com.ibm.opencard.access
Class DESSecureCredential
java.lang.Object
|
+--com.ibm.opencard.access.DESSignCredential
|
+--com.ibm.opencard.access.DESSecureCredential
- public final class DESSecureCredential
- extends DESSignCredential
- implements SecureCredential
A DES credential to be provided by applications for MFC smartcards.
A DES credential can be thought of as a DES algorithm with a fixed
key.
- Version:
- $Id: DESSecureCredential.java,v 1.1 1999/12/02 16:05:59 damke Exp $
|
Method Summary |
void |
decryptChained(byte[] data,
int offset,
int length)
Decrypts a series of data blocks in CBC mode.
|
void |
encryptChained(byte[] data,
int offset,
int length)
Encrypts a series of data blocks in CBC mode.
|
byte[] |
finishMAC(byte[] data)
Finishes a MAC computation and returns the message authentication code. |
byte[] |
getStrongRandom()
Returns a random number.
|
static byte[] |
parseDESKey(java.lang.String data)
Converts a string encoded DES key into a byte array.
|
void |
setICV(byte[] icv)
Sets an initial chaining value (ICV).
|
void |
setRNG(java.util.Random rng)
Specifies the random number generator (RNG) to be used.
|
static java.lang.String |
toHexDump(byte[] data)
Returns a hex dump of a byte array. |
java.lang.String |
toString()
Returns a human-readable string representation of this credential. |
void |
updateMAC(byte[] data)
Passes one data block of a multi-block message to compute a MAC for. |
| Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
wait,
wait,
wait |
DESSecureCredential
public DESSecureCredential(DESKey key)
- Creates a new DES credential from a key.
- Parameters:
key - the DES key to encapsulate- Throws:
- java.lang.NumberFormatException - if the argument could not be parsed as a DES key
DESSecureCredential
public DESSecureCredential(java.lang.String key)
throws java.lang.NumberFormatException
- Creates a new DES credential from a hex dump of the key.
- Parameters:
key - the DES key as a hex dump- Throws:
- java.lang.NumberFormatException - if the argument could not be parsed as a DES key
setRNG
public final void setRNG(java.util.Random rng)
- Specifies the random number generator (RNG) to be used.
The RNG is required by getStrongRandom, in cases where
the application needs to provide a random challenge to the smartcard.
By default, java.security.SecureRandom will be instantiated
on first use. Since it takes about 10 seconds to create the first
instance of that class, this method can be used to provide another RNG.
Note: The generation of random challenges is important for
security. The random number generator should therefore generate
cryptographically strong random numbers.
- Parameters:
rng - a cryptographically strong random number generator
getStrongRandom
public byte[] getStrongRandom()
- Returns a random number.
See setRandomGenerator for information on the random
number generator. If none has been provided, an instance of
java.security.SecureRandom will be used to generate
cryptographically strong random numbers.
- Specified by:
- getStrongRandom in interface SecureCredential
- Returns:
- an 8 byte random number
setICV
public void setICV(byte[] icv)
- Sets an initial chaining value (ICV).
Chaining values are needed for DES CBC encryption and decryption
as well as for MAC computation. Only one chaining value is stored
in a credential, so only one of these operations can be performed
at any time. Each operation starts with an invocation of this method.
- Specified by:
- setICV in interface SecureCredential
- Parameters:
icv - the initial chaining value to use for subsequent computations- See Also:
encryptChained(byte[], int, int),
decryptChained(byte[], int, int),
updateMAC(byte[]),
finishMAC(byte[])
encryptChained
public void encryptChained(byte[] data,
int offset,
int length)
- Encrypts a series of data blocks in CBC mode.
The initial chaining value must have been set before invoking this method.
- Specified by:
- encryptChained in interface SecureCredential
- Parameters:
data - the array holding the data to encryptoffset - the index of the first byte to encryptlength - the number of bytes to encrypt- See Also:
setICV
decryptChained
public void decryptChained(byte[] data,
int offset,
int length)
- Decrypts a series of data blocks in CBC mode.
The initial chaining value must have been set before invoking this method.
- Specified by:
- decryptChained in interface SecureCredential
- Parameters:
data - the array holding the data to decryptoffset - the index of the first byte to decryptlength - the number of bytes to decrypt- See Also:
setICV(byte[]),
encryptChained(byte[], int, int)
updateMAC
public final void updateMAC(byte[] data)
- Passes one data block of a multi-block message to compute a MAC for.
- Specified by:
- updateMAC in interface SecureCredential
- Parameters:
data - the next data block in the message to compute a MAC for- See Also:
finishMAC(byte[]),
setICV(byte[])
finishMAC
public final byte[] finishMAC(byte[] data)
- Finishes a MAC computation and returns the message authentication code.
- Specified by:
- finishMAC in interface SecureCredential
- Parameters:
data - the last block of the message to compute the MAC for- Returns:
- the MAC for the complete message
- See Also:
updateMAC(byte[]),
setICV(byte[])
toString
public java.lang.String toString()
- Returns a human-readable string representation of this credential.
- Returns:
- a string describing this credential
- Overrides:
- toString in class java.lang.Object
parseDESKey
public static byte[] parseDESKey(java.lang.String data)
throws java.lang.NumberFormatException
- Converts a string encoded DES key into a byte array.
The string holds the key data as a sequence of 16 hex digits for DES,
or 32 hex digits for triple DES, optionally prefixed by 0x
or 0X. In the case of a triple DES key, the first 16 digits
specify the key for the encryptions in phase 1 and 3, while the
remaining 16 digits specify the key for the decryption in phase 2.
- Parameters:
data - the key data in a string encoding- Returns:
- the key data in a byte array,
or null if parsing failed
toHexDump
public static java.lang.String toHexDump(byte[] data)
- Returns a hex dump of a byte array.
- Parameters:
data - the byte array to hexdump- Returns:
- a string holding the hexdump
|
