Interface SignatureCardService
-
- All Superinterfaces:
CardServiceInterface
,SecureService
- All Known Subinterfaces:
KeyGenerationCardService
,KeyGenerationCardServiceWithSpec
- All Known Implementing Classes:
SmartCardHSMCardService
public interface SignatureCardService extends CardServiceInterface, SecureService
SignatureCardService The SignatureCardService offers methods to generate and verify a signature as well as key import, verification and generation methods. Many smartcard applications will work with existing keys imported during initialization or personalization instead of importing/generating them at runtime. Thus the functionality for- signature generation and verification
- key import and verification
- key generation
- Author:
- Michael Baentsch (mib@zurich.ibm.com), Thomas Schaeck (schaeck@de.ibm.com), Reto Hermann (rhe@zurich.ibm.com), Peter Bendel (peter_bendel@de.ibm.com)
- See Also:
KeyGenerationCardService
,KeyImportCardService
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description byte[]
signData(PrivateKeyRef privateKey, java.lang.String signAlgorithm, byte[] data)
Generate a digital Signature.byte[]
signData(PrivateKeyRef privateKey, java.lang.String signAgorithm, java.lang.String padAlgorithm, byte[] data)
Generate a digital Signature (overload method that allows to specify the padding algorithm).byte[]
signHash(PrivateKeyRef privateKey, java.lang.String signAgorithm, byte[] hash)
Generate a digital Signature on the provided hash.byte[]
signHash(PrivateKeyRef privateKey, java.lang.String signAgorithm, java.lang.String padAlgorithm, byte[] hash)
Generate a digital Signature on the provided hash (Overloaded method that allows to specify the padding algorithm).boolean
verifySignedData(PublicKeyRef publicKey, java.lang.String signAlgorithm, byte[] data, byte[] signature)
Verify a digital Signature including hashing.boolean
verifySignedData(PublicKeyRef publicKey, java.lang.String signAlgorithm, java.lang.String padAlgorithm, byte[] data, byte[] signature)
Verify a digital Signature including hashing (overload method that allows to specify the padding algorithm to be used).boolean
verifySignedHash(PublicKeyRef publicKey, java.lang.String signAlgorithm, byte[] hash, byte[] signature)
Verify a digital Signature.boolean
verifySignedHash(PublicKeyRef publicKey, java.lang.String signAlgorithm, java.lang.String padAlgorithm, byte[] hash, byte[] signature)
Verify a digital Signature (overloaded method that allows to specify the padding algorithm to be used).-
Methods inherited from interface opencard.opt.service.CardServiceInterface
getCard, setCHVDialog
-
Methods inherited from interface opencard.opt.security.SecureService
provideCredentials
-
-
-
-
Method Detail
-
signData
byte[] signData(PrivateKeyRef privateKey, java.lang.String signAlgorithm, byte[] data) throws CardServiceException, java.security.InvalidKeyException, CardTerminalException
Generate a digital Signature. First hash the data, then pad the hash and then apply the PKA algorithm to the padded hash.The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.
The standard algorithm name must be specified as defined in the Java Cryptography Architecture API Specification & Reference, for example
- MD5withRSA
- The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
- MD2withRSA
- The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
- SHA1withRSA
- The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
- SHA1withDSA
- Digital Signature Algorithm, as defined in Digital Signature Standard, NIST FIPS 186. This standard defines a digital signature algorithm that uses the RawDSA asymmetric transformation along with the SHA-1 message digest algorithm.
- Parameters:
privateKey
- a reference to the private key on card to be used for signingsignAlgorithm
- standard digital signature algorithm namedata
- data to be signed- Returns:
- signature
- Throws:
java.security.InvalidKeyException
- Thrown when the key is not valid or does not match the requested algorithm.CardServiceException
- any subclass of CardServiceExceptionCardTerminalException
- any subclass of CardTerminalException- See Also:
JCAStandardNames
-
signData
byte[] signData(PrivateKeyRef privateKey, java.lang.String signAgorithm, java.lang.String padAlgorithm, byte[] data) throws CardServiceException, java.security.InvalidKeyException, CardTerminalException
Generate a digital Signature (overload method that allows to specify the padding algorithm). First hash the data, then pad the hash and then apply the PKA algorithm to the padded hash.The standard algorithm name must be specified as defined in the Java Cryptography Architecture API Specification & Reference, for example
- MD5withRSA
- The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
- MD2withRSA
- The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
- SHA1withRSA
- The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
- SHA1withDSA
- Digital Signature Algorithm, as defined in Digital Signature Standard, NIST FIPS 186. This standard defines a digital signature algorithm that uses the RawDSA asymmetric transformation along with the SHA-1 message digest algorithm.
