IAIK-JCE works on any Java™ version starting with JDK 1.2 up to the most recent versions.
IAIK-JCE comes with its own security provider offering a great variety of cryptographic services, algorithms and secure random number generators. The X.509 package supports X.509 public key, qualified and attributes certificates, revocation information handling via CRLs and OCSP, and searching and downloading certificates or CRLs from LDAP directories. Comprehensive ASN.1 and PKCS APIs allow easy modelling of ASN.1 structures, secure storing of sensitive keying and data material, and signing or encrypting digital documents. An extensive demo source library makes it easy to soon become familiar with Cryptography for the Java™ platform and IAIK-JCE.
Since IAIK-JCE version 5.0 we have been delivering an optional AES addon, which makes use of the AES-NI instruction set extensions of modern x86 CPUs. Using this addon the throughput of AES can be sped up tremendously. Take a look at our speed tables to see the difference.
The provider architecture has been introduced by the Java™ Cryptographic Architecture (JCA), making it possible for different cryptographic implementations to operate on common interfaces (consult the Java™ Cryptography Architecture API Specification & Reference).
The term provider is an abbreviation for Cryptographic Package Provider and denotes a package or a set of packages supplying concrete implementations of some cryptographic services of the Java™ Cryptography API (see JCA). A JCA provider may realise implementations of digital signature, message digest and key pair generation algorithms, certificate factories and keystores. If the JCA API is extended by the Java™ Cryptography Extension (JCE) API, a provider may also implement encryption, message authentication and key exchange algorithms.
The master class of the IAIK security package provider is class IAIK of package iaik.security.provider. It extends class java.security.Provider for registering the IAIK provider specific cryptographic implementations within the Java™ cryptography architecture. The IAIK provider supports both, algorithm implemetations for JCA and for the JCE extension (see below).
The IAIK provider contains the following JCA implementations (follow this link for a detailed list):
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA512/224, SHA512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512;
SHA3 Extendable Output Functions (XOFs): SHAKE128 (SHAKE128InputStream), SHAKE256 (SHAKE256InputStream) |
Groestl-224, Groestl-256, Groestl-384, Groestl-512 |
BLAKE-224, BLAKE-256, BLAKE-384, BLAKE-512 |
Keccak-224, Keccak-256, Keccak-384, Keccak-512 |
JH-224, JH-256, JH-384, JH-512 |
Skein-224, Skein-256, Skein-384, Skein-512 |
MD2, MD5 |
RIPEMD-128, RIPEMD-160, RIPEMD-256, RIPEMD-320 |
WHIRLPOOL |
GOST-3411 |
PKCS#1 version 1.5 RSA with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA512/224, SHA512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, MD2, MD5, RIPEMD-128, RIPEMD-160, RIPEMD-256, WHIRLPOOL; raw RSA with external hashing |
PKCS#1 version 2.1 RSA PSS with SHA-1, SHA-256, SHA-384, SHA-512, SHA512/224, SHA512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, MD2, MD5, RIPEMD-128, RIPEMD-160, WHIRLPOOL; raw RSA PSS with external hashing Support for RSASSA-PSS keys according to RFC 4055 |
ISO 9796-2 (2002) RSA with SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-128, RIPEMD-160, WHIRLPOOL; raw RSA with external hashing |
SSL/TLS RSA signature with MD5 and SHA-1 |
DSA and DSA with external hashing; DSA with SHA-1, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 |
RSA and RSASSA-PSS (IEEE P1363 and FIPS 186-3) |
DSA, SHA1withDSA, SHA224withDSA, SHA256withDSA |
RSA, RSASSA-PSS |
DSA, SHA1withDSA, SHA224withDSA, SHA256withDSA |
DSA, SHA1withDSA, SHA224withDSA, SHA256withDSA |
DSA, SHA1withDSA, SHA224withDSA, SHA256withDSA |
RSAPkcs15 (raw), RSASSA-PSS |
ISO9796-2-RM |
MGF1 |
IAIKKeyStore |
PKCS#12 |
X.509 |
Qualified |
X.509 AC (Attribute certificate factory) |
MGF1 |
NIST SP800-90 with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, HMAC/SHA-1, HMAC/SHA-224, HMAC/SHA256, HMAC/SHA-384, HMAC/SHA-512, AES-128, AES-192 and AES-256 |
FIPS 186 with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD-160 |
BSI AIS 20 (v2.0) E5 with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD5, RIPEMD-128, RIPEMD-160, WHIRLPOOL |
ANSI X9.17 |
See here for a detailed list of the JCA implementations of the IAIK provider.
The IAIK provider supports the following JCE implementations (follow this link for a detailed list):
AES, Blowfish, Camellia, CAST-128, DES, DESede, GOST, IDEA, MARS, RC2, RC5, RC6, Rijndael, Rijndael-256, Serpent, Twofish |
ARCFOUR (compatible with RC4™), ChaCha20, ChaCha20Poly1305 |
Key Wrap (AES, AES Key Wrap with Padding, Camellia, CAST-128, DESede, HMAC-DESede, HMAC-AES, IDEA, RC2) |
PBE (PKCS#5 PBES1 with MD5, SHA-1 and DES, Triple-DES, RC2; PKCS#5 PBES2 with AES, DESede, … and HMAC/SHA-1, HMAC/SHA-2) |
AES-CBC-CMAC-128, AES-CBC-CMAC-192, AES-CBC-CMAC-256 (BSI TR-03109-1) |
RSA (PKCS#1v1.5), RSAES-OAEP (PKCS#1v2.1) |
ElGamal (PKCS#1v1.5) |
ECB, CBC, PCBC, CFB, OFB, CTR, CCM, GCM, CTS, OpenPGPCFB |
RSA (PKCS#1v1.5): 0, 1, 2 (block types); SSL |
NoPadding, PKCS5Padding, SSL3Padding, ISO78164Padding, ISO10126-2 |
RSA: PKCS1Padding, OAEP |
ElGamal: PKCS1Padding |
DH, ESDH |
HMAC with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA512/224, SHA512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, MD5, RIPEMD-128, RIPEMD-160, WHIRLPOOL, GOST-3411 |
CMAC with AES and DESede |
CBCMac with AES, DESede, and DES |
Poly1305 |
RSA (PKCS#1v1.5), RSAES-OAEP (PKCS#1v2.1) (IEEE P1363 and FIPS 186-3) |
DH, ESDH |
ElGamal |
RSA (PKCS#1v1.5), RSAES-OAEP (PKCS#1v2.1) |
DH, ESDH |
ElGamal |
AES, AES-192, AES-256, Blowfish, Camellia, Camellia-192, Camellia-256, CAST-128, DES, DESede, GOST, IDEA, MARS, RC2, RC5, RC6, Rijndael, Rijndael-256, Serpent, Twofish |
ARCFOUR (compatible with RC4™), ChaCha20 |
PBKDF2 (with HMAC/SHA-1, HMAC/SHA-2), PKCS12, PKCS12-IV, PKCS12-MAC |
HMAC with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA512/224, SHA512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, MD5, RIPEMD-128, RIPEMD-160, WHIRLPOOL |
Key Wrap (AES, AES-192, AES-256, CAST-128, DESede, DESede-HMAC, IDEA, RC2) |
AES-CBC-CMAC-128, AES-CBC-CMAC-192, AES-CBC-CMAC-256 (BSI TR-03109-1) |
Poly1305 |
AES, AES-192, AES-256, Blowfish, Camellia, CAST-128, DES, DESede, GOST, IDEA, MARS, RC2, RC5, RC6, Rijndael, Rijndael-256, Serpent, Twofish |
ARCFOUR (compatible with RC4™), ChaCha20 |
PBE, PBES2, PKCS#5, PKCS#12 |
Key Wrap (AES, AES-192, AES-256, CAST-128, DESede, DESede-HMAC, IDEA, RC2) |
AES-CBC-CMAC-128, AES-CBC-CMAC-192, AES-CBC-CMAC-256 (BSI TR-03109-1) |
Poly1305 |
DH, ESDH |
ElGamal |
PBE |
DH, ESDH, ESDHKEK |
ElGamal |
AES, AES-192, AES-256, Blowfish, Camellia, CAST-128, DES, DESede, GOST, IDEA, MARS, RC2, RC5, RC6, Rijndael, Rijndael-256, Serpent, Twofish |
IV (initialization vector) |
ARCFOUR (compatible with RC4™) |
PBE, PBES2 |
Key Wrap (CAST-128, RC2) |
CCM, CCMCMS, GCM |
ChaCha20Poly1305 |
See here for a detailed list of the JCE implementations of the IAIK provider.
The
Abstract Syntax Notation One
(ASN.1), defined by the ISO standard ISO 8824/ITU X.208, specifies a language for describing data structures in an abstract and platform independent manner.
IAIK-JCE supports all essential basic – simple and constructed – ASN.1 types:
IAIK-JCE provides the functionality for properly handling private, context-specific and application dependent types, as well as the pre-defined standard types.
Several en/decoding utilities support mechanisms for DER, Base64, and PEM en/decoding ASN.1 structures that may be implemented as Java™ classes. For avoiding memory problems ASN.1 structures may be written or parsed to/from their encodings in stream based manner.
IAK-JCE includes a library of pre-built ASN.1 structures to be used for application protocols like PKCS or X.509
IAIK-JCE supports the following standards of the PKCS public-key cryptography family:
There is support for these additional standards via separate products:
IAIK-JCE includes a variety of random number generators including those from NIST SP800-90, ANSI X9.17, FIPS PUB 186-2 and other hash-based random generators. In addition, IAIK-JCE provides utilities making it easy for GUI developers to use Java™ AWT events for seeding the generator.
Class name | Standard name | Description |
SHA1SP80090Random | SHA1PRNG-SP80090 | A SHA-1 hash-based secure random according NIST SP800-90. |
SHA224SP80090Random | SHA224PRNG-SP80090 | A SHA-224 hash-based secure random according NIST SP800-90. |
SHA256SP80090Random | SHA256PRNG-SP80090 | A SHA-256 hash-based secure random according NIST SP800-90. |
SHA384SP80090Random | SHA384PRNG-SP80090 | A SHA-384 hash-based secure random according NIST SP800-90. |
SHA512SP80090Random | SHA512PRNG-SP80090 | A SHA-512 hash-based secure random according NIST SP800-90. |
HMacSHA1SP80090Random | HMacSHA1PRNG-SP80090 | An HMac/SHA-1 based secure random according NIST SP800-90. |
HMacSHA224SP80090Random | HMacSHA224PRNG-SP80090 | An HMac/SHA-224 MAC-based secure random according NIST SP800-90. |
HMacSHA256SP80090Random | HMacSHA256PRNG-SP80090 | An HMac/SHA-256 MAC-based secure random according NIST SP800-90. |
HMacSHA384SP80090Random | HMacSHA384PRNG-SP80090 | An HMac/SHA-384 MAC-based secure random according NIST SP800-90. |
HMacSHA512SP80090Random | HMacSHA512PRNG-SP80090 | An HMac/SHA-512 MAC-based secure random according NIST SP800-90. |
AES128SP80090Random | AES128PRNG-SP80090 | An AES-128 blockcipher-based secure random according NIST SP800-90. |
AES192SP80090Random | AES192PRNG-SP80090 | An AES-192 blockcipher-based secure random according NIST SP800-90. |
AES256SP80090Random | AES256PRNG-SP80090 | An AES-256 blockcipher-based secure random according NIST SP800-90. |
SHA1Random | SHA1PRNG | A SHA-1 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. |
MD5Random | A MD5 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. | |
RipeMd128Random | A RIPEMD-128 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. | |
RipeMd160Random | RipeMD160PRNG | A RIPEMD-160 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. |
SHA256Random | SHA256PRNG | A SHA-256 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. |
SHA384Random | SHA384PRNG | A SHA-384 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. |
SHA512Random | SHA512PRNG | A SHA-512 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. |
SHA1FIPS186Random | SHA1PRNG-FIPS186 | A SHA-1 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. |
RipeMd160FIPS186Random | RipeMD160PRNG-FIPS186 | A RIPEMD-160 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. |
SHA256FIPS186Random | SHA256PRNG-FIPS186 | A SHA-256 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. |
SHA384FIPS186Random | SHA384PRNG-FIPS186 | A SHA-384 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. |
SHA512FIPS186Random | SHA512PRNG-FIPS186 | A SHA-512 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. |
AnsiRandom | DESedePRNG | A triple DES based secure random according to ANSI X9.17. |
IAIK-JCE class LdapURLConnection allows to easily search an ldap directory for certificates, attribute certificates or certificate revocation lists in a way as accustomed from the java.net URL framework. In its most simple case you only will have to create an
LdapURLConnection object by calling method
openConnection on an LDAP URL object, set — if required — any request properties, and finally call method
getInputStream or
getContent for reading the search result, e.g.:
System.getProperties().put("java.protocol.handler.pkgs", "iaik.x509.net"); // the ldap url URL url = new URL("ldap://..."); // open connection LdapURLConnection con = (LdapURLConnection)url.openConnection(); ... // set any request properties (if required) ... // connect to the ldap server and read the result: X509CRL crl = (X509CRL)con.getContent();
For downloading a CRL from its (http or ldap) distribution point you simple can use method
loadCrl of the
DistributionPoint class. With this method you can download any referenced CRL(s) immediately while stepping through the distribution points contained in an
CRLDistributionPoints extension of a certificate, e.g.:
X509Certificate cert = ...; ... // get CRLDistributionPoints extension CRLDistributionPoints cRLDistributionPoints = cert.getExtension(CRLDistributionPoints.oid); if (cRLDistributionPoints != null) { // get DistributionPoints Enumeration e = cRLDistributionPoints.getDistributionPoints(); while (e.hasMoreElements()) { DistributionPoint dp = (DistributionPoint)e.nextElement(); if (dp.containsUriDpName()) { // download crl X509CRL crl = dp.loadCrl(); ... } } }
IAIK-JCE also contains command line utilities (see sub-directory
cmd/ldapSearch of the IAIK-JCE distribution) for searching an LDAP directory for certificates, attribute certificates and certificate revocation lists.
See also tech tip “LDAP for the Java™ NET URL framework” Part 1 and Part 2 .
This program also may be used to benchmark other JCA/JCE providers, like the default Sun provider for MD5 and SHA-1 hashes or the SunJCE provider.
The results below have been obtained on an Intel(R) Core(TM)i5 2540M 2.60 GHz (running in turbo mode at 3.3GHz), 8.00 GB RAM running Windows 7 Enterprise (64 Bit) and Ubuntu Linux 11.10/amd64 network connected with standard services active. The tests were done on IAIK JCE 5.0 release with JDK 1.6.0, each test for 3.0 seconds.
