Class semper.crypto.CryptoMan
All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class semper.crypto.CryptoMan

java.lang.Object
   |
   +----semper.crypto.CryptoMan

public class CryptoMan
extends Object
implements CryptoConstants
CryptoMan provides an interface to all cryptologic services needed by SEMPER. These comprise encryption (symmetric and public-key), signaing and message authentication (MAC). Furthermore, CryptoMan provides hashing functions. Algorithms are encoded by integers as described in CryptoConstants. The actual functions are implemented in a module. A module based on Cryptomathic's tools is implemented in CRMModule. As soon as the interface to this module is more stable, an interface will be defined, which modules must implement.
Version:
$Revision: 1.36 $ $Date: 1997/04/23 14:55:33 $
Author:
Jesper Drud Nielsen (drud@cryptomathic.aau.dk), Torben Pedersen (tpp@cryptomathic.aau.dk)
See Also:
CryptoConstants, CRMModule

Constructor Index

 o CryptoMan()
Instantiation of this class is prevented by throwing an exception.

Method Index

 o decipher(byte[], boolean, int, CryptoKeyInfo)
Decipher an array of bytes using the algorithm described by keyInfo.
 o encipher(byte[], boolean, int, CryptoKeyInfo)
Encipher a message using the conventional algorithm described by keyInfo.
 o generateHash(int, byte[], boolean)
Hash a string.
 o generateMAC(byte[], boolean, int, CryptoKeyInfo)
Generate a MAC.
 o generateMasterKey(CryptoKeyInfo)
Method for generating and installing a masterkey.
 o generatePubKeyPair(boolean, byte[], CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo)
Generate a random public key pair as above, but algorithm as well as key length define in a dialog with the user (through TINGUIN).
 o generatePubKeyPair(int, byte[], CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo)
Generate a random public key pair as above, but with 512 bits key length.
 o generatePubKeyPair(int, int, byte[], CryptoKeyInfo, CryptoKeyInfo, CryptoKeyInfo)
Generate a random public key pair.
 o generateSignature(byte[], boolean, CryptoKeyInfo, int)
Sign a string.
 o generateSymKey(int, byte[])
Generate a random symmetric key.
 o getLength(int)
Returns the maximal lenght of a key of the algorithm.
 o getSerialNo()
Outputs the lastly used key serial number.
 o init()
This function initialises the Crypto manager.
 o initConstInt()
Initialises the vector of integers encoding the cryptographic parameters.
 o initConstString()
This function initialises a vectore of descriptions of the constants used to designatre cryptographic constants.
 o int2Str(int)
Converts a constant to a string describing the constant.
 o isInitialised()
Tells whether CryptoMan is initialised.
 o masterKeyDecrypt(byte[])
Decrypts the input under masterKey.
 o masterKeyEncrypt(byte[])
Encrypts the input under the master key (used to encrypt keys before being stored).
 o pkDecipher(byte[], CryptoKeyInfo, int, int)
Decipher an encrypted key using the algorithm described by keyInfo.
 o pkEncipher(CryptoKeyInfo, boolean, CryptoKeyInfo, int)
Encipher a conventional key using the asymmetric algorithm described by keyInfo.
 o randomBytes(int)
Returns an array of random bytes.
 o signatureLength(int)
Returns the maximal lenght of a signature using the given algorithm.
 o str2Int(String)
Converts a String to a constant.
 o updateMasterKey(CryptoKeyInfo)
Decrypt the masterKey under a key derived from the password.
 o updateSerialNo()
Updates the serial number uniquely identifying keys.
 o verifyMAC(byte[], boolean, int, byte[], CryptoKeyInfo)
Verify a MAC.
 o verifySignature(byte[], boolean, byte[], CryptoKeyInfo, int)
Verify a signature.
 o whichAlgs(int)
Gives information of supported algorithms.

