Home >> All >> gnu >> java >> [ security Javadoc ] |

**Page**1 2

**•**

**gnu.java.security**: Javadoc index of package gnu.java.security.

**Package Samples:**

**•**gnu.java.security.action

**•**gnu.java.security.der

**•**gnu.java.security.provider

**•**gnu.java.security.ber

**•**gnu.java.security.pkcs

**•**gnu.java.security.hash

**•**gnu.java.security.jce.hash

**•**gnu.java.security.jce.prng

**•**gnu.java.security.jce.sig

**•**gnu.java.security.key.dss

**•**gnu.java.security.key.rsa

**•**gnu.java.security.key

**•**gnu.java.security.prng

**•**gnu.java.security.sig.dss

**•**gnu.java.security.sig.rsa

**•**gnu.java.security.sig

**Classes:**

**•**DSSSignature: The DSS (Digital Signature Standard) algorithm makes use of the following parameters: p: A prime modulus, where 2 L-1 < p < 2 L for 512 <= L <= 1024 and L a multiple of 64 . q: A prime divisor of p - 1 , where 2 159 < q < 2 160 . g: Where g = h (p-1) /q mod p , where h is any integer with 1 < h < p - 1 such that h (p-1) /q mod p > 1 ( g has order q mod p ). x: A randomly or pseudorandomly generated integer with 0 < x < q . y: y = g x mod p . k: A randomly or pseudorandomly generated integer with 0 < k < q . The integers p , q , and g can be public and can be ...

**•**PolicyFile: An implementation of a java.security.Policy object whose permissions are specified by a policy file . The approximate syntax of policy files is: policyFile ::= keystoreOrGrantEntries ; keystoreOrGrantEntries ::= keystoreOrGrantEntry | keystoreOrGrantEntries keystoreOrGrantEntry | EMPTY ; keystoreOrGrantEntry ::= keystoreEntry | grantEntry ; keystoreEntry ::= "keystore" keystoreUrl ';' | "keystore" keystoreUrl ',' keystoreAlgorithm ';' ; keystoreUrl ::= URL ; keystoreAlgorithm ::= STRING ; grantEntry ::= "grant" domainParameters '{' permissions '}' ';' domainParameters ::= domainParameter | domainParameter ...

**•**IRandom: The basic visible methods of any pseudo-random number generator. The [HAC] defines a PRNG (as implemented in this library) as follows: "5.6 Definition: A pseudorandom bit generator (PRBG) is said to pass the next-bit test if there is no polynomial-time algorithm which, on input of the first L bits of an output sequence S , can predict the (L+1) st bit of S with a probability significantly grater than 1/2 ." "5.8 Definition: A PRBG that passes the next-bit test (possibly under some plausible but unproved mathematical assumption such as the intractability of factoring integers) is called a cryptographically ...

**•**DSSSignatureX509Codec: An implementation of an gnu.java.security.sig.ISignatureCodec that knows to encode and decode DSS signatures into the raw bytes which would constitute a DER-encoded form of the ASN.1 structure defined in RFC-2459, and RFC-2313 as described in the next paragraphs. Digital signatures when transmitted in an X.509 certificates are encoded in DER (Distinguished Encoding Rules) as a BIT STRING; i.e. Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } The output of the encoder, and the input of the decoder, of this codec are then the ...

**•**RSAPKCS1V1_5SignatureX509Codec: An implementation of an gnu.java.security.sig.ISignatureCodec that knows to encode and decode RSA PKCS1 (v1.5) signatures into the raw bytes which would constitute a DER-encoded form of the ASN.1 structure defined in RFC-2459, and RFC-2313 as described in the next paragraphs. Digital signatures when transmitted in an X.509 certificates are encoded in DER (Distinguished Encoding Rules) as a BIT STRING; i.e. Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } The output of the encoder, and the input of the decoder, of this codec ...

**•**Sha160: The Secure Hash Algorithm (SHA-1) is required for use with the Digital Signature Algorithm (DSA) as specified in the Digital Signature Standard (DSS) and whenever a secure hash algorithm is required for federal applications. For a message of length less than 2^64 bits, the SHA-1 produces a 160-bit condensed representation of the message called a message digest. The message digest is used during generation of a signature for the message. The SHA-1 is also used to compute a message digest for the received version of the message during the process of verifying the signature. Any change to the message ...