Results for Windows7/x64 and 64-bit VM:
Security provider: IAIK, version 5.01 Java VM: Sun Microsystems Inc., version 1.7.0_01, JIT OS: Windows 7/amd64, version 6.1The ‘numbers’ are in 1000s of bytes per second processed. type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md2 8192.8k 8361.8k 8328.8k 8367.4k 8368.8k md5 192768.8k 278787.2k 299987.1k 308221.9k 310547.8k sha1 131748.4k 178218.1k 181367.1k 180751.9k 174020.8k sha224 92638.3k 111189.5k 113375.8k 114167.3k 113953.4k sha256 93090.7k 108834.0k 112697.8k 113722.4k 114043.1k sha384 128688.7k 164949.4k 170873.2k 171309.9k 171457.9k sha512 130878.8k 164634.2k 169945.4k 170414.5k 171128.7k ripe md128 146981.0k 204095.7k 204572.0k 204929.2k 207050.0k ripe md160 81875.8k 105747.6k 106845.8k 106367.4k 106700.0k ripe md256 143191.8k 197190.0k 197856.2k 199598.3k 201015.5k ripe md320 82946.9k 97874.1k 99081.7k 99863.6k 99979.9k whirlpool 22848.2k 26719.6k 26641.5k 26676.3k 26426.0k aes cbc n/a 104703.3k 109686.7k 110553.5k 111307.7k aes gcm n/a 47072.2k 48876.1k 45624.4k 47391.1k aes ccm n/a 37161.4k 39320.9k 38398.4k 38792.7k des cbc 45501.5k 51692.5k 52308.7k 52770.5k 52533.8k rc2 cbc 34764.1k 37557.7k 38205.0k 38238.9k 38217.5k blowfish cbc 64908.8k 74834.3k 78109.4k 78271.8k 78840.1k rc5 cbc 66286.7k 79032.8k 81391.9k 78292.6k 82015.2k gost cbc 37226.2k 40858.4k 41593.7k 41875.8k 41778.9k cast128 cbc 58399.8k 66593.6k 68516.5k 68696.7k 69083.7k rc6 cbc n/a 90648.9k 91982.9k 92758.2k 92704.8k mars cbc n/a 78499.2k 81449.8k 80043.7k 81199.0k twofish cbc n/a 83585.2k 85332.4k 85644.6k 86694.8k arcfour 148935.0k 252969.5k 264484.7k 284319.3k 285884.7k serpent cbc n/a 50064.3k 53411.5k 53415.3k 53600.3k rijndael-256 cbc n/a 71354.6k 74097.3k 74019.1k 74816.2k camellia cbc n/a 71468.5k 73533.3k 73922.5k 74503.3k rsa 512 bit private key 0.309 ms rsa 512 bit public key (2^16 +1) 0.024 ms rsa 1024 bit private key 1.448 ms rsa 1024 bit public key (2^16 +1) 0.066 ms rsa 2048 bit private key 8.115 ms rsa 2048 bit public key (2^16 +1) 0.225 ms rsa 4096 bit private key 55.759 ms rsa 4096 bit public key (2^16 +1) 0.834 ms |
Security provider: IAIK, version 5.01 (with AES addon) Java VM: Sun Microsystems Inc., version 1.7.0_01, JIT OS: Windows 7/amd64, version 6.1The ‘numbers’ are in 1000s of bytes per second processed. type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md2 8186.1k 8276.6k 8292.4k 8320.8k 8308.9k md5 194896.0k 297683.1k 307329.9k 309925.1k 309717.9k sha1 133692.3k 177186.7k 180563.7k 181079.3k 181655.0k sha224 92125.6k 110622.5k 113042.4k 114933.8k 112418.9k sha256 93814.0k 110153.5k 113298.2k 114672.6k 114908.3k sha384 130208.5k 166805.7k 160485.8k 171432.4k 169314.0k sha512 130768.5k 164233.4k 169897.2k 170384.2k 170603.6k ripe md128 147508.0k 202093.8k 203951.1k 205582.8k 203752.5k ripe md160 87422.6k 105639.0k 105817.8k 106642.2k 106972.1k ripe md256 145238.0k 192878.3k 196550.1k 197925.8k 199268.8k ripe md320 87399.8k 102687.1k 100944.2k 102346.2k 97338.1k whirlpool 20088.6k 25927.7k 26547.9k 26761.3k 26649.1k aes cbc n/a 163261.0k 326741.5k 490796.6k 570920.6k aes gcm n/a 47103.8k 48320.8k 46011.0k 47410.7k aes ccm n/a 37366.7k 39127.2k 38821.9k 39561.5k des cbc 46504.8k 52049.1k 53410.0k 53529.5k 53284.7k rc2 cbc 33437.0k 37142.4k 38048.0k 38268.8k 38261.0k blowfish cbc 65475.8k 77140.6k 79923.4k 80948.4k 81413.9k rc5 cbc 66750.8k 82410.6k 85805.7k 86510.8k 86686.6k gost cbc 39299.1k 43802.9k 44716.4k 44873.0k 45013.8k cast128 cbc 55421.2k 65639.5k 67577.5k 67988.7k 67494.8k rc6 cbc n/a 91000.4k 92971.7k 88395.5k 93790.3k mars cbc n/a 77938.2k 80620.3k 80840.9k 81413.9k twofish cbc n/a 82801.9k 85394.4k 84413.8k 85397.0k arcfour 152430.8k 255504.2k 281974.4k 286814.2k 284818.2k serpent cbc n/a 49235.5k 53060.6k 53073.1k 53077.9k rijndael-256 cbc n/a 69108.3k 73627.0k 73466.8k 73630.0k camellia cbc n/a 69944.4k 72135.6k 67346.6k 73276.3k rsa 512 bit private key 0.370 ms rsa 512 bit public key (2^16 +1) 0.024 ms rsa 1024 bit private key 1.446 ms rsa 1024 bit public key (2^16 +1) 0.066 ms rsa 2048 bit private key 8.050 ms rsa 2048 bit public key (2^16 +1) 0.223 ms rsa 4096 bit private key 55.599 ms rsa 4096 bit public key (2^16 +1) 0.826 ms |
Results for Windows7/x64 and 32-bit VM:
Security provider: IAIK, version 5.01 Java VM: Sun Microsystems Inc., version 1.7.0, JIT OS: Windows 7/x86, version 6.1The ‘numbers’ are in 1000s of bytes per second processed. type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md2 7774.5k 7881.9k 7925.5k 7908.0k 7909.0k md5 171882.2k 245575.6k 264835.0k 269613.6k 271590.2k sha1 120515.3k 144979.5k 164770.3k 164323.9k 166476.3k sha224 72577.3k 84347.5k 85443.8k 84795.4k 85184.8k sha256 68138.6k 83742.6k 84524.9k 84298.2k 83919.7k sha384 31501.7k 33904.5k 33929.0k 34311.3k 34209.9k sha512 31645.3k 33714.4k 33814.7k 34377.2k 33981.4k ripe md128 125691.1k 169376.1k 171722.9k 172169.3k 171436.1k ripe md160 93459.2k 116264.1k 116800.7k 118136.8k 118818.0k ripe md256 123595.7k 160494.2k 169136.9k 168605.6k 169711.2k ripe md320 91941.3k 114195.7k 116037.5k 116498.9k 117327.0k whirlpool 18850.7k 19818.2k 19785.2k 19849.4k 19833.8k aes cbc n/a 70377.6k 72619.8k 73566.7k 73779.7k aes gcm n/a 25391.6k 25416.8k 25976.6k 26293.3k aes ccm n/a 24322.0k 25035.0k 24973.0k 25808.0k des cbc 32244.7k 36594.5k 37615.9k 37876.4k 37956.3k rc2 cbc 30393.1k 34085.6k 34889.7k 34687.1k 34990.8k blowfish cbc 48282.5k 58331.5k 59988.8k 60680.2k 60611.5k rc5 cbc 45844.3k 56464.8k 58255.0k 58278.8k 58908.3k gost cbc 32375.6k 37288.9k 38109.2k 35691.7k 38649.3k cast128 cbc 41960.0k 52945.9k 54240.5k 54363.1k 54880.9k rc6 cbc n/a 70250.6k 72971.9k 73694.3k 73659.9k mars cbc n/a 59707.3k 61145.5k 61575.7k 61709.4k twofish cbc n/a 69657.0k 72412.4k 73484.8k 73888.5k arcfour 77074.4k 122718.0k 132467.8k 134102.5k 134671.4k serpent cbc n/a 39023.5k 39972.0k 37220.7k 39605.0k rijndael-256 cbc n/a 57642.5k 59913.0k 60327.5k 60850.9k camellia cbc n/a 48140.4k 49426.2k 49791.3k 50185.8k rsa 512 bit private key 0.943 ms rsa 512 bit public key (2^16 +1) 0.077 ms rsa 1024 bit private key 5.282 ms rsa 1024 bit public key (2^16 +1) 0.259 ms rsa 2048 bit private key 34.397 ms rsa 2048 bit public key (2^16 +1) 0.957 ms rsa 4096 bit private key 246.000 ms rsa 4096 bit public key (2^16 +1) 3.685 ms |
Security provider: IAIK, version 5.01 (with AES addon) Java VM: Sun Microsystems Inc., version 1.7.0, JIT OS: Windows 7/x86, version 6.1The ‘numbers’ are in 1000s of bytes per second processed. type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md2 7745.9k 7805.1k 7866.7k 7877.4k 7881.8k md5 169483.8k 258748.7k 267118.0k 268694.0k 268926.6k sha1 121917.7k 164900.0k 167138.3k 167731.2k 168533.1k sha224 71909.7k 84566.7k 85486.3k 85113.0k 85456.8k sha256 72745.7k 84280.3k 78504.0k 85535.4k 84874.6k sha384 31642.9k 33985.7k 34220.8k 34389.1k 34294.3k sha512 31898.9k 33875.8k 34239.9k 34446.3k 34316.0k ripe md128 126060.4k 169366.4k 172089.8k 172652.3k 173139.3k ripe md160 93140.6k 116492.3k 117037.7k 117702.8k 119068.3k ripe md256 123817.0k 166513.2k 170014.0k 170803.9k 164454.8k ripe md320 91572.1k 112127.3k 115389.1k 116275.5k 116908.0k whirlpool 18882.8k 19888.2k 19839.3k 19850.8k 19956.2k aes cbc n/a 76694.7k 155416.7k 349515.5k 520000.1k aes gcm n/a 25321.9k 25524.3k 25610.7k 26539.6k aes ccm n/a 24460.8k 25289.7k 25360.1k 25427.9k des cbc 32389.8k 35310.1k 37647.3k 38046.8k 38242.0k rc2 cbc 30618.7k 34714.9k 35310.4k 35132.9k 35349.9k blowfish cbc 47507.0k 58538.2k 60084.2k 60974.0k 60908.1k rc5 cbc 45850.7k 56426.6k 58797.7k 59504.5k 58149.3k gost cbc 32309.1k 37413.3k 38156.0k 38422.9k 38271.9k cast128 cbc 43636.0k 50771.7k 53521.5k 54698.1k 54579.7k rc6 cbc n/a 69451.4k 72207.0k 73344.7k 73834.1k mars cbc n/a 58796.5k 60591.9k 60795.1k 61082.2k twofish cbc n/a 68775.4k 72478.7k 73572.9k 73763.3k arcfour 91715.6k 154340.5k 157259.0k 165858.7k 170162.8k serpent cbc n/a 38782.6k 39749.6k 40038.7k 39871.7k rijndael-256 cbc n/a 58765.7k 56869.4k 62217.4k 62341.9k camellia cbc n/a 49482.5k 50792.0k 51140.4k 51135.3k rsa 512 bit private key 0.931 ms rsa 512 bit public key (2^16 +1) 0.075 ms rsa 1024 bit private key 5.218 ms rsa 1024 bit public key (2^16 +1) 0.256 ms rsa 2048 bit private key 33.831 ms rsa 2048 bit public key (2^16 +1) 0.938 ms rsa 4096 bit private key 244.846 ms rsa 4096 bit public key (2^16 +1) 3.623 ms |
Results for Ubuntu Linux 11.10/amd64 and 64-bit VM:
Security provider: IAIK, version 5.01 Java VM: Sun Microsystems Inc., version 1.6.0_23, JIT OS: Linux/amd64, version 3.0.0-14-genericThe ‘numbers’ are in 1000s of bytes per second processed. type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md2 8236.0k 8322.3k 8396.9k 8386.5k 8347.5k md5 200893.0k 302100.4k 310835.1k 313921.5k 313638.9k sha1 131815.3k 174837.6k 176549.9k 178310.8k 178853.2k sha224 91425.2k 110981.9k 111590.7k 112523.6k 112902.1k sha256 92974.0k 110711.5k 111650.3k 111594.1k 112164.8k sha384 126978.0k 165760.8k 171397.4k 171090.9k 172569.9k sha512 132950.3k 165426.8k 171347.0k 171213.4k 172367.8k ripe md128 150315.3k 203312.5k 206315.3k 207510.5k 207541.5k ripe md160 82350.6k 96687.2k 97386.4k 97715.5k 97525.7k ripe md256 145574.3k 185433.1k 195366.7k 198403.0k 199240.3k ripe md320 81370.7k 95493.2k 94723.9k 96071.4k 96266.9k whirlpool 29228.9k 41794.9k 41804.8k 42024.9k 42109.6k aes cbc n/a 102938.4k 109955.2k 111000.5k 111392.0k aes gcm n/a 47065.2k 48433.2k 48786.5k 48859.9k aes ccm n/a 37085.9k 40440.3k 39611.5k 39653.5k des cbc 45203.2k 50808.8k 52400.2k 52482.0k 52228.4k rc2 cbc 34699.1k 37845.5k 38228.7k 38521.5k 38469.6k blowfish cbc 58037.8k 67607.6k 69156.4k 69793.7k 69976.0k rc5 cbc 69334.6k 84703.3k 87511.0k 88754.5k 88307.6k gost cbc 31446.2k 34583.7k 35014.5k 35003.7k 35159.2k cast128 cbc 56889.1k 66440.8k 68167.1k 68507.9k 68949.3k rc6 cbc n/a 87897.3k 90236.8k 91657.2k 91335.3k mars cbc n/a 78245.4k 81238.2k 81473.8k 82070.1k twofish cbc n/a 83661.0k 85644.4k 86681.7k 86499.3k arcfour 157530.5k 282012.5k 305346.7k 311394.3k 318327.8k serpent cbc n/a 48921.1k 53738.7k 53887.1k 54010.9k rijndael-256 cbc n/a 71919.5k 74154.2k 74159.6k 74918.1k camellia cbc n/a 70834.4k 72754.0k 73924.9k 74006.4k rsa 512 bit private key 0.327 ms rsa 512 bit public key (2^16 +1) 0.034 ms rsa 1024 bit private key 1.437 ms rsa 1024 bit public key (2^16 +1) 0.085 ms rsa 2048 bit private key 7.973 ms rsa 2048 bit public key (2^16 +1) 0.257 ms rsa 4096 bit private key 53.210 ms rsa 4096 bit public key (2^16 +1) 0.873 ms |
Security provider: IAIK, version 5.01 (with AES addon) Java VM: Sun Microsystems Inc., version 1.6.0_23, JIT OS: Linux/amd64, version 3.0.0-14-genericThe ‘numbers’ are in 1000s of bytes per second processed. type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md2 8240.1k 8356.1k 8389.8k 8367.1k 8402.1k md5 200615.5k 285807.1k 307981.6k 313814.0k 313942.0k sha1 132045.8k 174409.8k 177720.2k 178468.0k 178413.5k sha224 90700.4k 111554.9k 111726.4k 112596.3k 112347.8k sha256 92736.0k 111675.9k 111847.0k 112741.0k 112905.4k sha384 130648.6k 163098.0k 168191.6k 171061.2k 172474.3k sha512 131690.2k 162739.2k 168391.5k 169603.4k 171338.4k ripe md128 148196.9k 194506.1k 204275.4k 205884.0k 208112.2k ripe md160 81362.3k 96420.2k 97392.0k 97101.8k 97954.4k ripe md256 146730.9k 196365.8k 198911.4k 200342.5k 200518.3k ripe md320 81581.5k 95425.3k 96213.7k 96698.3k 96526.3k whirlpool 29832.1k 42052.8k 41802.5k 41990.4k 41869.3k aes cbc n/a 213282.8k 424044.2k 546418.6k 593420.2k aes gcm n/a 47007.2k 48171.0k 48504.4k 49076.4k aes ccm n/a 37497.2k 39250.8k 39474.4k 39534.8k des cbc 47209.0k 51961.1k 53043.5k 53127.5k 51876.2k rc2 cbc 35272.0k 37791.1k 38388.9k 38582.9k 38491.4k blowfish cbc 58732.5k 68587.4k 69673.5k 70517.7k 70579.5k rc5 cbc 72282.8k 85963.0k 88641.5k 88909.1k 89388.3k gost cbc 31690.4k 34705.9k 35284.6k 34957.9k 35394.9k cast128 cbc 57858.7k 66357.3k 68378.0k 68814.8k 68506.9k rc6 cbc n/a 89383.5k 90965.6k 92157.9k 91873.2k mars cbc n/a 78277.5k 81047.8k 81582.4k 81510.4k twofish cbc n/a 83700.7k 85169.4k 86283.6k 86343.6k arcfour 153854.9k 247516.6k 276623.3k 283919.7k 286067.3k serpent cbc n/a 49861.1k 53550.5k 53803.0k 53661.5k rijndael-256 cbc n/a 72108.5k 74293.0k 74430.8k 74866.3k camellia cbc n/a 70028.1k 72900.9k 73359.7k 73176.5k rsa 512 bit private key 0.331 ms rsa 512 bit public key (2^16 +1) 0.034 ms rsa 1024 bit private key 1.433 ms rsa 1024 bit public key (2^16 +1) 0.085 ms rsa 2048 bit private key 7.934 ms rsa 2048 bit public key (2^16 +1) 0.256 ms rsa 4096 bit private key 52.789 ms rsa 4096 bit public key (2^16 +1) 0.870 ms |
Results for Ubuntu Linux 11.10/amd64 and 32-bit VM:
Security provider: IAIK, version 5.01 Java VM: Sun Microsystems Inc., version 1.6.0_25, JIT OS: Linux/i386, version 3.0.0-14-genericThe ‘numbers’ are in 1000s of bytes per second processed. type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md2 8123.2k 8323.6k 8334.8k 8300.5k 8314.8k md5 163998.5k 280917.1k 290870.5k 292294.9k 293718.6k sha1 114625.3k 161941.3k 165003.4k 165266.7k 166488.7k sha224 79338.9k 99172.1k 99858.2k 101340.5k 101086.5k sha256 81325.2k 99121.9k 100820.9k 101279.4k 100951.8k sha384 45611.7k 53295.1k 53973.7k 54096.8k 52244.8k sha512 49214.6k 53348.5k 53898.5k 54094.8k 54160.0k ripe md128 133182.6k 183257.6k 184231.4k 185255.9k 185685.3k ripe md160 67132.4k 76492.9k 78156.6k 78592.3k 79026.4k ripe md256 128659.5k 172585.8k 175225.0k 176485.7k 175946.4k ripe md320 62078.6k 71091.0k 71843.0k 72224.7k 71862.9k whirlpool 11485.9k 22302.7k 22122.4k 22390.1k 22112.9k aes cbc n/a 86624.4k 90797.0k 91254.1k 91657.0k aes gcm n/a 31214.2k 31707.1k 31846.4k 31673.0k aes ccm n/a 28844.9k 31227.8k 31362.1k 31164.5k des cbc 40946.6k 45942.3k 47072.7k 47101.6k 47325.1k rc2 cbc 30166.2k 33607.8k 34285.3k 34455.8k 34349.0k blowfish cbc 41867.3k 48407.3k 49830.3k 50254.8k 50154.1k rc5 cbc 60944.0k 75899.5k 77879.2k 79369.8k 78700.5k gost cbc 27987.0k 31404.5k 31813.4k 32105.1k 32082.8k cast128 cbc 49533.4k 60321.7k 62051.2k 62795.7k 62852.6k rc6 cbc n/a 74263.6k 77131.6k 78049.2k 78084.6k mars cbc n/a 66706.6k 69652.6k 70404.7k 70478.5k twofish cbc n/a 74914.6k 77963.7k 78634.7k 78900.8k arcfour 94164.4k 165045.9k 181442.9k 186806.9k 185222.1k serpent cbc n/a 47466.0k 50887.5k 51566.5k 51638.8k rijndael-256 cbc n/a 61845.7k 65315.7k 65909.7k 64782.3k camellia cbc n/a 59095.5k 61602.4k 61722.8k 61919.0k rsa 512 bit private key 0.540 ms rsa 512 bit public key (2^16 +1) 0.054 ms rsa 1024 bit private key 2.541 ms rsa 1024 bit public key (2^16 +1) 0.152 ms rsa 2048 bit private key 15.842 ms rsa 2048 bit public key (2^16 +1) 0.509 ms rsa 4096 bit private key 113.629 ms rsa 4096 bit public key (2^16 +1) 1.842 ms |
Security provider: IAIK, version 5.01 (with AES addon) Java VM: Sun Microsystems Inc., version 1.6.0_23, JIT OS: Linux/amd64, version 3.0.0-14-genericThe ‘numbers’ are in 1000s of bytes per second processed. type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md2 8140.4k 8322.7k 8333.1k 8327.5k 8331.2k md5 164416.9k 281184.4k 290190.5k 292677.9k 294548.8k sha1 113844.2k 161927.9k 164697.7k 165188.6k 166283.9k sha224 78332.7k 99790.5k 100921.1k 100834.6k 101520.7k sha256 79921.3k 95432.8k 99465.9k 100059.8k 100963.6k sha384 45961.4k 53365.5k 54081.3k 54155.6k 53980.9k sha512 48953.9k 53315.5k 54106.7k 54083.9k 53937.2k ripe md128 132593.1k 182542.4k 183173.3k 184803.3k 184486.5k ripe md160 66327.9k 76120.5k 77479.6k 78453.7k 78727.8k ripe md256 127782.8k 174707.8k 175121.7k 176989.5k 177430.5k ripe md320 60981.3k 71265.3k 71368.5k 71416.4k 71761.9k whirlpool 11451.8k 22391.0k 22411.3k 22330.0k 22418.7k aes cbc n/a 197636.5k 392540.5k 533565.0k 589840.3k aes gcm n/a 31917.9k 31893.3k 31809.4k 31747.9k aes ccm n/a 28073.2k 31412.8k 31635.4k 31335.4k des cbc 43596.4k 47793.5k 48235.2k 48693.4k 48810.7k rc2 cbc 31506.0k 34358.7k 34414.0k 34882.2k 34891.7k blowfish cbc 44011.2k 51104.8k 52252.5k 51456.3k 52662.4k rc5 cbc 57674.5k 66731.0k 68554.4k 68882.0k 68476.9k gost cbc 29352.2k 32181.8k 32606.2k 32797.6k 32680.6k cast128 cbc 53401.3k 61587.8k 63050.9k 63672.6k 63824.4k rc6 cbc n/a 79707.4k 81850.3k 82350.7k 82741.6k mars cbc n/a 69498.9k 69516.4k 72093.6k 72433.6k twofish cbc n/a 77930.9k 80370.9k 81131.8k 80863.2k arcfour 110587.0k 180509.5k 196470.2k 203962.7k 203833.3k serpent cbc n/a 48094.3k 51911.0k 51978.2k 52262.2k rijndael-256 cbc n/a 62717.2k 64887.3k 65800.8k 65828.1k camellia cbc n/a 59323.2k 61237.4k 61360.4k 61718.5k rsa 512 bit private key 0.535 ms rsa 512 bit public key (2^16 +1) 0.054 ms rsa 1024 bit private key 2.544 ms rsa 1024 bit public key (2^16 +1) 0.152 ms rsa 2048 bit private key 15.826 ms rsa 2048 bit public key (2^16 +1) 0.507 ms rsa 4096 bit private key 113.370 ms rsa 4096 bit public key (2^16 +1) 1.849 ms |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
* | NF | Jar file signed with new JCE provider certificate. |
iaik.asn1.structures.AlgorithmID | Added IDs for key agreement schemes dhSinglePass-stdDH-sha224kdf-scheme, dhSinglePass-stdDH-sha512kdf-scheme, dhSinglePass-cofactorDH-sha224kdf-scheme, dhSinglePass-cofactorDH-sha256kdf-scheme, dhSinglePass-cofactorDH-sha384kdf-scheme, dhSinglePass-cofactorDH-sha512kdf-scheme added. |
|
iaik.asn1.structures.AlgorithmID | C | Ensure to not encode parameters field as NULL for CMS AES key wrap ciphers, encode parameters field as NULL for CMS DES-EDE key wrap cipher. |
iaik.pkcs.pkcs10.CertificateRequest | NF | New sign() methods allowing to specify signature algorithm parameters. |
iaik.pkcs.pkcs12.P12KeyStore | NF | Automatically plugged in for JDK versions >= Java 8 to allow the usage of protection parameters to specify different than the default algorithms when adding key/certificate entries to a or/and storing a particular PKCS#12 KeyStore. |
iaik.security.dsa | NF, C | For deterministic DSA signatures the signature value is now verified immediately after creation as countermeasure against fault attacks. The check can be generally en/disabled for all (deterministic and non deterministic) DSA signatures by using the static method |
iaik.security.kdf.KDF1 | NF | Implementation of Key Derivation Function (KDF) 1 as specified by ISO/IEC 18033-2. |
iaik.security.kdf.KDF2 | NF | Implementation of Key Derivation Function (KDF) 2 as specified by ANS X9.44. |
iaik.security.kdf.KDF3 | NF | Implementation of Key Derivation Function (KDF) 3 as specified by ANS X9.44. |
iaik.security.rsa.RsaKem | NF | Implementation of the RSA-KEM Key Encapsulation Mechanism as specified by RFC 5990 and ISO/IEC 18033-2. |
iaik.utils.Base64OutputStream | NF | Support for Base64Url encoding added. |
iaik.utils.Util | NF | Added |
iaik.utils.Util | NF | Added |
iaik.x509.X509Certificate | NF | Method |
iaik.x509.X509CRL | NF | Overrides method |
iaik.x509.attr.ACRL | C | Overrides method |
iaik.x509.X509Certificate, iaik.x509.X509CRL, iaik.x509.attr.AttributeCertificate, iaik.x509.attr.ACRL, iaik.x509.ocsp.BasicOCSPResponse, iaik.x509.ocsp.OCSPRequest | NF | New sign() methods allowing to specify signature algorithm parameters. |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
iaik.asn1.structures.Attributes | B | Fixed method |
iaik.pkcs.pkcs5 | NF | KeyFactories for SHA256AndAES256 and SHA384AndAES128 added. |
iaik.pkcs.pkcs7.SignerInfo | C | Default hash algorithm changed from SHA-1 to SHA-256. |
iaik.pkcs.pkcs12 | NF, C | PKCS#12 implementation adapted to PKCS#12 v1.1 (RFC 7292). |
iaik.security.cipher | NF | IvParamterGenerators for AES and Camellia added. |
iaik.security.keystore.IAIKKeyStore | C | Uses a higher iteration count value. |
iaik.security.kdf.HKDF | NF | Implementation of the HMAC-based HKDF key derivation function as specified by RFC 5869. |
iaik.security.md.SHAKE128, iaik.security.md.SHAKE256 | NF | SHAKE128 and SHAKE256 are now also available as MessageDigest engines (as alternative to the InputStream based implementations). Default output sizes are 256 bits for SHAKE128 and 512 bits for SHAKE256. To get a digest output of other than the default length create a byte array of the desired output length and specify this array when calling the final MessageDigest shake256 = MessageDigest.getInstance("SHAKE256"); ... shake256.update(m1); shake256.update(m2); ... int digestLen = ...; byte[] output = new byte[digestLen] shake256.digest(output, 0, digestLen); |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
iaik.asn1.ConstructedType | C | Added tighter length check to |
iaik.asn1.DerCoder | NF, C | New methods added allowing to enable some tighter DER checks during decoding. |
iaik.asn1 | C | When parsing simple types now an Exception is thrown if constructed encoding has been used (can be switched off by |
iaik.asn1.ObjectID | NF, C | Method |
iaik.asn1.structures.AlgorithmID | C | Method |
iaik.asn1.structures.AlgorithmID | NF | AlgorithmID for ChaCha20Poly1305 (1.2.840.113549.1.9.16.3.18) according to RFC 8103 added. |
iaik.pkcs.pkcs1.OAEPPadding | C | Added leading zero byte check to |
iaik.pkcs.pkcs1.RSACipher | C | Added message size check to |
iaik.pkcs.pkcs12.PKCS12KeyStore | C | Does not throw an exception anymore if the certificate chain of an key entry cannot be sorted, rather the given (maybe unsorted) certificate chain is used . |
iaik.pkcs.pkcs12.PKCS12KeyStore | NF | New method |
iaik.security.cipher | C | Padding schemes do not give detailed error information anymore when they throw a BadPaddingException. |
iaik.security.cipher | NF, C | In CCM mode Ciphers now also can use method |
iaik.security.cipher | B | Fixed GCM increment function in |
iaik.security.cipher | C | In CCM and GCM mode now a BadPaddingException (AEADBadTagException) instead of an IllegalBlockSizeException is thrown if the mac value is invalid. |
iaik.security.cipher.AESKeyWrapWithPadding | NF | Implements the AES Key Wrap with Padding Algorithm as specified by RFC 5649 allowing to also wrap keys with a size that is not a multiple of 64 bits (as extension to the AES Key Wrap algorithm specified by RFC 3394 that requires that the size of the to-be-wrapped key is a multiple of 64 bits). Cipher cipher = Cipher.getInstance("AESWrapWithPadding", "IAIK"); or by instantiating the AESWrap Cipher and specifying “RFC5649Padding” as padding mode: Cipher cipher = Cipher.getInstance("AESWrap/ECB/RFC5649Padding"); |
iaik.security.cipher.ChaCha20 | NF, C | ChaCha20 now also may be initialized by an |
iaik.security.cipher.ChaCha20 | C | Method |
iaik.security.cipher.ChaCha20Poly1305, iaik.security.cipher.ChaCha20Poly1305ParameterSpec | C | 64 bit nonce not allowed anymore. Nonce must be 96 bits long. Block counter must be 0. |
iaik.security.cipher.ChaCha20Poly1305CMSParameterSpec | NF | New AlgortihmParameterSpec class allowing to initialize a ChaChaPoly1305 Cipher engine for use with Cryptographic Message Syntax (CMS, RFC 8103). |
iaik.security.cipher.ChaCha20Poly1305 | NF, C | Now also may be initialized by a |
iaik.security.cipher.ChaCha20Poly1305 | C | Additional authenticated (associated) data now may be supplied only either by a ChaCha20Poly1305(CMS)ParameterSpec or by calling method updateAAD(). Using both alternatives simultaneously is not more allowed. |
iaik.security.cipher.ChaCha20Poly1305 | B | Fixed output size calculation. |
iaik.security.cipher.CCMParameters | NF, C | Method |
iaik.security.cipher.GCMParameters | C |
|
iaik.security.cipher.GCMParameters | NF | Method |
iaik.security.md | C | MessageDigest engines implement the Cloneable interface. |
iaik.security.md.GOST3411 | B, C | Implements method |
iaik.security.md.KECCAK | B | Fixed index calculation in |
iaik.security.md.Skein64Bit | B | Fixed |
iaik.security.provider.IAIK | NF | Static method |
iaik.security.rsa | NF, C | RSA key pair generators now support initialization by an |
iaik.utils.RFC2253NameParser | NF | Method |
iaik.utils.RFC2253NameParser | C | Added “title” to short name associations. Made associations_ table private. |
iaik.utils.UniversalKeyStore | NF | Universal KeyStore utility for reading Java key stores without using a specific format. |
iaik.utils.Util | B, C | Method |
iaik.utils.Util | C | When decoding a private or public key method |
iaik.x509.attr.extensions.AcceptableCertPolicies | B | Fixed |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
iaik.asn1.ObjectID | C | Removed short name “T” from new ObjectID(ObjectID.title.getID(), ObjectID.title.getName(), "T"); |
iaik.pkcs1.RSAOaepParameterSpec, iaik.pkcs1.RSAOaepParameters, iaik.pkcs1.RSACipher | NF, C | Now also can be used with javax.crypto.spec.OAEPParameterSpec (for JDK >= 1.5). |
iaik.pkcs1.RSAOaepParameters | NF | Static method Cipher cipher = Cipher.getInstance(("RSA/ECB/OAEPWithSHA256AndMGF1Padding", "IAIK"); By default the IAIK provider uses the same hash algorithm for both the RSAES-OAEP en/decryption scheme as well as the MGF1 mask generation function. However, the SunJCE provider uses SHA-1 as hash algorithm for the MGF1 mask generation regardless of which hash algorithm is specified in the padding scheme name. When calling RSAOaepParameters.setUseSHA1ForMGF1WithJCAStandardName(true); the IAIK provider may be configured to behave as the SunJCE provider. |
iaik.security.cipher.PbeWithSHAAnd40BitRC2_CBC, iaik.security.cipher.PbeWithSHAAnd3_KeyTripleDES_CBC, iaik.security.cipher.PbeWithMD5AndDES_CBC | B | Fixed |
iaik.security.dh.DHKeyPairGenerator | C | Default key size changed to 2048 bits; pre-generated parameters from RFC 2409/3526/7919. |
iaik.security.dh.DHPublicKey | NF, C | Method |