Constructors

 o CryptoMan
  public CryptoMan() throws CryptoManException
Instantiation of this class is prevented by throwing an exception. All services should be called using static calls.
Throws: CryptoManException
if this method is called

Methods

 o isInitialised
  public static boolean isInitialised()
Tells whether CryptoMan is initialised. The CryptoMan is initialised when CryptoMan.init() has been successfully executed.
Returns:
true if CryptoMan has been executed, false otherwise.
 o init
  public static void init() throws CryptoManException
This function initialises the Crypto manager. The initialisation mainly does the following: The very first time the manager is initialised the user is asked to enter a seed of at least 16 characters (this may not be sufficient). Furthermore, the user is requested to define a password which protects his master key (the masterkey protects all other keys). In later initialisations the user has to enter this password. Here no seed is needed, as the crypto manager during initialisation computes a new seed (using the pseudo random generator of the module) and stores it so that it can used in the next initialisation.
Throws: CryptoManException
if initialisation could not be done
 o updateSerialNo
  public static synchronized void updateSerialNo()
Updates the serial number uniquely identifying keys. The crypto manager assigns a unique (for the user) serial number to all keys generated. This method is sunchronized in order to ensure that different keys will get different numbers. The serial number can be obtained by reading a private variable of the manager.
 o getSerialNo
  public static long getSerialNo()
Outputs the lastly used key serial number. This function is only necessary if the serial number is needed outside the manager, as every service in the manager can access the value of the serial number immediately.
Returns:
A new serial number
 o randomBytes
  public static synchronized byte[] randomBytes(int length) throws CryptoManException
Returns an array of random bytes. These bytes are generated by the PRG of the module.
Parameters:
length - is requested number of bytes
Returns:
an array of random bytes
Throws: CryptoManException
if the module is not initialised
 o generateSymKey
  public static synchronized CryptoKeyInfo generateSymKey(int alg,
                                                          byte seed[]) throws CryptoManException
Generate a random symmetric key. A key for use by a symmetric algorithm is generated and returned. A key identifier is associated with the key. It is of the following form: "CryptoKeyInfo_userId_algId_serialnumber". The serial number is the unique number maintained by the and the algorithm is int2Str(alg).
Parameters:
alg - the symmetric algorithm for which a key is requested
seed - (optional) is used as random seed for the key generation. If no seed (at least 16 byts) is supplied a seed generated by the PRG will be used
Returns:
a cryptographic key token containing the random key
Throws: CryptoManException
if the algorithm is not suported, the pseudo random generator is not initialised (and no seed is provided), or an error occured in the module
See Also:
randomBytes, updateSerialNo
 o generatePubKeyPair
  public static synchronized void generatePubKeyPair(int alg,
                                                     int keyLength,
                                                     byte seed[],
                                                     CryptoKeyInfo commonKeyInfo,
                                                     CryptoKeyInfo secKeyInfo,
                                                     CryptoKeyInfo pubKeyInfo) throws CryptoManException
Generate a random public key pair. A key pair for use by an asymmetric algorithm is generated and returned. A key identifier is associated with the key. It is of the following form: "CryptoKeyInfo_userId_algId_Type_serialnumber", where Type is "sk", "pk" or "ck" depending on whether the key is secret, public or common. The serial number is obtained from the manager itself and the algorithm is int2Str(alg). The identity of commonKeyInfo is only set if a new common part is generated. For the moment the key lenght is hard coded to 64 bytes. This is clearly insufficient for real security, but is chosen to make test programs faster. In the future it will be possible to define the key length in the preferences (probably with 128 bytes as default).
Parameters:
alg - the asymmetric algorithm for which a key pair is requested
keyLength - is the length of the key (in bytes)
seed - is the seed to be used. If no seed supplied (null or seed.length == 0) the CryptoModule will use its own PRG)
commonKeyInfo - contains common part of the publie key (e.g., a description of the group in case of DL based schemes). If such a value is supplied as input the keys will be generated with respect to this common part)
secKeyInfo - the generated secret key (contains a pointer to commonKeyInfo if appropriate)
pubKeyInfo - the generated public key (contains a pointer to commonKeyInfo if appropriate)
Returns:
void
Throws: CryptoManException
if the algorithm is not supported or no seed is provided and the manager is not initilised, or an error occured in the module
See Also:
CRMModule
