All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class semper.crypto.CryptoMan

java.lang.Object
   |
   +----semper.crypto.CryptoMan

public class CryptoMan
extends Object
CryptoMan provides an interface to all cryptologic services needed by SEMPER. These comprise encryption (symmetric and public-key), signing and message authentication (MAC). Furthermore, CryptoMan provides hashing functions. Algorithms are encoded in semper.util.constant.Constant objects as described in the constants directory. The actual functions are implemented in a module. A module based on Cryptomathic's tools is implemented in CRMModule. As soon as the interface to this module is more stable, an interface will be defined, which modules must implement.

Version:
$Revision: 1.63 $ $Date: 1998/08/13 08:37:53 $
Author:
Jesper Drud Nielsen (drud@cryptomathic.dk), Thomas Sepstrup Nielsen (tsn@cryptomathic.dk), Torben Pedersen (tpp@cryptomathic.dk)
See Also:
CryptoConstants. , CRMModule

Constructor Index

 o CryptoMan()
Instantiation of this class is prevented by throwing an exception.

Method Index

 o allocateHash(HashingAlgorithm)
Allocates the correct amount of memory to store a hash value given the algorithm
 o byteToHex(byte[])
 o changePassword()
Used to change a password.
 o decipher(byte[], MessagePadding, CryptoKeyInfo)
Decipher an array of bytes using the algorithm described by keyInfo.
 o decipher(File, File, MessagePadding, CryptoKeyInfo)
Decipher a file using the algorithm described by keyInfo.
 o encipher(byte[], MessagePadding, CryptoKeyInfo)
Encipher a message using the conventional algorithm described by keyInfo.
 o encipher(File, File, MessagePadding, CryptoKeyInfo)
Encipher a File using the conventional algorithm described by keyInfo.
 o generateHash(File, HashingAlgorithm)
Hash a File.
 o generateHash(HashingAlgorithm, byte[])
Hash an array of bytes.
 o generateMAC(byte[], MACAlgorithm, CryptoKeyInfo)
Generate a MAC.
 o generateMAC(File, MACAlgorithm, CryptoKeyInfo)
Generate a MAC.
 o generatePubKeyPair(AsymmetricAlgorithm, byte[], CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo)
Generate a random public key pair as above, but with 512 bits key length.
 o generatePubKeyPair(AsymmetricAlgorithm, int, byte[], CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo)
Generate a random public key pair.
 o generatePubKeyPair(boolean, byte[], CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo)
Generate a random public key pair as above, but algorithm as well as key length define in a dialog with the user (through TINGUIN).
 o generateSignature(byte[], CryptoKeyInfo, HashingAlgorithm)
Sign a string.
 o generateSignature(File, CryptoKeyInfo, HashingAlgorithm)
Sign a string.
 o generateSymKey(ConventionalAlgorithm, byte[])
Generate a random symmetric key.
 o getSerialNo()
Outputs the lastly used key serial number.
 o init()
This function initialises the Crypto manager.
 o isInitialised()
Tells whether CryptoMan is initialised.
 o masterKeyDecrypt(byte[])
Decrypts the input under masterKey.
 o masterKeyEncrypt(byte[])
Encrypts the input under the master key (used to encrypt keys before being stored).
 o pkDecipher(byte[], CryptoKeyInfo, KeyPadding, ConventionalAlgorithm)
Decipher an encrypted key using the algorithm described by keyInfo.
 o pkEncipher(CryptoKeyInfo, boolean, CryptoKeyInfo, KeyPadding)
Encipher a conventional key using the asymmetric algorithm described by keyInfo.
 o randomBytes(int)
Returns an array of random bytes.
 o toNullTerminated(File)
Terminates the String with a null character
 o toNullTerminated(String)
Terminates the String with a null character
 o updateSerialNo()
Updates the serial number uniquely identifying keys.
 o verifyMAC(byte[], MACAlgorithm, byte[], CryptoKeyInfo)
Verify a MAC.
 o verifyMAC(File, MACAlgorithm, byte[], CryptoKeyInfo)
Verify a MAC.
 o verifyPassword(String)
Verify password.
 o verifySignature(byte[], byte[], CryptoKeyInfo, HashingAlgorithm)
Verify a signature.
 o verifySignature(File, byte[], CryptoKeyInfo, HashingAlgorithm)
Verify a signature.
 o whichAlgs(int)
Gives information of supported algorithms.
 o whichAlgs(SecurityService)
Gives information of supported algorithms.

