com.rsa.certj.crmf

Class EncryptedValue

java.lang.Object
  |
  +--com.rsa.certj.crmf.EncryptedValue

All Implemented Interfaces:

Cloneable, Serializable

public class EncryptedValue

extends Object

implements Cloneable, Serializable

This class contains the EncryptedValue structure used in Archive Options Control, and in Proof Of Possesion of the Key Encipherment Keys.

 EncryptedValue ::= SEQUENCE {
     intendedAlg   [0] AlgorithmIdentifier  OPTIONAL,
       -- the intended algorithm for which the value will be used
     symmAlg       [1] AlgorithmIdentifier  OPTIONAL,
       -- the symmetric algorithm used to encrypt the value
     encSymmKey    [2] BIT STRING           OPTIONAL,
       -- the (encrypted) symmetric key used to encrypt the value
     keyAlg        [3] AlgorithmIdentifier  OPTIONAL,
       -- algorithm used to encrypt the symmetric key
     valueHint     [4] OCTET STRING         OPTIONAL,
       -- a brief description or identifier of the encValue content
       -- (may be meaningful only to the sending entity, and used only
       -- if EncryptedValue might be re-examined by the sending entity
       -- in the future)
     encValue       BIT STRING }
 

Copyright © RSA Security Inc., 2000-2001. All rights reserved.

See Also

Serialized Form

Constructor Summary

EncryptedValue(CertJ certJ, com.rsa.jsafe.JSAFE_PublicKey pubKey, com.rsa.jsafe.JSAFE_PrivateKey privKey)

Creates a EncryptedValue object that contains the values given.

Method Summary

Object	clone() Overrides the default clone method to get a deeper clone.
void	decodeEncryptedValue(byte[] valueBER, int offset, int special) Decode the EncryptedValue structure.
void	decryptPrivateKey() Decrypts the symmetric key using the recipient's private key, and then decrypts the private key using the decrypted symmetric key.
byte[]	encryptPrivateKey() Encrypt the private key using the secret key.
byte[]	encryptSecretKey() Encrypt the secret key with the recipient's public key.Wrap the secret key without using PKCS #8 format
boolean	equals(Object obj) Returns true if this object and obj contain the same EncryptedValue, returns false otherwise.
byte[]	getDecryptedValue() Gets the decrypted value
int	getDEREncoding(byte[] encoding, int offset, int special) Places the DER encoding of the EncryptedValue object into encoding, beginning at offset.
int	getDERLen(int special) Returns the number of bytes that will be used by the DER encoding of the EncryptedValue.
byte[]	getEncryptedPrivateKey() Gets the encrypted private key The encrypted key data is BER-encoded in PKCS #8 format
byte[]	getEncryptedSecretKey() Gets the encrypted symmetric key used to encrypt the private key value The encrypted key data is BER-encoded in PKCS #8 format
byte[]	getIntendedAlgorithm() Gets the intended Algorithm ID for which the value will be used
byte[]	getKeyEncryptionAlgorithm() Gets the Algorithm ID used to encrypt the symmetric key
static int	getNextBEROffset(byte[] valueBER, int offset) Finds the index of the next element to encode, given valueBER, the BER of a EncryptedValue beginning at offset.
com.rsa.jsafe.JSAFE_PrivateKey	getPrivateKey() Gets the Private Key
com.rsa.jsafe.JSAFE_SecretKey	getSecretKey() Gets the secret key that is used to encrypt the private key
byte[]	getValueEncryptionAlgorithm() Gets the Algorithm ID used to encrypt the Private key value
byte[]	getValueHint() Gets the valueHint value
void	setEncryptedPrivateKey(byte[] encPrivateKey, int offset, int len) Sets the encrypted private key The encrypted key data should be BER-encoded in PKCS #8 format
void	setEncryptedSecretKey(byte[] encSecretKey, int offset, int len) Sets the encrypted symmetric key used to encrypt the private key value.
void	setIntendedAlgorithm(byte[] oid, int offset, int len) Sets the intended Algorithm ID for which the value will be used
void	setKeyEncryptionAlgorithm(byte[] oid, int offset, int len) Sets Asymmetric Algorithm ID used to encrypt the symmetric key
void	setPrivateKey(com.rsa.jsafe.JSAFE_PrivateKey privateKey) Sets the Private key to be encrypted
void	setSymmetricKey(com.rsa.jsafe.JSAFE_SecretKey symmKey) Sets the symmetic key that is used to encrypt private key
void	setValueEncryptionAlgorithm(byte[] oid, int offset, int len) Sets Symmetric Algorithm ID used to encrypt the Private Key value
void	setValueHint(byte[] hint, int offset, int len) Sets the valueHint value

Methods inherited from class java.lang.Object

getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EncryptedValue

public EncryptedValue(CertJ certJ,
                      com.rsa.jsafe.JSAFE_PublicKey pubKey,
                      com.rsa.jsafe.JSAFE_PrivateKey privKey)
               throws CRMFException

Creates a EncryptedValue object that contains the values given.

