All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class semper.crypto.CryptoMan

java.lang.Object
   |
   +----semper.crypto.CryptoMan

public class CryptoMan
extends Object

CryptoMan provides an interface to all cryptologic services needed by SEMPER. These comprise encryption (symmetric and public-key), signing and message authentication (MAC). Furthermore, CryptoMan provides hashing functions. Algorithms are encoded in semper.util.constant.Constant objects as described in the constants directory. The actual functions are implemented in a module. A module based on Cryptomathic's tools is implemented in CRMModule. As soon as the interface to this module is more stable, an interface will be defined, which modules must implement.

Version:: $Revision: 1.63 $ $Date: 1998/08/13 08:37:53 $
Author:: Jesper Drud Nielsen ([email protected]), Thomas Sepstrup Nielsen ([email protected]), Torben Pedersen ([email protected])
See Also:: CryptoConstants. , CRMModule

CryptoMan(): Instantiation of this class is prevented by throwing an exception.

allocateHash(HashingAlgorithm): Allocates the correct amount of memory to store a hash value given the algorithm
byteToHex(byte[])
changePassword(): Used to change a password.
decipher(byte[], MessagePadding, CryptoKeyInfo): Decipher an array of bytes using the algorithm described by keyInfo.
decipher(File, File, MessagePadding, CryptoKeyInfo): Decipher a file using the algorithm described by keyInfo.
encipher(byte[], MessagePadding, CryptoKeyInfo): Encipher a message using the conventional algorithm described by keyInfo.
encipher(File, File, MessagePadding, CryptoKeyInfo): Encipher a File using the conventional algorithm described by keyInfo.
generateHash(File, HashingAlgorithm): Hash a File.
generateHash(HashingAlgorithm, byte[]): Hash an array of bytes.
generateMAC(byte[], MACAlgorithm, CryptoKeyInfo): Generate a MAC.
generateMAC(File, MACAlgorithm, CryptoKeyInfo): Generate a MAC.
generatePubKeyPair(AsymmetricAlgorithm, byte[], CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo): Generate a random public key pair as above, but with 512 bits key length.
generatePubKeyPair(AsymmetricAlgorithm, int, byte[], CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo): Generate a random public key pair.
generatePubKeyPair(boolean, byte[], CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo): Generate a random public key pair as above, but algorithm as well as key length define in a dialog with the user (through TINGUIN).
generateSignature(byte[], CryptoKeyInfo, HashingAlgorithm): Sign a string.
generateSignature(File, CryptoKeyInfo, HashingAlgorithm): Sign a string.
generateSymKey(ConventionalAlgorithm, byte[]): Generate a random symmetric key.
getSerialNo(): Outputs the lastly used key serial number.
init(): This function initialises the Crypto manager.
isInitialised(): Tells whether CryptoMan is initialised.
masterKeyDecrypt(byte[]): Decrypts the input under masterKey.
masterKeyEncrypt(byte[]): Encrypts the input under the master key (used to encrypt keys before being stored).
pkDecipher(byte[], CryptoKeyInfo, KeyPadding, ConventionalAlgorithm): Decipher an encrypted key using the algorithm described by keyInfo.
pkEncipher(CryptoKeyInfo, boolean, CryptoKeyInfo, KeyPadding): Encipher a conventional key using the asymmetric algorithm described by keyInfo.
randomBytes(int): Returns an array of random bytes.
toNullTerminated(File): Terminates the String with a null character
toNullTerminated(String): Terminates the String with a null character
updateSerialNo(): Updates the serial number uniquely identifying keys.
verifyMAC(byte[], MACAlgorithm, byte[], CryptoKeyInfo): Verify a MAC.
verifyMAC(File, MACAlgorithm, byte[], CryptoKeyInfo): Verify a MAC.
verifyPassword(String): Verify password.
verifySignature(byte[], byte[], CryptoKeyInfo, HashingAlgorithm): Verify a signature.
verifySignature(File, byte[], CryptoKeyInfo, HashingAlgorithm): Verify a signature.
whichAlgs(int): Gives information of supported algorithms.
whichAlgs(SecurityService): Gives information of supported algorithms.

