Overview  Package   Class  Tree  Deprecated  Index  Help 
XCMS Toolkit
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.cms.crypto
Class EnvelopedDataForKeyAgreementWithMQV

java.lang.Object
  extended by com.cms.crypto.AbstractEnvelopedDataProcessor
      extended by com.cms.crypto.EnvelopedDataForKeyAgreementWithMQV

public class EnvelopedDataForKeyAgreementWithMQV
extends AbstractEnvelopedDataProcessor

Provides support for ASN.1 type EnvelopedData using the 1-Pass ECMQV key agreement key establishment scheme. With this scheme, the initiator uses the kari (KeyAgreeRecipientInfo) choice alternative of ASN.1 type RecipientInfo, in a value of type EnvelopedData, to send a receiving party(s) some arbitrary data encrypted under a symmetric Content Encryption Key (CEK), along with an indication of the EC static key of the intiator, the EC ephemeral public key of the initiator, the key encryption algorithm used to encrypt the CEK, and the KEK encrypted CEK.

A value of ASN.1 type OriginatorIdentifierOrKey is used to identify the message sender, and is defined as: 

 OriginatorIdentifierOrKey ::= CHOICE {
    issuerAndSerialNumber IssuerAndSerialNumber, 
    subjectKeyIdentifier  [0] SubjectKeyIdentifier,
    originatorKey         [1] OriginatorPublicKey,
    certHash              [2] EXPLICIT Hash
 }

Version:
1.00 - 2006/02/10
Author:
support@phillipgriffin.com

Field Summary
 
Fields inherited from class com.cms.crypto.AbstractEnvelopedDataProcessor
_cipherFactory, _codec, _contentEncryptionAlgorithmId, _envelopedData, _secretKey, _version
 
Constructor Summary
EnvelopedDataForKeyAgreementWithMQV(CMSVersion version, Codec codec)
          Constructor for EnvelopedDataForKeyAgreementWithMQV.
EnvelopedDataForKeyAgreementWithMQV(CMSVersion version, java.security.KeyPair localStaticKeys, java.security.KeyPair localEphemeralKeys, Codec codec)
          Constructor for EnvelopedDataForKeyAgreementWithMQV.
 
Method Summary
 void buildEncryptedContent(javax.crypto.SecretKey secretKey, DigestAlgorithmIdentifier dai, ContentEncryptionAlgorithmIdentifier ceai, byte[] payload)
          Constructs a value of ASN.1 type EncryptedContentInfo whose content type is ordinary data indicated by the value of the contentType component, an information object identifier value id-data.
 void buildRecipientEncryptedKey(SubjectKeyIdentifier staticPublicKeyId, java.security.PublicKey staticPublicKey, java.security.PublicKey ephemeralPublicKey)
          The buildRecipientEncryptedKey method builds a new RecipientEncryptedKey for the specified recipient and adds it to the current KeyAgreeRecipientInfo.
 void buildRecipientInfo(KeyEncryptionAlgorithmIdentifier keyEncryptionAlgorithm, OtherKeyAttribute attribute, byte[] userKeyingMaterial, Codec codec)
          Builds a new ASN.1 type RecipientInfo for one or more recipients of this key agreement message, and sets this value as the current RecipientInfo.
 byte[] decrypt(EnvelopedData envelopedData, KeyAgreementKeySetLookup keyLookup)
          The decrypt method searches through each value of ASN.1 type RecipientEncryptedKey in each value of ASN.1 type RecipientInfo looking for a match of the given recipient identifier.
 void setOriginator(byte[] subjectKeyIdentifier)
          The setOriginator method is used when creating a a value of ASN.1 type OriginatorIdentifierOrKey to form a value of ASN.1 type EnvelopedData.
 void setOriginator(java.security.cert.Certificate certificate, DigestAlgorithmIdentifier dai)
          Creates a a value of ASN.1 type OriginatorIdentifierOrKey (needed to create a value of ASN.1 CMS type EnvelopedData), which is defined as
 void setOriginator(java.security.PublicKey staticPublicKey)
          The setOriginator method is used when creating a a value of ASN.1 type OriginatorIdentifierOrKey to form a value of ASN.1 type EnvelopedData.
 