Parameters

	certJ		CertJ object that contains environment information and random object
	pubKey		Public key used to encrypt the Secret key (pass NULL if decoding)
	privKey		Private key used to decrypt the Secret key (pass NULL if encoding)

Throws

CRMFException - If specified values are null

Method Detail

decodeEncryptedValue

public void decodeEncryptedValue(byte[] valueBER,
                                 int offset,
                                 int special)
                          throws CRMFException

Decode the EncryptedValue structure. If there is enough info passed in this structure, this method also decrypts the private key. Also, to decrypt, user needs to set Recipient's information (certificate's Issuer and Serial Number) before calling this method. This certificate and corresponding private key should be stored in the database. Otherwise, user can set all the missing info manually, and call decryptPrivateKey method.

Parameters

	valueBER		The BER-encoding of EncyptedValue
	offset		The offset into valueBER
	special		That contains any special ASN.1 info, such as OPTIONAL

Throws

CRMFException - If the encoding is invalid

decryptPrivateKey

public void decryptPrivateKey()
                       throws CRMFException

Decrypts the symmetric key using the recipient's private key, and then decrypts the private key using the decrypted symmetric key. The assumption that we don't use PKCS #8 format.

Call this method only AFTER you decoded the EncryptedValue using decodeEncryptedValue method.

Throws

CRMFException - If we cannot decrypt those keys.

setPrivateKey

public void setPrivateKey(com.rsa.jsafe.JSAFE_PrivateKey privateKey)
                   throws CRMFException

Sets the Private key to be encrypted

Parameters

privateKey

A JSAFE_PrivateKey object

Throws

CRMFException - If there is a cloning error, or if the key is NULL

getPrivateKey

public com.rsa.jsafe.JSAFE_PrivateKey getPrivateKey()
                                             throws CRMFException

Gets the Private Key

Returns

The JSAFE_PrivateKey; returns NULL if the key is not set

Throws

CRMFException - If there is a cloning error

getDecryptedValue

public byte[] getDecryptedValue()

Gets the decrypted value

Returns

A byte array holding the decrypted value.

setSymmetricKey

public void setSymmetricKey(com.rsa.jsafe.JSAFE_SecretKey symmKey)
                     throws CRMFException

Sets the symmetic key that is used to encrypt private key

Parameters

symmKey

The secret key

Throws

CRMFException - If there is a clonning error; or if symmKey is NULL

getSecretKey

public com.rsa.jsafe.JSAFE_SecretKey getSecretKey()
                                           throws CRMFException

Gets the secret key that is used to encrypt the private key

Returns

The secret key; or NULL if secret key was not set

Throws

CRMFException - If there is a clonning error.

setEncryptedSecretKey

public void setEncryptedSecretKey(byte[] encSecretKey,
                                  int offset,
                                  int len)
                           throws CRMFException

Sets the encrypted symmetric key used to encrypt the private key value. The encrypted key data should be BER-encoded in PKCS #8 format

Parameters

	encSecretKey		The byte array that contains the encrypted secret key
	offset		The offset into encSecretKey array
	len		The length of the encSecretKey data

Throws

CRMFException - If specified data is null

getEncryptedSecretKey

public byte[] getEncryptedSecretKey()

Gets the encrypted symmetric key used to encrypt the private key value The encrypted key data is BER-encoded in PKCS #8 format

Returns

The new byte array that contains the encrypted secret key; returns null, if the value is not set.

setEncryptedPrivateKey

public void setEncryptedPrivateKey(byte[] encPrivateKey,
                                   int offset,
                                   int len)
                            throws CRMFException

Sets the encrypted private key The encrypted key data should be BER-encoded in PKCS #8 format

Parameters

	encPrivateKey		The byte array that contains the encrypted private key
	offset		The offset into encPrivateKey array
	len		The length of the encPrivateKey data

Throws

CRMFException - If specified data is null

getEncryptedPrivateKey

public byte[] getEncryptedPrivateKey()

Gets the encrypted private key The encrypted key data is BER-encoded in PKCS #8 format

Returns

The new byte array that contains the encrypted private key; returns null, if the value is not set.

setValueHint

public void setValueHint(byte[] hint,
                         int offset,
                         int len)
                  throws CRMFException

Sets the valueHint value

Parameters

	hint		The byte array that contains valueHint
	offset		The offset into valueHint
	len		The length of the valueHint

Throws

CRMFException - If valueHint is NULL

getValueHint

public byte[] getValueHint()

Gets the valueHint value

Returns

The new byte array that contains valueHint; returns NULL if valueHint is not set

setKeyEncryptionAlgorithm

public void setKeyEncryptionAlgorithm(byte[] oid,
                                      int offset,
                                      int len)
                               throws CRMFException

Sets Asymmetric Algorithm ID used to encrypt the symmetric key

Parameters

	oid		Identifies the algorithm (and any associated parameters) under which the symmetric key is encrypted
	offset		Into oid array
	len		Length of oid data