- Parameters:
privateKey
- a reference to the private key on card to be used for signingsignAgorithm
- standard digital signature algorithm namepadAlgorithm
- padding algorithm name, for example one of ISO9796, PKCS#1, ZEROPADDINGdata
- data to be signed- Returns:
- signature
- Throws:
java.security.InvalidKeyException
- Thrown when the key is not valid or does not match the requested algorithm.CardServiceException
- any subclass of CardServiceExceptionCardTerminalException
- any subclass of CardTerminalException- See Also:
JCAStandardNames
-
signHash
byte[] signHash(PrivateKeyRef privateKey, java.lang.String signAgorithm, byte[] hash) throws CardServiceException, java.security.InvalidKeyException, CardTerminalException
Generate a digital Signature on the provided hash. Since hashing of large amounts of data may be slow if performed on card this method allows to hash outside the card service and just perform the signature operation on card. Pad the hash and then apply the PKA algorithm to the padded hash.The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.
Use a key algorithm name (not a digital signature algorithm name, because digital signature algorithms include hashing) a defined in the Java Cryptography Architecture API Specification & Reference, for example
- DSA
- The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to DSA is always 20 bytes long.
- RSA
- The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA Encryption as defined in the RSA Laboratory Technical Note PKCS#1.
- Parameters:
privateKey
- a reference to the private key on card to be used for signingsignAgorithm
- standard key algorithm namehash
- the hash/digest to be signed- Returns:
- signature
- Throws:
java.security.InvalidKeyException
- Thrown when the key is not valid or does not match the requested algorithm.CardServiceException
- any subclass of CardServiceExceptionCardTerminalException
- any subclass of CardTerminalException- See Also:
JCAStandardNames
-
signHash
byte[] signHash(PrivateKeyRef privateKey, java.lang.String signAgorithm, java.lang.String padAlgorithm, byte[] hash) throws CardServiceException, java.security.InvalidKeyException, CardTerminalException
Generate a digital Signature on the provided hash (Overloaded method that allows to specify the padding algorithm). Since hashing of large amounts of data may be slow if performed on card this method allows to hash outside the card service and just perform the signature operation on card. Pad the hash and then apply the PKA algorithm to the padded hash.Use a key algorithm name (not a digital signature algorithm name, because digital signature algorithms include hashing) a defined in the Java Cryptography Architecture API Specification & Reference, for example
- DSA
- The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to DSA is always 20 bytes long.
- RSA
- The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA Encryption as defined in the RSA Laboratory Technical Note PKCS#1.
- Parameters:
privateKey
- a reference to the private key on card to be used for signingsignAgorithm
- standard key algorithm namepadAlgorithm
- padding algorithm name, for example one of ISO9796, PKCS#1, ZEROPADDINGhash
- the hash/digest to be signed- Returns:
- signature
- Throws:
java.security.InvalidKeyException
- Thrown when the key is not valid or does not match the requested algorithm.CardServiceException
- any subclass of CardServiceExceptionCardTerminalException
- any subclass of CardTerminalException- See Also:
JCAStandardNames
-
verifySignedData
boolean verifySignedData(PublicKeyRef publicKey, java.lang.String signAlgorithm, byte[] data, byte[] signature) throws CardServiceException, java.security.InvalidKeyException, CardTerminalException
Verify a digital Signature including hashing. First hash the data, then pad the hash, apply the PKA algorithm to the padded hash, then compare the result to the provided signature.The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.
The standard algorithm name must be specified as defined in the Java Cryptography Architecture API Specification & Reference, for example
- MD5withRSA
- The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
- MD2withRSA
- The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
- SHA1withRSA
- The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
- SHA1withDSA
- Digital Signature Algorithm, as defined in Digital Signature Standard, NIST FIPS 186. This standard defines a digital signature algorithm that uses the RawDSA asymmetric transformation along with the SHA-1 message digest algorithm.