iaik.security.dsa.DSA | NF, C | Added support for blinding for DSA signing operations as countermeasure against timing attacks. Blinding is enabled by default but can be disabled by calling |
iaik.security.dsa.DSAKeyPairGenerator | C | Default key size changed to 2048 bits, maximum bit size changed to 3072 bits (FIPS 186-3 for 2048 and 3072 bit keys). Default key size can be set back to 1024 bit by calling |
iaik.security.dsa.DSAParameterGenerator | C | Can only more use to generate parameters up to p size of 1024. A SHA2withDSAParameterGenerator may be used for generating parameters for 2048 or 3072 bit keys. |
iaik.security.rsa.RSAKeyPairGenerator* | C | Default key size of RSA key pair generators changed to 2048 bits. |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
iaik.asn1.structures.AlgorithmID | NF, C |
|
iaik.asn1.structures.AlgorithmID | C |
|
B |
|
|
iaik.pkcs.pcks7.RSACipherProvider | B |
|
iaik.security.provider.IAIK | C |
|
iaik.security.cipher.ChaCha20Poly1305 | NF | Implementation of the ChcCha20Poly1305 AEAD cipher according to RFC 8439 |
iaik.security.mac.Poly1305 | NF | Implementation of the Poly1305 message authentication algorithm according to RFC 8439 |
iaik.security.rsa.RSAOaepPrivateKey, iaik.security.rsa.RSAOaepPublicKey, iaik.security.rsa.RSAPssPrivateKey, iaik.security.rsa.RSAPssPublicKey | NF, C | If no |
iaik.security.provider.IAIKMD | NF | Implements a “subsidiary” provider for the IAIK provider for fixing a JSSE MessageDigest Cloneable bug. Some versions of JSSE (e.g. Java 11) may contain a bug (https://bugs.openjdk.java.net/browse/JDK-8214098) that may cause a TLS handshake to fail with an UnsupportedOperationException if a MessageDigest engine is used that implements the Cloneable interface and is extended from the java.security.MessageDigest class. Security.insertProviderAt(new IAIKMD(), 1); Security.insertProviderAt(new IAIK(), 2); |
iaik.utils.RFC2253NameParser | NF, C | Allows line wrapping after RDN or AVA separator character (according to RFC 4514). |
iaik.x509.X509Certificate, iaik.x509.X509CRL, iaik.x509.attr.AttributeCertificate, iaik.x509.attr.ACRL | B, C | Method |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
* | B | Fixed possible NullPointer problems during finalization. |
iaik.asn1.INTEGER | C | New method checkForMinumumLengthEncoding(boolean) allowing to en/disable checking INTEGER encodings for being encoded in the minimum number of octets (as required by BER/DER). |
iaik.asn1.UTF8String, iaik.utils.Util | C | Now supports UTF-8 en/decoding of supplementary Unicode characters represented as character pairs (high surrogate, low surrogate). |
iaik.asn1.structures.AlgorithmID | C | Method getRawImplementationName() now also tries to get the “raw” name for signature algorithms names (e.g. “RSA” for “SHA1withRSA”). Method getAlgorithmParameterSpec() now also tries to get an AlgorithmParameters implementation for the raw implementation name. Registered DSA/ECDSA SHA*, SHA3* based signature algorithms to not include parameters when used in PKIX certificate, crl, etc. objects. |
iaik.pkcs.pkcs1.RSAPssParameters, iaik.security.rsa.RSAPssSignature | NF, C | Now also can be used with java.security.spec.PSSParameterSpec (for JDK >=1.5). |
iaik.pkcs.pkcs8.PrivateKeyInfo | NF, C | Fixed OneAsymmetricKey attributes and publicKey fields to use implicit tagging. Parse optional attributes and publicKey fields before calling deocde() of key algorithm implementing child class. |
iaik.security.dsa | NF | Added implementation of deterministic signing according to RFC 6979: Signature dsa = Signature.createInstance(“…withDSA”, IAIK.getInstance()); |
iaik.security.dsa.DSAPublicKey, iaik.security.rsa.RSAPublicKey, | NF | Added method isValidSP80089SignatureVerificationKey() to check if the public DSA/RSA key is applicable for signature verification according to NIST SP 800-89. |
iaik.security.dsa.DSA, iaik.security.rsa.RSAPkcs1Signature | C | engineSetParameter: do not throw InvalidAlgorithmParameterException if params are null (to avoid JCE jar file verification problems with Java 11) |
iaik.security.provider.IAIK | NF | Added aliases “PBEWithHmacSHA1AndAES_128”, “PBEWithHmacSHA256AndAES_128”, “PBEWithHmacSHA384AndAES_192”, “PBEWithHmacSHA512AndAES_256” to the PBES2 cipher implementations according to the JDK Standard Algorithm Names conventions. |
iaik.security.provider.IAIK | C | Registered Cipher name based PKCS#5, PKCS#12 SecretKeyFactories for PBE ciphers (instead of general “PBE” SecretKeyFactories). |
iaik.security.provider.IAIK | C | Changed java.version check use CertificatePath supporting (X509)CertificateFactory implementation on Android, too. |
iaik.x509.ocsp.net.HttpOCSPRequest | NF | New method HttpURLConnection openConnection(URL responderUrl) allowing an application to configure the HttpURLConnection object (e.g. setting read/connect timeout). |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
iaik.security.dsa | B | Added SHA-3 based DSA Signature engine classes. |
iaik.security.keystore.IAIKKeyStore | B | Fixed adding of entries to v0 IAIKKeyStores. |
iaik.security.provider.IAIK | B | Fixed alias for “RipeMd256withRSA” to actually refer to the “RIPEMD256/RSA” signature algorithm. |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
* | NF, C | Throughout support for using the IAIK provider without the necessity
|
iaik.asn1.structures.AlgorithmID | NF | New method getJcaStandardName() that returns the JCA standard |
iaik.pkcs.pkcs8 | NF, C | Enhanced PrivateKeyInfo about optional attributes and publicKey fields according to RFC 5958 OneAsymmetricKey syntax. Added implementation about RFC 5958 AsymmetricKeyPackage type. |
iaik.security.cipher.AESCBCCMac* | C | Creates random iv (instead of default iv of all zeros as specified by BSI standard) if iv is not explicitly specified. |
iaik.security.cipher | NF | GCM mode now also supports the JDK GCM Cipher API introduced by Java7 |
iaik.security.cipher | B | Fixed GCM increment function. |
iaik.security.cipher.GCMParameters | NF | New method checkKeyAndNonceReuse allowing to enable a check that a GCM Cipher is not reused for encryption a second time without re-initialization (to ensure that same key and nonce pair are used again). |
iaik.security.cipher.CCMParameters, iaik.security.cipher.GCMParameters | C | When having parsed CCM/GCMParameters that do contain a default aes-ICVlen (macLength) component (12) the aes-ICVlen (macLength) component is also included when encoding the parameters again. New static method setIncludeDefaultMacLengthInEncding added allowing to decide to include a default macLength component anytime when encoding CCM/GCM parameters (may be required for compatibility reasons). |
iaik.security.dsa | NF | Added SHA-3 based DSA Signature engines: “SHA3-224withDSA”, “SHA3-256withDSA”, “SHA3-384withDSA”, “SHA3-512withDSA”. |
iaik.security.provider.IAIK | NF | Added aliases “AES_128” “AES_192”, “AES_256”, “AESWrap_128”, “AESWrap_192”, “AESWrap_256”, “Camellia_128” “Camellia_192”, “Camellia_256”, “CamelliaWrap_128”, “CamelliaWrap_192”, “CamelliaWrap_256” according to the JDK Standard Algorithm Names conventions. |
iaik.security.keystore.IAIKKeyStore | C | Uses stronger algorithms for mac calculation and encryption (HmacSHA3-512, AES 256 bit) and increased salt and iteration count values. Reading of old format still supported. Now keeps encoded certificate representation to avoid de-re-encoding issues. |
iaik.security.provider.IAIK | C | Uses iaik.x509.X509CertificateFactory as default CertificateFactory. |
iaik.security.mac | NF | Added SHA-3 based HMAC Mac and KeyGenerator engines: |
iaik.security.mac | NF | Added SHA-512/224, SHA-512/256 based HMAC Mac and KeyGenerator engines: “HmacSHA512/224”, “HmacSHA512/256” |
iaik.security.rsa | NF | Added SHA-3 based RSASSA-PKCS1-v1_5 Signature engines: |
iaik.security.rsa | NF | Added SHA-512/224, SHA-512/256 based RSASSA-PKCS1-v1_5 Signature engines: “SHA512/224withRSA”, “SHA512/256withRSA”. |
iaik.utils.DumpKeyStore | C | Skips secret key entries. Now uses keystore entry alias as file name |
iaik.x509.attr.AttributeCertificateFactory | NF | CertificateFactory implementation for parsing attribute certificates and ACRLs added. |
iaik.x509.qualified.X509QualifiedCertificateFactory | NF | CertPath supporting QualifiedCertificateFactory added. |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
* | NF, C | jar files signed with old (for supporting old DSA JCE Root CA) and new (for supporting new RSA JCE Root CA) IAIK-JCE provider certificates. The new certificate provides a stronger protection (SHA256withRSA) than the old one (SHA1withDSA). The new JCE Root CA is effective for Java versions 8u121, 7u131, 6u141 upwards. To support other (former) Java versions the |
iaik.asn1.structures.AlgorithID, iaik.security.provider.IAIK | NF | Added AlgorithmIDs and aliases (2.16.840.1.101.3.4.3.3, 2.16.840.1.101.3.4.3.4) for the dsaWithSHA384 and dsaWithSHA512 signature algorithms. |
iaik.asn1.structures.ChoiceOfTime | B | Fixed milli seconds representation when creating a ChoiceOfTime object of type GeneralizedTime from a Date object. |
iaik.security.cipher | B | Fixed internal buffering and input length calculation for CCM mode. |
iaik.security.cipher.AESCBCCMac128, iaik.security.cipher.AESCBCCMac192, iaik.security.cipher.AESCBCCMac256 | NF | Implementation of the BSI TR-03109-1 AES-CBC-CMAC authenticated encryption cipher family (ciphers, key generators, algorithm parameters, secret key |
iaik.security.cipher.CCMParameters, iaik.security.cipher.GCMParameters | B | Fixed default encoding (to not include aes-ICVlen component if default length (12) is used). |
iaik.security.cipher.ChaCha20 | NF | Implementation of the ChaCha20 stream cipher as specified by RFC 7539. |
iaik.security.random.SecRandom | NF | Added method getAlgorithm() to also can be called when creating the SecureRandom object in the old way by using the PRNG class constructor (and not calling SecureRandom.getInstance()). |
iaik.security.random.HMacSHA384SP80090Random | B | Fixed to actually use HMacSHA384 (used HMacSHA512 so far when creating the HMacSHA384SP80090Random object in the old way by using its constructor). |
iaik.security.random | C | Synchronized engineGetBytes, engineSetSeed |
iaik.x509.NetscapeCertRequest | NF | Method getChallenge() added to get the challenge from the request. Constructors/methods added allowing to create and sign a NetscapeCertRequest from scratch. |
iaik.x509.extensions.qualified.structures.etsi.QcType | NF | Implementation of the ETSI EN 319 412-5 QcType QCStatementInfo for declaring the type(s) of EU qualified certificates. |
iaik.x509.X509Certificate, iaik.x509.RevokedCertificate, iaik.x509.attr.AttributeCertificate, iaik.x509.attr.IssuerSerial, iaik.x509.ocsp.CertID | NF, C | Added hexadecimal representation to serial number output of toString() method. |
iaik.x509.ocsp.extensions.CrlID | NF, C | Changed toString method to output the crl number in hexadecimal representation. |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
demo.pkcs.EnvelopedDataOAEP | C | Shows usage with non-default OAEP parameters. Now uses standard RSA-OAEP algorithm oid. |
iaik.asn1.ASN | C | Default ASN.1 types are now registered by their class name to avoid static initialization dependencies. |
iaik.asn1.ASN1 | NF | Method readEncoded allowing to read the encoding of an ASN.1 object from a stream without keeping the internal ASN.1 structure in memory. |
iaik.asn1.structures.AlgorithmID | B | Fixed NULL/absent parameter handling when parsed from an InputStream ( AlgorithmID(DerInputStream)). |
iaik.asn1.structures.PolicyQualifierInfo | C | Tighter explicit text check. |
iaik.pkcs.pkcs1.PKCS1v15Padding, iaik.pkcs.pkcs1.OAEPPadding | C | Made unpadding more time constant. |
iaik.pkcs.pkcs1.RSACipher | NF, C | When Cipher is used in ENCRYPT mode for signature creation with CRT keys the signature value is verified as countermeasure against RSA CRT key leaks. The check can be disabled by new static method RSACipher.setDoVerifyCRTSignature(false);. The check is not performed for PSS signatures since they are not deterministic. |
iaik.pkcs.pkcs1.RSAOaepParameters | B | Fixed pSourceAlgorithm DEFAULT parameter check. |
iaik.pkcs.pkcs1.PKCS1AlgorithmParameters, iaik.pkcs.pkcs1.MGF1Parameters, iaik.pkcs.pkcs1.RSASSAPkcs1v15Parameters, iaik.pkcs.pkcs1.RSAOaepParameters, iaik.pkcs.pkcs1.RSAPssParameters, | C | When init from encoding ( init(byte[] params)) the encoded parameters are kept to be returned unchanged when getEncoded() is called. |
iaik.pkcs.pkcs1.RSAOaepPSourceParameterSpec | C | Check for right label encoding. |
