List of usage examples for org.bouncycastle.crypto.signers PSSSigner init
public void init(boolean forSigning, CipherParameters param)
From source file:dorkbox.util.crypto.CryptoRSA.java
License:Apache License
/** * RSA sign data with a specified key./* ww w .j a v a2 s . c o m*/ * * @param logger * may be null, if no log output is necessary * * @return empty byte[] if error */ public static byte[] sign(PSSSigner signer, RSAPrivateCrtKeyParameters rsaPrivateKey, byte[] mesg, Logger logger) { signer.init(true, rsaPrivateKey); signer.update(mesg, 0, mesg.length); try { return signer.generateSignature(); } catch (Exception e) { if (logger != null) { logger.error("Unable to perform RSA cipher.", e); } return new byte[0]; } }
From source file:dorkbox.util.crypto.CryptoRSA.java
License:Apache License
/** * RSA verify data with a specified key. *///from w w w. j a v a2s. co m public static boolean verify(PSSSigner signer, RSAKeyParameters rsaPublicKey, byte[] sig, byte[] mesg) { signer.init(false, rsaPublicKey); signer.update(mesg, 0, mesg.length); return signer.verifySignature(sig); }
From source file:org.nfc.eclipse.ndef.signature.SignatureVerifier.java
License:Open Source License
public Boolean verify(CertificateFormat certificateFormat, byte[] certificateBytes, SignatureType signatureType, byte[] signatureBytes, byte[] coveredBytes) throws CertificateException, NoSuchProviderException { if (Security.getProvider("BC") == null) { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); }/*from w ww. ja va 2 s . c o m*/ Certificate certificate = null; if (certificateFormat == CertificateFormat.X_509) { java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509", "BC"); certificate = cf.generateCertificate(new ByteArrayInputStream(certificateBytes)); } if (signatureType == SignatureType.RSASSA_PKCS1_v1_5_WITH_SHA_1) { BCRSAPublicKey key = (BCRSAPublicKey) certificate.getPublicKey(); RSAKeyParameters pubParameters = new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); SHA1Digest digest = new SHA1Digest(); RSADigestSigner rsaDigestSigner = new RSADigestSigner(digest); rsaDigestSigner.init(false, pubParameters); rsaDigestSigner.update(coveredBytes, 0, coveredBytes.length); return rsaDigestSigner.verifySignature(signatureBytes); } else if (signatureType == SignatureType.RSASSA_PSS_SHA_1) { BCRSAPublicKey key = (BCRSAPublicKey) certificate.getPublicKey(); RSAKeyParameters pubParameters = new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); AsymmetricBlockCipher rsaEngine = new RSABlindedEngine(); rsaEngine.init(false, pubParameters); SHA1Digest digest = new SHA1Digest(); PSSSigner signer = new PSSSigner(rsaEngine, digest, digest.getDigestSize()); signer.init(true, pubParameters); signer.update(coveredBytes, 0, coveredBytes.length); return signer.verifySignature(signatureBytes); } else if (signatureType == SignatureType.ECDSA) { // http://en.wikipedia.org/wiki/Elliptic_Curve_DSA // http://stackoverflow.com/questions/11339788/tutorial-of-ecdsa-algorithm-to-sign-a-string // http://www.bouncycastle.org/wiki/display/JA1/Elliptic+Curve+Key+Pair+Generation+and+Key+Factories // http://java2s.com/Open-Source/Java/Security/Bouncy-Castle/org/bouncycastle/crypto/test/ECTest.java.htm /* BCRSAPublicKey key = (BCRSAPublicKey) certificate.getPublicKey(); RSAKeyParameters pubParameters = new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); org.bouncycastle.crypto.signers.ECDSASigner signer = new org.bouncycastle.crypto.signers.ECDSASigner(); signer.init(false, pubParameters); SHA1Digest digest = new SHA1Digest(); digest.update(coveredBytes, 0, coveredBytes.length); return signer.verifySignature(signatureBytes); */ } else if (signatureType == SignatureType.DSA) { ASN1InputStream aIn = new ASN1InputStream(signatureBytes); ASN1Primitive o; try { o = aIn.readObject(); ASN1Sequence asn1Sequence = (ASN1Sequence) o; BigInteger r = DERInteger.getInstance(asn1Sequence.getObjectAt(0)).getValue(); BigInteger