CryptoMan

 public CryptoMan() throws CryptoManException

Instantiation of this class is prevented by throwing an exception. All services should be called using static calls.

Throws: CryptoManException: if this method is called

isInitialised

 public static boolean isInitialised()

Tells whether CryptoMan is initialised. The CryptoMan is initialised when CryptoMan.init() has been successfully executed.

Returns:: true if CryptoMan has been executed, false otherwise.

init

 public static void init() throws CryptoManException

This function initialises the Crypto manager. The initialisation mainly does the following:

Loads the correct module (for the moment this is a default module, CRMModule ).
Initialises the pseudo random generator (PRG) of the module (the first time this is based on a user supplied seed - entered through TINGUIN - later initialisations use a seed stored in the archive). The class CryptoSeed contains this seed.
Loads the master key from archive (the very first time a master key is generated, and the user is asked to provide a password by entering it twice; in all subsequent initialisations the user must provide this password).

The very first time the manager is initialised the user is asked to enter a seed of at least 16 characters (this may not be sufficient). Furthermore, the user is requested to define a password which protects his master key (the masterkey protects all other keys). In later initialisations the user has to enter this password. Here no seed is needed, as the crypto manager during initialisation computes a new seed (using the pseudo random generator of the module) and stores it so that it can used in the next initialisation.

Throws: CryptoManException: if initialisation could not be done
Throws: CryptoNoPassword: if the user could not provide a password

changePassword

 public static void changePassword()

Used to change a password. Changes the password protecting the master key.

verifyPassword

 public static boolean verifyPassword(String password) throws CryptoManException

Verify password.

Parameters:: password - is the password to be verified

updateSerialNo

 public static synchronized void updateSerialNo()

Updates the serial number uniquely identifying keys. The crypto manager assigns a unique (for the user) serial number to all keys generated. This method is sunchronized in order to ensure that different keys will get different numbers. The serial number can be obtained by reading a private variable of the manager.

getSerialNo

 public static long getSerialNo()

Outputs the lastly used key serial number. This function is only necessary if the serial number is needed outside the manager, as every service in the manager can access the value of the serial number immediately.

Returns:: A new serial number

randomBytes

 public static synchronized byte[] randomBytes(int length) throws CryptoManException

Returns an array of random bytes. These bytes are generated by the PRG of the module.

Parameters:: length - is requested number of bytes
Returns:: an array of random bytes
Throws: CryptoManException: if the module is not initialised

generateSymKey

 public static synchronized CryptoKeyInfo generateSymKey(ConventionalAlgorithm alg,
                                                         byte seed[]) throws CryptoManException

Generate a random symmetric key. A key for use by a symmetric algorithm is generated and returned. A key identifier is associated with the key. It is of the following form: "CryptoKeyInfo_userId_algId_serialnumber". The serial number is the unique number maintained by the .

Parameters:: alg - the symmetric algorithm for which a key is requested; seed - (optional) is used as random seed for the key generation. If no seed (at least 16 byts) is supplied a seed generated by the PRG will be used
Returns:: a cryptographic key token containing the random key
Throws: CryptoManException: if the algorithm is not suported, the pseudo random generator is not initialised (and no seed is provided), or an error occured in the module
See Also:: randomBytes, updateSerialNo

generatePubKeyPair

 public static synchronized void generatePubKeyPair(AsymmetricAlgorithm alg,
                                                    int keyLength,
                                                    byte seed[],
                                                    CryptoKeyInfo commonKeyInfo,
                                                    CryptoKeyInfo secKeyInfo,
                                                    CryptoKeyInfo pubKeyInfo) throws CryptoManException

Generate a random public key pair. A key pair for use by an asymmetric algorithm is generated and returned. A key identifier is associated with the key. It is of the following form: "CryptoKeyInfo_userId_algId_Type_serialnumber", where Type is "sk", "pk" or "ck" depending on whether the key is secret, public or common. The serial number is obtained from the manager itself. The identity of commonKeyInfo is only set if a new common part is generated. For the moment the key length is hard coded to 64 bytes. This is clearly insufficient for real security, but is chosen to make test programs faster. In the future it will be possible to define the key length in the preferences (probably with 128 bytes as default).

