opencard.opt.signature
Interface SignatureCardService

All Known Subinterfaces:
KeyGenerationCardService, KeyImportCardService

public abstract interface SignatureCardService
extends CardServiceInterface, SecureService

SignatureCardService The SignatureCardService offers methods to generate and verify a signature as well as key import, verification and generation methods. Many smartcard applications will work with existing keys imported during initialization or personalization instead of importing/generating them at runtime. Thus the functionality for

is split into three interfaces "SignatureCardService", "KeyImportCardService" and "KeyGenerationCardService". Card service realizations of these interfaces need only implement the functionality needed by the application or supported by the specific card. This solution also offers potential for downsizing opencard for use in embedded devises with small memory resources.

See Also:
KeyGenerationCardService, KeyImportCardService

Method Summary
 byte[] signData(PrivateKeyRef privateKey, java.lang.String signAlgorithm, byte[] data)
          Generate a digital Signature.
 byte[] signData(PrivateKeyRef privateKey, java.lang.String signAgorithm, java.lang.String padAlgorithm, byte[] data)
          Generate a digital Signature (overload method that allows to specify the padding algorithm).
 byte[] signHash(PrivateKeyRef privateKey, java.lang.String signAgorithm, byte[] hash)
          Generate a digital Signature on the provided hash.
 byte[] signHash(PrivateKeyRef privateKey, java.lang.String signAgorithm, java.lang.String padAlgorithm, byte[] hash)
          Generate a digital Signature on the provided hash (Overloaded method that allows to specify the padding algorithm).
 boolean verifySignedData(PublicKeyRef publicKey, java.lang.String signAlgorithm, byte[] data, byte[] signature)
          Verify a digital Signature including hashing.
 boolean verifySignedData(PublicKeyRef publicKey, java.lang.String signAlgorithm, java.lang.String padAlgorithm, byte[] data, byte[] signature)
          Verify a digital Signature including hashing (overload method that allows to specify the padding algorithm to be used).
 boolean verifySignedHash(PublicKeyRef publicKey, java.lang.String signAlgorithm, byte[] hash, byte[] signature)
          Verify a digital Signature.
 boolean verifySignedHash(PublicKeyRef publicKey, java.lang.String signAlgorithm, java.lang.String padAlgorithm, byte[] hash, byte[] signature)
          Verify a digital Signature (overloaded method that allows to specify the padding algorithm to be used).
 
Methods inherited from interface opencard.opt.service.CardServiceInterface
getCard, setCHVDialog
 
Methods inherited from interface opencard.opt.security.SecureService
provideCredentials
 

Method Detail

signData

public byte[] signData(PrivateKeyRef privateKey,
                       java.lang.String signAlgorithm,
                       byte[] data)
                throws opencard.core.service.CardServiceException,
                       java.security.InvalidKeyException,
                       opencard.core.terminal.CardTerminalException
Generate a digital Signature. First hash the data, then pad the hash and then apply the PKA algorithm to the padded hash.

The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.

The standard algorithm name must be specified as defined in the Java Cryptography Architecture API Specification & Reference, for example

MD5withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
MD2withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
SHA1withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
SHA1withDSA
Digital Signature Algorithm, as defined in Digital Signature Standard, NIST FIPS 186. This standard defines a digital signature algorithm that uses the RawDSA asymmetric transformation along with the SHA-1 message digest algorithm.
Parameters:
privateKey - a reference to the private key on card to be used for signing
signAlgorithm - standard digital signature algorithm name
data - data to be signed
Returns:
signature
Throws:
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
opencard.core.service.CardServiceException - any subclass of CardServiceException
opencard.core.terminal.CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

signData

public byte[] signData(PrivateKeyRef privateKey,
                       java.lang.String signAgorithm,
                       java.lang.String padAlgorithm,
                       byte[] data)
                throws opencard.core.service.CardServiceException,
                       java.security.InvalidKeyException,
                       opencard.core.terminal.CardTerminalException
Generate a digital Signature (overload method that allows to specify the padding algorithm). First hash the data, then pad the hash and then apply the PKA algorithm to the padded hash.