Constructors

 o CryptoMan
 public CryptoMan() throws CryptoManException
Instantiation of this class is prevented by throwing an exception. All services should be called using static calls.

Throws: CryptoManException
if this method is called

Methods

 o isInitialised
 public static boolean isInitialised()
Tells whether CryptoMan is initialised. The CryptoMan is initialised when CryptoMan.init() has been successfully executed.

Returns:
true if CryptoMan has been executed, false otherwise.
 o init
 public static void init() throws CryptoManException
This function initialises the Crypto manager. The initialisation mainly does the following: The very first time the manager is initialised the user is asked to enter a seed of at least 16 characters (this may not be sufficient). Furthermore, the user is requested to define a password which protects his master key (the masterkey protects all other keys). In later initialisations the user has to enter this password. Here no seed is needed, as the crypto manager during initialisation computes a new seed (using the pseudo random generator of the module) and stores it so that it can used in the next initialisation.

Throws: CryptoManException
if initialisation could not be done
Throws: CryptoNoPassword
if the user could not provide a password
 o changePassword
 public static void changePassword()
Used to change a password. Changes the password protecting the master key.

 o verifyPassword
 public static boolean verifyPassword(String password) throws CryptoManException
Verify password.

Parameters:
password - is the password to be verified
 o updateSerialNo
 public static synchronized void updateSerialNo()
Updates the serial number uniquely identifying keys. The crypto manager assigns a unique (for the user) serial number to all keys generated. This method is sunchronized in order to ensure that different keys will get different numbers. The serial number can be obtained by reading a private variable of the manager.

 o getSerialNo
 public static long getSerialNo()
Outputs the lastly used key serial number. This function is only necessary if the serial number is needed outside the manager, as every service in the manager can access the value of the serial number immediately.

Returns:
A new serial number
 o randomBytes
 public static synchronized byte[] randomBytes(int length) throws CryptoManException
Returns an array of random bytes. These bytes are generated by the PRG of the module.

Parameters:
length - is requested number of bytes
Returns:
an array of random bytes
Throws: CryptoManException
if the module is not initialised
 o generateSymKey
 public static synchronized CryptoKeyInfo generateSymKey(ConventionalAlgorithm alg,
                                                         byte seed[]) throws CryptoManException
Generate a random symmetric key. A key for use by a symmetric algorithm is generated and returned. A key identifier is associated with the key. It is of the following form: "CryptoKeyInfo_userId_algId_serialnumber". The serial number is the unique number maintained by the .

Parameters:
alg - the symmetric algorithm for which a key is requested
seed - (optional) is used as random seed for the key generation. If no seed (at least 16 byts) is supplied a seed generated by the PRG will be used
Returns:
a cryptographic key token containing the random key
Throws: CryptoManException
if the algorithm is not suported, the pseudo random generator is not initialised (and no seed is provided), or an error occured in the module
See Also:
randomBytes, updateSerialNo
 o generatePubKeyPair
 public static synchronized void generatePubKeyPair(AsymmetricAlgorithm alg,
                                                    int keyLength,
                                                    byte seed[],
                                                    CryptoKeyInfo commonKeyInfo,
                                                    CryptoKeyInfo secKeyInfo,
                                                    CryptoKeyInfo pubKeyInfo) throws CryptoManException
Generate a random public key pair. A key pair for use by an asymmetric algorithm is generated and returned. A key identifier is associated with the key. It is of the following form: "CryptoKeyInfo_userId_algId_Type_serialnumber", where Type is "sk", "pk" or "ck" depending on whether the key is secret, public or common. The serial number is obtained from the manager itself. The identity of commonKeyInfo is only set if a new common part is generated. For the moment the key length is hard coded to 64 bytes. This is clearly insufficient for real security, but is chosen to make test programs faster. In the future it will be possible to define the key length in the preferences (probably with 128 bytes as default).

