codec.pkcs7
Class RecipientInfo

java.lang.Object
  |
  +--java.util.AbstractCollection
        |
        +--java.util.AbstractList
              |
              +--java.util.ArrayList
                    |
                    +--codec.asn1.ASN1AbstractCollection
                          |
                          +--codec.asn1.ASN1Sequence
                                |
                                +--codec.pkcs7.RecipientInfo

All Implemented Interfaces:

ASN1Collection, ASN1Type, Cloneable, Collection, Externalizable, List, Serializable

public class RecipientInfo

extends ASN1Sequence

This class represents a PKCS#7 RecipientInfo structure. It is defined as follows:

 RecipientInfo ::= SEQUENCE {
   version Version, -- 0 for version 1.5 of PKCS#7
   issuerAndSerialNumber IssuerAndSerialNumber,
   keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
   encryptedKey EncryptedKey
 }
 EncryptedKey ::= OCTET STRING
 KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
 

For completeness, we also present the structures referenced in the RecipientInfo structure.

 IssuerAndSerialNumber ::= SEQUENCE {
   issuer Name,
   serialNumber CertificateSerialNumber
 }
 CertificateSerialNumber ::= INTEGER
 

This class provides methods to create a RecipientInfo structure from a certificate and a BEK. BEK stands for Bulk Encryption Key. The BEK is in general a symmetric key that is used to encrypt bulk data. The BEK is then encrypted with the public key of the recipient of the bulk data. The public key is sometimes called the Key Encryption Key (KEK).

The BEK can be retrieved easily from instances of this structure as long as the algorithm of the DEK is known. This information is not stored in this class but in the EncryptedContentInfo structure, which contains RecipientInfo structures for each intended recipient of the bulk data.

This class is completely JCE integrated. It determines the instances to use for encrypting and decrypting based on the OID contained in its instances. The OID are mapped to algorithm names and vice versa by the JCA class, which requires appropriate aliases to be defined for algorithm implementations as described in the JCE documentation. If your installed providers do not support the aliasing scheme then request such support from your provider's supplier, or add a provider that properly defines the aliases (aliases are global to all providers).

Version:

"$Id: RecipientInfo.java,v 1.6 2007/08/30 08:45:05 pebinger Exp $"

Author:

Volker Roth

See Also:

Serialized Form

Field Summary

protected AlgorithmIdentifier	cAlg_ The KeyEncryptionAlgorithmIdentifier.
protected ASN1OctetString	ekey_ The encrypted key.
protected Name	issuer_ The issuer name.
protected ASN1Integer	serial_ The serial number.
protected ASN1Integer	version_ The version number of this RecipientInfo.

Fields inherited from class java.util.AbstractList

modCount

Constructor Summary

RecipientInfo()
The default constructor.

RecipientInfo(X509Certificate cert, Key bek)
This method calls initializes this structure with the given arguments.

RecipientInfo(X509Certificate cert, Key bek, int encType)
same as above but with an explicit encoding type

Method Summary

String	getAlgorithm() This method returns the resolved key encryption algorithm name that can be used for requesting JCE Cipher implementations.
AlgorithmIdentifier	getAlgorithmIdentifier() This method returns the KeyEncryptionAlgorithmIdentifier.
byte[]	getEncryptedKey() This method returns the encrypted bulk encryption key.
Principal	getIssuer() Returns the issuer name.
SecretKey	getSecretKey(PrivateKey kdk, String bekalg) This method returns the decrypted data encryption key stored in this structure.
BigInteger	getSerialNumber() Returns the serial number.
String	toString() Returns a string representation of this object.

Methods inherited from class codec.asn1.ASN1Sequence

getTag

Methods inherited from class codec.asn1.ASN1AbstractCollection

checkConstraints, decode, encode, getCollection, getConstraint, getTagClass, getValue, isExplicit, isOptional, isType, readExternal, setConstraint, setExplicit, setOptional, writeExternal

Methods inherited from class java.util.ArrayList

add, add, addAll, addAll, clear, clone, contains, ensureCapacity, get, indexOf, isEmpty, lastIndexOf, remove, removeRange, set, size, toArray, toArray, trimToSize

Methods inherited from class java.util.AbstractList

equals, hashCode, iterator, listIterator, listIterator, subList

Methods inherited from class java.util.AbstractCollection

containsAll, remove, removeAll, retainAll

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.util.Collection

add, addAll, clear, contains, containsAll, equals, hashCode, isEmpty, iterator, remove, removeAll, retainAll, size, toArray, toArray

Methods inherited from interface java.util.List

containsAll, equals, hashCode, iterator, listIterator, listIterator, remove, removeAll, retainAll, subList

Field Detail

version_

protected ASN1Integer version_

The version number of this RecipientInfo.

issuer_

protected Name issuer_

The issuer name.

serial_

protected ASN1Integer serial_

The serial number.

cAlg_

protected AlgorithmIdentifier cAlg_

The KeyEncryptionAlgorithmIdentifier.

ekey_

protected ASN1OctetString ekey_

The encrypted key.

Constructor Detail

RecipientInfo

public RecipientInfo()

The default constructor.

RecipientInfo

public RecipientInfo(X509Certificate cert,
                     Key bek)
              throws BadNameException,
                     GeneralSecurityException

This method calls initializes this structure with the given arguments. The given bek is encrypted with the given public key. The algorithm to use is determined by means of the OID in the AlgorithmIdentifier that is embedded in the public key's encoding. Decoding is done using a SubjectPublicKeyInfo instance.

Parameters:

cert - The certificate to use for encrypting the given bek.

bek - The bulk encryption key.

RecipientInfo

public RecipientInfo(X509Certificate cert,
                     Key bek,
                     int encType)
              throws BadNameException,
                     GeneralSecurityException

same as above but with an explicit encoding type

Method Detail

getEncryptedKey

public byte[] getEncryptedKey()

This method returns the encrypted bulk encryption key. The returned byte array is a copy. Modifying it causes no side effects.

Returns:

The encrypted key.

getSecretKey

public SecretKey getSecretKey(PrivateKey kdk,
                              String bekalg)
                       throws GeneralSecurityException

This method returns the decrypted data encryption key stored in this structure.

Parameters:

kdk - The private key decryption key.

bekalg - The name of the algorithm of the encrypted bulk encryption key.

Throws:

NoSuchAlgorithmException - if the OID cannot be mapped onto a registered algorithm name.

getIssuer

public Principal getIssuer()

Returns the issuer name. The returned instance is the one used internally. Modifying it causes side effects.

Returns:

The issuer Name.

getSerialNumber

public BigInteger getSerialNumber()

Returns the serial number.

Returns:

The serial number.

getAlgorithmIdentifier

public AlgorithmIdentifier getAlgorithmIdentifier()

This method returns the KeyEncryptionAlgorithmIdentifier. The returned instance is the one used internally. Modifying it causes side effects.

Returns:

The KeyEncryptionAlgorithmIdentifier.

getAlgorithm

public String getAlgorithm()

This method returns the resolved key encryption algorithm name that can be used for requesting JCE Cipher implementations. This method uses JCA. If the name consists of an OID then either the appropriate algorithms are not supported by the installed JCE Providers or the aliases defined by those Providers are incomplete.

Returns:

The name of the key encryption algorithm that is required for decrypting the DEK this structure.

toString

public String toString()

Returns a string representation of this object.

Overrides:

toString in class ASN1AbstractCollection

Returns:

The string representation.