org.bouncycastle.crypto.signers

Class ECCSISigner

java.lang.Object

org.bouncycastle.crypto.signers.ECCSISigner

All Implemented Interfaces:

Signer

public class ECCSISigner
extends java.lang.Object
implements Signer

Implementation of Elliptic Curve-based Certificateless Signatures for Identity-Based Encryption (ECCSI) as defined in RFC 6507.

See Also:

RFC 6507: Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI)

Constructor Summary

Constructors

Constructor and Description
ECCSISigner(ECPoint kpak, X9ECParameters params, Digest digest, byte[] id) Constructs an ECCSI signer/verifier with KMS Public Authentication Key and user identity.

Method Summary

Modifier and Type	Method and Description
byte[]	generateSignature() Generates an ECCSI signature according to RFC 6507 Section 5.2.1.
void	init(boolean forSigning, CipherParameters param) Initializes the signer for either signature generation or verification.
void	reset() Resets the signer/verifier state and performs initial computations: - For signing: Validates KPAK consistency (RFC 6507 Section 5.1.2) - For verification: Computes Y = HS·PVT + KPAK Also computes HS = hash(G || KPAK || ID || PVT) as per RFC 6507 Section 5.1.1
void	update(byte b) update the internal digest with the byte b
void	update(byte[] in, int off, int len) update the internal digest with the byte array in
boolean	verifySignature(byte[] signature) Verifies an ECCSI signature according to RFC 6507 Section 5.2.2.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ECCSISigner

public ECCSISigner(ECPoint kpak,
                   X9ECParameters params,
                   Digest digest,
                   byte[] id)

Constructs an ECCSI signer/verifier with KMS Public Authentication Key and user identity.

Parameters:

kpak - KMS Public Authentication Key (KPAK) from RFC 6507 Section 2

id - User identity byte array formatted

Method Detail

init

public void init(boolean forSigning,
                 CipherParameters param)

Initializes the signer for either signature generation or verification.

Specified by:

init in interface Signer

Parameters:

forSigning - true for signing, false for verification

param - Key parameters: - For signing: ParametersWithRandom containing ECCSIPrivateKeyParameters - For verification: ECCSIPublicKeyParameters

Throws:

java.lang.IllegalArgumentException - if invalid parameters are provided

update

public void update(byte b)

Description copied from interface: Signer

update the internal digest with the byte b

Specified by:

update in interface Signer

update

public void update(byte[] in,
                   int off,
                   int len)

Description copied from interface: Signer

update the internal digest with the byte array in

Specified by:

update in interface Signer

generateSignature

public byte[] generateSignature()
                         throws CryptoException,
                                DataLengthException

Generates an ECCSI signature according to RFC 6507 Section 5.2.1.

Specified by:

generateSignature in interface Signer

Returns:

Signature structure containing: - r (N bytes) - s (N bytes) - PVT (Public Validation Token)

Throws:

CryptoException - if cryptographic operations fail

DataLengthException - if input data is invalid

java.lang.IllegalArgumentException - if invalid SSK or j parameter is detected

verifySignature

public boolean verifySignature(byte[] signature)

Verifies an ECCSI signature according to RFC 6507 Section 5.2.2.

Specified by:

verifySignature in interface Signer

Parameters:

signature - Signature to verify (r || s || PVT)

Returns:

true if signature is valid, false otherwise

Throws:

java.lang.IllegalArgumentException - if signature format is invalid

reset

public void reset()

Resets the signer/verifier state and performs initial computations: - For signing: Validates KPAK consistency (RFC 6507 Section 5.1.2) - For verification: Computes Y = HS·PVT + KPAK Also computes HS = hash(G || KPAK || ID || PVT) as per RFC 6507 Section 5.1.1

Specified by:

reset in interface Signer