javacard.security
Class Signature

java.lang.Object
  javacard.security.Signature

public abstract class Signature

extends Object

The Signature class is the base class for Signature algorithms. Implementations of Signature algorithms must extend this class and implement all the abstract methods.

The term "pad" is used in the public key signature algorithms below to refer to all the operations specified in the referenced scheme to transform the message digest into the encryption block size.

A tear or card reset event resets an initialized Signature object to the state it was in when previously initialized via a call to init().

Note:

• On a tear or card reset event, the DES and triple DES algorithms in outer CBC mode reset the initial vector(IV) to 0. The initial vector(IV) can be re-initialized using the init(Key, byte, byte[], short, short) method.

Field Summary

static byte	ALG_DES_MAC4_ISO9797_M1 Signature algorithm ALG_DES_MAC4_ISO9797_M1 generates a 4 byte MAC (most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the ISO 9797 method 1 scheme.
static byte	ALG_DES_MAC4_ISO9797_M2 Signature algorithm ALG_DES_MAC4_ISO9797_M2 generates a 4 byte MAC (most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.
static byte	ALG_DES_MAC4_NOPAD Signature algorithm ALG_DES_MAC4_NOPAD generates a 4 byte MAC (most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. This algorithm does not pad input data.
static byte	ALG_DES_MAC4_PKCS5 Signature algorithm ALG_DES_MAC4_PKCS5 generates a 4 byte MAC (most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the PKCS#5 scheme.
static byte	ALG_DES_MAC8_ISO9797_M1 Signature algorithm ALG_DES_MAC8_ISO9797_M1 generates a 8 byte MAC using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the ISO 9797 method 1 scheme.
static byte	ALG_DES_MAC8_ISO9797_M2 Signature algorithm ALG_DES_MAC8_ISO9797_M2 generates a 8 byte MAC using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.
static byte	ALG_DES_MAC8_NOPAD Signature algorithm ALG_DES_MAC_8_NOPAD generates a 8 byte MAC using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. This algorithm does not pad input data.
static byte	ALG_DES_MAC8_PKCS5 Signature algorithm ALG_DES_MAC8_PKCS5 generates a 8 byte MAC using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the PKCS#5 scheme.
static byte	ALG_DSA_SHA Signature algorithm ALG_DSA_SHA signs/verifies the 20 byte SHA digest using DSA.
static byte	ALG_RSA_MD5_PKCS1 Signature algorithm ALG_RSA_MD5_PKCS1 encrypts the 16 byte MD5 digest using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme.
static byte	ALG_RSA_MD5_RFC2409 Signature algorithm ALG_RSA_MD5_RFC2409 encrypts the 16 byte MD5 digest using RSA. The digest is padded according to the RFC2409 scheme.
static byte	ALG_RSA_RIPEMD160_ISO9796 Signature algorithm ALG_RSA_RIPEMD160_ISO9796 encrypts the 20 byte RIPE MD-160 digest using RSA. The digest is padded according to the ISO 9796 scheme.
static byte	ALG_RSA_RIPEMD160_PKCS1 Signature algorithm ALG_RSA_RIPEMD160_PKCS1 encrypts the 20 byte RIPE MD-160 digest using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme.
static byte	ALG_RSA_SHA_ISO9796 Signature algorithm ALG_RSA_SHA_ISO9796 encrypts the 20 byte SHA digest using RSA. The digest is padded according to the ISO 9796 (EMV'96) scheme.
static byte	ALG_RSA_SHA_PKCS1 Signature algorithm ALG_RSA_SHA_PKCS1 encrypts the 20 byte SHA digest using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme.
static byte	ALG_RSA_SHA_RFC2409 Signature algorithm ALG_RSA_SHA_RFC2409 encrypts the 20 byte SHA digest using RSA. The digest is padded according to the RFC2409 scheme.
static byte	MODE_SIGN Used in init() methods to indicate signature sign mode.
static byte	MODE_VERIFY Used in init() methods to indicate signature verify mode.