 o generatePubKeyPair
  public static synchronized void generatePubKeyPair(int alg,
                                                     byte seed[],
                                                     CryptoKeyInfo commonKeyInfo,
                                                     CryptoKeyInfo secKeyInfo,
                                                     CryptoKeyInfo pubKeyInfo) throws CryptoManException
Generate a random public key pair as above, but with 512 bits key length. A key pair for use by an asymmetric algorithm is generated and returned. A key identifier is associated with the key. It is of the following form: "CryptoKeyInfo_userId_algId_Type_serialnumber", where Type is "sk", "pk" or "ck" depending on whether the key is secret, public or common. The serial number is obtained from the manager itself and the algorithm is int2Str(alg). The identity of commonKeyInfo is only set if a new common part is generated. For the moment the key lenght is hard coded to 64 bytes. This is clearly insufficient for real security, but is chosen to make test programs faster. In the future it will be possible to define the key length in the preferences (probably with 128 bytes as default).
Parameters:
alg - the asymmetric algorithm for which a key pair is requested
seed - is the seed to be used. If no seed supplied (null or seed.length == 0) the CryptoModule will use its own PRG)
commonKeyInfo - contains common part of the publie key (e.g., a description of the group in case of DL based schemes). If such a value is supplied as input the keys will be generated with respect to this common part)
secKeyInfo - the generated secret key (contains a pointer to commonKeyInfo if appropriate)
pubKeyInfo - the generated public key (contains a pointer to commonKeyInfo if appropriate)
Returns:
void
Throws: CryptoManException
if the algorithm is not supported or no seed is provided and the manager is not initilised, or an error occured in the module
See Also:
CRMModule
 o generatePubKeyPair
  public static synchronized void generatePubKeyPair(boolean signing,
                                                     byte seed[],
                                                     CryptoKeyInfo commonKeyInfo,
                                                     CryptoKeyInfo secKeyInfo,
                                                     CryptoKeyInfo pubKeyInfo) throws CryptoManException
Generate a random public key pair as above, but algorithm as well as key length define in a dialog with the user (through TINGUIN). A key pair for use by an asymmetric algorithm is generated and returned. A key identifier is associated with the key. It is of the following form: "CryptoKeyInfo_userId_algId_Type_serialnumber", where Type is "sk", "pk" or "ck" depending on whether the key is secret, public or common. The serial number is obtained from the manager itself and the algorithm is int2Str(alg). The identity of commonKeyInfo is only set if a new common part is generated. For the moment the key lenght is hard coded to 64 bytes. This is clearly insufficient for real security, but is chosen to make test programs faster. In the future it will be possible to define the key length in the preferences (probably with 128 bytes as default).
Parameters:
signing - is a boolean indicating the type of functionality requested (true: signing, false: encryption)
seed - is the seed to be used. If no seed supplied (null or seed.length == 0) the CryptoModule will use its own PRG)
commonKeyInfo - contains common part of the publie key (e.g., a description of the group in case of DL based schemes). If such a value is supplied as input the keys will be generated with respect to this common part)
secKeyInfo - the generated secret key (contains a pointer to commonKeyInfo if appropriate)
pubKeyInfo - the generated public key (contains a pointer to commonKeyInfo if appropriate)
Returns:
void
Throws: CryptoManException
if the algorithm is not supported or no seed is provided and the manager is not initilised, or an error occured in the module
See Also:
CRMModule
 o generateHash
  public static byte[] generateHash(int alg,
                                    byte message[],
                                    boolean fileInput) throws CryptoManException
Hash a string. The input array is hashed using the given hash algorithm.
Parameters:
alg - the hash algorithm
message - the message to hash
if - fileInput is true, this method will interpret message as the name of a file, the contents of which will be hashed.
Returns:
the hash value
Throws: CryptoManException
if the algorithm is not supported or an error occured in the module
 o encipher
  public static byte[] encipher(byte message[],
                                boolean fileEncryption,
                                int msgPadding,
                                CryptoKeyInfo keyInfo) throws CryptoManException
Encipher a message using the conventional algorithm described by keyInfo.
Parameters:
message - the message to encipher or filename of cleartext
fileEncryption - is a boolean indicating if input/output is from/to files. If fileEncryption is requested message is the name of the input file.
msgPadding - indicates how the message is padded before encryption
