All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class semper.statement.StatementModule

java.lang.Object
   |
   +----semper.statement.StatementModule

public class StatementModule
extends Object
implements ComPointConstants
Implements the module performing keyexchange. Such a key exchange is used to share conventinal keys when setting up a statement session. The present module describes two methods for key exchange described. In simple key exchange one party selects a key and sends it encrypted and signed to the other party. In "mutual key exchange" one party sends a signed hash value of a key to the other party, gets back a signed and encrypted new random value and then returns his own initial key (encrypted). The final negotiated value is the bitwise XOR of the two keys.

Version:
$Revision: 1.28 $ $Date: 1998/01/16 10:02:21 $
Author:
Jesper Drud Nielsen (drud@cryptomathic.dk), Thomas Sepstrup Nielsen (tsn@cryptomathic.dk), Torben Pryds Pedersen (tpp@cryptomathic.dk)
See Also:
openStatementSession, StatementTransaction

Constructor Index

 o StatementModule()

Method Index

 o getDescr(KeyExchange)
Returns a short textual description of the key exchange method given as parameter.
 o originatorExchangeKey(ComPoint, KeyExchange, ConventionalAlgorithm, CertificateContext, CertificateContext, Vector)
Performs the key exchange using the indicated method and stores it in the archive.
 o originatorMutual(ComPoint, ConventionalAlgorithm, Vector, CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo)
Mutual random key exchange - originator side.
 o originatorSimple(ComPoint, ConventionalAlgorithm, Vector, CryptoKeyInfo, CryptoKeyInfo)
Simple key exchange - originator side.
 o responderExchangeKey(ComPoint, KeyExchange, ConventionalAlgorithm, CertificateContext, CertificateContext, Vector)
Performs the key exchange using the indicated method and stores it in the archive.
 o responderMutual(ComPoint, ConventionalAlgorithm, Vector, CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo)
Mutual random key exchange - responder side.
 o responderSimple(ComPoint, ConventionalAlgorithm, Vector, CryptoKeyInfo, CryptoKeyInfo)
Simple key exchange - responder side.
 o whichAlgs()
Returns a vector of integers describing the supported key exchange methods.

Constructors

 o StatementModule
 public StatementModule()

Methods

 o whichAlgs
 public static Vector whichAlgs()
Returns a vector of integers describing the supported key exchange methods. This list can for example be used for negotiation later on

Returns:
vector of supported methods
 o getDescr
 public static String getDescr(KeyExchange method_id)
Returns a short textual description of the key exchange method given as parameter. To be deprecated. Instead one can use the toString of the method directly.

Parameters:
method_id - identifies the method for which a description is requested
Returns:
a description of the method.
 o originatorSimple
 public static byte[] originatorSimple(ComPoint com_point,
                                       ConventionalAlgorithm convAlg,
                                       Vector options,
                                       CryptoKeyInfo secKey,
                                       CryptoKeyInfo pubKey) throws StatementModuleException
Simple key exchange - originator side. The originator selects a key, signs it and encrypts under the public key of the responder. The responder can verify that it comes from the asumed originator. On the other hand the originator knows that only the assumed responder can recover the key.

Parameters:
com_point - is used for communication with the responder
convAlg - is the conventional algorithm for which a key is needed
options - gives security options of the communication channel (placeholder)
secKey - is the secret key of the originator
pubKey - is the public key of the responder
Returns:
byte array shared with the peer
Throws: StatementModuleException
if the key exchange fails
See Also:
responderSimple
 o responderSimple
 public static byte[] responderSimple(ComPoint com_point,
                                      ConventionalAlgorithm convAlg,
                                      Vector options,
                                      CryptoKeyInfo secKey,
                                      CryptoKeyInfo pubKey) throws StatementModuleException
Simple key exchange - responder side. The originator selects a key, signs it and encrypts under the public key of the responder. The responder can verify that it comes from the asumed originator. On the other hand the originator knows that only the assumed responder can recover the key.

