com.rsa.certj.pkcs7

Class EncryptedData

java.lang.Object
  |
  +--com.rsa.certj.pkcs7.ContentInfo
        |
        +--com.rsa.certj.pkcs7.EncryptedData

All Implemented Interfaces:

Cloneable, Serializable

public class EncryptedData

extends ContentInfo

implements Cloneable, Serializable

This class encodes and decodes the PKCS #7 EncryptedData type. The encrypted-data content type consists of encrypted content of any type. Unlike the enveloped-data content type, the encrypted-data content type has neither recipients nor encrypted content-encryption keys. Keys are assumed to be managed by other means. The typical application of the encrypted-data content type is expected to encrypt content of the data-content type for local storage, perhaps where the encryption key is a password.

The ASN.1 definition is as follows:

 EncryptedData ::= SEQUENCE {
   version Version,
   encryptedContentInfo EncryptedContentInfo }
 
 EncryptedContentInfo ::= SEQUENCE {
    contentType ContentType,
    contentEncryptionAlgorithm
       ContentEncryptionAlgorithmIdentifier,
    encryptedContent
       [0] IMPLICIT EncryptedContent OPTIONAL }
 

The fields of type EncryptedData have the following meanings:

version – The syntax version number. It is zero for this version of the standard.

encryptedContentInfo – The encrypted content information.

The fields of type EncryptedContentInfo have the following meanings:

contentType – The type of content.

contentEncryptionAlgorithm – The content-encryption algorithm (and any associated parameters) under which the content is encrypted.

encryptedContent – The result of encrypting the content. This field is optional. If the field is not present, its intended value must be supplied by other means.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

See Also

Serialized Form

Fields inherited from class com.rsa.certj.pkcs7.ContentInfo

DATA, DIGESTED_DATA, ENCRYPTED_DATA, ENVELOPED_DATA, NO_CONTENT, PKCS7_VERSION_NUMBER_0, PKCS7_VERSION_NUMBER_1, SIGNED_DATA

Constructor Summary

EncryptedData(CertJ certJ, CertPathCtx pathCtx)

Creates a new object to encode or decode the PKCS #7 EncryptedData.

Method Summary

void	clearSensitiveData() Clears any sensitive data.
Object	clone() Overrides the default clone method to get a deeper clone.
boolean	equals(Object obj) Returns true if this object and obj contain the same EncryptedData; returns false otherwise.
String	getEncryptionAlgorithmName() Gets Gets the content-encryption algorithm name, for example, DES/ECB/NoPad.
byte[]	getEncryptionAlgorithmOID() Gets the content-encryption algorithm OID.
byte[]	getIV() Gets the initialization vector (IV).
char[]	getPassword() Gets the password data.
byte[]	getSalt() Gets the salt data for the password-based encryption (PBE).
com.rsa.jsafe.JSAFE_SecretKey	getSecretKey() Gets the secret key.
byte[]	getSecretKeyData() Gets the secret key data.
int	getVersionNumber() Gets the PKCS #7 syntax version number.
void	setContentInfo(ContentInfo content) Sets the actual content data of this EncryptedData object.
void	setEncryptionAlgorithm(byte[] oid, int offset, int len) Sets content-encryption algorithm ID.
void	setEncryptionAlgorithm(String algName) Sets the content-encryption algorithm, for example, DES/ECB/NoPad.
void	setIV(byte[] iv, int offset, int len) Sets the initialization vector (IV) to the first len bytes of iv, beginning at offset.
void	setPassword(char[] password, int offset, int len) Sets the password to the len characters of password, beginning at offset.
void	setSalt(byte[] salt, int offset, int len) Sets the salt data for password-based encryption (PBE) to the first len bytes of salt, beginning at offset.
void	setSecretKey(com.rsa.jsafe.JSAFE_SecretKey key) Sets the secret key.
void	setSecretKeyData(byte[] keyData, int offset, int len) Sets the secret key data to the len bytes of keyData, beginning at offset.
void	setVersionNumber(int versionNumber) Sets the PKCS #7 syntax version number.

Methods inherited from class com.rsa.certj.pkcs7.ContentInfo

bytesRead, clearInternalContentBuffer, endOfMessage, getContent, getContentInfoDERLen, getContentInfoDERLen, getContentType, getDevice, getDeviceList, getInstance, getInstance, getMessageType, getMessageType, getUnprocessedDataLen, readFinal, readInit, readInit, readInit, readUpdate, setCertJ, setCertPath, setDevice, writeMessage, writeMessage

Methods inherited from class java.lang.Object

getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EncryptedData

public EncryptedData(CertJ certJ,
                     CertPathCtx pathCtx)

Creates a new object to encode or decode the PKCS #7 EncryptedData.

Parameters

	certJ		A CertJ object that contains environment information. It contains random object, and specifies the device list.
	pathCtx		A CertPathCtx object that contains certificate path validation information. Most certification path providers require the trusted certificate component of this object to be non-empty to be able to perform certification path validation.

Method Detail

setVersionNumber

public void setVersionNumber(int versionNumber)

Sets the PKCS #7 syntax version number.

Parameters

versionNumber

The PKCS #7 syntax version number.

getVersionNumber

public int getVersionNumber()

Gets the PKCS #7 syntax version number.