keyInfo - the key token identifying the algorithm and key to be used
Returns:
the enciphered string (if file encryption, the name of the encrypted file is returned).
Throws: CryptoManException
if encryption failed or some input is missing
See Also:
decipher, pkEncipher
 o decipher
  public static byte[] decipher(byte cipher[],
                                boolean fileDecryption,
                                int msgPadding,
                                CryptoKeyInfo keyInfo) throws CryptoManException
Decipher an array of bytes using the algorithm described by keyInfo. After the ciphertext has been decrypted the padding (added during encipherment) is removed.
Parameters:
cipher - the (ciphered) message to decipher
fileDecryption - is a boolean indicating if input/output is from/to files. If fileDecryption is requested cipher is the name of the input file.
msgPadding - indicates how the message is padded before encryption
keyInfo - the key token identifying the algorithm and key
Returns:
the deciphered string
Throws: CryptoManException
if decryption failed
See Also:
encipher
 o pkEncipher
  public static byte[] pkEncipher(CryptoKeyInfo convKeyInfo,
                                  boolean makeConvKey,
                                  CryptoKeyInfo pubKeyInfo,
                                  int keyEncryption) throws CryptoManException
Encipher a conventional key using the asymmetric algorithm described by keyInfo. The key is padded as described by the parameter keyEncryption before being encrypted.
Parameters:
convKeyInfo - contains the symmetric key in clear to be enciphered (possibly generated by pkEncipher and returned in convKeyInfo)
makeKeyInfo - if true a new symmetric key is generated (corresponding to the algorithm designated by convKeyInfo)
pubKeyInfo - is the public key to be used
keyEncryption - describes how the conventional key is embedded in a block for public key encryption
Returns:
the enciphered key
Throws: CryptoManException
if pubKeyInfo is missing or an error occurs in the module
See Also:
encipher, pkDecipher
 o pkDecipher
  public static byte[] pkDecipher(byte cipher[],
                                  CryptoKeyInfo keyInfo,
                                  int keyEncryption,
                                  int convAlg) throws CryptoManException
Decipher an encrypted key using the algorithm described by keyInfo.
Parameters:
cipher - the (ciphered) message to decipher
keyInfo - the key token identifying the algorithm and key
keyEncryption - describes how the conventional key is embedded in a block for public key encryption
convAlg - designates the conventional algorithm corresponding to the encrypted key
Returns:
the deciphered string
Throws: CryptoManException
if decryption failed
See Also:
pkEncipher, decipher
 o generateSignature
  public static byte[] generateSignature(byte message[],
                                         boolean fileInput,
                                         CryptoKeyInfo signatureKeyInfo,
                                         int hashAlg) throws CryptoManException
Sign a string. A digital signature is applied to the message using a secret signature key. IF a DSA signature is requested SHS-1 will automatically be used as hash function.
Parameters:
message - the message on which to generate a signature
fileInput - indicates if message is the name of a file to be signed
keyInfo - the key token identifying the signature algorithm and secret key
hashAlg - indicates the hashing algorithm to be used (not needed in case of DSA)
Returns:
the digital signature
Throws: CryptoManException
if the algorithm is not supported or an error in module
See Also:
verifySignature
 o verifySignature
  public static boolean verifySignature(byte message[],
                                        boolean fileInput,
                                        byte signature[],
                                        CryptoKeyInfo keyInfo,
                                        int hashAlg) throws CryptoManException
Verify a signature. A digital signature on a message is verified using a public signature key.
Parameters:
message - the message on which to verify a signature
fileInput - indicates if message is the name of a file to be signed
signature - the digital signature
keyInfo - the key token identifying the signature algorithm and public key
hashAlg - defines the hashing algorithm to be used
Returns:
true if signature valid, otherwise false
Throws: CryptoManException
if the algorithm is not supported or an error in module
See Also:
generateSignature
 o generateMAC
  public static byte[] generateMAC(byte message[],
                                   boolean fileInput,
                                   int MACalg,
                                   CryptoKeyInfo keyInfo) throws CryptoManException
Generate a MAC. A message authentication code is generated on a message using a symmetric key. The MAC algorithm is specified using two parameters:
Parameters:
message - the message on which to generate a MAC
fileInput - is true if message is the name of a file
MACalg - designates the MAC algorithm
keyInfo - the key token identifying the MAC algorithm and key
Returns:
the MAC string
Throws: CryptoManException
if the algorithm is not supported, a key is missing or an error in module