Methods inherited from class com.cms.crypto.AbstractEnvelopedDataProcessor
createCertificateHash, encryptContent, getEnvelopedData
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

EnvelopedDataForKeyAgreementWithMQV

public EnvelopedDataForKeyAgreementWithMQV(CMSVersion version,
                                           java.security.KeyPair localStaticKeys,
                                           java.security.KeyPair localEphemeralKeys,
                                           Codec codec)
                                    throws CryptoException
Constructor for EnvelopedDataForKeyAgreementWithMQV.

Parameters:
version - the syntax version number for this ASN.1 type
localStaticKeys - local static public-private key pair
localEphemeralKeys - local ephemeral public-private key pair
codec - encoding rules indicator
Throws:
CryptoException

EnvelopedDataForKeyAgreementWithMQV

public EnvelopedDataForKeyAgreementWithMQV(CMSVersion version,
                                           Codec codec)
                                    throws CryptoException
Constructor for EnvelopedDataForKeyAgreementWithMQV.

Parameters:
version - the syntax version number for this ASN.1 type
codec - encoding rules indicator
Throws:
CryptoException
Method Detail

setOriginator

public void setOriginator(byte[] subjectKeyIdentifier)
                   throws CryptoException
The setOriginator method is used when creating a a value of ASN.1 type OriginatorIdentifierOrKey to form a value of ASN.1 type EnvelopedData.

This method identifies the message originator using the subjectKeyIdentifier choice alternative of ASN.1 type OriginatorIdentifierOrKey, which contains the hash of a value of ASN.1 type SubjectPublicKeyInfo, which is defined in ASN.1 module AuthenticationFramework (X.509:08/2005) as follows: 

 SubjectPublicKeyInfo ::= SEQUENCE {
    algorithm         PublicKeyAlgorithmIdentifier,
    subjectPublicKey  BIT STRING
 }

Parameters:
subjectKeyIdentifier - identifies the originator public key as the hash of a value of ASN.1 type SubjectPublicKeyInfo
Throws:
CryptoException

setOriginator

public void setOriginator(java.security.PublicKey staticPublicKey)
                   throws CryptoException
The setOriginator method is used when creating a a value of ASN.1 type OriginatorIdentifierOrKey to form a value of ASN.1 type EnvelopedData.

Identifies the message originator using the originatorKey choice alternative of ASN.1 type OriginatorIdentifierOrKey, which is a value of ASN.1 type OriginatorPublicKey, which is defined as:. 

 OriginatorPublicKey ::= SEQUENCE {
    algorithm  PublicKeyAlgorithmIdentifier
    publicKey  BIT STRING
 }

Parameters:
staticPublicKey - identifies the originator public key component of a public-private key pair
Throws:
CryptoException

setOriginator

public void setOriginator(java.security.cert.Certificate certificate,
                          DigestAlgorithmIdentifier dai)
                   throws java.security.cert.CertificateEncodingException,
                          CryptoException,
                          java.security.NoSuchAlgorithmException
Creates a a value of ASN.1 type OriginatorIdentifierOrKey (needed to create a value of ASN.1 CMS type EnvelopedData), which is defined as 
 OriginatorIdentifierOrKey ::= CHOICE {
    issuerAndSerialNumber IssuerAndSerialNumber, 
    subjectKeyIdentifier  [0] SubjectKeyIdentifier,
    originatorKey         [1] OriginatorPublicKey,
    certHash                            [2] CertHash
 }
using the certHash choice alternative, which is a value ASN.1 type CertHash. A value of ASN.1 type CertHash, which contains a message digest (hash) computed over the entire encoding of a Public Key certificate, is defined in ISO 22895:2006 as 
 CertHash ::= DigestInfo
 
 DigestInfo ::= SEQUENCE {
    hashAlgorithm  DigestAlgorithmIdentifier, 
    digest         Digest
 }
 
 Digest ::= OCTET STRING
Note that the issuerAndSerialNumber choice alternative of ASN.1 type SignerIdentifier is not currently supported.

