opencard.opt.security
Interface SignCredential

All Known Implementing Classes:
DSASignCredential

public abstract interface SignCredential
extends Credential

Credential used by a card service to sign a block of data that matches the key's input length. SignCredentials can for example be used for external authentication. External authentication means that the outside world (the application) authenticates itself by encrypting a challenge (random number) that the card sends to the application. The algorithm used to sign the challenge can either be a symmetric algorithm like DES or an asymmetric public key algorithm (PKA) like RSA. The SignCredential can only sign challenges that match its defined input length (it does neither compute a hash nor pad data). Padding of the challenge up to the defined input length is card specific and is done by the card service.


Method Summary
 int getInputLength()
          Return the input length that the cryptographic algorithm can process.
 byte[] sign(byte[] data)
          Sign/encrypt a block of data.
 

Method Detail

sign

public byte[] sign(byte[] data)
            throws java.lang.RuntimeException
Sign/encrypt a block of data.
Parameters:
data - The length must match the credential's input length obtained with getInputLength()
Returns:
the signature/cryptogram
Throws:
java.lang.RuntimeException - A credential must not throw checked exceptions because otherwise each card service using credentials would have to declare all possible exceptions.

getInputLength

public int getInputLength()
Return the input length that the cryptographic algorithm can process.
Returns:
int