Constructor Summary

protected

Signature() Protected Constructor

Method Summary

abstract byte	getAlgorithm() Gets the Signature algorithm.
static Signature	getInstance(byte algorithm, boolean externalAccess) Creates a Signature object instance of the selected algorithm.
abstract short	getLength() Returns the byte length of the signature data.
abstract void	init(Key theKey, byte theMode) Initializes the Signature object with the appropriate Key.
abstract void	init(Key theKey, byte theMode, byte[] bArray, short bOff, short bLen) Initializes the Signature object with the appropriate Key and algorithm specific parameters.
abstract short	sign(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset) Generates the signature of all/last input data.
abstract void	update(byte[] inBuff, short inOffset, short inLength) Accumulates a signature of the input data.
abstract boolean	verify(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset, short sigLength) Verifies the signature of all/last input data against the passed in signature.

Methods inherited from class java.lang.Object

equals

Field Detail

ALG_DES_MAC4_NOPAD

public static final byte ALG_DES_MAC4_NOPAD

Signature algorithm ALG_DES_MAC4_NOPAD generates a 4 byte MAC (most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. This algorithm does not pad input data. If the input data is not (8 byte) block aligned it throws CryptoException with the reason code ILLEGAL_USE.

See Also:

Constant Field Values

ALG_DES_MAC8_NOPAD

public static final byte ALG_DES_MAC8_NOPAD

Signature algorithm ALG_DES_MAC_8_NOPAD generates a 8 byte MAC using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. This algorithm does not pad input data. If the input data is not (8 byte) block aligned it throws CryptoException with the reason code ILLEGAL_USE.

Note:

• This algorithm must not be implemented if export restrictions apply.

See Also:

Constant Field Values

ALG_DES_MAC4_ISO9797_M1

public static final byte ALG_DES_MAC4_ISO9797_M1

Signature algorithm ALG_DES_MAC4_ISO9797_M1 generates a 4 byte MAC (most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the ISO 9797 method 1 scheme.

See Also:

Constant Field Values

ALG_DES_MAC8_ISO9797_M1

public static final byte ALG_DES_MAC8_ISO9797_M1

Signature algorithm ALG_DES_MAC8_ISO9797_M1 generates a 8 byte MAC using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the ISO 9797 method 1 scheme.

Note:

• This algorithm must not be implemented if export restrictions apply.

See Also:

Constant Field Values

ALG_DES_MAC4_ISO9797_M2

public static final byte ALG_DES_MAC4_ISO9797_M2

Signature algorithm ALG_DES_MAC4_ISO9797_M2 generates a 4 byte MAC (most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.

See Also:

Constant Field Values

ALG_DES_MAC8_ISO9797_M2

public static final byte ALG_DES_MAC8_ISO9797_M2

Signature algorithm ALG_DES_MAC8_ISO9797_M2 generates a 8 byte MAC using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.

Note:

• This algorithm must not be implemented if export restrictions apply.

See Also:

Constant Field Values

ALG_DES_MAC4_PKCS5

public static final byte ALG_DES_MAC4_PKCS5

Signature algorithm ALG_DES_MAC4_PKCS5 generates a 4 byte MAC (most significant 4 bytes of encrypted block) using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the PKCS#5 scheme.

See Also:

Constant Field Values

ALG_DES_MAC8_PKCS5

public static final byte ALG_DES_MAC8_PKCS5

Signature algorithm ALG_DES_MAC8_PKCS5 generates a 8 byte MAC using DES or triple DES in CBC mode. This algorithm uses outer CBC for triple DES. Input data is padded according to the PKCS#5 scheme.

Note:

• This algorithm must not be implemented if export restrictions apply.

See Also:

Constant Field Values

ALG_RSA_SHA_ISO9796

public static final byte ALG_RSA_SHA_ISO9796

Signature algorithm ALG_RSA_SHA_ISO9796 encrypts the 20 byte SHA digest using RSA. The digest is padded according to the ISO 9796 (EMV'96) scheme.

See Also:

Constant Field Values

ALG_RSA_SHA_PKCS1

public static final byte ALG_RSA_SHA_PKCS1

Signature algorithm ALG_RSA_SHA_PKCS1 encrypts the 20 byte SHA digest using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme.

Note:

• The encryption block(EB) during signing is built as follows:
  EB = 00 || 01 || PS || 00 || T
  :: where T is the DER encoding of :
  digestInfo ::= SEQUENCE {
  digestAlgorithm AlgorithmIdentifier of SHA-1,
  digest OCTET STRING
  }
  :: PS is an octet string of length k-3-||T|| with value FF. The length of PS must be at least 8 octets.
  :: k is the RSA modulus size.
  