Parameters:
certificate - the originator public key certificate
dai - certificate hash algorithm and any associated parameters
Throws:
CryptoException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateEncodingException

buildEncryptedContent

public void buildEncryptedContent(javax.crypto.SecretKey secretKey,
                                  DigestAlgorithmIdentifier dai,
                                  ContentEncryptionAlgorithmIdentifier ceai,
                                  byte[] payload)
                           throws CryptoException
Constructs a value of ASN.1 type EncryptedContentInfo whose content type is ordinary data indicated by the value of the contentType component, an information object identifier value id-data.

ASN.1 type EncryptedContentInfo is defined as: 

 EncryptedContentInfo ::= SEQUENCE {
    contentType                 ContentType,
    contentEncryptionAlgorithm  ContentEncryptionAlgorithmIdentifier,
    encryptedContent            [0] IMPLICIT EncryptedContent  OPTIONAL
 }

For more information on the ASN.1 type EncryptedContent and EncryptedContentInfo and their abstract schemas, see EncryptedContent and EncryptedContentInfo.

Parameters:
secretKey - a symmetric Content Encryption Key (CEK)
dai - a digest algorithm identifier; a value of ASN.1 type DigestAlgorithmIdentifier
ceai - content encryption algorithm identifier; a value of ASN.1 type ContentEncryptionAlgorithmIdentifier
payload - the content to be encrypted under the CEK
Throws:
CryptoException

buildRecipientInfo

public void buildRecipientInfo(KeyEncryptionAlgorithmIdentifier keyEncryptionAlgorithm,
                               OtherKeyAttribute attribute,
                               byte[] userKeyingMaterial,
                               Codec codec)
                        throws CryptoException
Builds a new ASN.1 type RecipientInfo for one or more recipients of this key agreement message, and sets this value as the current RecipientInfo. Subsequent calls to buildRecipientEncryptedKey will add encrypted keys for additional recipients to the current RecipientInfo. Note that this IETF CMS design feature promotes reduced message size when sending a message to a group of recipients who share the same ECMQV setup values (named curve, key erivation function, etc.)

NOTE: The toolkit does not currently process userKeyingMaterial, as there is no standard way to utilize this value (it is application specific). So, the value of this component of type KeyEncryptionAlgorithmIdentifier should be null. However, if it is not null it will be passed along.

For more information on the ASN.1 type RecipientInfo and the definition of its abstract schema, see RecipientInfo.

Parameters:
keyEncryptionAlgorithm - the symmetric algorithm that will use the KEK to encrypt the CEK
attribute - an optional OtherKeyAttribute
userKeyingMaterial - optional user keying material
codec - encoding rules indicator
Throws:
CryptoException

buildRecipientEncryptedKey

public void buildRecipientEncryptedKey(SubjectKeyIdentifier staticPublicKeyId,
                                       java.security.PublicKey staticPublicKey,
                                       java.security.PublicKey ephemeralPublicKey)
                                throws CryptoException
The buildRecipientEncryptedKey method builds a new RecipientEncryptedKey for the specified recipient and adds it to the current KeyAgreeRecipientInfo.

The RecipientEncryptedKey will contain the content encryption key (CEK) encrypted using a secret key encryption key (KEK) derived from the current recipient's static and ephemeral public keys.

For more information on the ASN.1 type RecipientEncryptedKey and the definition of its abstract schema, see RecipientEncryptedKey.

Parameters:
staticPublicKeyId - identifies the static public key of the recipient allowing the recipient to recover the correct static and ephemeral key pairs in order to decrypt this message.
staticPublicKey - the recipient's static public key.
ephemeralPublicKey - the recipient's ephemeral public key.
Throws:
CryptoException

decrypt

public byte[] decrypt(EnvelopedData envelopedData,
                      KeyAgreementKeySetLookup keyLookup)
               throws CryptoException
The decrypt method searches through each value of ASN.1 type RecipientEncryptedKey in each value of ASN.1 type RecipientInfo looking for a match of the given recipient identifier.

At the first successfull match, decrypt the content encryption key, and then decrypt the content.

Parameters:
envelopedData - a value of ASN.1 type EnvelopedData
keyLookup - key locator
Returns:
the decrypted payload.
Throws:
CryptoException
Overview  Package   Class  Tree  Deprecated  Index  Help 
XCMS Toolkit
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2005-2006 GRIFFIN Consulting. All Rights Reserved.