de.flexiprovider.nf.iq.iqrdsa
Class IQRDSASignature

java.lang.Object
  |
  +--java.security.SignatureSpi
        |
        +--de.flexiprovider.api.Signature
              |
              +--de.flexiprovider.nf.iq.iqrdsa.IQRDSASignature

Direct Known Subclasses:

IQRDSASignature.RIPEMD160, IQRDSASignature.SHA1

public abstract class IQRDSASignature

extends Signature

The IQRDSASignature class implements core parts of the IQRDSA algorithm, namely the signature and the verification process.

Signature is generated as follow

Randomly select an integer k such that 0 <= 0 < q

Compute rho = gamma^k

Calculate x = -a * h(M||rho) + k

Determine integers s and l such that x = lq + s with 0 <= s < q

If s = 0 restart signature step with a different k

Compute lambda = gamma^l

The signature of the message M is S = (s, rho, lambda)

Verification of a given signature only succeeds if the following equation is fulfilled:

gamma^s * alpha^h(M||rho) * lambda^q = rho with 1 <= s < q

Author:

Ralf-P. Weinmann

Inner Class Summary

static class	IQRDSASignature.RIPEMD160 IQRDSA with RIPEMD160 message digest.
static class	IQRDSASignature.SHA1 IQRDSA with SHA1 message digest.

Fields inherited from class java.security.SignatureSpi

appRandom

Constructor Summary

protected

IQRDSASignature(MessageDigest md) Constructor.

Method Summary

void	initSign(PrivateKey key, SecureRandom prng) Initializes engine for signing.
void	initVerify(PublicKey key) Initialized engine for verification process
protected byte[]	makeDigest(byte[] m) Calculates the digest value for a given octet string
void	setParameters(AlgorithmParameterSpec params) Set the parameters for the signature.
byte[]	sign() Generates an ASN.1 encoded object representing the signature of the data bytes digested by the message digest algorithm thus far.
void	update(byte b) Updates the data to be signed or verified using the specified byte.
void	update(byte[] b, int off, int len) Updates the data to be signed or verified, using the specified array of bytes, starting at the specified offset.
boolean	verify(byte[] sigBytes) Verifies the signature passed in as sigBytes

Methods inherited from class de.flexiprovider.api.Signature

engineGetParameter, engineInitSign, engineInitSign, engineInitVerify, engineSetParameter, engineSetParameter, engineSign, engineUpdate, engineUpdate, engineVerify, engineVerify, initSign, sign, update, verify, verify, verify

Methods inherited from class java.security.SignatureSpi

clone, engineSign

Methods inherited from class java.lang.Object

, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

IQRDSASignature

protected IQRDSASignature(MessageDigest md)

Constructor. Set the message digest.

Parameters:

md - the message digest

Method Detail

initSign

public void initSign(PrivateKey key,
                     SecureRandom prng)
              throws InvalidKeyException

Initializes engine for signing.

Overrides:

initSign in class Signature

Parameters:

key - private key to be used for signing

prng - source of randomness

Throws:

InvalidKeyException - if the key is not an instance of IQRDSAPrivateKey.

See Also:

sign()

initVerify

public void initVerify(PublicKey key)
                throws InvalidKeyException

Initialized engine for verification process

Overrides:

initVerify in class Signature

Parameters:

key - public key to be used for verification

Throws:

InvalidKeyException - if the key is not an instance of IQRDSAPublicKey.

See Also:

verify(byte [])

update

public void update(byte b)

Updates the data to be signed or verified using the specified byte.

Overrides:

update in class Signature

Parameters:

b - the byte to be updated.

update

public void update(byte[] b,
                   int off,
                   int len)

Updates the data to be signed or verified, using the specified array of bytes, starting at the specified offset.

Overrides:

update in class Signature

Parameters:

b - the byte array

off - the offset to start from in the array of bytes

len - the number of bytes to use, starting at offset

makeDigest

protected byte[] makeDigest(byte[] m)

Calculates the digest value for a given octet string

Parameters:

m - array containing the data to be hashed

Returns:

the digest value represented as an octet string

sign

public byte[] sign()

Generates an ASN.1 encoded object representing the signature of the data bytes digested by the message digest algorithm thus far.

Overrides:

sign in class Signature

Returns:

signature of the data fed into the engine thus far

verify

public boolean verify(byte[] sigBytes)
               throws SignatureException

Verifies the signature passed in as sigBytes

Overrides:

verify in class Signature

Parameters:

sigBytes - the signature bytes to be verified.

Returns:

true if the signature was verified, false if not.

Throws:

SignatureException - if this signature object is not initialized properly.

setParameters

public void setParameters(AlgorithmParameterSpec params)
                   throws InvalidAlgorithmParameterException

Set the parameters for the signature.

Overrides:

setParameters in class Signature

Parameters:

params - the parameters

Throws:

InvalidAlgorithmParameterException - if the parameters are not an instance of IQRDSAParameterSpec.