FileDocCategorySizeDatePackage
CMSEnvelopedGenerator.javaAPI DocBouncy Castle Crypto API 1.41 (Java 1.5)22305Wed Oct 01 10:55:30 BST 2008org.bouncycastle.cms

CMSEnvelopedGenerator

public class CMSEnvelopedGenerator extends Object
General class for generating a CMS enveloped-data message. A simple example of usage. 
CMSEnvelopedDataGenerator fact = new CMSEnvelopedDataGenerator();

fact.addKeyTransRecipient(cert);

CMSEnvelopedData data = fact.generate(content, algorithm, "BC");

Fields Summary
public static final String
DES_EDE3_CBC
public static final String
RC2_CBC
public static final String
IDEA_CBC
public static final String
CAST5_CBC
public static final String
AES128_CBC
public static final String
AES192_CBC
public static final String
AES256_CBC
public static final String
CAMELLIA128_CBC
public static final String
CAMELLIA192_CBC
public static final String
CAMELLIA256_CBC
public static final String
SEED_CBC
public static final String
DES_EDE3_WRAP
public static final String
AES128_WRAP
public static final String
AES192_WRAP
public static final String
AES256_WRAP
public static final String
CAMELLIA128_WRAP
public static final String
CAMELLIA192_WRAP
public static final String
CAMELLIA256_WRAP
public static final String
SEED_WRAP
public static final String
ECDH_SHA1KDF
private static final CMSEnvelopedHelper
HELPER
final List
recipientInfs
final SecureRandom
rand
Constructors Summary
public CMSEnvelopedGenerator()
base constructor

        this(new SecureRandom());
public CMSEnvelopedGenerator(SecureRandom rand)
constructor allowing specific source of randomness

param
rand instance of SecureRandom to use

        this.rand = rand;
Methods Summary
public voidaddKEKRecipient(javax.crypto.SecretKey key, byte[] keyIdentifier)
add a KEK recipient.

param
key the secret key to use for wrapping
param
keyIdentifier the byte string that identifies the key

        recipientInfs.add(new RecipientInf(key, new KEKIdentifier(
                                                keyIdentifier, null, null)));
public voidaddKeyAgreementRecipient(java.lang.String agreementAlgorithm, java.security.PrivateKey senderPrivateKey, java.security.PublicKey senderPublicKey, java.security.cert.X509Certificate recipientCert, java.lang.String cekWrapAlgorithm, java.lang.String provider)
Add a key agreement based recipient.

param
agreementAlgorithm key agreement algorithm to use.
param
senderPrivateKey private key to initialise sender side of agreement with.
param
senderPublicKey sender public key to include with message.
param
recipientCert recipient's public key certificate.
param
cekWrapAlgorithm OID for key wrapping algorithm to use.
param
provider provider to use for the agreement calculation.
exception
NoSuchProviderException if the specified provider cannot be found
exception
NoSuchAlgorithmException if the algorithm requested cannot be found
exception
InvalidKeyException if the keys are inappropriate for the algorithm specified

        addKeyAgreementRecipient(agreementAlgorithm, senderPrivateKey, senderPublicKey, recipientCert,  cekWrapAlgorithm, CMSUtils.getProvider(provider));
public voidaddKeyAgreementRecipient(java.lang.String agreementAlgorithm, java.security.PrivateKey senderPrivateKey, java.security.PublicKey senderPublicKey, java.security.cert.X509Certificate recipientCert, java.lang.String cekWrapAlgorithm, java.security.Provider provider)
Add a key agreement based recipient.

param
agreementAlgorithm key agreement algorithm to use.
param
senderPrivateKey private key to initialise sender side of agreement with.
param
senderPublicKey sender public key to include with message.
param
recipientCert recipient's public key certificate.
param
cekWrapAlgorithm OID for key wrapping algorithm to use.
param
provider provider to use for the agreement calculation.
exception
NoSuchProviderException if the specified provider cannot be found
exception
NoSuchAlgorithmException if the algorithm requested cannot be found
exception
InvalidKeyException if the keys are inappropriate for the algorithm specified

        KeyAgreement agreement = KeyAgreement.getInstance(agreementAlgorithm, provider);

        agreement.init(senderPrivateKey, rand);

        agreement.doPhase(recipientCert.getPublicKey(), true);

        try
        {
            SubjectPublicKeyInfo oPubKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(senderPublicKey.getEncoded()));
            OriginatorIdentifierOrKey originator = new OriginatorIdentifierOrKey(
                                                       new OriginatorPublicKey(
                                                            new AlgorithmIdentifier(oPubKeyInfo.getAlgorithmId().getObjectId(), new DERNull()),
                                                            oPubKeyInfo.getPublicKeyData().getBytes()));

            recipientInfs.add(new RecipientInf(agreement.generateSecret(cekWrapAlgorithm), agreementAlgorithm, cekWrapAlgorithm, originator, recipientCert));
        }
        catch (IOException e)
        {
            throw new InvalidKeyException("cannot extract originator public key: " + e);
        }
public voidaddKeyTransRecipient(java.security.cert.X509Certificate cert)
add a recipient.

param
cert recipient's public key certificate
exception
IllegalArgumentException if there is a problem with the certificate

        recipientInfs.add(new RecipientInf(cert));
public voidaddKeyTransRecipient(java.security.PublicKey key, byte[] subKeyId)
add a recipient

param
key the public key used by the recipient
param
subKeyId the identifier for the recipient's public key
exception
IllegalArgumentException if there is a problem with the key

        recipientInfs.add(new CMSEnvelopedGenerator.RecipientInf(key, new DEROctetString(subKeyId)));
public voidaddPasswordRecipient(CMSPBEKey pbeKey, java.lang.String kekAlgorithmOid)

        PBKDF2Params params = new PBKDF2Params(pbeKey.getSalt(), pbeKey.getIterationCount());

        recipientInfs.add(new RecipientInf(new SecretKeySpec(pbeKey.getEncoded(kekAlgorithmOid), kekAlgorithmOid), new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, params)));
protected java.security.AlgorithmParametersgenerateParameters(java.lang.String encryptionOID, javax.crypto.SecretKey encKey, java.security.Provider encProvider)

        try
        {
            AlgorithmParameterGenerator pGen = AlgorithmParameterGenerator.getInstance(encryptionOID, encProvider);

            if (encryptionOID.equals(RC2_CBC))
            {
                byte[]  iv = new byte[8];

                //
                // mix in a bit extra...
                //
                rand.setSeed(System.currentTimeMillis());

                rand.nextBytes(iv);

                try
                {
                    pGen.init(new RC2ParameterSpec(encKey.getEncoded().length * 8, iv), rand);
                }
                catch (InvalidAlgorithmParameterException e)
                {
                    throw new CMSException("parameters generation error: " + e, e);
                }
            }

            return pGen.generateParameters();
        }
        catch (NoSuchAlgorithmException e)
        {
            return null;
        }
protected org.bouncycastle.asn1.x509.AlgorithmIdentifiergetAlgorithmIdentifier(java.lang.String encryptionOID, java.security.AlgorithmParameters params)

        DEREncodable asn1Params;
        if (params != null)
        {
            ASN1InputStream             aIn = new ASN1InputStream(params.getEncoded("ASN.1"));

            asn1Params = aIn.readObject();
        }
        else
        {
            asn1Params = new DERNull();
        }

        AlgorithmIdentifier  encAlgId = new AlgorithmIdentifier(
                new DERObjectIdentifier(encryptionOID),
                asn1Params);
        return encAlgId;