IAIK PKCS#11 Wrapper Demo
version 1.2.17

demo.pkcs.pkcs11
Class PKCS11SignatureEngine

java.lang.Object
  extended byjava.security.SignatureSpi
      extended byjava.security.Signature
          extended bydemo.pkcs.pkcs11.PKCS11SignatureEngine

public class PKCS11SignatureEngine
extends Signature

This is an implementation of a JCA Signature class that uses the PKCS#11 wrapper to create the signature. This implementation hashes outside the token (i.e. in software) and support only signing but not verification.

Invariants

Field Summary
protected  MessageDigest digestEngine_
          The digest engine used to hash the data.
protected  iaik.asn1.structures.AlgorithmID hashAlgorithm_
          The hash algorithm to use for hashing the data.
protected  Session session_
          The session that this object uses for signing with the token.
protected  Key signatureKey_
          The PKCS#11 key that this object uses for signing with the token.
protected  Mechanism signatureMechanism_
          The mechanism that this object uses for signing with the token.
 
Fields inherited from class java.security.Signature
SIGN, state, UNINITIALIZED, VERIFY
 
Fields inherited from class java.security.SignatureSpi
appRandom
 
Constructor Summary
PKCS11SignatureEngine(String algorithmName, Session session, Mechanism signatureMechanism, iaik.asn1.structures.AlgorithmID hashAlgorithm)
          Creates a new signature engine that uses the given parameters to create the signature on the PKCS#11 token.
 
Method Summary
protected  Object engineGetParameter(String name)
          SPI: see documentation of java.security.Signature.
protected  void engineInitSign(PrivateKey privateKey)
          SPI: see documentation of java.security.Signature.
protected  void engineInitVerify(PublicKey publicKey)
          SPI: see documentation of java.security.Signature.
protected  void engineSetParameter(String param, Object value)
          SPI: see documentation of java.security.Signature.
protected  byte[] engineSign()
          SPI: see documentation of java.security.Signature.
protected  void engineUpdate(byte dataByte)
          SPI: see documentation of java.security.Signature.
protected  void engineUpdate(byte[] data, int offset, int length)
          SPI: see documentation of java.security.Signature.
protected  boolean engineVerify(byte[] signatureValue)
          SPI: see documentation of java.security.Signature.
 
Methods inherited from class java.security.Signature
clone, getAlgorithm, getInstance, getInstance, getInstance, getParameter, getParameters, getProvider, initSign, initSign, initVerify, initVerify, setParameter, setParameter, sign, sign, toString, update, update, update, verify, verify
 
Methods inherited from class java.security.SignatureSpi
engineGetParameters, engineInitSign, engineSetParameter, engineSign, engineVerify
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

session_

protected Session session_
The session that this object uses for signing with the token.


signatureMechanism_

protected Mechanism signatureMechanism_
The mechanism that this object uses for signing with the token.


signatureKey_

protected Key signatureKey_
The PKCS#11 key that this object uses for signing with the token.


hashAlgorithm_

protected iaik.asn1.structures.AlgorithmID hashAlgorithm_
The hash algorithm to use for hashing the data.


digestEngine_

protected MessageDigest digestEngine_
The digest engine used to hash the data.

Constructor Detail

PKCS11SignatureEngine

public PKCS11SignatureEngine(String algorithmName,
                             Session session,
                             Mechanism signatureMechanism,
                             iaik.asn1.structures.AlgorithmID hashAlgorithm)
                      throws NoSuchAlgorithmException
Creates a new signature engine that uses the given parameters to create the signature on the PKCS#11 token.

Parameters:
algorithmName - The name of the signature algorithm. This class does not interpret this name; it uses it as is.
session - The PKCS#11 session to use for signing. It must have the permissions to sign with the used private key; e.g. it may require a user session.
signatureMechanism - The PKCS#11 mechanism to use for signing; e.g. Mechanism.RSA_PKCS.
hashAlgorithm - The hash algorithm to use for hashing the data; e.g. AlgorithmID.sha1.
Throws:
NoSuchAlgorithmException - If the hash algorithm is not available.
Preconditions
Postconditions
Method Detail

engineVerify

protected boolean engineVerify(byte[] signatureValue)
                        throws SignatureException
SPI: see documentation of java.security.Signature.

Throws:
SignatureException

engineGetParameter

protected Object engineGetParameter(String name)
                             throws InvalidParameterException
SPI: see documentation of java.security.Signature.

Throws:
InvalidParameterException

engineSetParameter

protected void engineSetParameter(String param,
                                  Object value)
                           throws InvalidParameterException
SPI: see documentation of java.security.Signature.

Throws:
InvalidParameterException

engineInitSign

protected void engineInitSign(PrivateKey privateKey)
                       throws InvalidKeyException
SPI: see documentation of java.security.Signature.

Throws:
InvalidKeyException

engineSign

protected byte[] engineSign()
                     throws SignatureException
SPI: see documentation of java.security.Signature.

Throws:
SignatureException

engineInitVerify

protected void engineInitVerify(PublicKey publicKey)
                         throws InvalidKeyException
SPI: see documentation of java.security.Signature.

Throws:
InvalidKeyException

engineUpdate

protected void engineUpdate(byte dataByte)
                     throws SignatureException
SPI: see documentation of java.security.Signature.

Throws:
SignatureException

engineUpdate

protected void engineUpdate(byte[] data,
                            int offset,
                            int length)
                     throws SignatureException
SPI: see documentation of java.security.Signature.

Throws:
SignatureException

IAIK PKCS#11 Wrapper Demo
version 1.2.17

IAIK JavaSecurity Website http://jce.iaik.tugraz.at/

IAIK at Graz University of Technology, Austria, Europe
Copyright 2001-2002, IAIK, Graz University of Technology, Inffeldgasse 16a, 8010 Graz, Austria. All Rights Reserved.