iaik.security.md.SHA3_224, iaik.security.md.SHA3_256, iaik.security.md.SHA3_384, iaik.security.md.SHA3_512 | NF | MessageDigest engines for the NIST FIPS PUB 202 Secure Hash Algorithm 3 |
iaik.security.md.SHAKE128InputStream, iaik.security.md.SHAKE256InputStream, | NF | InputStream implementations for the NIST FIPS PUB 202 Secure Hash Algorithm 3 |
iaik.x509.RevokedCertificate | B | Fixed possible NullpointerException in method toString. |
iaik.x509.X509CRL | B | Fixed possible NullpointerException in method setSignature. |
iaik.x509.net.ldap.LdapURLConnection | C | connect: if readTimeOut is set, register it also as JNDI com.sun.jndi.ldap.read.timeout environment property. |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
iaik.pkcs.pkcs12.PKCS12KeyStore | C | Method engineLoad now checks unencrypted AuthenticatedSafe objects for CertificateBags, too |
iaik.x509.ocsp | C | BasicOCSPResponse, SingleResponse, RevokedInfo, ArchiveCutoff: milliseconds are not included in GeneralizedTime encodings for compatibility to RFC 6960 |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
iaik.asn1.ASN1String iaik.asn1.PrintableString | C | Method equals does not check the ASN.1 String type anymore; only the value is compared |
iaik.pkcs.pkcs7 | NF, C | Changed default content encryption algorithm parameter management for EncryptedContentInfo, EnvelopedData and SignedAndEnvelopedData to try to get algorithm specific parameters from the content encryption algorithm id |
iaik.pkcs.pkcs7.SignedAndEnvelopedDataStream | NF | Added SignedAndEnvelopedDataStream(InputStream is, AlgorithmID contentEA, int keyLength) |
iaik.pkcs.pkcs7.SignedAndEnvelopedData | C | Changed SignedAndEnvelopedData(byte[] content, AlgorithmID contentEA, int version) For backwards compatibility to prior versions the keyLength parameter is interpreted as version if it has one of the two only possible version values 1 (default; indicating a PKCS#7v1.5 SignedAndEnvelopedData) or 2 (indicating a PKCS#71.6 SignedAndEnvelopedData). |
iaik.pkcs.pkcs7.SignedAndEnvelopedData | NF | Added SignedAndEnvelopedData(byte[] content, AlgorithmID contentEA, int keyLength, int version) constructor. |
iaik.pkcs.pkcs12.PKCS12KeyStore | NF, C | When searching for the certificate that belongs to the private key and no match is found between the localeKeyId attribute of the KeyBag and the lokaleKeyId attribute of any CertBag, the friendlyName attribute is checked, if present. Also the friendlyName is checked if more than one CertBag has the same localKeyId as the KeyBag. |
iaik.pkcs.pkcs12.PKCS12KeyStore | NF, C | Support for setting/getting of certificate (trust) entries. |
iaik.security.provider.IAIK | NF, B, C | New static method setCopyCipherData(boolean) allows to decide whether to internally copy cipher data when Cipher encryption/decryption uses the same array for input/output (default: false). |
iaik.security.random.SeedGenerator | C | Method setDefault sets the provided class also as default VarLengthSeedGenerator, if applicable |
iaik.security.rsa.RipeMd256RSASignature | B | Fixed DigestInfo prefix (length) encoding. |
iaik.x509 | B | If GeneralizedTime is used, milliseconds are not included in the encodings of X.509 types |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
* | NF, C | jar files signed with new JCE code signing certificate. |
* | NF | Included jar file versions containing the “Trusted-Library=true” |
iaik.asn1.ASN1 | B | Fixed push back handling in decoding routine. |
iaik.asn1.CON_SPEC | NF, C | forceImplicitlyTagged: workaround trying to handle |
iaik.asn1.structrues.AlgorithmID | C | Registered java.security.spec.DSAParameterSpec as |
iaik.asn1.structrues.AlgorithmID | C | Method getAlgorithmParameterSpec(Class parameterSpecClass, String provider) again does not throw an InvalidAlgorithmParameterException if parameterSpecClass is not specified. Rather it returns null in this case to avoid problems due to missing parameter implementation registration. |
iaik.security.provider.IAIK | NF, C | Added some MessageDigest aliases (OIDs). |
iaik.security.dsa, iaik.security.rsa, iaik.iso.iso9796 | C | Signature engines now extended from java.security.SignatureSpi |
iaik.security.rsa.SSLRSASignature | B | Fixed signature verification. |
iaik.x509 | C | Improved extensions memory management to support, |
iaik.x509.extensions.ExtendedKeyUsage | NF | Added tsl-signing key purpose id (0.4.0.2231.3.0) as |
iaik.x509.ocsp.* | NF | Aligned with new OCSP version (RFC 6960); added implementation |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
iaik.asn1.ObjectID | NF | Added the COSINE LDAP/X.500 Schema attribute personalTitle, |
iaik.asn1.structures.AlgorithmID | NF | Added method setDefaultEncodeAbsentParametersAsNull allowing to change the default behaviour for encoding absent AlgorithmID parameters as ASN.1 NULL or omitting the parameters field. |
iaik.asn1.structures.AlgorithmID, iaik.security.provider.IAIK | NF | Added AlgorithmIDs and OID aliases for HMAC/SHA224, HMAC/SHA256, HMAC/SHA384, |
iaik.asn1.structures.AlgorithmID | NF, C | Added additional implementation names for some AlgorithmIDs. Changed default implementation names for: sha1WithRSAEncryption Changed OID of AlgorithmID.dsaWithSHA1 from 1.3.14.3.2.27 to 1.2.840.10040.4.3. |
iaik.pkcs.pkcs5.PBKDF2 iaik.pkcs.pkcs5.PBKDF2KeyAndParameterSpec iaik.pkcs.pkcs5.PBKDF2ParameterSpec iaik.pkcs.pkcs5.PBKDF2Parameters | NF | Added parameter implementation and (parameter based) pseudorandom function agility for PKCS#5 PBKDF2 key derivation function. |
iaik.pkcs.pkcs5.PBKDF2.PBKDF2WithHmacSHA1 iaik.pkcs.pkcs5.PBKDF2.PBKDF2WithHmacSHA224 iaik.pkcs.pkcs5.PBKDF2.PBKDF2WithHmacSHA256 iaik.pkcs.pkcs5.PBKDF2.PBKDF2WithHmacSHA384 iaik.pkcs.pkcs5.PBKDF2.PBKDF2WithHmacSHA512 | NF | Added PBKDF2 KeyGenerator engines for HmacSHA1, KeyGenerator.getInstance(“PBKDF2WithHmacSHA1”, “IAIK”); |
iaik.pkcs.pkcs7.RSACipherProvider | NF | New method setDefault() allowing to set a RSACipherProvider to be used as default. |
iaik.pkcs.pkcs8.PrivateKeyInfo iaik.pkcs.pkcs8.RawPrivateKey | NF, C | PrivateKeyInfo.getPrivateKey() now returns a generic RawPrivateKey object if no specific KeyFactory is available for the private key algorithm. The RawPrivateKey allows to get some information about the key (algorithm, encoding). |
iaik.security.cipher.CAST128Parameters | B | Fixed parameter decoding (optional iv) |
iaik.security.cipher.PBES2Cipher iaik.pkcs.pkcs5.PBES2ParameterSpec iaik.pkcs.pkcs5.PBES2Parameters | NF | Added Cipher engine and parameter implementation for the PKCS#5 PBES2 password based encryption scheme. Cipher.getInstance(“PBES2”, “IAIK”); |
iaik.security.cipher.PbeWithMD5AndDES_CBC iaik.security.cipher.PbeWithSHAAnd3_KeyTripleDES_CBC iaik.security.cipher.PbeWithSHAAnd40BitRC2_CBC | C | Now first try to get PBE AlgorithmParameters from provider IAIK. |
iaik.security.cipher.PBES2Cipher.PBES2WithHmacSHA1AndAES iaik.security.cipher.PBES2Cipher.PBES2WithHmacSHA256AndAES iaik.security.cipher.PBES2Cipher.PBES2WithHmacSHA384AndAES192 iaik.security.cipher.PBES2Cipher.PBES2WithHmacSHA512AndAES256 iaik.security.cipher.PBES2Cipher.PBES2WithHmacSHA1AndDESede | NF | Added PBBES2 Cipher engines for HmacSHA1 and AES, HmacSHA256 and AES, HmacSHA384 and AES192, HmacSHA512 and AES256, HmacSHA1 and DESede: Cipher.getInstance(“PBES2WithHmacSHA1AndAES”, “IAIK”); |
iaik.security.cipher.SecretKey | C | Fixed algorithm name check in equals method |
iaik.security.pbe.PBEParameterGenerator | C | Default iteration count for encryption set to 2000 |
iaik.security.random.SecRandom | C | Changed default PRNG to SHA256FIPS186Random |
iaik.utils.RFC2253NameParser | NF | Registered the COSINE LDAP/X.500 Schema attribute personalTitle, |
iaik.utils.Util | NF | New method setDefaultRFC2253StringEscaping allowing to set the default escaping mechanism (strict or non strict) for RFC2253 String representations of Name, RDN and AVA objects. |
iaik.utils.ConvertKeyStore | B, C | Now really converts one KeyStore to another (and not dumps the contents as the DumpKeyStore utility). |
iaik.utils.Util | C | getUTF8EncodingFromString, getUTF8EncodingFromCharArray, getCharFromUTF8Array now also use UTF8CodingException instead of general CodingException. |
iaik.x509.PublicKeyInfo iaik.x509.RawPublicKey | NF, C | PublicKeyInfo.getPublicKey() now returns a generic RawPublicKey object if no specific KeyFactory is available for the public key algorithm. The RawPublicKey allows to get some information about the key (algorithm, encoding). |
iaik.x509.attr.* iaik.x509.attr.Clearance | C | Attribute Certificate implementation aligned with new PKIX specification (RFC 5755); Cleareance components are no more tagged when building their ASN.1 representation |
iaik.x509.extensions.qualified.structures.etsi.QcEuSSCD | NF | Added implementation of the ETSI EN 319 412-5 QcEuPDS QCStatementInfo |
iaik.x509.ocsp.OCSPExtensions iaik.x509.ocsp.extensions.Nonce | C | According to OCSP spec clarification about the ASN.1 syntax of the Nonce extension, the Nonce value is wrapped into an ASN.1 OCTET STRING before putting it into the OCSP Extension extnValue OCTET STRING; new method Nonce.setWrapNonceValue(false); allows to fall back |
iaik.x509.ocsp.net.HttpOCSPRequest | C | postRequest: accept application/ocsp-response with parameters in content-type header, too. |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
iaik.security.cipher | B | fixed performance regression of AES-GCM/CCM in combination with the AES addon in Windows |
iaik.utils.PasswordStrengthChecker | C | improved password strength computation |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
* | C | overall stability improvements |
iaik.security.cipher | NF | new IAIK-JCE addon that comes with native support for Intel’s AES-NI instruction |
iaik.security.md | NF | added SHA-3 candidate message digest algorithms:
|
iaik.security.md | NF | added GOST-3411 message digest algorithm |
iaik.security.md | NF | added new SHA-512 based message digest algorithms: SHA-512/224, and SHA-512/256 |
iaik.security.mac | NF | added GOST-3411 HMAC algoritm |
iaik.utils.IAIKPasswordStore | NF | added password store |
iaik.utils.PasswordGenerator | NF | added password generator class |
iaik.utils.PasswordStrengthChecker | NF | added password strength checker (requires JDK1.4 or higher) |
iaik.security.rsa | B | fixed inconsistency with smallest key sizes in RSAKeyPairGenerator |
iaik.utils.RFC2253NameParser | B | fixed parsing of hex pair escape sequence |
iaik.security.mac.CBCMac | NF | implementation of the CBC MAC algorithm for AES, DESede, DES according to ISO/IEC 9797-1 |
iaik.x509.ocsp.extensions.CrlID | NF | added set/getCrlNumber methods allowing to set/get the crl number as BigInteger |
iaik.asn1.strutures.AlgorithmID | C | SHA/SHA-1 algorithm/implementation name changed to SHA1 |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
* | C | JDK 1.1.x is no longer supported. Supported Java version are 1.2, 1.3, 1.4, 1.5 (5.0), 1.6 (6.0), 1.7 (7.0)) and compatible. |
* | C | overall performance improvements (e.g. of hash functions, ciphers, etc.) |
* | C | now security-critical parts of the library use safe comparisons in order to prevent timing attacks (so for example GCM and CCM) |
iaik.asn1.UNKOWN | C | method encode implemented |
iaik.security.cipher | C | performance improvements affecting repeated invocations of Cipher.doFinal() |
iaik.security.cipher.GCM | C | – up to 3.52 times higher throughput of the GCM mode (on 32-bit Windows systems) compared to version 3.181 – up to 2.11 times higher of GCM mode (on 64 bit systems) compared to version 3.181 (on 64 bit systems) |
iaik.security.cipher.CCM | B | – fixed wrong computation of maximum input length, and – 8% higher throughput on 64-bit systems |
iaik.security.keystore.IAIKKeyStore | C | method engineLoad() throws IOException if a null password has been |
iaik.security.md | C | – up to 63% higher throughput of RipeMd128 on 32-bit systems (depending on the input length), – up to 55% higher throughput of RipeMd160 on 32-bit Windows systems (depending on the input length), |
iaik.security.md | NF | new message digests: RipeMd256 and RipeMd320 |
iaik.security.provider.IAIK | NF | new PRNG registrations: – SHA1PRNG, SHA256PRNG, SHA384PRNG, SHA512PRNG, MD5PRNG, RipeMd128PRNG, RipeMd160PRNG, WhirlpoolPRNG, – SHA1PRNG-FIPS, SHA256PRNG-FIPS, SHA384PRNG-FIPS, SHA512PRNG-FIPS, RipeMd160PRNG-FIPS (FIPS-186-2 PRNGs), – 3DESPRNG (corresponds to ANSIRandom class), – SHA1PRNG-SP80090, SHA224PRNG-SP80090, SHA256PRNG-SP80090, SHA384PRNG-SP80090, SHA512PRNG-SP80090 (new hash based NIST SP800-90 PRNGs), – HMacSHA1PRNG-SP80090, HMacSHA224PRNG-SP80090, HMacSHA256PRNG-SP80090, HMacSHA384PRNG-SP80090, HMacSHA512PRNG-SP80090 (new HMAC based NIST SP800-90 PRNGs), – AES128PRNG-SP80090, AES192PRNG-SP80090, AES256PRNG-SP80090 (new block cipher based NIST SP800-90 PRNGs), as well as new RSA key pair generator registrations: – RSA-FIPS, RSA-OAEP-FIPS, RSA-PSS-FIPS |
