opencard.opt.security
Interface SignCredential
- All Known Implementing Classes:
- DSASignCredential
- public abstract interface SignCredential
- extends Credential
Credential used by a card service to sign a block of data
that matches the key's input length.
SignCredentials can for example be used for external authentication.
External authentication means that the outside world (the application)
authenticates itself by encrypting a challenge (random number) that the card
sends to the application.
The algorithm used to sign the challenge can either be a symmetric
algorithm like DES or an asymmetric public key algorithm (PKA) like RSA.
The SignCredential can only sign challenges that match its defined
input length (it does neither compute a hash nor pad data).
Padding of the challenge up to the defined input length is card specific
and is done by the card service.
Method Summary |
int |
getInputLength()
Return the input length that the cryptographic algorithm can process. |
byte[] |
sign(byte[] data)
Sign/encrypt a block of data. |
sign
public byte[] sign(byte[] data)
throws java.lang.RuntimeException
- Sign/encrypt a block of data.
- Parameters:
data
- The length must match the credential's input length
obtained with getInputLength()- Returns:
- the signature/cryptogram
- Throws:
- java.lang.RuntimeException - A credential must not throw checked exceptions
because otherwise each card service using credentials
would have to declare all possible exceptions.
getInputLength
public int getInputLength()
- Return the input length that the cryptographic algorithm can process.
- Returns:
- int