[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [iaik-jce] Data encryption algs for PKCS7
Not yet statically regisered AlgorithmIDs can be
created and registered by using the
objectID, String name, String implementationName);
constructor of the
AlgorithmID class, where "objectID" specifies the "OID"
string, name the name
of the algorithm, and "implementationName" a
transformation string that will
work on Cipher.getInstance(...), e.g. (for IDEA).
AlgorithmID idea_CBC =
setupCipher(contentEA, Key key, AlgorithmParameterSpec params)
method of the EncryptedContentInfo(Stream) class may be used for setup the
cipher with precomputed key/parameters of a particular algorithm. The
parameters shall be be set for the algorithmID (by means of the
setAlgorithmParameters or setParameter method) before calling setupCipher, and
the supplied AlgorithmParameterSpec has to match to the parameters
incorporated in the algorithmID.
The setupCipher then calls Cipher.getInstance(..)
with the implementationName previously registered when creating the
AlgorithmID. However, it will take the algorithm-implementation of the first
provider supporting the specific algorithm.
On recipient side the setupCipher(Key) method
only should be used when the content encryption algorithmID contains an
initialization vector that is encoded as OCTET STRING. In situations where there
are other parameters/encodings the algorithmID should be parsed explicitly for
the including parameters, and the
setupCipher(Key key, AlgorithmParameterSpec params) method should
be used to setup the cipher for decryption, e.g.:
// get the content encryption
AlgorithmID contentEA =
// get and parse the
ASN1Object params =
// create an AlgorithmParameterSpec from the
parameters to setup the cipher
// for decryption with previously decrypted
// get and read the data thereby actually performing the
InputStream data_is =
An example can be found in the
Javadoc of Jce2.51.
Subject: [iaik-jce] Data encryption algs for PKCS7
> Dear Sirs:
> I am writing to enquire which data encryption
algorithms may be used in
> the IAIK PKCS7
> I use eci.setupCipher(AlgorithmID) to specify
the dat encryption
> cipher. For symmetric ciphers for which the
AlgorithmID class provides
> a static member, those algorithms can be used
> Can other algorithms or other modes be used in
PKCS7? Is it to be done
> by defining new AlgorithmID's? And
can the implementation of another
> provider (such as Jsafe) be accessed
for that algorithm? If yes, is
> there a different way other than to
put that provider before IAIK in the
> list of providers, which would have
effects on other features also be
> selected from that provider by
> For example, you provide other modes for 3DES, and you
> implementation of Blowfish cipher.
> Will the
decryption logic in the EncryptedDataStream class be able to
whatever info about the data encryption algorithm was placed into
PKCS7 object and generate a request to Cipher.getInstance( ) or the
equivalent to locate an implementation of the correct algorithm?
we have to register an algorithm with an OID and a name? If so,
which? Does the protected member "implementations" of class AlgorithmID
figure into this? Is is true that for sending a message encrypted
> a data encryption algorithm, we must do the registration on both
> encrypting side and also on the decrypting side .
> Is it
an issue of lack of standardized ObjectID's for the algorithms?
> Is the
ASN1 for the parameters standardized for different providers of
> the same
> Thank you.