gnu.crypto.sig.rsa
Class EMSA_PSS
java.lang.Object
gnu.crypto.sig.rsa.EMSA_PSS
- Cloneable
public class EMSA_PSS
extends java.lang.Object
implements Cloneable
An implementation of the EMSA-PSS encoding/decoding scheme.
EMSA-PSS coincides with EMSA4 in IEEE P1363a D5 except that EMSA-PSS acts
on octet strings and not on bit strings. In particular, the bit lengths of
the hash and the salt must be multiples of 8 in EMSA-PSS. Moreover, EMSA4
outputs an integer of a desired bit length rather than an octet string.
EMSA-PSS is parameterized by the choice of hash function Hash and mask
generation function MGF. In this submission, MGF is based on a Hash
definition that coincides with the corresponding definitions in IEEE Std
1363-2000, PKCS #1 v2.0, and the draft ANSI X9.44. In PKCS #1 v2.0 and the
draft ANSI X9.44, the recommended hash function is SHA-1, while IEEE Std
1363-2000 recommends SHA-1 and RIPEMD-160.
References:
-
RSA-PSS Signature Scheme with Appendix, part B.
Primitive specification and supporting documentation.
Jakob Jonsson and Burt Kaliski.
Version:
Object | clone()
|
boolean | decode(byte[] mHash, byte[] EM, int emBits, int sLen) - The decoding operation EMSA-PSS-Decode recovers the message hash from
an encoded message
EM and compares it to the hash of
M .
|
byte[] | encode(byte[] mHash, int emBits, byte[] salt) - The encoding operation EMSA-PSS-Encode computes the hash of a message
M using a hash function and maps the result to an encoded
message EM of a specified length using a mask generation
function.
|
static EMSA_PSS | getInstance(String mdName) - Returns an instance of this object given a designated name of a hash
function.
|
clone
public Object clone()
decode
public boolean decode(byte[] mHash,
byte[] EM,
int emBits,
int sLen)
The decoding operation EMSA-PSS-Decode recovers the message hash from
an encoded message EM
and compares it to the hash of
M
.
mHash
- the byte sequence resulting from applying the message digest
algorithm Hash to the message M.EM
- the encoded message, an octet string of length
emLen = CEILING(emBits/8).
emBits
- the maximal bit length of the integer OS2IP(EM), at least
8.hLen + 8.sLen + 9
.sLen
- the length, in octets, of the expected salt.
true
if the result of the verification was
consistent with the expected reseult; and false
if the
result was inconsistent.
encode
public byte[] encode(byte[] mHash,
int emBits,
byte[] salt)
The encoding operation EMSA-PSS-Encode computes the hash of a message
M
using a hash function and maps the result to an encoded
message EM
of a specified length using a mask generation
function.
mHash
- the byte sequence resulting from applying the message digest
algorithm Hash to the message M.emBits
- the maximal bit length of the integer OS2IP(EM), at least
8.hLen + 8.sLen + 9
.salt
- the salt to use when encoding the output.
- the encoded message
EM
, an octet string of length
emLen = CEILING(emBits / 8)
.
getInstance
public static EMSA_PSS getInstance(String mdName)
Returns an instance of this object given a designated name of a hash
function.
mdName
- the canonical name of a hash function.
- an instance of this object configured for use with the designated
options.
Copyright © 2001, 2002, 2003
Free Software Foundation,
Inc. All Rights Reserved.