Parameters:
com_point - is used to communicate with the originator
convAlg - is the conventional algorithm for which a key is needed
options - gives security options of the communication channel (placeholder)
secKey - is the secret key of the responder
pubKey - is the public key of the originator
Returns:
handle to the exchanged key
Throws: StatementModuleException
if the key exchange fails
See Also:
originatorSimple
 o originatorMutual
 public static byte[] originatorMutual(ComPoint com_point,
                                       ConventionalAlgorithm convAlg,
                                       Vector options,
                                       CryptoKeyInfo secKeyEnc,
                                       CryptoKeyInfo secKeySig,
                                       CryptoKeyInfo pubKeyEnc,
                                       CryptoKeyInfo pubKeySig) throws StatementModuleException
Mutual random key exchange - originator side. The originator commits to a random number (using a hash function) and signs it. The responder chooses a random number, r, signs the pair (r, h(r)), where h is the hash function (MD5) and encrypts the result under the originators public encrypton key. This is sent to the originator, who finally sends back its random number encrypted under the responders public key. Later versions should also give the key size/algorithm as input. and the chosen hash function. For the moment MD5 is used.

Parameters:
com_point - is used for communication with the responder
convAlg - is the conventional algorithm for which a key is needed
options - gives security options of the communication channel (placeholder)
secKeyEnc - is the secret decryption key of the originator
secKeySig - is the secret signature key of the originator
pubKeyEnc - is the public encryption key of the responder
pubKeySig - is the public signature key of the responder
Returns:
handle to the exchanged key (which in later versions is archived)
Throws: StatementModuleException
f the key exchange fails
See Also:
responderSimple
 o responderMutual
 public static byte[] responderMutual(ComPoint com_point,
                                      ConventionalAlgorithm convAlg,
                                      Vector options,
                                      CryptoKeyInfo secKeyEnc,
                                      CryptoKeyInfo secKeySig,
                                      CryptoKeyInfo pubKeyEnc,
                                      CryptoKeyInfo pubKeySig) throws StatementModuleException
Mutual random key exchange - responder side. The originator commits to a random number (using a hash function) and signs it. The responder chooses a random number, r, signs the pair (r, h(r)), where h is the hash function (MD5) and encrypts the result under the originators public encrypton key. This is sent to the originator, who finally sends back its random number encrypted under the responders public key. Later versions should also give the key size/algorithm as input. and the chosen hash function. For the moment MD5 is used.

Parameters:
com_point - is used for communication with the originator
convAlg - is the conventional algorithm for which a key is needed
options - gives security options of the communication channel (placeholder)
secKeyEnc - is the secret decryption key of the originator
secKeySig - is the secret signature key of the originator
pubKeyEnc - is the public encryption key of the responder
pubKeySig - is the public signature key of the responder
Returns:
handle to the exchanged key (which in later versions is archived)
Throws: StatementModuleException
if the key exchange fails
See Also:
originatorSimple
 o originatorExchangeKey
 public static byte[] originatorExchangeKey(ComPoint com_point,
                                            KeyExchange exchange_method,
                                            ConventionalAlgorithm convAlg,
                                            CertificateContext myContext,
                                            CertificateContext yourContext,
                                            Vector options) throws StatementModuleException
Performs the key exchange using the indicated method and stores it in the archive. Originator side.

Parameters:
com_point - is used for communication with the responder
exchange_method - identifies the key exchange method to be used
convAlg - describes the conventional algorithm for which a key is needed
myContext - contains my own certificate context
yourContext - contains the certificate context of the peer
options - gives security options of the communication channel
Returns:
an array of bytes shared with the peer.
Throws: StatementModuleException
if the key exchange fails
See Also:
responderExchangeKey
 o responderExchangeKey
 public static byte[] responderExchangeKey(ComPoint com_point,
                                           KeyExchange exchange_method,
                                           ConventionalAlgorithm convAlg,
                                           CertificateContext myContext,
                                           CertificateContext yourContext,
                                           Vector options) throws StatementModuleException
Performs the key exchange using the indicated method and stores it in the archive. Server side.

Parameters:
my_address - is the address of the responder (not used in this module)
com_point - is used for communication with the originator
exchange_method - identifies the key exchange method to be used
convAlg - describes the conventional algorithm for which a key is needed
myContext - contains my own certificate context
yourContext - contains the certificate context of the peer
options - gives security options of the communication channel
Returns:
an array of bytes shared with the peer.
Throws: StatementModuleException
if the key exchange fails
See Also:
originatorExchangeKey

All Packages  Class Hierarchy  This Package  Previous  Next  Index