Parameters:: alg - the asymmetric algorithm for which a key pair is requested; keyLength - is the length of the key (in bytes); seed - is the seed to be used. If no seed supplied (null or seed.length == 0) the CryptoModule will use its own PRG); commonKeyInfo - contains common part of the publie key (e.g., a description of the group in case of DL based schemes). If such a value is supplied as input the keys will be generated with respect to this common part); secKeyInfo - the generated secret key (contains a pointer to commonKeyInfo if appropriate); pubKeyInfo - the generated public key (contains a pointer to commonKeyInfo if appropriate)
Returns:: void
Throws: CryptoManException: if the algorithm is not supported or no seed is provided and the manager is not initilised, or an error occured in the module
See Also:: CRMModule

generatePubKeyPair

 public static synchronized void generatePubKeyPair(AsymmetricAlgorithm alg,
                                                    byte seed[],
                                                    CryptoKeyInfo commonKeyInfo,
                                                    CryptoKeyInfo secKeyInfo,
                                                    CryptoKeyInfo pubKeyInfo) throws CryptoManException

Generate a random public key pair as above, but with 512 bits key length. A key pair for use by an asymmetric algorithm is generated and returned. A key identifier is associated with the key. It is of the following form: "CryptoKeyInfo_userId_algId_Type_serialnumber", where Type is "sk", "pk" or "ck" depending on whether the key is secret, public or common. The serial number is obtained from the manager itself. The identity of commonKeyInfo is only set if a new common part is generated. For the moment the key lenght is hard coded to 64 bytes. This is clearly insufficient for real security, but is chosen to make test programs faster. In the future it will be possible to define the key length in the preferences (probably with 128 bytes as default).

Parameters:: alg - the asymmetric algorithm for which a key pair is requested; seed - is the seed to be used. If no seed supplied (null or seed.length == 0) the CryptoModule will use its own PRG); commonKeyInfo - contains common part of the publie key (e.g., a description of the group in case of DL based schemes). If such a value is supplied as input the keys will be generated with respect to this common part); secKeyInfo - the generated secret key (contains a pointer to commonKeyInfo if appropriate); pubKeyInfo - the generated public key (contains a pointer to commonKeyInfo if appropriate)
Returns:: void
Throws: CryptoManException: if the algorithm is not supported or no seed is provided and the manager is not initilised, or an error occured in the module
See Also:: CRMModule

generatePubKeyPair

 public static synchronized void generatePubKeyPair(boolean signing,
                                                    byte seed[],
                                                    CryptoKeyInfo commonKeyInfo,
                                                    CryptoKeyInfo secKeyInfo,
                                                    CryptoKeyInfo pubKeyInfo) throws CryptoManException

Generate a random public key pair as above, but algorithm as well as key length define in a dialog with the user (through TINGUIN). A key pair for use by an asymmetric algorithm is generated and returned. A key identifier is associated with the key. It is of the following form: "CryptoKeyInfo_userId_algId_Type_serialnumber", where Type is "sk", "pk" or "ck" depending on whether the key is secret, public or common. The serial number is obtained from the manager itself. The identity of commonKeyInfo is only set if a new common part is generated. For the moment the key lenght is hard coded to 64 bytes. This is clearly insufficient for real security, but is chosen to make test programs faster. In the future it will be possible to define the key length in the preferences (probably with 128 bytes as default).