**•**EMSA_PSS: An implementation of the EMSA-PSS encoding/decoding scheme. EMSA-PSS coincides with EMSA4 in IEEE P1363a D5 except that EMSA-PSS acts on octet strings and not on bit strings. In particular, the bit lengths of the hash and the salt must be multiples of 8 in EMSA-PSS. Moreover, EMSA4 outputs an integer of a desired bit length rather than an octet string. EMSA-PSS is parameterized by the choice of hash function Hash and mask generation function MGF. In this submission, MGF is based on a Hash definition that coincides with the corresponding definitions in IEEE Std 1363-2000, PKCS #1 v2.0, and the draft ...

**•**ExpirableObject: The base class for objects with sensitive data that are automatically destroyed after a timeout elapses. On creation, an object that extends this class will automatically be added to a java.util.Timer object that, once a timeout elapses, will automatically call the Destroyable.destroy() > Destroyable.destroy() 55 method. Concrete subclasses must implement the doDestroy() 55 method instead of Destroyable.destroy() > Destroyable.destroy() 55 ; the behavior of that method should match exactly the behavior desired of destroy() . Note that if a javax.security.auth.DestroyFailedException occurs when ...

**•**KeyPairGeneratorAdapter: The implementation of a generic java.security.KeyPairGenerator adapter class to wrap gnu.crypto keypair generator instances. This class defines the Service Provider Interface ( SPI ) for the java.security.KeyPairGenerator class, which is used to generate pairs of public and private keys. All the abstract methods in the java.security.KeyPairGeneratorSpi class are implemented by this class and all its sub-classes. In case the client does not explicitly initialize the KeyPairGenerator (via a call to an initialize() method), the GNU Crypto provider supplies (and document) default values to be used. ...

**•**MessageDigestAdapter: The implementation of a generic java.security.MessageDigest adapter class to wrap gnu.crypto hash instances. This class defines the Service Provider Interface ( SPI ) for the java.security.MessageDigest class, which provides the functionality of a message digest algorithm, such as MD5 or SHA. Message digests are secure one-way hash functions that take arbitrary-sized data and output a fixed- length hash value. All the abstract methods in the java.security.MessageDigestSpi class are implemented by this class and all its sub-classes. All the implementations which subclass this object, and which are ...

**•**RSAPSSSignature: The RSA-PSS signature scheme is a public-key encryption scheme combining the RSA algorithm with the Probabilistic Signature Scheme (PSS) encoding method. The inventors of RSA are Ronald L. Rivest, Adi Shamir, and Leonard Adleman, while the inventors of the PSS encoding method are Mihir Bellare and Phillip Rogaway. During efforts to adopt RSA-PSS into the P1363a standards effort, certain adaptations to the original version of RSA-PSS were made by Mihir Bellare and Phillip Rogaway and also by Burt Kaliski (the editor of IEEE P1363a) to facilitate implementation and integration into existing protocols. ...

**•**SignatureAdapter: The implementation of a generic java.security.Signature adapter class to wrap gnu.crypto signature instances. This class defines the Service Provider Interface ( SPI ) for the java.security.Signature class, which provides the functionality of a digital signature algorithm. Digital signatures are used for authentication and integrity assurance of digital data. All the abstract methods in the java.security.SignatureSpi class are implemented by this class and all its sub-classes. All the implementations which subclass this object, and which are serviced by the GNU Crypto provider implement the java.lang.Cloneable ...

**•**OID: This immutable class represents an object identifier, or OID. OIDs are represented as a series of hierarchical tokens, each of which is usually represented as a single, unsigned integer. The hierarchy works so that later tokens are considered within the group of earlier tokens. Thus, the OID for the Serpent block cipher, 1.3.6.1.4.1.11591.13.2, is maintained by the GNU project, whose OID is 1.3.6.1.4.1.11591 (which is, in turn, part of bigger, more general bodies; the topmost, 1, stands for the OIDs assigned by the International Standards Organization, ISO). OIDs can be represented in a variety ...

**•**Whirlpool: Whirlpool, a new 512-bit hashing function operating on messages less than 2 ** 256 bits in length. The function structure is designed according to the Wide Trail strategy and permits a wide variety of implementation trade-offs. This implementation is of Whirlpool Version 3, described in [1] last revised on May 24th, 2003. IMPORTANT : This implementation is not thread-safe. References: The WHIRLPOOL Hashing Function . Paulo S.L.M. Barreto and Vincent Rijmen .