iaik.security.provider.IAIK | C | Method addAsJDK14Provider() deprecated; IAIK provider can be added as first provider by calling IAIK.addAsProvider or Security.insertProviderAt(new IAIK(), 1); |
iaik.security.provider.IAIK | C | Since JDK 1.1 compatiblity is no more required, registration of algorithm engines can be done |
iaik.security.random | NF | transition to the SecureRandom framework. Now, SecureRandom instances can (and should) be obtained using SecureRandom.getInstance(). Code sample: SecureRandom random = SecureRandom.getInstance(“SHA1PRNG”, “IAIK”); |
iaik.security.random | NF | new NIST SP800-90 pseudo-random number generators based on – SHA1 – SHA-224 – SHA-256 – SHA-384, and – SHA-512 added. |
iaik.security.random | NF | new NIST SP800-90 pseudo-random number generators based on – HMac/SHA1 – HMac/SHA-224 – HMac/SHA-256 – HMac/SHA-384, and – HMac/SHA-512 added. |
iaik.security.random | NF | new NIST SP800-90 pseudo-random number generators based on – AES-128 – AES-192 – AES-256 added. |
iaik.security.random.SecRandom | C | Method SecRandom.setDefault(Class) is now deprecated; use SecRandom.setDefault(String) instead |
iaik.security.rsa | NF | new RSA signature class based on RipeMd256: RipeMd256RSASignature Code sample: Signature sig = Signature.getInstance(“RipeMd256withRSA”, “IAIK”); |
iaik.security.rsa.RSAKeyPairGenerator | C | the key pair generation is now based on IEEE P1363. |
iaik.security.rsa.RSAOaepKeyPairGenerator | C | the key pair generation of the OAEP key pair generator is now based on IEEE P1363. |
iaik.security.rsa.RSAPssKeyPairGenerator | C | the key pair generation of the Pss key pair generator is now based on IEEE P1363. |
iaik.security.rsa.RSAKeyPairGeneratorFIPS | NF | new key pair generator that is based on the FIPS-186-3 standard. |
iaik.security.rsa.RSAOaepKeyPairGeneratorFIPS | NF | OAEP key pair generator that is based on the new FIPS-186-3 key pair generator. |
iaik.security.rsa.RSAPssKeyPairGeneratorFIPS | NF | PSS key pair generator that is based on the new FIPS-186-3 key pair generator. |
iaik.security.rsa.RawRSAPkcs1v15Signature | NF, C | Verification now checks both absent and NULL digest algorithm parameters. |
iaik.utils.Utils | C | performance improvements of several central methods (note that this also affects the overall performance) |
iaik.utils.CryptoUtils | C | performance improvements of several central methods (note that this also affects the overall performance) |
iaik.utils.CryptoUtils | NF | new method overloads: many important helper methods are now not only availaible for the datatype byte[], but also for the datatypes int[] and long[] |
iaik.utils.CryptoUtils | NF | two new secureEqualsBlock methods that provide a timing-attack-resistant way to compare two byte arrays. |
iaik.utils.CryptoUtils | NF | new addModBlockSize method that allows the addition of two blocks modulo a specific blocksize. |
iaik.utils.NumberTheory | C | millerRabin is now implemented according to IEEE P1363. |
iaik.x509.X509Certificate iaik.x509.X509CRL iaik.x509.X509Extensions iaik.x509.RevokedCertificate | NF | New method getRawExtensionValue to get the raw DER encoded extension (not wrapped into an OCTET STRING) |
Class or Package | Bug / Change / New Feature | Description and Examples |
---|---|---|
* | C | Where possible Hashtables are replaced by HashMaps to increase |
iaik.security.cipher.CamelliaKeyWrap | NF | Support for the CamelliaKeyWrap algorithm for wrapping Camellia Camellia content encryption keys with Camellia key encryption keys according to RFC 3657 added. |
iaik.security.cipher.HMACwithAESwrap | NF | Support for the HMACwithAESwrap algorithm for wrapping HMAC message authentication code keys |
iaik.x509.attr.ACRL | B | addCertificate(AttributeCertificate cert, Date revocationDate): Use critical CertificateIssuer |
iaik.x509.X509CRL | C | listCertificates: the order in the Enumeration of revocation entries reflects the structure of the crl (for each certificate issuer of an indirect crl the first RevokedCertificate contains the CertificateIssuer extension with the name of the certificate issuer) |
iaik.x509.X509Extensions | C | addExtension: now throws an IllegalArgumentException when trying to add a critical/non critical |
jdk11x_update.jar | NF, C | contains a simple (Hashtable based and therefore still access synchronized) HashMap implementation to allow JDK independent use of HashMaps |
JSSE fails with IAIK as first provider with an exception saying that that the trust store cannot be accessed because of a KeyStore parsing error.
Problem: When connecting to a TLS/HTTPS server using JSSE with IAIK as first provider the connection fails with an exception saying that that the trust store cannot be accessed because of a KeyStore parsing error. A typical exception stacktrace may look like:
Exception in thread "main" java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) at java.base/javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:263) at java.base/javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:270) at java.base/sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:413) at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:162) at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474) at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569) at java.base/sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:265) at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:372) at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1181) at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1075) at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1581) at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509) at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:245) at java.base/java.net.URL.openStream(URL.java:1117) Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) at java.base/java.security.Provider$Service.newInstance(Provider.java:1831) at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236) at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:164) at java.base/javax.net.ssl.SSLContext.getInstance(SSLContext.java:168) at java.base/javax.net.ssl.SSLContext.getDefault(SSLContext.java:99) at java.base/javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:123) at java.base/javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:335) at java.base/javax.net.ssl.HttpsURLConnection.(HttpsURLConnection.java:292) at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.(HttpsURLConnectionImpl.java:95) at java.base/sun.net.www.protocol.https.Handler.openConnection(Handler.java:62) at java.base/sun.net.www.protocol.https.Handler.openConnection(Handler.java:57) at java.base/java.net.URL.openConnection(URL.java:1051) ... 2 more Caused by: java.security.KeyStoreException: problem accessing trust store at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73) at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:278) at java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.getTrustManagers(SSLContextImpl.java:1052) at java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.(SSLContextImpl.java:1022) at java.base/sun.security.ssl.SSLContextImpl$DefaultSSLContext.(SSLContextImpl.java:1197) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490) at java.base/java.security.Provider.newInstanceUtil(Provider.java:153) at java.base/java.security.Provider$Service.newInstance(Provider.java:1824) ... 13 more Caused by: iaik.pkcs.pkcs12.PKCS12ParsingException: iaik.pkcs.PKCSParsingException: ASN.1 creation error: iaik.asn1.CodingException: Length: Too large ASN.1 object: 109 at iaik.pkcs.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:362) at iaik.utils.UniveralKeyStore.engineLoad(UniveralKeyStore.java:935) at java.base/java.security.KeyStore.load(KeyStore.java:1479) at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:365) at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:313) at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:55) at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49) ... 23 more
The root exception also may be “masked” causing an exception message like: ” Unable to execute HTTP request: No X509TrustManager implementation available”.
Solution: Oracle has changed the JDK default KeyStore format from “JKS” to “PKCS12”, but still uses the JKS format for its cacerts default KeyStore. When, for instance, an application uses JSSE to connect to some TLS/HTTPS server (and does not have explicitly set some trust store) JSSE tries to read the certificates from the default cacerts KeyStore by instantiating a KeyStore with the default format (“PKCS12”). When IAIK is installed as first provider the PKCS12 KeyStore of the IAIK provider is instantiated and tries to parse the cacerts KeyStore. This, however, must fail since cacerts is a JKS KeyStore which cannot be read by the IAIK PKCS12KeyStore (that, of course, expects a KeyStore in PKCS12 format). The TLS/HTTPS connection attempt will fail with an Exception saying that the trust store cannot be accessed because of a KeyStore parsing problem.
There are several work arounds for solving this problem (and keeping IAIK as first provider):
java -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.keyStoreType=jks ...
PKCS12KeyStore.setUSEJKSFallBack(true);
Note that in the last case (using PKCS12KeyStore.setUSEJKSFallBack(true);) the IAIK PKCS12KeyStore will be advised to try the JKS format anytime it fails to parse a PKCS#12 KeyStore. This may cause some overhead. For that reason — and because you may not notice that you read a JKS KeyStore while you are expecting to read a PKCS#12 KeyStore — the JKS fallback mechanism is disabled by default and has to be explicitly enabled by calling PKCS12KeyStore.setUSEJKSFallBack(true);.
When using IAIK-JCE and trying to get an JCE engine an ExceptionInInitializerError is thrown saying „Cannot set up certs for trusted CAs“. I am using JDK 1.4.
With JDK1.4 the JCE framework (JAVAX CRYPTO) has been incorporated into the standard JDK. Because of export regulations a JCE provider only maybe used with JDK1.4 (or JCE 1.2.1) if it is signed. IAIK-JCE provides signed and unsigned versions of its jar files (iaik_jce.jar, iaik_jce_full.jar). Using the unsigned version with JDK 1.4 will cause the ExceptionInInitializerError „Cannot set up certs for trusted CAs“. Please use the signed jar file. You also may ensure that the right JCE policy files are installed in the lib/security directory.
When installing the IAIK provider (signed version) as first provider and trying to get an JCE engine a stack overflow error occurs. I am using JDK 1.4.
Due to a bug in the JDK jar file verification mechanism it may be necessary that the original SUN provider is installed as first provider. So insert the Stiftung SIC provider as second provider and explicitly request an IAIK engine when calling getInstance:
Security.insertProviderAt(new IAIK(), 2); Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding", "IAIK");
Alternatively you may use static method addAsJDK14Provider of the IAIK-JCE provider main class. This method uses a work around that allows to use IAIK as first provider for JDK1.4, too:
IAIK.addAsJDK14Provider();
JDK 1.5.0_02 and later already have fixed the jar file verification problem. For this versions the IAIK provider
can be installed as first provider in the convential way (or registered statically):
Security.insertProviderAt(new IAIK(), 1);
Using IAIK-JCE (signed version) and trying to perform a TripleDES encryption gives a InvalidKeyException. It works with JDK 1.3, but not with JDK1.4. (This exception may occur wrapped into an InternalErrorException when, for instance, trying to de/encrypt PKCS#8 or PKCS#12 files).
Due to import control restrictions of some countries, JDK1.4 per default comes with jurisdiction policy files allowing “strong” but limited cryptography; so keys that exceed the allowed strength are not allowed to be used by this policy. If you are entitled to do so, you may download and install an “unlimited strength” version of these files (http://java.sun.com/j2se/1.4/download.html)
With former versions of IAIK-JCE I have has used method getExtensionValue of class X509Certificate to get the extension value of some specific extension. When, for instance, quering for a BasicConstraints extension I got the DER encoding of the SEQUENCE representing the ASN.1 representation of a BasicContraints extension. Now I get the DER encoding of an OCTET STRING.