Parameters:
alg - the asymmetric algorithm for which a key pair is requested
keyLength - is the length of the key (in bytes)
seed - is the seed to be used. If no seed supplied (null or seed.length == 0) the CryptoModule will use its own PRG)
commonKeyInfo - contains common part of the publie key (e.g., a description of the group in case of DL based schemes). If such a value is supplied as input the keys will be generated with respect to this common part)
secKeyInfo - the generated secret key (contains a pointer to commonKeyInfo if appropriate)
pubKeyInfo - the generated public key (contains a pointer to commonKeyInfo if appropriate)
Returns:
void
Throws: CryptoManException
if the algorithm is not supported or no seed is provided and the manager is not initilised, or an error occured in the module
See Also:
CRMModule
 o generatePubKeyPair
 public static synchronized void generatePubKeyPair(AsymmetricAlgorithm alg,
                                                    byte seed[],
                                                    CryptoKeyInfo commonKeyInfo,
                                                    CryptoKeyInfo secKeyInfo,
                                                    CryptoKeyInfo pubKeyInfo) throws CryptoManException
Generate a random public key pair as above, but with 512 bits key length. A key pair for use by an asymmetric algorithm is generated and returned. A key identifier is associated with the key. It is of the following form: "CryptoKeyInfo_userId_algId_Type_serialnumber", where Type is "sk", "pk" or "ck" depending on whether the key is secret, public or common. The serial number is obtained from the manager itself. The identity of commonKeyInfo is only set if a new common part is generated. For the moment the key lenght is hard coded to 64 bytes. This is clearly insufficient for real security, but is chosen to make test programs faster. In the future it will be possible to define the key length in the preferences (probably with 128 bytes as default).

Parameters:
alg - the asymmetric algorithm for which a key pair is requested
seed - is the seed to be used. If no seed supplied (null or seed.length == 0) the CryptoModule will use its own PRG)
commonKeyInfo - contains common part of the publie key (e.g., a description of the group in case of DL based schemes). If such a value is supplied as input the keys will be generated with respect to this common part)
secKeyInfo - the generated secret key (contains a pointer to commonKeyInfo if appropriate)
pubKeyInfo - the generated public key (contains a pointer to commonKeyInfo if appropriate)
Returns:
void
Throws: CryptoManException
if the algorithm is not supported or no seed is provided and the manager is not initilised, or an error occured in the module
See Also:
CRMModule
 o generatePubKeyPair
 public static synchronized void generatePubKeyPair(boolean signing,
                                                    byte seed[],
                                                    CryptoKeyInfo commonKeyInfo,
                                                    CryptoKeyInfo secKeyInfo,
                                                    CryptoKeyInfo pubKeyInfo) throws CryptoManException
Generate a random public key pair as above, but algorithm as well as key length define in a dialog with the user (through TINGUIN). A key pair for use by an asymmetric algorithm is generated and returned. A key identifier is associated with the key. It is of the following form: "CryptoKeyInfo_userId_algId_Type_serialnumber", where Type is "sk", "pk" or "ck" depending on whether the key is secret, public or common. The serial number is obtained from the manager itself. The identity of commonKeyInfo is only set if a new common part is generated. For the moment the key lenght is hard coded to 64 bytes. This is clearly insufficient for real security, but is chosen to make test programs faster. In the future it will be possible to define the key length in the preferences (probably with 128 bytes as default).

