com.cms.crypto
Class EnvelopedDataForKeyTransport

java.lang.Object
  com.cms.crypto.AbstractEnvelopedDataProcessor
      com.cms.crypto.EnvelopedDataForKeyTransport

public class EnvelopedDataForKeyTransport
extends AbstractEnvelopedDataProcessor

Performs encryption, decryption and other processing required to send and receive values of ASN.1 CMS type EnvelopedData using a key transport key establishment scheme.

Version:

1.00 - 2006/01/24

Author:

support@phillipgriffin.com

Field Summary

Fields inherited from class com.cms.crypto.AbstractEnvelopedDataProcessor

_cipherFactory, _codec, _contentEncryptionAlgorithmId, _envelopedData, _secretKey, _version

Constructor Summary

EnvelopedDataForKeyTransport(CMSVersion version, Codec codec)
Constructor for EnvelopedDataForKeyTransport with cryptographic message syntax version and encoding rules parameters.

Method Summary

protected RecipientInfos	buildRecipientInfos(javax.crypto.SecretKey secretKey, java.util.List<java.security.cert.Certificate> recipientCertificates, DigestAlgorithmIdentifier dai, KeyEncryptionAlgorithmIdentifier keai) Create a list of values of ASN.1 type RecipientInfo, one for each recipient certificate that contains the encrypted secret key.
byte[]	decrypt(EnvelopedData envelopedData, RecipientIdentifier rid, java.security.PrivateKey recipientPrivateKey) Decrypts the encrypted content in a value of ASN.1 type EnvelopedData for a provided cryptographic message recipient using the recipent private key component of a public-private key pair associated with a Public Key certificate.
void	encrypt(javax.crypto.SecretKey secretKey, java.util.List<java.security.cert.Certificate> recipientCertificates, DigestAlgorithmIdentifier dai, ContentEncryptionAlgorithmIdentifier ceai, KeyEncryptionAlgorithmIdentifier keai, byte[] payload) Encrypts the provided content (payload) with a provided symmetric Content Encryption Key (CEK) using the indicated content encryption algorithm, then encrypts the CEK using the public key component of a Public Key certificate as the Key Encryption Key (KEY).

Methods inherited from class com.cms.crypto.AbstractEnvelopedDataProcessor

createCertificateHash, encryptContent, getEnvelopedData

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EnvelopedDataForKeyTransport

public EnvelopedDataForKeyTransport(CMSVersion version,
                                    Codec codec)
                             throws CryptoException

Constructor for EnvelopedDataForKeyTransport with cryptographic message syntax version and encoding rules parameters.

Parameters:

version - syntax version of ASN.1 CMS type EnvelopedData

codec - ASN.1 encoding rules

Throws:

CryptoException

Method Detail

encrypt

public void encrypt(javax.crypto.SecretKey secretKey,
                    java.util.List<java.security.cert.Certificate> recipientCertificates,
                    DigestAlgorithmIdentifier dai,
                    ContentEncryptionAlgorithmIdentifier ceai,
                    KeyEncryptionAlgorithmIdentifier keai,
                    byte[] payload)
             throws CryptoException

Encrypts the provided content (payload) with a provided symmetric Content Encryption Key (CEK) using the indicated content encryption algorithm, then encrypts the CEK using the public key component of a Public Key certificate as the Key Encryption Key (KEY).

Parameters:

secretKey - a Content Encryption Key (CEK)

recipientCertificates - one or more message recipient certificates

dai - a digest algorithm identifier

ceai - a content encryption algorithm identifier

keai - a key encryption algorithm identifier

payload - content to be encrypted

Throws:

CryptoException

buildRecipientInfos

protected RecipientInfos buildRecipientInfos(javax.crypto.SecretKey secretKey,
                                             java.util.List<java.security.cert.Certificate> recipientCertificates,
                                             DigestAlgorithmIdentifier dai,
                                             KeyEncryptionAlgorithmIdentifier keai)
                                      throws CryptoException

Create a list of values of ASN.1 type RecipientInfo, one for each recipient certificate that contains the encrypted secret key.

 RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo
 
 RecipientInfo ::= CHOICE {
    ktri   KeyTransRecipientInfo,
    kari   [1] KeyAgreeRecipientInfo,
    kekri  [2] KEKRecipientInfo,
    pwri   [3] PasswordRecipientInfo,
    ori    [4] ExtendedKeyMgmtRecipientInfo
    }
 

Note that only the ktri and kari choice alternatives of ASN.1 type RecipientInfo are currently supported.

   
 KeyTransRecipientInfo ::= SEQUENCE {
    version                 CMSVersion,  -- always set to 0 or 2
    rid                     RecipientIdentifier,
    keyEncryptionAlgorithm  KeyEncryptionAlgorithmIdentifier,
    encryptedKey            EncryptedKey
 }
 
 RecipientIdentifier ::= CHOICE {
    issuerAndSerialNumber  IssuerAndSerialNumber,
    subjectKeyIdentifier   [0] SubjectKeyIdentifier,
    certHash               [1] CertHash         
 }
 

Note that the issuerAndSerialNumber choice alternative of ASN.1 type RecipientIdentifier is not currently supported.

Parameters:

secretKey - a Content Encryption Key (CEK)

recipientCertificates - one or more message recipient certificates

dai - a digest algorithm identifier

keai - a key encryption algorithm identifier

Returns:

one or more recipient information values

Throws:

CryptoException

decrypt

public byte[] decrypt(EnvelopedData envelopedData,
                      RecipientIdentifier rid,
                      java.security.PrivateKey recipientPrivateKey)
               throws CryptoException

Decrypts the encrypted content in a value of ASN.1 type EnvelopedData for a provided cryptographic message recipient using the recipent private key component of a public-private key pair associated with a Public Key certificate.

Throws:

CryptoException