**•**ISignature: The visible methods of every signature-with-appendix scheme. The Handbook of Applied Cryptography (HAC), by A. Menezes & al. states: "Digital signature schemes which require the message as input to the verification algorithm are called digital signature schemes with appendix . ... They rely on cryptographic hash functions rather than customised redundancy functions, and are less prone to existential forgery attacks." References: Handbook of Applied Cryptography , Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Section 11.2.2 Digital signature schemes with appendix.

**•**RSA: Utility methods related to the RSA algorithm. References: RSA-PSS Signature Scheme with Appendix, part B. Primitive specification and supporting documentation. Jakob Jonsson and Burt Kaliski. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. Jakob Jonsson and Burt Kaliski. Remote timing attacks are practical D. Boneh and D. Brumley.

**•**SecureRandomAdapter: The implementation of a generic java.security.SecureRandom adapter class to wrap gnu.crypto prng instances based on Message Digest algorithms. This class defines the Service Provider Interface ( SPI ) for the java.security.SecureRandom class, which provides the functionality of a cryptographically strong pseudo-random number generator. All the abstract methods in the java.security.SecureRandomSpi class are implemented by this class and all its sub-classes.

**•**RSAPKCS1V1_5Signature: The RSA-PKCS1-V1.5 signature scheme is a digital signature scheme with appendix (SSA) combining the RSA algorithm with the EMSA-PKCS1-v1_5 encoding method. References: RSA-PSS Signature Scheme with Appendix, part B. Primitive specification and supporting documentation. Jakob Jonsson and Burt Kaliski. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. Jakob Jonsson and Burt Kaliski.

**•**RSAKeyPairGenerator: A key-pair generator for asymetric keys to use in conjunction with the RSA scheme. Reference: RSA-PSS Signature Scheme with Appendix , part B. Primitive specification and supporting documentation. Jakob Jonsson and Burt Kaliski. Handbook of Applied Cryptography , Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Section 11.3 RSA and related signature schemes.

**•**DSSKey: A base asbtract class for both public and private DSS (Digital Signature Standard) keys. It encapsulates the three DSS numbers: p , q and g . According to the JDK, cryptographic Keys all have a format . The format used in this implementation is called Raw , and basically consists of the raw byte sequences of algorithm parameters. The exact order of the byte sequences and the implementation details are given in each of the relevant getEncoded() methods of each of the private and public keys.

**•**Engine: Generic implementation of the getInstance methods in the various engine classes in java.security. These classes ( java.security.Signature for example) can be thought of as the "chrome, upholstery, and steering wheel", and the SPI (service provider interface, e.g. java.security.SignatureSpi ) classes can be thought of as the "engine" -- providing the actual functionality of whatever cryptographic algorithm the instance represents.

**•**Tiger: The Tiger message digest. Tiger was designed by Ross Anderson and Eli Biham, with the goal of producing a secure, fast hash function that performs especially well on next-generation 64-bit architectures, but is still efficient on 32- and 16-bit architectures. Tiger processes data in 512-bit blocks and produces a 192-bit digest. References: Tiger: A Fast New Hash Function , Ross Anderson and Eli Biham.

**•**MD5: The MD5 message-digest algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. References: The MD5 Message- Digest Algorithm. R. Rivest.

**•**Haval: The HAVAL message-digest algorithm is a variable output length, with variable number of rounds. By default, this implementation allows HAVAL to be used as a drop-in replacement for MD5 . References: HAVAL - A One-Way Hashing Algorithm with Variable Length of Output Advances in Cryptology - AUSCRYPT'92, Lecture Notes in Computer Science, Springer-Verlag, 1993; Y. Zheng, J. Pieprzyk and J. Seberry.

**•**MDGenerator: A simple pseudo-random number generator that relies on a hash algorithm, that (a) starts its operation by hashing a seed , and then (b) continuously re-hashing its output. If no hash algorithm name is specified in the java.util.Map of attributes used to initialise the instance then the SHA-160 algorithm is used as the underlying hash function. Also, if no seed is given, an empty octet sequence is used.

Home | Contact Us | Privacy Policy | Terms of Service |