Parameters:: signing - is a boolean indicating the type of functionality requested (true: signing, false: encryption); seed - is the seed to be used. If no seed supplied (null or seed.length == 0) the CryptoModule will use its own PRG); commonKeyInfo - contains common part of the publie key (e.g., a description of the group in case of DL based schemes). If such a value is supplied as input the keys will be generated with respect to this common part); secKeyInfo - the generated secret key (contains a pointer to commonKeyInfo if appropriate); pubKeyInfo - the generated public key (contains a pointer to commonKeyInfo if appropriate)
Returns:: void
Throws: CryptoManException: if the algorithm is not supported or no seed is provided and the manager is not initilised, or an error occured in the module
See Also:: CRMModule

allocateHash

 public static byte[] allocateHash(HashingAlgorithm alg) throws CryptoManException

Allocates the correct amount of memory to store a hash value given the algorithm

Parameters:: alg - the hash algorithm
Returns:: the array of bytes to store a hash value in
Throws: CryptoManException: if the algorithm is not supported or an error occured in the module

generateHash

 public static byte[] generateHash(HashingAlgorithm alg,
                                   byte message[]) throws CryptoManException

Hash an array of bytes. The input array is hashed using the given hash algorithm.

Parameters:: alg - the hash algorithm; message - the message to hash
Returns:: the hash value
Throws: CryptoManException: if the algorithm is not supported or an error occured in the module

generateHash

 public static byte[] generateHash(File src_file,
                                   HashingAlgorithm alg) throws CryptoManException

Hash a File.

Parameters:: src_file - the File to be hashed; alg - the hash algorithm
Returns:: the hashed value
Throws: CryptoManException: if the algorithm is not supported or an error occured in the module

encipher

 public static byte[] encipher(byte message[],
                               MessagePadding msgPadding,
                               CryptoKeyInfo keyInfo) throws CryptoManException

Encipher a message using the conventional algorithm described by keyInfo.

Parameters:: message - the message to encipher of cleartext; msgPadding - indicates how the message is padded before encryption; keyInfo - the key token identifying the algorithm and key to be used
Returns:: the enciphered array of bytes
Throws: CryptoManException: if encryption failed or some input is missing
See Also:: decipher, pkEncipher

encipher

 public static File encipher(File src_file,
                             File dest_file,
                             MessagePadding msgPadding,
                             CryptoKeyInfo keyInfo) throws CryptoManException

Encipher a File using the conventional algorithm described by keyInfo.

Parameters:: src_file - the File to encipher; dest_file - the src_file after enciphering. If it is null, the enciphered file will be placed in a file with same name as src_file extended with the 4 characters '.enc'.; msgPadding - indicates how the message is padded before encryption; keyInfo - the key token identifying the algorithm and key to be used
Returns:: the enciphered File
Throws: CryptoManException: if encryption failed or some input is missing
See Also:: decipher, pkEncipher

decipher

 public static byte[] decipher(byte cipher[],
                               MessagePadding msgPadding,
                               CryptoKeyInfo keyInfo) throws CryptoManException

Decipher an array of bytes using the algorithm described by keyInfo. After the ciphertext has been decrypted the padding (added during encipherment) is removed.

Parameters:: cipher - the (ciphered) message to decipher; msgPadding - indicates how the message is padded before encryption; keyInfo - the key token identifying the algorithm and key
Returns:: the deciphered string
Throws: CryptoManException: if decryption failed
See Also:: encipher

decipher

 public static File decipher(File src_file,
                             File dest_file,
                             MessagePadding msgPadding,
                             CryptoKeyInfo keyInfo) throws CryptoManException

Decipher a file using the algorithm described by keyInfo. If padding was added during encipherment it will be removed.

Parameters:: src_file - the (enciphered) File to decipher; dest_file - the deciphered file. If dest_file is null then the deciphered file will be placed in a file with the same name as the cipher file extended with the 4 characters '.pln'; msgPadding - indicates how the message was padded before encryption; keyInfo - the key token identifying the algorithm and key
Returns:: the deciphered File
Throws: CryptoManException: if decryption failed
See Also:: encipher

pkEncipher

 public static byte[] pkEncipher(CryptoKeyInfo convKeyInfo,
                                 boolean makeConvKey,
                                 CryptoKeyInfo pubKeyInfo,
                                 KeyPadding keyEncryption) throws CryptoManException

Encipher a conventional key using the asymmetric algorithm described by keyInfo. The key is padded as described by the parameter keyEncryption before being encrypted.