See Also:
verifyMAC
 o verifyMAC
  public static boolean verifyMAC(byte message[],
                                  boolean fileInput,
                                  int MACalg,
                                  byte MAC[],
                                  CryptoKeyInfo keyInfo) throws CryptoManException
Verify a MAC. A message authentication code is verified using a symmetric key key.
Parameters:
message - the message on which to verify the MAC
fileInput - is true if message is the name of a file
MACalg - designates the MAC algorithm
MAC - the MAC to verify
keyInfo - the key token identifying the MAC algorithm and key
Returns:
true if MAC valid, otherwise false
Throws: CryptoManException
if the algorithm is not supported, a key is missing or an error in module
See Also:
generateMAC
 o whichAlgs
  public static Vector whichAlgs(int secService)
Gives information of supported algorithms. The security services supported by CryptoMan are encoded as follows. 0: Conventional krypto system 1: MAC algorithm 2: Public key de/encryption 3: Methods for making signatures 4: Hash functions
Parameters:
secService - describes the service
Returns:
a vector of algorithms implementing the requested service
 o getLength
  public static int getLength(int algId) throws CryptoManException
Returns the maximal lenght of a key of the algorithm.
Parameters:
algId - the algorithm for which the maximal key length is requested
Returns:
lenght of keys (representation) for the algorithm
Throws: CryptoManException
if the algorithm is not supported
 o signatureLength
  public static int signatureLength(int algId) throws CryptoManException
Returns the maximal lenght of a signature using the given algorithm. This is useful when allocating space for a signature.
Parameters:
algId - the algorithm for which the maximal signature length is requested
Returns:
maximal length of the signature
Throws: CryptoManException
if the algorithm is not supported
 o generateMasterKey
  public static void generateMasterKey(CryptoKeyInfo passwdKeyInfo) throws CryptoManException
Method for generating and installing a masterkey. Generates a DES key to be used as a master key. The attribute masterKey is updated as part of this. The actual key value is encrypted under the password and stored in archive
Parameters:
passwordKeyInfo - protects the master key
Throws: CryptoManException
in case of errors when generating or storing the key
See Also:
generateSymKey
 o updateMasterKey
  public static void updateMasterKey(CryptoKeyInfo passwdKeyInfo) throws CryptoManException
Decrypt the masterKey under a key derived from the password. This function requires that the masterKey object has been retrieved from archive. If the key value of the master key is not encrypted, this function has no effect. Otherwise, if it is encrypted on the password corresponding to the input key, the key value in the master key object will be replaced by the key value in clear.
Parameters:
passwdKeyInfo - protects the master key
Throws: CryptoManException
if the key cannot be decrypted
See Also:
getKeyVal
 o masterKeyEncrypt
  public static byte[] masterKeyEncrypt(byte keyBytes[]) throws CryptoManException
Encrypts the input under the master key (used to encrypt keys before being stored). This is only possible if the crypto manager has been initialised (otherwise an exception is thrown).
Parameters:
keyBytes - is the byte array corresponding ot the key to be encrypted
Returns:
byte array with the encrypted key
Throws: CryptoManException
if the encryption fails
See Also:
masterKeyDecrypt
 o masterKeyDecrypt
  public static byte[] masterKeyDecrypt(byte encryptedKey[]) throws CryptoManException
Decrypts the input under masterKey. This function only works if the master key has been decrypted.
Parameters:
encryptedKey - is the byte array corresponding to the encrypted key
Returns:
byte array with the key
Throws: CryptoManException
if the decryption fails
See Also:
masterKeyEncrypt
 o initConstString
  public static void initConstString()
This function initialises a vectore of descriptions of the constants used to designatre cryptographic constants. This is a helper function.
 o initConstInt
  public static void initConstInt()
Initialises the vector of integers encoding the cryptographic parameters. This is a help function corresponding to initConstString.
 o int2Str
  public static String int2Str(int elem)
Converts a constant to a string describing the constant. The conversion is based on presumes that initConstInt and initConstString has been executed (as they are. when the crypto manager is initialised).
Parameters:
elem - is the integer constant
Returns:
string describing the constant (null if the constant is not defined)
See Also:
initConstString, initConstInt
 o str2Int
  public static int str2Int(String str)
Converts a String to a constant. The conversion is based on two vectors which must have been initialised. The conversion is based on presumes that initConstInt and initConstString has been executed (as they are. when the crypto manager is initialised).
Parameters:
str - is the string constant
Returns:
the corresponding integer (0 if the str does not define a constant)
See Also:
initConstString, initConstInt

All Packages  Class Hierarchy  This Package  Previous  Next  Index