public class PSSSigner extends java.lang.Object implements Signer
Note: the usual value for the salt length is the number of bytes in the hash function.
The createRawSigner(AsymmetricBlockCipher, Digest) family builds a signer that
operates on a pre-computed message hash (mHash) rather than the message itself.
RFC 8017 (PKCS#1 v2.2) sec. 9.1 EMSA-PSS first hashes the message M to mHash and then
salts and re-hashes; these factories replace only that first hash with a
Prehash pass-through, so the caller supplies
mHash via update(...) and the signer still performs the salt / M' / second-hash /
masking steps. The bytes supplied must be exactly the content digest's output length,
otherwise signing or verification fails with "Incorrect prehash size". This is the
lightweight-API equivalent of a "sign/verify pre-computed hash" entry point
(github #1145). See org.bouncycastle.crypto.examples.RSAPSSPreComputedHashExample.
| Modifier and Type | Field and Description |
|---|---|
static byte |
TRAILER_IMPLICIT |
| Constructor and Description |
|---|
PSSSigner(AsymmetricBlockCipher cipher,
Digest digest,
byte[] salt) |
PSSSigner(AsymmetricBlockCipher cipher,
Digest contentDigest,
Digest mgfDigest,
byte[] salt) |
PSSSigner(AsymmetricBlockCipher cipher,
Digest contentDigest,
Digest mgfDigest,
byte[] salt,
byte trailer) |
PSSSigner(AsymmetricBlockCipher cipher,
Digest contentDigest,
Digest mgfDigest,
int sLen) |
PSSSigner(AsymmetricBlockCipher cipher,
Digest contentDigest,
Digest mgfDigest,
int sLen,
byte trailer) |
PSSSigner(AsymmetricBlockCipher cipher,
Digest digest,
int sLen)
basic constructor
|
PSSSigner(AsymmetricBlockCipher cipher,
Digest digest,
int sLen,
byte trailer) |
| Modifier and Type | Method and Description |
|---|---|
static PSSSigner |
createRawSigner(AsymmetricBlockCipher cipher,
Digest digest)
Create a PSS signer/verifier that consumes a pre-computed message hash.
|
static PSSSigner |
createRawSigner(AsymmetricBlockCipher cipher,
Digest contentDigest,
Digest mgfDigest,
byte[] salt,
byte trailer)
Create a PSS signer/verifier that consumes a pre-computed message hash, using a fixed
salt (chiefly for known-answer testing where the salt must be reproducible).
|
static PSSSigner |
createRawSigner(AsymmetricBlockCipher cipher,
Digest contentDigest,
Digest mgfDigest,
int sLen,
byte trailer)
Create a PSS signer/verifier that consumes a pre-computed message hash, with the MGF
digest, salt length and trailer specified explicitly.
|
byte[] |
generateSignature()
generate a signature for the message we've been loaded with using
the key we were initialised with.
|
void |
init(boolean forSigning,
CipherParameters param)
Initialise the signer for signing or verification.
|
void |
reset()
reset the internal state
|
void |
update(byte b)
update the internal digest with the byte b
|
void |
update(byte[] in,
int off,
int len)
update the internal digest with the byte array in
|
boolean |
verifySignature(byte[] signature)
return true if the internal state represents the signature described
in the passed in array.
|
public static final byte TRAILER_IMPLICIT
public PSSSigner(AsymmetricBlockCipher cipher, Digest digest, int sLen)
cipher - the asymmetric cipher to use.digest - the digest to use.sLen - the length of the salt to use (in bytes).public PSSSigner(AsymmetricBlockCipher cipher, Digest contentDigest, Digest mgfDigest, int sLen)
public PSSSigner(AsymmetricBlockCipher cipher, Digest digest, int sLen, byte trailer)
public PSSSigner(AsymmetricBlockCipher cipher, Digest contentDigest, Digest mgfDigest, int sLen, byte trailer)
public PSSSigner(AsymmetricBlockCipher cipher, Digest digest, byte[] salt)
public PSSSigner(AsymmetricBlockCipher cipher, Digest contentDigest, Digest mgfDigest, byte[] salt)
public PSSSigner(AsymmetricBlockCipher cipher, Digest contentDigest, Digest mgfDigest, byte[] salt, byte trailer)
public static PSSSigner createRawSigner(AsymmetricBlockCipher cipher, Digest digest)
digest.getDigestSize() bytes (the hash of the message under
digest) through update(...) before generateSignature() /
verifySignature(...); digest is also used for the EMSA-PSS second
hash and the MGF1 mask, and the salt length defaults to the digest output length
with the implicit (0xBC) trailer.cipher - the asymmetric cipher to use (e.g. a configured RSAEngine).digest - the digest the supplied hash was produced with.public static PSSSigner createRawSigner(AsymmetricBlockCipher cipher, Digest contentDigest, Digest mgfDigest, int sLen, byte trailer)
contentDigest.getDigestSize() bytes (the pre-computed hash) through
update(...); contentDigest performs the EMSA-PSS second hash and
mgfDigest drives the MGF1 mask.cipher - the asymmetric cipher to use.contentDigest - the digest the supplied hash was produced with, also used for the second hash.mgfDigest - the digest to use for the MGF1 mask generation function.sLen - the length of the salt to use (in bytes).trailer - the trailer byte (usually TRAILER_IMPLICIT).public static PSSSigner createRawSigner(AsymmetricBlockCipher cipher, Digest contentDigest, Digest mgfDigest, byte[] salt, byte trailer)
contentDigest.getDigestSize() bytes (the pre-computed hash) through
update(...).cipher - the asymmetric cipher to use.contentDigest - the digest the supplied hash was produced with, also used for the second hash.mgfDigest - the digest to use for the MGF1 mask generation function.salt - the fixed salt to use.trailer - the trailer byte (usually TRAILER_IMPLICIT).public void init(boolean forSigning,
CipherParameters param)
Signerpublic void update(byte b)
public void update(byte[] in,
int off,
int len)
public byte[] generateSignature()
throws CryptoException,
DataLengthException
generateSignature in interface SignerCryptoExceptionDataLengthExceptionpublic boolean verifySignature(byte[] signature)
verifySignature in interface Signer