Returns

The syntax version number.

setIV

public void setIV(byte[] iv,
                  int offset,
                  int len)

Sets the initialization vector (IV) to the first len bytes of iv, beginning at offset.

See the Crypto-J User Manual for more information about iv.

Parameters

	iv		A byte array that contains the IV data.
	offset		The offset into the iv array.
	len		The length of the IV data in the iv array.

getIV

public byte[] getIV()

Gets the initialization vector (IV).

Returns

A new byte array containg the IV data. If the IV is not set, this method returns null.

setSalt

public void setSalt(byte[] salt,
                    int offset,
                    int len)

Sets the salt data for password-based encryption (PBE) to the first len bytes of salt, beginning at offset. To use PBE, set salt using this method. See the RSA BSAFE ® Crypto-J User Manual for more information about PBE.

Parameters

	salt		A byte array that contains the PBE salt data.
	offset		The offset into salt.
	len		The length of the PBE salt data in salt.

getSalt

public byte[] getSalt()

Gets the salt data for the password-based encryption (PBE).

Returns

A new byte array that contains PBE salt data. If the salt data is not set, this method returns null.

setEncryptionAlgorithm

public void setEncryptionAlgorithm(String algName)
                            throws PKCS7Exception

Sets the content-encryption algorithm, for example, DES/ECB/NoPad. If you pass in trasformation that does not have defined OID, this method will throw an exception, for example DES/ECB/PKCS5Padding.

Parameters

algName

The content-encryption algorithm

Throws

PKCS7Exception - If algName is null or invalid.

setEncryptionAlgorithm

public void setEncryptionAlgorithm(byte[] oid,
                                   int offset,
                                   int len)
                            throws PKCS7Exception

Sets content-encryption algorithm ID.

Parameters

	oid		Identifies the content-encryption algorithm (and any associated parameters) under which the content is encrypted.
	offset		The offset into oid where the algorithm begins.
	len		The length of the data in oid,

Throws

PKCS7Exception - If the specified OID data is null.

getEncryptionAlgorithmOID

public byte[] getEncryptionAlgorithmOID()

Gets the content-encryption algorithm OID.

Returns

The content-encryption algorithm OID.

getEncryptionAlgorithmName

public String getEncryptionAlgorithmName()
                                  throws PKCS7Exception

Gets Gets the content-encryption algorithm name, for example, DES/ECB/NoPad.

Returns

The ContentEncryptionAlgorithm name.

setSecretKey

public void setSecretKey(com.rsa.jsafe.JSAFE_SecretKey key)
                  throws PKCS7Exception

Sets the secret key. See the Crypto-J User Manual for more information about JSAFE_SecretKey.

Parameters

key

A JSAFE_SecretKey object that contains the secret key.

Throws

PKCS7Exception - If this key cannot be set or if the key is null.

getSecretKey

public com.rsa.jsafe.JSAFE_SecretKey getSecretKey()
                                           throws PKCS7Exception

Gets the secret key.

Returns

A secret key used for data encryption.

Throws

PKCS7Exception - If the key cannot be obtained.

setSecretKeyData

public void setSecretKeyData(byte[] keyData,
                             int offset,
                             int len)
                      throws PKCS7Exception

Sets the secret key data to the len bytes of keyData, beginning at offset.

Parameters

	keyData		A byte array that contains the secret key data.
	offset		Tthe offset into keyData.
	len		The length of the secret key data in keyData.

Throws

PKCS7Exception - The specified key data is null, the encryption algorithm is not set, or the specified key data is invalid for the specified encryption algorithm.

getSecretKeyData

public byte[] getSecretKeyData()

Gets the secret key data.

Returns

A new byte array that contains the secret key data. If the secret key is not set, this method returns null.

setPassword

public void setPassword(char[] password,
                        int offset,
                        int len)

Sets the password to the len characters of password, beginning at offset. If you want to use password-based encryption, use this method, and not setSecretKeyData. See the Crypto-J User Manual for more information about password.

Parameters

	password		The password data.
	offset		The offset into password where the password data begins.
	len		The length of the password data.

getPassword

public char[] getPassword()
                   throws PKCS7Exception

Gets the password data. If the object is not set with a password, this method throws an exception.

Returns

A new char array that contains the password data.

Throws

PKCS7Exception - If the object is not set with a password.

setContentInfo

public void setContentInfo(ContentInfo content)
                    throws PKCS7Exception

Sets the actual content data of this EncryptedData object.

Parameters

content

The ContentInfo object that is encrypted. It can have any of PKCS #7-defined content types, previously defined in the ContentInfo class.

Throws

PKCS7Exception - If content cannot be cloned or if it is null.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Overrides

clone in class ContentInfo

Returns

A copy of this object in its current state.

Throws

CloneNotSupportedException - If the cloning operation is not successful.

equals

public boolean equals(Object obj)

Returns true if this object and obj contain the same EncryptedData; returns false otherwise.

Overrides

equals in class Object

Parameters

obj

An instance of the EncryptedData class.

Returns

A boolean indicating whether these objects are equal.

clearSensitiveData

public void clearSensitiveData()

Clears any sensitive data. The finalizer will clear the data, but it is not known when the garbage collector will call the finalizer. This method clears all sensitive data as soon as possible.

Overrides

clearSensitiveData in class ContentInfo