The standard algorithm name must be specified as defined in the Java Cryptography Architecture API Specification & Reference, for example

MD5withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
MD2withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
SHA1withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
SHA1withDSA
Digital Signature Algorithm, as defined in Digital Signature Standard, NIST FIPS 186. This standard defines a digital signature algorithm that uses the RawDSA asymmetric transformation along with the SHA-1 message digest algorithm.
Parameters:
privateKey - a reference to the private key on card to be used for signing
signAlgorithm - standard digital signature algorithm name
padAlgorithm - padding algorithm name, for example one of ISO9796, PKCS#1, ZEROPADDING
data - data to be signed
Returns:
signature
Throws:
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
opencard.core.service.CardServiceException - any subclass of CardServiceException
opencard.core.terminal.CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

signHash

public byte[] signHash(PrivateKeyRef privateKey,
                       java.lang.String signAgorithm,
                       byte[] hash)
                throws opencard.core.service.CardServiceException,
                       java.security.InvalidKeyException,
                       opencard.core.terminal.CardTerminalException
Generate a digital Signature on the provided hash. Since hashing of large amounts of data may be slow if performed on card this method allows to hash outside the card service and just perform the signature operation on card. Pad the hash and then apply the PKA algorithm to the padded hash.

The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.

Use a key algorithm name (not a digital signature algorithm name, because digital signature algorithms include hashing) a defined in the Java Cryptography Architecture API Specification & Reference, for example

DSA
The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to DSA is always 20 bytes long.
RSA
The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA Encryption as defined in the RSA Laboratory Technical Note PKCS#1.
Parameters:
privateKey - a reference to the private key on card to be used for signing
signAlgorithm - standard key algorithm name
hash - the hash/digest to be signed
Returns:
signature
Throws:
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
opencard.core.service.CardServiceException - any subclass of CardServiceException
opencard.core.terminal.CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

signHash

public byte[] signHash(PrivateKeyRef privateKey,
                       java.lang.String signAgorithm,
                       java.lang.String padAlgorithm,
                       byte[] hash)
                throws opencard.core.service.CardServiceException,
                       java.security.InvalidKeyException,
                       opencard.core.terminal.CardTerminalException
Generate a digital Signature on the provided hash (Overloaded method that allows to specify the padding algorithm). Since hashing of large amounts of data may be slow if performed on card this method allows to hash outside the card service and just perform the signature operation on card. Pad the hash and then apply the PKA algorithm to the padded hash.

Use a key algorithm name (not a digital signature algorithm name, because digital signature algorithms include hashing) a defined in the Java Cryptography Architecture API Specification & Reference, for example

DSA
The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to DSA is always 20 bytes long.
RSA
The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA Encryption as defined in the RSA Laboratory Technical Note PKCS#1.
Parameters:
privateKey - a reference to the private key on card to be used for signing
signAlgorithm - standard key algorithm name
padAlgorithm - padding algorithm name, for example one of ISO9796, PKCS#1, ZEROPADDING
hash - the hash/digest to be signed
Returns:
signature
Throws:
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
opencard.core.service.CardServiceException - any subclass of CardServiceException
opencard.core.terminal.CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

verifySignedData

public boolean verifySignedData(PublicKeyRef publicKey,
                                java.lang.String signAlgorithm,
                                byte[] data,
                                byte[] signature)
                         throws opencard.core.service.CardServiceException,
                                java.security.InvalidKeyException,
                                opencard.core.terminal.CardTerminalException
Verify a digital Signature including hashing. First hash the data, then pad the hash, apply the PKA algorithm to the padded hash, then compare the result to the provided signature.

The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.

The standard algorithm name must be specified as defined in the Java Cryptography Architecture API Specification & Reference, for example

MD5withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
MD2withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
SHA1withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
SHA1withDSA
Digital Signature Algorithm, as defined in Digital Signature Standard, NIST FIPS 186. This standard defines a digital signature algorithm that uses the RawDSA asymmetric transformation along with the SHA-1 message digest algorithm.
Parameters:
publicKey - a reference to the public key on card to be used for signature validation
signAlgorithm - standard digital signature algorithm name
data - the data for which the signature should be verified
signature - signature to be verified
Returns:
True if signature valdidation was successfull
Throws:
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
opencard.core.service.CardServiceException - any subclass of CardServiceException
opencard.core.terminal.CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

verifySignedData

public boolean verifySignedData(PublicKeyRef publicKey,
                                java.lang.String signAlgorithm,
                                java.lang.String padAlgorithm,
                                byte[] data,
                                byte[] signature)
                         throws opencard.core.service.CardServiceException,
                                java.security.InvalidKeyException,
                                opencard.core.terminal.CardTerminalException
Verify a digital Signature including hashing (overload method that allows to specify the padding algorithm to be used). First hash the data, then pad the hash, apply the PKA algorithm to the padded hash, then compare the result to the provided signature.