See Also:

Constant Field Values

ALG_RSA_MD5_PKCS1

public static final byte ALG_RSA_MD5_PKCS1

Signature algorithm ALG_RSA_MD5_PKCS1 encrypts the 16 byte MD5 digest using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme.

Note:

• The encryption block(EB) during signing is built as follows:
  < EB = 00 || 01 || PS || 00 || T
  :: where T is the DER encoding of :
  digestInfo ::= SEQUENCE {
  digestAlgorithm AlgorithmIdentifier of MD5,
  digest OCTET STRING
  }
  :: PS is an octet string of length k-3-||T|| with value FF. The length of PS must be at least 8 octets.
  :: k is the RSA modulus size.
  

See Also:

Constant Field Values

ALG_RSA_RIPEMD160_ISO9796

public static final byte ALG_RSA_RIPEMD160_ISO9796

Signature algorithm ALG_RSA_RIPEMD160_ISO9796 encrypts the 20 byte RIPE MD-160 digest using RSA. The digest is padded according to the ISO 9796 scheme.

See Also:

Constant Field Values

ALG_RSA_RIPEMD160_PKCS1

public static final byte ALG_RSA_RIPEMD160_PKCS1

Signature algorithm ALG_RSA_RIPEMD160_PKCS1 encrypts the 20 byte RIPE MD-160 digest using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme.

Note:

• The encryption block(EB) during signing is built as follows:
  < EB = 00 || 01 || PS || 00 || T
  :: where T is the DER encoding of :
  digestInfo ::= SEQUENCE {
  digestAlgorithm AlgorithmIdentifier of RIPEMD160,
  digest OCTET STRING
  }
  :: PS is an octet string of length k-3-||T|| with value FF. The length of PS must be at least 8 octets.
  :: k is the RSA modulus size.
  

See Also:

Constant Field Values

ALG_DSA_SHA

public static final byte ALG_DSA_SHA

Signature algorithm ALG_DSA_SHA signs/verifies the 20 byte SHA digest using DSA.

See Also:

Constant Field Values

ALG_RSA_SHA_RFC2409

public static final byte ALG_RSA_SHA_RFC2409

Signature algorithm ALG_RSA_SHA_RFC2409 encrypts the 20 byte SHA digest using RSA. The digest is padded according to the RFC2409 scheme.

See Also:

Constant Field Values

ALG_RSA_MD5_RFC2409

public static final byte ALG_RSA_MD5_RFC2409

Signature algorithm ALG_RSA_MD5_RFC2409 encrypts the 16 byte MD5 digest using RSA. The digest is padded according to the RFC2409 scheme.

See Also:

Constant Field Values

MODE_SIGN

public static final byte MODE_SIGN

Used in init() methods to indicate signature sign mode.

See Also:

Constant Field Values

MODE_VERIFY

public static final byte MODE_VERIFY

Used in init() methods to indicate signature verify mode.

See Also:

Constant Field Values

Constructor Detail

Signature

protected Signature()

Protected Constructor

Method Detail

getInstance

public static final Signature getInstance(byte algorithm,
                                          boolean externalAccess)
                                   throws CryptoException

Creates a Signature object instance of the selected algorithm.

Parameters:

algorithm - the desired Signature algorithm. See above.

externalAccess - if true indicates that the instance will be shared among multiple applet instances and that the Signature instance will also be accessed (via a Shareable interface) when the owner of the Signature instance is not the currently selected applet.

Returns:

the Signature object instance of the requested algorithm.

Throws:

CryptoException - with the following reason codes:

• CryptoException.NO_SUCH_ALGORITHM if the requested algorithm is not supported.

init

public abstract void init(Key theKey,
                          byte theMode)
                   throws CryptoException

Initializes the Signature object with the appropriate Key. This method should be used for algorithms which do not need initialization parameters or use default parameter values.

Note:

• DES and triple DES algorithms in CBC mode will use 0 for initial vector(IV) if this method is used.

Parameters:

theKey - the key object to use for signing or verifying

theMode - one of MODE_SIGN or MODE_VERIFY

Throws:

CryptoException - with the following reason codes:

• CryptoException.ILLEGAL_VALUE if theMode option is an undefined value or if the Key is inconsistent with theMode or with the Signature implementation.

init

public abstract void init(Key theKey,
                          byte theMode,
                          byte[] bArray,
                          short bOff,
                          short bLen)
                   throws CryptoException

Initializes the Signature object with the appropriate Key and algorithm specific parameters.