Throws

CRMFException - If specified OID is null

getKeyEncryptionAlgorithm

public byte[] getKeyEncryptionAlgorithm()

Gets the Algorithm ID used to encrypt the symmetric key

Returns

The oid that identifies the algorithm (and any associated parameters) under which the symmetric key is encrypted; returns NULL if this value is not set

setValueEncryptionAlgorithm

public void setValueEncryptionAlgorithm(byte[] oid,
                                        int offset,
                                        int len)
                                 throws CRMFException

Sets Symmetric Algorithm ID used to encrypt the Private Key value

Parameters

	oid		Identifies the algorithm (and any associated parameters) under which the private key is encrypted
	offset		Into oid array
	len		Length of oid data

Throws

CRMFException - If specified OID is null

getValueEncryptionAlgorithm

public byte[] getValueEncryptionAlgorithm()

Gets the Algorithm ID used to encrypt the Private key value

Returns

The oid that identifies the algorithm (and any associated parameters) under which the Private key is encrypted; returns NULL if this value is not set

setIntendedAlgorithm

public void setIntendedAlgorithm(byte[] oid,
                                 int offset,
                                 int len)
                          throws CRMFException

Sets the intended Algorithm ID for which the value will be used

Parameters

	oid		Identifies the intended algorithm (and any associated parameters)
	offset		Into oid array
	len		Length of oid data

Throws

CRMFException - If specified OID is null

getIntendedAlgorithm

public byte[] getIntendedAlgorithm()

Gets the intended Algorithm ID for which the value will be used

Returns

The oid that identifies the intended algorithm (and any associated parameters); returns NULL if this value is not set

encryptPrivateKey

public byte[] encryptPrivateKey()
                         throws CRMFException

Encrypt the private key using the secret key. Wrap the private key without using PKCS #8 format

Returns

The encrypted private key data BER-encoded in PKCS #8 format; returns null, if values are not set

Throws

if - There is an encryption error;

encryptSecretKey

public byte[] encryptSecretKey()
                        throws CRMFException

Encrypt the secret key with the recipient's public key.Wrap the secret key without using PKCS #8 format

Returns

The encrypted secret key data BER-encoded in PKCS #8 format; returns null if values are not set

Throws

CRMFException - If there is an encryption error;

getNextBEROffset

public static int getNextBEROffset(byte[] valueBER,
                                   int offset)
                            throws CRMFException

Finds the index of the next element to encode, given valueBER, the BER of a EncryptedValue beginning at offset. In other words, gets the next offset after the EncryptedValue.

For example, if the offset is 120 and EncryptedValue's BER encoding is 1819 bytes, this method returns 1939, the index immediately following the EncryptedValue. That is, valueBER[120] is the first byte in the encoding of the EncryptedValue, valueBER[1938] is the last byte in the encoding of the EncryptedValue and the next element begins at index 1939.

Parameters

	valueBER		The BER encoding of a EncryptedValue
	offset		The offset into valueBER where the encoding begins

Returns

An int that indicates the index to the next element in the BER encoding

Throws

CRMFException - If the method cannot read the BER encoding

getDERLen

public int getDERLen(int special)
              throws CRMFException

Returns the number of bytes that will be used by the DER encoding of the EncryptedValue. If this object is not set with values, returns 0.

Parameters

special

That contains any special ASN.1 info, such as OPTIONAL

Returns

The number of bytes that will be used by the DER encoding of the EncryptedValue.

getDEREncoding

public int getDEREncoding(byte[] encoding,
                          int offset,
                          int special)
                   throws CRMFException

Places the DER encoding of the EncryptedValue object into encoding, beginning at offset. To determine how long the encoding will be, call getDERLen. If this object is not yet set with values, this method places nothing into the array and returns 0. To indicate that the DER encoding should follow any special instructions, use the special argument. For instance, to indicate

   data   [1] IMPLICIT INTEGER
 

pass in special = (ASN1.CONTEXT_IMPLICIT | 1);

Of course, if there are no special circumstances, pass in special = 0. The following ASN.1 constants are possible values for special: APP_IMPLICIT, APP_EXPLICIT, PRIVATE_IMPLICIT, PRIVATE_EXPLICIT, OPTIONAL, DEFAULT, CONTEXT_IMPLICIT, or CONTEXT_EXPLICIT.

Parameters

	encoding		The byte array into which the result will be placed.
	offset		The offset into encoding where the writing is to begin.
	special		That contains any special ASN.1 info, such as OPTIONAL

Returns

The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Returns

A new EncryptedValue object, a copy of this object

Throws

CloneNotSupportedException - If the cloning operation is not successful.

equals

public boolean equals(Object obj)

Returns true if this object and obj contain the same EncryptedValue, returns false otherwise.

Overrides

equals in class Object

Parameters

obj

The instance of EncryptedValue object

Returns

A boolean that indicates whether these objects are equal.