Parameters:: convKeyInfo - contains the symmetric key in clear to be enciphered (possibly generated by pkEncipher and returned in convKeyInfo); makeKeyInfo - if true a new symmetric key is generated (corresponding to the algorithm designated by convKeyInfo); pubKeyInfo - is the public key to be used; keyEncryption - describes how the conventional key is embedded in a block for public key encryption
Returns:: the enciphered key
Throws: CryptoManException: if pubKeyInfo is missing or an error occurs in the module
See Also:: encipher, pkDecipher

pkDecipher

 public static byte[] pkDecipher(byte cipher[],
                                 CryptoKeyInfo keyInfo,
                                 KeyPadding keyEncryption,
                                 ConventionalAlgorithm convAlg) throws CryptoManException

Decipher an encrypted key using the algorithm described by keyInfo.

Parameters:: cipher - the (ciphered) message to decipher; keyInfo - the key token identifying the algorithm and key; keyEncryption - describes how the conventional key is embedded in a block for public key encryption; convAlg - designates the conventional algorithm corresponding to the encrypted key
Returns:: the deciphered string
Throws: CryptoManException: if decryption failed
See Also:: pkEncipher, decipher

generateSignature

 public static byte[] generateSignature(byte message[],
                                        CryptoKeyInfo signatureKeyInfo,
                                        HashingAlgorithm hashAlg) throws CryptoManException

Sign a string. A digital signature is applied to the message using a secret signature key. IF a DSA signature is requested SHS-1 will automatically be used as hash function.

Parameters:: message - the message on which to generate a signature; keyInfo - the key token identifying the signature algorithm and secret key; hashAlg - indicates the hashing algorithm to be used (not needed in case of DSA)
Returns:: the digital signature
Throws: CryptoManException: if the algorithm is not supported or an error occurs in module
See Also:: verifySignature

generateSignature

 public static byte[] generateSignature(File message_file,
                                        CryptoKeyInfo signatureKeyInfo,
                                        HashingAlgorithm hashAlg) throws CryptoManException

Sign a string. A digital signature is applied to the message using a secret signature key. IF a DSA signature is requested SHS-1 will automatically be used as hash function.

Parameters:: message - the message on which to generate a signature; keyInfo - the key token identifying the signature algorithm and secret key; hashAlg - indicates the hashing algorithm to be used (not needed in case of DSA)
Returns:: the digital signature
Throws: CryptoManException: if the algorithm is not supported or an error occurs in module
See Also:: verifySignature

verifySignature

 public static boolean verifySignature(byte message[],
                                       byte signature[],
                                       CryptoKeyInfo keyInfo,
                                       HashingAlgorithm hashAlg) throws CryptoManException

Verify a signature. A digital signature on a message is verified using a public signature key.

Parameters:: message - the message on which to verify a signature; signature - the digital signature; keyInfo - the key token identifying the signature algorithm and public key; hashAlg - defines the hashing algorithm to be used
Returns:: true if signature valid, otherwise false
Throws: CryptoManException: if the algorithm is not supported or an error in module
See Also:: generateSignature

verifySignature

 public static boolean verifySignature(File src_file,
                                       byte signature[],
                                       CryptoKeyInfo keyInfo,
                                       HashingAlgorithm hashAlg) throws CryptoManException

Verify a signature. A digital signature on a message is verified using a public signature key.

Parameters:: message - the message on which to verify a signature; signature - the digital signature; keyInfo - the key token identifying the signature algorithm and public key; hashAlg - defines the hashing algorithm to be used
Returns:: true if signature valid, otherwise false
Throws: CryptoManException: if the algorithm is not supported or an error in module
See Also:: generateSignature

generateMAC

 public static byte[] generateMAC(byte message[],
                                  MACAlgorithm MACalg,
                                  CryptoKeyInfo keyInfo) throws CryptoManException

Generate a MAC. A message authentication code is generated on a message using a symmetric key. The MAC algorithm is specified using two parameters:

The input key (keyInfo) designates the key and the conventional algorithm for which the key is used
The integer MACalg specifies how this conventional algorithm is used to compute the hash value.