To be compatible with the standard JDK certificate API we had to change method getExtensionValue to return the encoding of the OCTET STRING extnValue:
Extension ::= SEQUENCE { extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING }
The value of the extnValue OCTET_STRING represents the DER encoding of the Extension in mind itself; so you may have to add a second decoding step, e.g.:
byte[] extnValueEnc = cert.getExtensionValue(); OCTET_STRING extnValue = DerCoder.decode(extnValueEnc); ASN1Object asn1Extension = DerCoder.decode(extnValue.getValue());
However, generally it might be more appropriate to call method getExtension immediately (except when forced to produce provider independent code):
BasicConstraints bc = (BasicConstraints)cert.getExtension(BasicConstraints.oid);
When trying to parse a PKCS#7 SignedData object I get an decoding error saying “Next ASN.1 object is no INTEGER!”
In practice PKCS#7 objects like SignedData or EnvelopedData are wrapped into a ContentInfo before transmission to tell the recipient the PKCS#7 content type (s)he has to deal with. When parsing your SignedData object you first have to unwrap the ContentInfo as shown in demo.pkcs.TestContentInfo, e.g.:
// the stream from which to read the PKCS#7 object InputStream is = ...; // the stream from which to read the content in explicit mode InputStream message = ...; // create the ContentInfo object ContentInfoStream cis = new ContentInfoStream(is); System.out.println("This ContentInfo holds content of type " + cis.getContentType().getName()); SignedDataStream signed_data = null; if (message == null) { // implicitly signed; get the content signed_data = (SignedDataStream)cis.getContent(); } else { // explicitly signed; set the data stream for digesting the message; // we assume here that SHA-1 and MD5 have been used for digesting AlgorithmID[] algIDs = { AlgorithmID.sha1, AlgorithmID.md5 }; signed_data = new SignedDataStream(message, algIDs); } // get an InputStream for reading the signed content InputStream data = signed_data.getInputStream(); OutputStream os = ...; StreamCopier sc = new StreamCopier(data, os); sc.copyStream(); if (message != null) { // if explicitly signed now decode the SignedData signed_data.decode(cis.getContentInputStream()); } // now you may verify the signature(s) System.out.println("SignedData contains the following signer information:"); SignerInfo[] signer_infos = signed_data.getSignerInfos(); for (int i=0; i<signer_infos.length; i++) { try { // verify the signed data using the SignerInfo at index i X509Certificate signer_cert = signed_data.verify(i); // if the signature is OK the certificate of the signer is returned System.out.println("Signature OK from signer: "+signer_cert.getSubjectDN()); } catch (SignatureException ex) { // if the signature is not OK a SignatureException is thrown System.out.println("Signature ERROR from signer: "+ signed_data.getCertificate(signer_infos[i].getIssuerAndSerialNumber()).getSubjectDN()); ex.printStackTrace(); } }
A certificate generated with IAIK-JCE causes Netscape 4.7 to crash. The certificate contains non printable characters in its subjectDN common name.
RFC2459 recommends to use UTF8String as default encoding. Where the character set is sufficient, PrintableString maybe used. For that reason IAIK-JCE uses PrintableString as default encoding for AVA string attribute values, but switches to UTF8String if the string value does contain non printable characters.
UTF8String, however, may not be handled by older versions of certificate processing applications like Netscape 4.7. You either may switch do a more recent version of Netscape or use static method setNonPrintableDefaultEncoding of class AVA to change the default secondary encoding to be used for string values containing non printable characters, e.g.:
AVA.setNonPrintableDefaultEncoding(ASN.BMPString);
I have created a PKCS#7 signature using Microsoft CAPICOM. If the content is included in the SignedData object (implicit mode) I have no problems to verify the signature with the PKCS#7 library of IAIK-JCE. However, if the content is not included (explicit mode) I get a SignatureException saying that the message hash is incorrect: “Signature verification error: message hash!”.
In explicit mode (where the content data is not included in the signature) we have observed that it might be necessary to apply “UnicodeLittleUnmarked” encoding to the data before verifying the Capicom signature, or to avoid using this encoding format right at the sender side as suggested in a former posting to this Newsgroup:
From the signing side (Capicom), the following code was used to read the file and avoid Unicode formatting: ------------------- Dim objUtilities As New CAPICOM.Utilities Open strPathDocToBeSigned For Binary Access Read As #1 ' Removing EOF ReDim abytFile(LOF(1) - 1) Get #1, , abytFile Close #1 strFileContents = objUtilities.ByteArrayToBinaryString(abytFile) ------------------- and after this the normal signing process of strFileContents.
However, with the following sample code you should be able to verify both, explicit and implicit signatures (use the stream based classes if you have to deal with big amounts of data):
import java.io.IOException; import java.io.InputStream; import java.io.FileInputStream; import java.security.NoSuchAlgorithmException; import java.security.SignatureException; import iaik.asn1.CodingException; import iaik.asn1.ObjectID; import iaik.asn1.structures.AlgorithmID; import iaik.asn1.structures.Attribute; import iaik.asn1.structures.ChoiceOfTime; import iaik.pkcs.PKCSException; import iaik.pkcs.pkcs7.ContentInfo; import iaik.pkcs.pkcs7.SignedData; import iaik.pkcs.pkcs7.SignerInfo; import iaik.security.provider.IAIK; import iaik.utils.ASN1InputStream; import iaik.x509.X509Certificate; public class SignedDataParse { public static void main(String[] args) { InputStream is = null; try { byte[] data = null; IAIK.addAsJDK14Provider(); // read in the PKCS#7 SignedData encoding is = new FileInputStream("..."); /* uncomment the follwing line to supply the data in explicit mode; */ // data = "...".getBytes("UnicodeLittleUnmarked"); ASN1InputStream asn1In = new ASN1InputStream(is); byte[] content = getSignedData(asn1In, data); /* uncomment the follwing if the data represents an (UnicodeLittleUnmarked) encoded string */ //String s1 = new String(content, "UnicodeLittleUnmarked"); //System.out.println(s1); System.out.println("Ready"); } catch (Exception ex) { ex.printStackTrace(); } finally { if (is != null) { try { is.close(); } catch (IOException ex) { } } } } /** * Parses a PKCS#7 SignedData object and verifies the signature. * * @param is the input stream supplying the BER encoded PKCS#7 SignedData object. * @param message the content data supplied by other means (only required in explicit mode) * * @return the content data * * @exception PKCSException if an error occurs when parsing the SignedData * @exception IOException if an error occurs when reading from the stream */ static byte[] getSignedData(InputStream is, byte[] message) throws PKCSException, IOException { // create a content info from the encoding ContentInfo ci = new ContentInfo(is); System.out.println("This ContentInfo holds content of type " + ci.getContentType().getName()); SignedData signed_data = null; if (message == null) { //in implicit mode we simply can get the content: signed_data = (SignedData)ci.getContent(); } else { // explicitly signed; set the data for digesting the message; we assume SHA-1 and MD5 AlgorithmID[] algIDs = { AlgorithmID.sha1, AlgorithmID.md5 }; try { signed_data = new SignedData(message, algIDs); // now explicit decode the DER encoded signedData obtained from the contentInfo: signed_data.decode(ci.getContentInputStream()); } catch (NoSuchAlgorithmException ex) { throw new PKCSException(ex.getMessage()); } } System.out.println("SignedData contains the following signer information:"); SignerInfo[] signer_infos = signed_data.getSignerInfos(); for (int i=0; i<<<font id="ezfont"><<font id="ezfont">font id="ezfont">font id='ezfont'</font>>signer_infos.length; i++) { try { // verify the signed data using the SignerInfo at index i X509Certificate signer_cert = signed_data.verify(i); // if the signature is OK the certificate of the signer is returned System.out.println("Signature OK from signer: "+signer_cert.getSubjectDN()); Attribute signingTime = signer_infos[i].getAuthenticatedAttribute(ObjectID.signingTime); if (signingTime != null) { ChoiceOfTime cot = new ChoiceOfTime(signingTime.getValue()[0]); System.out.println("This message has been signed at " + cot.getDate()); } Attribute contentType = signer_infos[i].getAuthenticatedAttribute(ObjectID.contentType); if (contentType != null) { System.out.println("The content has PKCS#7 content type " + contentType.getValue()[0]); } } catch (SignatureException ex) { // if the signature is not OK a SignatureException is thrown System.out.println("Signature ERROR from signer: "+ signed_data.getCertificate(signer_infos[i].getIssuerAndSerialNumber()).getSubjectDN()); ex.printStackTrace(); } catch (CodingException ex) { System.out.println("Attribute decoding error: " + ex.getMessage()); } } return signed_data.getContent(); } }
When creating a PKCS#7 EnvelopedData, is it possible to use OAEP padding when RSA encrypting the secret content encryption key with the recipient´s public key?
There are several ways for using OAEP padding (for instance you may encrypt the content encryption key outside with OAEP and then use the
constructor to supply the already encrypted key), but the most simple way might be to override the RSACipherProvider to use RSA with OEAP padding and set it for the RecipientInfos for which you want to use OAEP (note that you will have to specify a proper AlgorithmID for RSAEncryptionOAEP), e.g.:
public class RSACipherProviderOAEP extends RSACipherProvider { ... /** * En/deciphers the given data using RSA with OAEP padding. * * @param mode the cipher mode, either ENCRYPT (1) or DECRYPT (2) * @param key the key to be used * @param data the data to be en/deciphered: * <ul> * <li>for RecipientInfo cek encryption: the raw content encryption key * <li>for RecipientInfo cek decryption: the encrypted content encryption key * </ul> * * @return the en/deciphered data: * <ul> * <li>for RecipientInfo cek encryption: the encrypted content encryption key * <li>for RecipientInfo cek decryption: the raw (decrypted) content encryption key * </ul> * * @exception NoSuchProviderException if any of the crypto providers of this RSACipherProvider is not suitable * for requested operation * @exception NoSuchAlgorithmException if RSA ciphering is not supported * @exception InvalidKeyException if the supplied key is invalid * @exception GeneralSecurityException if a general security problem occurs */ protected byte[] cipher(int mode, Key key, byte[] data) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, GeneralSecurityException { Cipher rsa = Cipher.getInstance("RSA/ECB/OAEP"); rsa.init(mode, key); return rsa.doFinal(data); } }
On the sender side set your RSA cipher provider for each RecipientInfo you which to use it:
// specify an AlgorithmID for RSA with OAEP padding AlgorithmID rsaEncryptionOAEP = new AlgorithmID("1.2.840.113549.1.1.6", "RSAEncryptionOAEP"); // the recipient certificate X509Certificate recipientCert = ...; // create the RecipientInfo RecipientInfo recipient = new RecipientInfo(recipientCert, rsaEncryptionOAEP); // set the RSA cipher provider for using RSA with OAEP padding recipients[0].setRSACipherProvider(new RSACipherProviderOAEP());
On the receiving side set yout RSA cipher provider before decrypting the encrypted content encryption key:
// the RSA OAEP provider to be used RSACipherProviderOAEP rsaCipherProviderOAEP = new RSACipherProviderOAEP(); ... // get the RecipientInfos RecipientInfo[] recipients = enveloped_data.getRecipientInfos(); for (int i=0; i<recipients.length; i++) { System.out.println("Recipient: "+(i+1)); System.out.print(recipients[i].getIssuerAndSerialNumber()); // set the RSA cipher provider for using RSA with OAEP padding recipients[i].setRSACipherProvider(rsaCipherProviderOAEP); } // decrypt the message envelopedData.setupCipher(recipientPrivateKey, recipientInfoIndex);
JSSE fails with IAIK as first provider with an exception saying that that the trust store cannot be accessed because of a KeyStore parsing error.
Problem: When connecting to a TLS/HTTPS server using JSSE with IAIK as first provider the connection fails with an exception saying that that the trust store cannot be accessed because of a KeyStore parsing error. A typical exception stacktrace may look like:
Exception in thread "main" java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) at java.base/javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:263) at java.base/javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:270) at java.base/sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:413) at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:162) at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474) at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569) at java.base/sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:265) at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:372) at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1181) at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1075) at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1581) at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509) at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:245) at java.base/java.net.URL.openStream(URL.java:1117) Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) at java.base/java.security.Provider$Service.newInstance(Provider.java:1831) at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236) at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:164) at java.base/javax.net.ssl.SSLContext.getInstance(SSLContext.java:168) at java.base/javax.net.ssl.SSLContext.getDefault(SSLContext.java:99) at java.base/javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:123) at java.base/javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:335) at java.base/javax.net.ssl.HttpsURLConnection.(HttpsURLConnection.java:292) at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.(HttpsURLConnectionImpl.java:95) at java.base/sun.net.www.protocol.https.Handler.openConnection(Handler.java:62) at java.base/sun.net.www.protocol.https.Handler.openConnection(Handler.java:57) at java.base/java.net.URL.openConnection(URL.java:1051) ... 2 more Caused by: java.security.KeyStoreException: problem accessing trust store at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73) at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:278) at java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.getTrustManagers(SSLContextImpl.java:1052) at java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.(SSLContextImpl.java:1022) at java.base/sun.security.ssl.SSLContextImpl$DefaultSSLContext.(SSLContextImpl.java:1197) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490) at java.base/java.security.Provider.newInstanceUtil(Provider.java:153) at java.base/java.security.Provider$Service.newInstance(Provider.java:1824) ... 13 more Caused by: iaik.pkcs.pkcs12.PKCS12ParsingException: iaik.pkcs.PKCSParsingException: ASN.1 creation error: iaik.asn1.CodingException: Length: Too large ASN.1 object: 109 at iaik.pkcs.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:362) at iaik.utils.UniveralKeyStore.engineLoad(UniveralKeyStore.java:935) at java.base/java.security.KeyStore.load(KeyStore.java:1479) at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:365) at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:313) at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:55) at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49) ... 23 more
The root exception also may be “masked” causing an exception message like: ” Unable to execute HTTP request: No X509TrustManager implementation available”.
Solution: Oracle has changed the JDK default KeyStore format from “JKS” to “PKCS12”, but still uses the JKS format for its cacerts default KeyStore. When, for instance, an application uses JSSE to connect to some TLS/HTTPS server (and does not have explicitly set some trust store) JSSE tries to read the certificates from the default cacerts KeyStore by instantiating a KeyStore with the default format (“PKCS12”). When IAIK is installed as first provider the PKCS12 KeyStore of the IAIK provider is instantiated and tries to parse the cacerts KeyStore. This, however, must fail since cacerts is a JKS KeyStore which cannot be read by the IAIK PKCS12KeyStore (that, of course, expects a KeyStore in PKCS12 format). The TLS/HTTPS connection attempt will fail with an Exception saying that the trust store cannot be accessed because of a KeyStore parsing problem.