- Parameters:
publicKey
- a reference to the public key on card to be used for signature validationsignAlgorithm
- standard digital signature algorithm namedata
- the data for which the signature should be verifiedsignature
- signature to be verified- Returns:
- True if signature valdidation was successfull
- Throws:
java.security.InvalidKeyException
- Thrown when the key is not valid or does not match the requested algorithm.CardServiceException
- any subclass of CardServiceExceptionCardTerminalException
- any subclass of CardTerminalException- See Also:
JCAStandardNames
-
verifySignedData
boolean verifySignedData(PublicKeyRef publicKey, java.lang.String signAlgorithm, java.lang.String padAlgorithm, byte[] data, byte[] signature) throws CardServiceException, java.security.InvalidKeyException, CardTerminalException
Verify a digital Signature including hashing (overload method that allows to specify the padding algorithm to be used). First hash the data, then pad the hash, apply the PKA algorithm to the padded hash, then compare the result to the provided signature.The standard algorithm name must be specified as defined in the Java Cryptography Architecture API Specification & Reference, for example
- MD5withRSA
- The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
- MD2withRSA
- The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
- SHA1withRSA
- The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
- SHA1withDSA
- Digital Signature Algorithm, as defined in Digital Signature Standard, NIST FIPS 186. This standard defines a digital signature algorithm that uses the RawDSA asymmetric transformation along with the SHA-1 message digest algorithm.
- Parameters:
publicKey
- a reference to the public key on card to be used for signature validationsignAlgorithm
- standard digital signature algorithm namepadAlgorithm
- padding algorithm name, for example one of ISO9796, PKCS#1, ZEROPADDINGdata
- the data for which the signature should be verifiedsignature
- signature to be verified- Returns:
- True if signature valdidation was successfull
- Throws:
java.security.InvalidKeyException
- Thrown when the key is not valid or does not match the requested algorithm.CardServiceException
- any subclass of CardServiceExceptionCardTerminalException
- any subclass of CardTerminalException- See Also:
JCAStandardNames
-
verifySignedHash
boolean verifySignedHash(PublicKeyRef publicKey, java.lang.String signAlgorithm, byte[] hash, byte[] signature) throws CardServiceException, java.security.InvalidKeyException, CardTerminalException
Verify a digital Signature. Since hashing of large amounts of data may be slow if performed on card this method allows to hash outside the card service and just perform the signature verificationoperation on card. Pad the provided hash, apply the PKA algorithm to the padded hash, then compare the result to the provided signature.The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.
Use a key algorithm name (not a digital signature algorithm name, because digital signature algorithms include hashing) a defined in the Java Cryptography Architecture API Specification & Reference, for example
- DSA
- The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to DSA is always 20 bytes long.
- RSA
- The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA Encryption as defined in the RSA Laboratory Technical Note PKCS#1.
- Parameters:
publicKey
- a reference to the public key on card to be used for signature validationsignAlgorithm
- standard key algorithm namehash
- The hash for which the signature should be verified.signature
- signature to be verified- Returns:
- True if signature valdidation was successfull
- Throws:
java.security.InvalidKeyException
- Thrown when the key is not valid or does not match the requested algorithm.CardServiceException
- any subclass of CardServiceExceptionCardTerminalException
- any subclass of CardTerminalException- See Also:
JCAStandardNames
-
verifySignedHash
boolean verifySignedHash(PublicKeyRef publicKey, java.lang.String signAlgorithm, java.lang.String padAlgorithm, byte[] hash, byte[] signature) throws CardServiceException, java.security.InvalidKeyException, CardTerminalException
Verify a digital Signature (overloaded method that allows to specify the padding algorithm to be used). Since hashing of large amounts of data may be slow if performed on card this method allows to hash outside the card service and just perform the signature verification operation on card. Pad the provided hash, apply the PKA algorithm to the padded hash, then compare the result to the provided signature.Use a key algorithm name (not a digital signature algorithm name, because digital signature algorithms include hashing) a defined in the Java Cryptography Architecture API Specification & Reference, for example
- DSA
- The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to DSA is always 20 bytes long.
- RSA
- The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA Encryption as defined in the RSA Laboratory Technical Note PKCS#1.
- Parameters:
publicKey
- a reference to the public key on card to be used for signature validationsignAlgorithm
- standard key algorithm namepadAlgorithm
- padding algorithm name, for example one of ISO9796, PKCS#1, ZEROPADDINGhash
- The hash for which the signature should be verified.signature
- signature to be verified- Returns:
- True if signature valdidation was successfull
- Throws:
java.security.InvalidKeyException
- Thrown when the key is not valid or does not match the requested algorithm.CardServiceException
- any subclass of CardServiceExceptionCardTerminalException
- any subclass of CardTerminalException- See Also:
JCAStandardNames
-
-