Note:

• DES and triple DES algorithms in outer CBC mode expect an 8 byte parameter value for the initial vector(IV) in bArray.
• RSA and DSA algorithms throw CryptoException.ILLEGAL_VALUE.

Parameters:

theKey - the key object to use for signing

theMode - one of MODE_SIGN or MODE_VERIFY

bArray - byte array containing algorithm specific initialization info.

bOff - offset within bArray where the algorithm specific data begins.

bLen - byte length of algorithm specific parameter data

Throws:

CryptoException - with the following reason codes:

• CryptoException.ILLEGAL_VALUE if theMode option is an undefined value or if a byte array parameter option is not supported by the algorithm or if the bLen is an incorrect byte length for the algorithm specific data or if the Key is inconsistent with theMode or with the Signature implementation.

getAlgorithm

public abstract byte getAlgorithm()

Gets the Signature algorithm.

Returns:

the algorithm code defined above.

getLength

public abstract short getLength()

Returns the byte length of the signature data.

Returns:

the byte length of the signature data.

update

public abstract void update(byte[] inBuff,
                            short inOffset,
                            short inLength)
                     throws CryptoException

Accumulates a signature of the input data. This method requires temporary storage of intermediate results. In addition, if the input data length is not block aligned (multiple of block size) then additional internal storage may be allocated at this time to store a partial input data block. This may result in additional resource consumption and/or slow performance. This method should only be used if all the input data required for signing/verifying is not available in one byte array. The sign() or verify() method is recommended whenever possible.

Parameters:

inBuff - the input buffer of data to be signed

inOffset - the offset into the input buffer at which to begin signature generation

inLength - the byte length to sign

Throws:

CryptoException - with the following reason codes:

• CryptoException.UNINITIALIZED_KEY if key not initialized.

See Also:

sign(byte[], short, short, byte[], short), verify(byte[], short, short, byte[], short, short)

sign

public abstract short sign(byte[] inBuff,
                           short inOffset,
                           short inLength,
                           byte[] sigBuff,
                           short sigOffset)
                    throws CryptoException

Generates the signature of all/last input data. A call to this method also resets this Signature object to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to sign another message.

Note:

• DES and triple DES algorithms in outer CBC mode reset the initial vector(IV) to 0. The initial vector(IV) can be re-initialized using the init(Key, byte, byte[], short, short) method.

The input and output buffer data may overlap.

Parameters:

inBuff - the input buffer of data to be signed

inOffset - the offset into the input buffer at which to begin signature generation

inLength - the byte length to sign

sigBuff - the output buffer to store signature data

sigOffset - the offset into sigBuff at which to begin signature data

Returns:

number of bytes of signature output in sigBuff

Throws:

CryptoException - with the following reason codes:

• CryptoException.UNINITIALIZED_KEY if key not initialized.
• CryptoException.INVALID_INIT if this Signature object is not initialized or initialized for signature verify mode.
• CryptoException.ILLEGAL_USE if this Signature algorithm does not pad the message and the message is not block aligned.

verify

public abstract boolean verify(byte[] inBuff,
                               short inOffset,
                               short inLength,
                               byte[] sigBuff,
                               short sigOffset,
                               short sigLength)
                        throws CryptoException

Verifies the signature of all/last input data against the passed in signature. A call to this method also resets this Signature object to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to verify another message.

Note:

• DES and triple DES algorithms in outer CBC mode reset the initial vector(IV) to 0. The initial vector(IV) can be re-initialized using the init(Key, byte, byte[], short, short) method.

Parameters:

inBuff - the input buffer of data to be verified

inOffset - the offset into the input buffer at which to begin signature generation

inLength - the byte length to sign

sigBuff - the input buffer containing signature data

sigOffset - the offset into sigBuff where signature data begins.

sigLength - the byte length of the signature data

Returns:

true if signature verifies false otherwise.

Throws:

CryptoException - with the following reason codes:

• CryptoException.UNINITIALIZED_KEY if key not initialized.
• CryptoException.INVALID_INIT if this Signature object is not initialized or initialized for signature sign mode.
• CryptoException.ILLEGAL_USE if this Signature algorithm does not pad the message and the message is not block aligned.