears any sensitive data held internally by this algorithm.
byte[]	engineDigest() Completes the hash computation by performing final operations such as padding.
void	engineReset() Resets the digest for further use.
void	engineUpdate(byte input) Updates the digest using the specified byte.
void	engineUpdate(byte[] input, int offset, int len) Updates the digest using the specified array of bytes, starting at the specified offset.
protected void	finalize() The finalizer.

Methods inherited from class java.security.MessageDigest

digest, digest, digest, getAlgorithm, getDigestLength, getInstance, getInstance, getInstance, getProvider, isEqual, reset, toString, update, update, update, update

Methods inherited from class java.security.MessageDigestSpi

engineDigest, engineGetDigestLength, engineUpdate

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

Md2

public Md2()

The constructor; creates a new instance of the MD2 message digest algorithm.

Applications should not use this constructor, instead the message digest algorithm should be requested from the appropriate JCA/JCE cryptographic service provider as follows: MessageDigest.getInstance("MD2", "IAIK").

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• status output interface (exceptions)

Method Detail

engineUpdate

public void engineUpdate(byte[] input,
                int offset,
                int len)

Updates the digest using the specified array of bytes, starting at the specified offset.

FIPS 140-2:

FIPS Service: Hash Generation

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters)
• status output interface (exceptions)

Specified by:

engineUpdate in class java.security.MessageDigestSpi

Parameters:

input - [FIPS 140-2 data input] the array of bytes to use for the update.

offset - [FIPS 140-2 data input] the offset to start from in the array of bytes.

len - [FIPS 140-2 data input] the number of bytes to use, starting at offset.

Throws:

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineUpdate

public void engineUpdate(byte input)

Updates the digest using the specified byte.

FIPS 140-2:

FIPS Service: Hash Generation

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters)
• status output interface (exceptions)

Specified by:

engineUpdate in class java.security.MessageDigestSpi

Parameters:

input - [FIPS 140-2 data input] the byte to use for the update.

Throws:

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineReset

public void engineReset()

Resets the digest for further use.

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• status output interface (exceptions)

Specified by:

engineReset in class java.security.MessageDigestSpi

Throws:

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineDigest

public byte[] engineDigest()

Completes the hash computation by performing final operations such as padding. Once engineDigest has been called, the engine should be reset (see engineReset). Resetting is the responsibility of the engine implementor.

FIPS 140-2:

FIPS Service: Hash Generation

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data output interface (return value)
• status output interface (exceptions)

Specified by:

engineDigest in class java.security.MessageDigestSpi

Returns:

[FIPS 140-2 data output] the array of bytes for the resulting hash value.

Throws:

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

clone

public java.lang.Object clone()

Creates and returns a copy of this object.

FIPS 140-2:

FIPS Service: Query Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• status output interface (exceptions)

Overrides:

clone in class java.security.MessageDigest

Returns:

[FIPS 140-2 status output] a clone of this instance.

destroyCriticalData

public void destroyCriticalData()

Clears any sensitive data held internally by this algorithm.

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• status output interface (exceptions)

finalize

protected void finalize()

The finalizer.

FIPS 140-2:

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• status output interface (exceptions)

Overrides:

finalize in class java.lang.Object