Parameters:: message - on which to generate a MAC; MACalg - designates the MAC algorithm; keyInfo - the key token identifying the MAC algorithm and key
Returns:: the MAC string
Throws: CryptoManException: if the algorithm is not supported, a key is missing or an error in module
See Also:: verifyMAC

generateMAC

 public static byte[] generateMAC(File src_file,
                                  MACAlgorithm MACalg,
                                  CryptoKeyInfo keyInfo) throws CryptoManException

Generate a MAC. A message authentication code is generated on a message contained in a file using a symmetric key. The MAC algorithm is specified using two parameters:

The input key (keyInfo) designates the key and the conventional algorithm for which the key is used
The integer MACalg specifies how this conventional algorithm is used to compute the hash value.

Parameters:: message_file - the file on which to generate a MAC; MACalg - designates the MAC algorithm; keyInfo - the key token identifying the MAC algorithm and key
Returns:: the MAC string
Throws: CryptoManException: if the algorithm is not supported, a key is missing or an error in module
See Also:: verifyMAC

verifyMAC

 public static boolean verifyMAC(byte message[],
                                 MACAlgorithm MACalg,
                                 byte MAC[],
                                 CryptoKeyInfo keyInfo) throws CryptoManException

Verify a MAC. A message authentication code is verified using a symmetric key key.

Parameters:: message - the message on which to verify the MAC; MACalg - designates the MAC algorithm; MAC - the MAC to verify; keyInfo - the key token identifying the MAC algorithm and key
Returns:: true if MAC valid, otherwise false
Throws: CryptoManException: if the algorithm is not supported, a key is missing or an error in module
See Also:: generateMAC

verifyMAC

 public static boolean verifyMAC(File src_file,
                                 MACAlgorithm MACalg,
                                 byte MAC[],
                                 CryptoKeyInfo keyInfo) throws CryptoManException

Verify a MAC. A message authentication code is verified on a file using a symmetric key key.

Parameters:: src_file - the message file on which to verify the MAC; MACalg - designates the MAC algorithm; MAC - the MAC to verify; keyInfo - the key token identifying the MAC algorithm and key
Returns:: true if MAC valid, otherwise false
Throws: CryptoManException: if the algorithm is not supported, a key is missing or an error in module
See Also:: generateMAC

whichAlgs

 public static Vector whichAlgs(SecurityService secService)

Gives information of supported algorithms.

Parameters:: secService - describes the service
Returns:: a vector of algorithms implementing the requested service

whichAlgs

 public static Vector whichAlgs(int secService)

Gives information of supported algorithms.

Parameters:: secService - describes the service
Returns:: a vector of algorithms implementing the requested service

masterKeyEncrypt

 public static byte[] masterKeyEncrypt(byte keyBytes[]) throws CryptoManException

Encrypts the input under the master key (used to encrypt keys before being stored). This is only possible if the crypto manager has been initialised (otherwise an exception is thrown).

Parameters:: keyBytes - is the byte array corresponding ot the key to be encrypted
Returns:: byte array with the encrypted key
Throws: CryptoManException: if the encryption fails
See Also:: masterKeyDecrypt

masterKeyDecrypt

 public static byte[] masterKeyDecrypt(byte encryptedKey[]) throws CryptoManException

Decrypts the input under masterKey. This function only works if the master key has been decrypted.

Parameters:: encryptedKey - is the byte array corresponding to the encrypted key
Returns:: byte array with the key
Throws: CryptoManException: if the decryption fails
See Also:: masterKeyEncrypt

byteToHex

 public static String byteToHex(byte bytes[])

Returns:: s the bytearray as a hexidecimal string

toNullTerminated

 public static byte[] toNullTerminated(String str)

Terminates the String with a null character

Parameters:: str - the String to represent as a null terminated byte array
Returns:: s an array of bytes representing str with a terminating nullchar

toNullTerminated

 public static byte[] toNullTerminated(File src_file) throws CryptoManException

Terminates the String with a null character

Parameters:: src_file - the file to get the filename from
Returns:: s an array of bytes representing the name of the src_file with a terminating nullchar
Throws: CryptoManException: if IOException occurs

All Packages  Class Hierarchy  This Package  Previous  Next  Index