The standard algorithm name must be specified as defined in the Java Cryptography Architecture API Specification & Reference, for example

MD5withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD5 MessageDigest Algorithm.
MD2withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the MD2 MessageDigest Algorithm.
SHA1withRSA
The Signature algorithm obtained by combining the RSA AsymmetricCipher algorithm with the SHA-1 MessageDigest Algorithm.
SHA1withDSA
Digital Signature Algorithm, as defined in Digital Signature Standard, NIST FIPS 186. This standard defines a digital signature algorithm that uses the RawDSA asymmetric transformation along with the SHA-1 message digest algorithm.
Parameters:
publicKey - a reference to the public key on card to be used for signature validation
signAlgorithm - standard digital signature algorithm name
padAlgorithm - padding algorithm name, for example one of ISO9796, PKCS#1, ZEROPADDING
data - the data for which the signature should be verified
signature - signature to be verified
Returns:
True if signature valdidation was successfull
Throws:
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
opencard.core.service.CardServiceException - any subclass of CardServiceException
opencard.core.terminal.CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

verifySignedHash

public boolean verifySignedHash(PublicKeyRef publicKey,
                                java.lang.String signAlgorithm,
                                byte[] hash,
                                byte[] signature)
                         throws opencard.core.service.CardServiceException,
                                java.security.InvalidKeyException,
                                opencard.core.terminal.CardTerminalException
Verify a digital Signature. Since hashing of large amounts of data may be slow if performed on card this method allows to hash outside the card service and just perform the signature verificationoperation on card. Pad the provided hash, apply the PKA algorithm to the padded hash, then compare the result to the provided signature.

The padding algorithm is chosen as defined in the Java Cryptography Architecture Specification.

Use a key algorithm name (not a digital signature algorithm name, because digital signature algorithms include hashing) a defined in the Java Cryptography Architecture API Specification & Reference, for example

DSA
The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to DSA is always 20 bytes long.
RSA
The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA Encryption as defined in the RSA Laboratory Technical Note PKCS#1.
Parameters:
publicKey - a reference to the public key on card to be used for signature validation
signAlgorithm - standard key algorithm name
hash - The hash for which the signature should be verified.
signature - signature to be verified
Returns:
True if signature valdidation was successfull
Throws:
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
opencard.core.service.CardServiceException - any subclass of CardServiceException
opencard.core.terminal.CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames

verifySignedHash

public boolean verifySignedHash(PublicKeyRef publicKey,
                                java.lang.String signAlgorithm,
                                java.lang.String padAlgorithm,
                                byte[] hash,
                                byte[] signature)
                         throws opencard.core.service.CardServiceException,
                                java.security.InvalidKeyException,
                                opencard.core.terminal.CardTerminalException
Verify a digital Signature (overloaded method that allows to specify the padding algorithm to be used). Since hashing of large amounts of data may be slow if performed on card this method allows to hash outside the card service and just perform the signature verification operation on card. Pad the provided hash, apply the PKA algorithm to the padded hash, then compare the result to the provided signature.

Use a key algorithm name (not a digital signature algorithm name, because digital signature algorithms include hashing) a defined in the Java Cryptography Architecture API Specification & Reference, for example

DSA
The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to DSA is always 20 bytes long.
RSA
The Rivest, Shamir and Adleman AsymmetricCipher algorithm. RSA Encryption as defined in the RSA Laboratory Technical Note PKCS#1.
Parameters:
publicKey - a reference to the public key on card to be used for signature validation
signAlgorithm - standard key algorithm name
padAlgorithm - padding algorithm name, for example one of ISO9796, PKCS#1, ZEROPADDING
hash - The hash for which the signature should be verified.
signature - signature to be verified
Returns:
True if signature valdidation was successfull
Throws:
java.security.InvalidKeyException - Thrown when the key is not valid or does not match the requested algorithm.
opencard.core.service.CardServiceException - any subclass of CardServiceException
opencard.core.terminal.CardTerminalException - any subclass of CardTerminalException
See Also:
JCAStandardNames