Parameters:
signing - is a boolean indicating the type of functionality requested (true: signing, false: encryption)
seed - is the seed to be used. If no seed supplied (null or seed.length == 0) the CryptoModule will use its own PRG)
commonKeyInfo - contains common part of the publie key (e.g., a description of the group in case of DL based schemes). If such a value is supplied as input the keys will be generated with respect to this common part)
secKeyInfo - the generated secret key (contains a pointer to commonKeyInfo if appropriate)
pubKeyInfo - the generated public key (contains a pointer to commonKeyInfo if appropriate)
Returns:
void
Throws: CryptoManException
if the algorithm is not supported or no seed is provided and the manager is not initilised, or an error occured in the module
See Also:
CRMModule
 o allocateHash
 public static byte[] allocateHash(HashingAlgorithm alg) throws CryptoManException
Allocates the correct amount of memory to store a hash value given the algorithm

Parameters:
alg - the hash algorithm
Returns:
the array of bytes to store a hash value in
Throws: CryptoManException
if the algorithm is not supported or an error occured in the module
 o generateHash
 public static byte[] generateHash(HashingAlgorithm alg,
                                   byte message[]) throws CryptoManException
Hash an array of bytes. The input array is hashed using the given hash algorithm.

Parameters:
alg - the hash algorithm
message - the message to hash
Returns:
the hash value
Throws: CryptoManException
if the algorithm is not supported or an error occured in the module
 o generateHash
 public static byte[] generateHash(File src_file,
                                   HashingAlgorithm alg) throws CryptoManException
Hash a File.

Parameters:
src_file - the File to be hashed
alg - the hash algorithm
Returns:
the hashed value
Throws: CryptoManException
if the algorithm is not supported or an error occured in the module
 o encipher
 public static byte[] encipher(byte message[],
                               MessagePadding msgPadding,
                               CryptoKeyInfo keyInfo) throws CryptoManException
Encipher a message using the conventional algorithm described by keyInfo.

Parameters:
message - the message to encipher of cleartext
msgPadding - indicates how the message is padded before encryption
keyInfo - the key token identifying the algorithm and key to be used
Returns:
the enciphered array of bytes
Throws: CryptoManException
if encryption failed or some input is missing
See Also:
decipher, pkEncipher
 o encipher
 public static File encipher(File src_file,
                             File dest_file,
                             MessagePadding msgPadding,
                             CryptoKeyInfo keyInfo) throws CryptoManException
Encipher a File using the conventional algorithm described by keyInfo.

Parameters:
src_file - the File to encipher
dest_file - the src_file after enciphering. If it is null, the enciphered file will be placed in a file with same name as src_file extended with the 4 characters '.enc'.
msgPadding - indicates how the message is padded before encryption
keyInfo - the key token identifying the algorithm and key to be used
Returns:
the enciphered File
Throws: CryptoManException
if encryption failed or some input is missing
See Also:
decipher, pkEncipher
 o decipher
 public static byte[] decipher(byte cipher[],
                               MessagePadding msgPadding,
                               CryptoKeyInfo keyInfo) throws CryptoManException
Decipher an array of bytes using the algorithm described by keyInfo. After the ciphertext has been decrypted the padding (added during encipherment) is removed.

Parameters:
cipher - the (ciphered) message to decipher
msgPadding - indicates how the message is padded before encryption
keyInfo - the key token identifying the algorithm and key
Returns:
the deciphered string
Throws: CryptoManException
if decryption failed
See Also:
encipher
 o decipher
 public static File decipher(File src_file,
                             File dest_file,
                             MessagePadding msgPadding,
                             CryptoKeyInfo keyInfo) throws CryptoManException
Decipher a file using the algorithm described by keyInfo. If padding was added during encipherment it will be removed.

Parameters:
src_file - the (enciphered) File to decipher
dest_file - the deciphered file. If dest_file is null then the deciphered file will be placed in a file with the same name as the cipher file extended with the 4 characters '.pln'
msgPadding - indicates how the message was padded before encryption
keyInfo - the key token identifying the algorithm and key
Returns:
the deciphered File
Throws: CryptoManException
if decryption failed
See Also:
encipher
 o pkEncipher
 public static byte[] pkEncipher(CryptoKeyInfo convKeyInfo,
                                 boolean makeConvKey,
                                 CryptoKeyInfo pubKeyInfo,
                                 KeyPadding keyEncryption) throws CryptoManException
Encipher a conventional key using the asymmetric algorithm described by keyInfo. The key is padded as described by the parameter keyEncryption before being encrypted.