There are several work arounds for solving this problem (and keeping IAIK as first provider):
java -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.keyStoreType=jks ...
PKCS12KeyStore.setUSEJKSFallBack(true);
Note that in the last case (using PKCS12KeyStore.setUSEJKSFallBack(true);) the IAIK PKCS12KeyStore will be advised to try the JKS format anytime it fails to parse a PKCS#12 KeyStore. This may cause some overhead. For that reason — and because you may not notice that you read a JKS KeyStore while you are expecting to read a PKCS#12 KeyStore — the JKS fallback mechanism is disabled by default and has to be explicitly enabled by calling PKCS12KeyStore.setUSEJKSFallBack(true);.
When using IAIK-JCE and trying to get an JCE engine an ExceptionInInitializerError is thrown saying „Cannot set up certs for trusted CAs“. I am using JDK 1.4.
With JDK1.4 the JCE framework (JAVAX CRYPTO) has been incorporated into the standard JDK. Because of export regulations a JCE provider only maybe used with JDK1.4 (or JCE 1.2.1) if it is signed. IAIK-JCE provides signed and unsigned versions of its jar files (iaik_jce.jar, iaik_jce_full.jar). Using the unsigned version with JDK 1.4 will cause the ExceptionInInitializerError „Cannot set up certs for trusted CAs“. Please use the signed jar file. You also may ensure that the right JCE policy files are installed in the lib/security directory.
When installing the IAIK provider (signed version) as first provider and trying to get an JCE engine a stack overflow error occurs. I am using JDK 1.4.
Due to a bug in the JDK jar file verification mechanism it may be necessary that the original SUN provider is installed as first provider. So insert the Stiftung SIC provider as second provider and explicitly request an IAIK engine when calling getInstance:
Security.insertProviderAt(new IAIK(), 2); Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding", "IAIK");
Alternatively you may use static method addAsJDK14Provider of the IAIK-JCE provider main class. This method uses a work around that allows to use IAIK as first provider for JDK1.4, too:
IAIK.addAsJDK14Provider();
JDK 1.5.0_02 and later already have fixed the jar file verification problem. For this versions the IAIK provider
can be installed as first provider in the convential way (or registered statically):
Security.insertProviderAt(new IAIK(), 1);
Using IAIK-JCE (signed version) and trying to perform a TripleDES encryption gives a InvalidKeyException. It works with JDK 1.3, but not with JDK1.4. (This exception may occur wrapped into an InternalErrorException when, for instance, trying to de/encrypt PKCS#8 or PKCS#12 files).
Due to import control restrictions of some countries, JDK1.4 per default comes with jurisdiction policy files allowing “strong” but limited cryptography; so keys that exceed the allowed strength are not allowed to be used by this policy. If you are entitled to do so, you may download and install an “unlimited strength” version of these files (http://java.sun.com/j2se/1.4/download.html)
With former versions of IAIK-JCE I have has used method getExtensionValue of class X509Certificate to get the extension value of some specific extension. When, for instance, quering for a BasicConstraints extension I got the DER encoding of the SEQUENCE representing the ASN.1 representation of a BasicContraints extension. Now I get the DER encoding of an OCTET STRING.
To be compatible with the standard JDK certificate API we had to change method getExtensionValue to return the encoding of the OCTET STRING extnValue:
Extension ::= SEQUENCE { extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING }
The value of the extnValue OCTET_STRING represents the DER encoding of the Extension in mind itself; so you may have to add a second decoding step, e.g.:
byte[] extnValueEnc = cert.getExtensionValue(); OCTET_STRING extnValue = DerCoder.decode(extnValueEnc); ASN1Object asn1Extension = DerCoder.decode(extnValue.getValue());
However, generally it might be more appropriate to call method getExtension immediately (except when forced to produce provider independent code):
BasicConstraints bc = (BasicConstraints)cert.getExtension(BasicConstraints.oid);
When trying to parse a PKCS#7 SignedData object I get an decoding error saying “Next ASN.1 object is no INTEGER!”
In practice PKCS#7 objects like SignedData or EnvelopedData are wrapped into a ContentInfo before transmission to tell the recipient the PKCS#7 content type (s)he has to deal with. When parsing your SignedData object you first have to unwrap the ContentInfo as shown in demo.pkcs.TestContentInfo, e.g.:
// the stream from which to read the PKCS#7 object InputStream is = ...; // the stream from which to read the content in explicit mode InputStream message = ...; // create the ContentInfo object ContentInfoStream cis = new ContentInfoStream(is); System.out.println("This ContentInfo holds content of type " + cis.getContentType().getName()); SignedDataStream signed_data = null; if (message == null) { // implicitly signed; get the content signed_data = (SignedDataStream)cis.getContent(); } else { // explicitly signed; set the data stream for digesting the message; // we assume here that SHA-1 and MD5 have been used for digesting AlgorithmID[] algIDs = { AlgorithmID.sha1, AlgorithmID.md5 }; signed_data = new SignedDataStream(message, algIDs); } // get an InputStream for reading the signed content InputStream data = signed_data.getInputStream(); OutputStream os = ...; StreamCopier sc = new StreamCopier(data, os); sc.copyStream(); if (message != null) { // if explicitly signed now decode the SignedData signed_data.decode(cis.getContentInputStream()); } // now you may verify the signature(s) System.out.println("SignedData contains the following signer information:"); SignerInfo[] signer_infos = signed_data.getSignerInfos(); for (int i=0; i<signer_infos.length; i++) { try { // verify the signed data using the SignerInfo at index i X509Certificate signer_cert = signed_data.verify(i); // if the signature is OK the certificate of the signer is returned System.out.println("Signature OK from signer: "+signer_cert.getSubjectDN()); } catch (SignatureException ex) { // if the signature is not OK a SignatureException is thrown System.out.println("Signature ERROR from signer: "+ signed_data.getCertificate(signer_infos[i].getIssuerAndSerialNumber()).getSubjectDN()); ex.printStackTrace(); } }
A certificate generated with IAIK-JCE causes Netscape 4.7 to crash. The certificate contains non printable characters in its subjectDN common name.
RFC2459 recommends to use UTF8String as default encoding. Where the character set is sufficient, PrintableString maybe used. For that reason IAIK-JCE uses PrintableString as default encoding for AVA string attribute values, but switches to UTF8String if the string value does contain non printable characters.
UTF8String, however, may not be handled by older versions of certificate processing applications like Netscape 4.7. You either may switch do a more recent version of Netscape or use static method setNonPrintableDefaultEncoding of class AVA to change the default secondary encoding to be used for string values containing non printable characters, e.g.:
AVA.setNonPrintableDefaultEncoding(ASN.BMPString);
I have created a PKCS#7 signature using Microsoft CAPICOM. If the content is included in the SignedData object (implicit mode) I have no problems to verify the signature with the PKCS#7 library of IAIK-JCE. However, if the content is not included (explicit mode) I get a SignatureException saying that the message hash is incorrect: “Signature verification error: message hash!”.
In explicit mode (where the content data is not included in the signature) we have observed that it might be necessary to apply “UnicodeLittleUnmarked” encoding to the data before verifying the Capicom signature, or to avoid using this encoding format right at the sender side as suggested in a former posting to this Newsgroup:
From the signing side (Capicom), the following code was used to read the file and avoid Unicode formatting: ------------------- Dim objUtilities As New CAPICOM.Utilities Open strPathDocToBeSigned For Binary Access Read As #1 ' Removing EOF ReDim abytFile(LOF(1) - 1) Get #1, , abytFile Close #1 strFileContents = objUtilities.ByteArrayToBinaryString(abytFile) ------------------- and after this the normal signing process of strFileContents.
However, with the following sample code you should be able to verify both, explicit and implicit signatures (use the stream based classes if you have to deal with big amounts of data):
import java.io.IOException; import java.io.InputStream; import java.io.FileInputStream; import java.security.NoSuchAlgorithmException; import java.security.SignatureException; import iaik.asn1.CodingException; import iaik.asn1.ObjectID; import iaik.asn1.structures.AlgorithmID; import iaik.asn1.structures.Attribute; import iaik.asn1.structures.ChoiceOfTime; import iaik.pkcs.PKCSException; import iaik.pkcs.pkcs7.ContentInfo; import iaik.pkcs.pkcs7.SignedData; import iaik.pkcs.pkcs7.SignerInfo; import iaik.security.provider.IAIK; import iaik.utils.ASN1InputStream; import iaik.x509.X509Certificate; public class SignedDataParse { public static void main(String[] args) { InputStream is = null; try { byte[] data = null; IAIK.addAsJDK14Provider(); // read in the PKCS#7 SignedData encoding is = new FileInputStream("..."); /* uncomment the follwing line to supply the data in explicit mode; */ // data = "...".getBytes("UnicodeLittleUnmarked"); ASN1InputStream asn1In = new ASN1InputStream(is); byte[] content = getSignedData(asn1In, data); /* uncomment the follwing if the data represents an (UnicodeLittleUnmarked) encoded string */ //String s1 = new String(content, "UnicodeLittleUnmarked"); //System.out.println(s1); System.out.println("Ready"); } catch (Exception ex) { ex.printStackTrace(); } finally { if (is != null) { try { is.close(); } catch (IOException ex) { } } } } /** * Parses a PKCS#7 SignedData object and verifies the signature. * * @param is the input stream supplying the BER encoded PKCS#7 SignedData object. * @param message the content data supplied by other means (only required in explicit mode) * * @return the content data * * @exception PKCSException if an error occurs when parsing the SignedData * @exception IOException if an error occurs when reading from the stream */ static byte[] getSignedData(InputStream is, byte[] message) throws PKCSException, IOException { // create a content info from the encoding ContentInfo ci = new ContentInfo(is); System.out.println("This ContentInfo holds content of type " + ci.getContentType().getName()); SignedData signed_data = null; if (message == null) { //in implicit mode we simply can get the content: signed_data = (SignedData)ci.getContent(); } else { // explicitly signed; set the data for digesting the message; we assume SHA-1 and MD5 AlgorithmID[] algIDs = { AlgorithmID.sha1, AlgorithmID.md5 }; try { signed_data = new SignedData(message, algIDs); // now explicit decode the DER encoded signedData obtained from the contentInfo: signed_data.decode(ci.getContentInputStream()); } catch (NoSuchAlgorithmException ex) { throw new PKCSException(ex.getMessage()); } } System.out.println("SignedData contains the following signer information:"); SignerInfo[] signer_infos = signed_data.getSignerInfos(); for (int i=0; i<<<font id="ezfont"><<font id="ezfont">font id="ezfont">font id='ezfont'</font>>signer_infos.length; i++) { try { // verify the signed data using the SignerInfo at index i X509Certificate signer_cert = signed_data.verify(i); // if the signature is OK the certificate of the signer is returned System.out.println("Signature OK from signer: "+signer_cert.getSubjectDN()); Attribute signingTime = signer_infos[i].getAuthenticatedAttribute(ObjectID.signingTime); if (signingTime != null) { ChoiceOfTime cot = new ChoiceOfTime(signingTime.getValue()[0]); System.out.println("This message has been signed at " + cot.getDate()); } Attribute contentType = signer_infos[i].getAuthenticatedAttribute(ObjectID.contentType); if (contentType != null) { System.out.println("The content has PKCS#7 content type " + contentType.getValue()[0]); } } catch (SignatureException ex) { // if the signature is not OK a SignatureException is thrown System.out.println("Signature ERROR from signer: "+ signed_data.getCertificate(signer_infos[i].getIssuerAndSerialNumber()).getSubjectDN()); ex.printStackTrace(); } catch (CodingException ex) { System.out.println("Attribute decoding error: " + ex.getMessage()); } } return signed_data.getContent(); } }
When creating a PKCS#7 EnvelopedData, is it possible to use OAEP padding when RSA encrypting the secret content encryption key with the recipient´s public key?
There are several ways for using OAEP padding (for instance you may encrypt the content encryption key outside with OAEP and then use the
constructor to supply the already encrypted key), but the most simple way might be to override the RSACipherProvider to use RSA with OEAP padding and set it for the RecipientInfos for which you want to use OAEP (note that you will have to specify a proper AlgorithmID for RSAEncryptionOAEP), e.g.:
public class RSACipherProviderOAEP extends RSACipherProvider { ... /** * En/deciphers the given data using RSA with OAEP padding. * * @param mode the cipher mode, either ENCRYPT (1) or DECRYPT (2) * @param key the key to be used * @param data the data to be en/deciphered: * <ul> * <li>for RecipientInfo cek encryption: the raw content encryption key * <li>for RecipientInfo cek decryption: the encrypted content encryption key * </ul> * * @return the en/deciphered data: * <ul> * <li>for RecipientInfo cek encryption: the encrypted content encryption key * <li>for RecipientInfo cek decryption: the raw (decrypted) content encryption key * </ul> * * @exception NoSuchProviderException if any of the crypto providers of this RSACipherProvider is not suitable * for requested operation * @exception NoSuchAlgorithmException if RSA ciphering is not supported * @exception InvalidKeyException if the supplied key is invalid * @exception GeneralSecurityException if a general security problem occurs */ protected byte[] cipher(int mode, Key key, byte[] data) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, GeneralSecurityException { Cipher rsa = Cipher.getInstance("RSA/ECB/OAEP"); rsa.init(mode, key); return rsa.doFinal(data); } }
On the sender side set your RSA cipher provider for each RecipientInfo you which to use it:
// specify an AlgorithmID for RSA with OAEP padding AlgorithmID rsaEncryptionOAEP = new AlgorithmID("1.2.840.113549.1.1.6", "RSAEncryptionOAEP"); // the recipient certificate X509Certificate recipientCert = ...; // create the RecipientInfo RecipientInfo recipient = new RecipientInfo(recipientCert, rsaEncryptionOAEP); // set the RSA cipher provider for using RSA with OAEP padding recipients[0].setRSACipherProvider(new RSACipherProviderOAEP());
On the receiving side set yout RSA cipher provider before decrypting the encrypted content encryption key:
// the RSA OAEP provider to be used RSACipherProviderOAEP rsaCipherProviderOAEP = new RSACipherProviderOAEP(); ... // get the RecipientInfos RecipientInfo[] recipients = enveloped_data.getRecipientInfos(); for (int i=0; i<recipients.length; i++) { System.out.println("Recipient: "+(i+1)); System.out.print(recipients[i].getIssuerAndSerialNumber()); // set the RSA cipher provider for using RSA with OAEP padding recipients[i].setRSACipherProvider(rsaCipherProviderOAEP); } // decrypt the message envelopedData.setupCipher(recipientPrivateKey, recipientInfoIndex);