s = DERInteger.getInstance(asn1Sequence.getObjectAt(1)).getValue(); BCDSAPublicKey key = (BCDSAPublicKey) certificate.getPublicKey(); // DSA Domain parameters DSAParams params = key.getParams(); if (params == null) { return Boolean.FALSE; } DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG()); DSASigner signer = new DSASigner(); signer.init(false, new DSAPublicKeyParameters(key.getY(), parameters)); SHA1Digest digest = new SHA1Digest(); digest.update(coveredBytes, 0, coveredBytes.length); byte[] message = new byte[digest.getDigestSize()]; digest.doFinal(message, 0); return signer.verifySignature(message, r, s); } catch (IOException e) { return Boolean.FALSE; } } return null; }
From source file:org.xipki.commons.security.pkcs11.P11RSAPSSContentSigner.java
License:Open Source License
P11RSAPSSContentSigner(final P11CryptService cryptService, final P11EntityIdentifier identityId, final AlgorithmIdentifier signatureAlgId, final SecureRandom random) throws XiSecurityException, P11TokenException { this.cryptService = ParamUtil.requireNonNull("cryptService", cryptService); this.identityId = ParamUtil.requireNonNull("identityId", identityId); this.algorithmIdentifier = ParamUtil.requireNonNull("signatureAlgId", signatureAlgId); ParamUtil.requireNonNull("random", random); if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(signatureAlgId.getAlgorithm())) { throw new XiSecurityException("unsupported signature algorithm " + signatureAlgId.getAlgorithm()); }/* w w w . ja va2 s .c o m*/ RSASSAPSSparams asn1Params = RSASSAPSSparams.getInstance(signatureAlgId.getParameters()); ASN1ObjectIdentifier digestAlgOid = asn1Params.getHashAlgorithm().getAlgorithm(); HashAlgoType hashAlgo = HashAlgoType.getHashAlgoType(digestAlgOid); if (hashAlgo == null) { throw new XiSecurityException("unsupported hash algorithm " + digestAlgOid.getId()); } P11SlotIdentifier slotId = identityId.getSlotId(); P11Slot slot = cryptService.getSlot(slotId); if (slot.supportsMechanism(P11Constants.CKM_RSA_PKCS_PSS)) { this.mechanism = P11Constants.CKM_RSA_PKCS_PSS; this.parameters = new P11RSAPkcsPssParams(asn1Params); Digest digest = SignerUtil.getDigest(hashAlgo); this.outputStream = new DigestOutputStream(digest); } else if (slot.supportsMechanism(P11Constants.CKM_RSA_X_509)) { this.mechanism = P11Constants.CKM_RSA_X_509; this.parameters = null; AsymmetricBlockCipher cipher = new P11PlainRSASigner(); P11RSAKeyParameter keyParam; try { keyParam = P11RSAKeyParameter.getInstance(cryptService, identityId); } catch (InvalidKeyException ex) { throw new XiSecurityException(ex.getMessage(), ex); } PSSSigner pssSigner = SignerUtil.createPSSRSASigner(signatureAlgId, cipher); pssSigner.init(true, new ParametersWithRandom(keyParam, random)); this.outputStream = new PSSSignerOutputStream(pssSigner); } else { switch (hashAlgo) { case SHA1: this.mechanism = P11Constants.CKM_SHA1_RSA_PKCS_PSS; break; case SHA224: this.mechanism = P11Constants.CKM_SHA224_RSA_PKCS_PSS; break; case SHA256: this.mechanism = P11Constants.CKM_SHA256_RSA_PKCS_PSS; break; case SHA384: this.mechanism = P11Constants.CKM_SHA384_RSA_PKCS_PSS; break; case SHA512: this.mechanism = P11Constants.CKM_SHA512_RSA_PKCS_PSS; break; case SHA3_224: this.mechanism = P11Constants.CKM_SHA3_224_RSA_PKCS_PSS; break; case SHA3_256: this.mechanism = P11Constants.CKM_SHA3_256_RSA_PKCS_PSS; break; case SHA3_384: this.mechanism = P11Constants.CKM_SHA3_384_RSA_PKCS_PSS; break; case SHA3_512: this.mechanism = P11Constants.CKM_SHA3_512_RSA_PKCS_PSS; break; default: throw new RuntimeException("should not reach here, unknown HashAlgoType " + hashAlgo); } if (!slot.supportsMechanism(this.mechanism)) { throw new XiSecurityException("unsupported signature algorithm " + PKCSObjectIdentifiers.id_RSASSA_PSS.getId() + " with " + hashAlgo); } this.parameters = new P11RSAPkcsPssParams(asn1Params); this.outputStream = new ByteArrayOutputStream(); } }