Parameters:
convKeyInfo - contains the symmetric key in clear to be enciphered (possibly generated by pkEncipher and returned in convKeyInfo)
makeKeyInfo - if true a new symmetric key is generated (corresponding to the algorithm designated by convKeyInfo)
pubKeyInfo - is the public key to be used
keyEncryption - describes how the conventional key is embedded in a block for public key encryption
Returns:
the enciphered key
Throws: CryptoManException
if pubKeyInfo is missing or an error occurs in the module
See Also:
encipher, pkDecipher
 o pkDecipher
 public static byte[] pkDecipher(byte cipher[],
                                 CryptoKeyInfo keyInfo,
                                 KeyPadding keyEncryption,
                                 ConventionalAlgorithm convAlg) throws CryptoManException
Decipher an encrypted key using the algorithm described by keyInfo.

Parameters:
cipher - the (ciphered) message to decipher
keyInfo - the key token identifying the algorithm and key
keyEncryption - describes how the conventional key is embedded in a block for public key encryption
convAlg - designates the conventional algorithm corresponding to the encrypted key
Returns:
the deciphered string
Throws: CryptoManException
if decryption failed
See Also:
pkEncipher, decipher
 o generateSignature
 public static byte[] generateSignature(byte message[],
                                        CryptoKeyInfo signatureKeyInfo,
                                        HashingAlgorithm hashAlg) throws CryptoManException
Sign a string. A digital signature is applied to the message using a secret signature key. IF a DSA signature is requested SHS-1 will automatically be used as hash function.

Parameters:
message - the message on which to generate a signature
keyInfo - the key token identifying the signature algorithm and secret key
hashAlg - indicates the hashing algorithm to be used (not needed in case of DSA)
Returns:
the digital signature
Throws: CryptoManException
if the algorithm is not supported or an error occurs in module
See Also:
verifySignature
 o generateSignature
 public static byte[] generateSignature(File message_file,
                                        CryptoKeyInfo signatureKeyInfo,
                                        HashingAlgorithm hashAlg) throws CryptoManException
Sign a string. A digital signature is applied to the message using a secret signature key. IF a DSA signature is requested SHS-1 will automatically be used as hash function.

Parameters:
message - the message on which to generate a signature
keyInfo - the key token identifying the signature algorithm and secret key
hashAlg - indicates the hashing algorithm to be used (not needed in case of DSA)
Returns:
the digital signature
Throws: CryptoManException
if the algorithm is not supported or an error occurs in module
See Also:
verifySignature
 o verifySignature
 public static boolean verifySignature(byte message[],
                                       byte signature[],
                                       CryptoKeyInfo keyInfo,
                                       HashingAlgorithm hashAlg) throws CryptoManException
Verify a signature. A digital signature on a message is verified using a public signature key.

Parameters:
message - the message on which to verify a signature
signature - the digital signature
keyInfo - the key token identifying the signature algorithm and public key
hashAlg - defines the hashing algorithm to be used
Returns:
true if signature valid, otherwise false
Throws: CryptoManException
if the algorithm is not supported or an error in module
See Also:
generateSignature
 o verifySignature
 public static boolean verifySignature(File src_file,
                                       byte signature[],
                                       CryptoKeyInfo keyInfo,
                                       HashingAlgorithm hashAlg) throws CryptoManException
Verify a signature. A digital signature on a message is verified using a public signature key.

Parameters:
message - the message on which to verify a signature
signature - the digital signature
keyInfo - the key token identifying the signature algorithm and public key
hashAlg - defines the hashing algorithm to be used
Returns:
true if signature valid, otherwise false
Throws: CryptoManException
if the algorithm is not supported or an error in module
See Also:
generateSignature
 o generateMAC
 public static byte[] generateMAC(byte message[],
                                  MACAlgorithm MACalg,
                                  CryptoKeyInfo keyInfo) throws CryptoManException
Generate a MAC. A message authentication code is generated on a message using a symmetric key. The MAC algorithm is specified using two parameters:

Parameters:
message - on which to generate a MAC
MACalg - designates the MAC algorithm
keyInfo - the key token identifying the MAC algorithm and key
Returns:
the MAC string
Throws: CryptoManException
if the algorithm is not supported, a key is missing or an error in module
See Also:
verifyMAC
 o generateMAC
 public static byte[] generateMAC(File src_file,
                                  MACAlgorithm MACalg,
                                  CryptoKeyInfo keyInfo) throws CryptoManException
Generate a MAC. A message authentication code is generated on a message contained in a file using a symmetric key. The MAC algorithm is specified using two parameters:

Parameters:
message_file - the file on which to generate a MAC
MACalg - designates the MAC algorithm
keyInfo - the key token identifying the MAC algorithm and key
Returns:
the MAC string
Throws: CryptoManException
if the algorithm is not supported, a key is missing or an error in module
See Also:
verifyMAC
 o verifyMAC
 public static boolean verifyMAC(byte message[],
                                 MACAlgorithm MACalg,
                                 byte MAC[],
                                 CryptoKeyInfo keyInfo) throws CryptoManException
Verify a MAC. A message authentication code is verified using a symmetric key key.

Parameters:
message - the message on which to verify the MAC
MACalg - designates the MAC algorithm
MAC - the MAC to verify
keyInfo - the key token identifying the MAC algorithm and key
Returns:
true if MAC valid, otherwise false
Throws: CryptoManException
if the algorithm is not supported, a key is missing or an error in module
See Also:
generateMAC
 o verifyMAC
 public static boolean verifyMAC(File src_file,
                                 MACAlgorithm MACalg,
                                 byte MAC[],
                                 CryptoKeyInfo keyInfo) throws CryptoManException
Verify a MAC. A message authentication code is verified on a file using a symmetric key key.

Parameters:
src_file - the message file on which to verify the MAC
MACalg - designates the MAC algorithm
MAC - the MAC to verify
keyInfo - the key token identifying the MAC algorithm and key
Returns:
true if MAC valid, otherwise false
Throws: CryptoManException
if the algorithm is not supported, a key is missing or an error in module
See Also:
generateMAC
 o whichAlgs
 public static Vector whichAlgs(SecurityService secService)
Gives information of supported algorithms.

Parameters:
secService - describes the service
Returns:
a vector of algorithms implementing the requested service
 o whichAlgs
 public static Vector whichAlgs(int secService)
Gives information of supported algorithms.

Parameters:
secService - describes the service
Returns:
a vector of algorithms implementing the requested service
 o masterKeyEncrypt
 public static byte[] masterKeyEncrypt(byte keyBytes[]) throws CryptoManException
Encrypts the input under the master key (used to encrypt keys before being stored). This is only possible if the crypto manager has been initialised (otherwise an exception is thrown).

Parameters:
keyBytes - is the byte array corresponding ot the key to be encrypted
Returns:
byte array with the encrypted key
Throws: CryptoManException
if the encryption fails
See Also:
masterKeyDecrypt
 o masterKeyDecrypt
 public static byte[] masterKeyDecrypt(byte encryptedKey[]) throws CryptoManException
Decrypts the input under masterKey. This function only works if the master key has been decrypted.

Parameters:
encryptedKey - is the byte array corresponding to the encrypted key
Returns:
byte array with the key
Throws: CryptoManException
if the decryption fails
See Also:
masterKeyEncrypt
 o byteToHex
 public static String byteToHex(byte bytes[])
Returns:
s the bytearray as a hexidecimal string
 o toNullTerminated
 public static byte[] toNullTerminated(String str)
Terminates the String with a null character

Parameters:
str - the String to represent as a null terminated byte array
Returns:
s an array of bytes representing str with a terminating nullchar
 o toNullTerminated
 public static byte[] toNullTerminated(File src_file) throws CryptoManException
Terminates the String with a null character

Parameters:
src_file - the file to get the filename from
Returns:
s an array of bytes representing the name of the src_file with a terminating nullchar
Throws: CryptoManException
if IOException occurs

All Packages  Class Hierarchy  This Package  Previous  Next  Index