Smart Card Solution
User Manual
- R502 Manual
JavaCard API Samples
- Algorithm
Java Card Specification
Knowledge Sharing
Smart Card Solution
User Manual
JavaCard API Samples
Java Card Specification
Knowledge Sharing
javacardx.crypto
public abstract class Cipherextends Object
The Cipher class is the abstract base class for Cipher algorithms. Implementations of Cipher algorithms must extend this class and implement all the abstract methods. The term “pad” is used in the public key cipher algorithms below to refer to all the operations specified in the referenced scheme to transform the message block into the cipher block size.
The asymmetric key algorithms encrypt using either a public key (to cipher) or a private key (to sign).
In addition they decrypt using the either a private key (to decipher) or a public key (to verify).
A tear or card reset event resets an initialized
Cipher object to the state it was in when previously initialized via a call to init(). For algorithms which support keys with transient key data sets, such as DES, triple DES and AES, and Korean SEED the Cipher object key becomes uninitialized on clear events associated with the Key object used to initialize the Cipher object.
Even if a transaction is in progress, update of intermediate result state in the implementation
instance shall not participate in the transaction.
Note:
Field Summary | |
---|---|
static byte | ALG_AES_BLOCK_128_CBC_NOPAD Cipher algorithm ALG_AES_BLOCK_128_CBC_NOPAD provides a cipher using AES with block size 128 in CBC mode anddoes not pad input data. |
static byte | ALG_AES_BLOCK_128_ECB_NOPAD Cipher algorithm ALG_AES_BLOCK_128_ECB_NOPAD provides a cipher using AES with block size 128 in ECB mode anddoes not pad input data. |
static byte | ALG_DES_CBC_ISO9797_M1 Cipher algorithm ALG_DES_CBC_ISO9797_M1 provides a cipher using DES in CBC mode or triple DES in outer CBC mode, and padsinput data according to the ISO 9797 method 1 scheme. |
static byte | ALG_DES_CBC_ISO9797_M2 Cipher algorithm ALG_DES_CBC_ISO9797_M2 provides a cipher using DES in CBC mode or triple DES in outer CBC mode, and padsinput data according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme. |
static byte | ALG_DES_CBC_NOPAD Cipher algorithm ALG_DES_CBC_NOPAD provides a cipher using DES in CBC modeor triple DES in outer CBC mode, anddoes not pad input data. |
static byte | ALG_DES_CBC_PKCS5 Cipher algorithm ALG_DES_CBC_PKCS5 provides a cipher using DES in CBC mode or triple DES in outer CBC mode, and padsinput data according to the PKCS#5 scheme. |
static byte | ALG_DES_ECB_ISO9797_M1 Cipher algorithm ALG_DES_ECB_ISO9797_M1 provides a cipher using DES in ECB mode, and padsinput data according to the ISO 9797 method 1 scheme. |
static byte | ALG_DES_ECB_ISO9797_M2 Cipher algorithm ALG_DES_ECB_ISO9797_M2 provides a cipher using DES in ECB mode, and padsinput data according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme. |
static byte | ALG_DES_ECB_NOPAD Cipher algorithm ALG_DES_ECB_NOPAD provides a cipher using DES in ECB mode, and does not pad input data. |
static byte | ALG_DES_ECB_PKCS5 Cipher algorithm ALG_DES_ECB_PKCS5 provides a cipher using DES in ECB mode, and padsinput data according to the PKCS#5 scheme. |
static byte | ALG_KOREAN_SEED_CBC_NOPAD Cipher algorithm ALG_KOREAN_SEED_CBC_NOPAD provides a cipher using the Korean SEED algorithm specified in the Korean SEED Algorithm specification provided by KISA, Korea Information Security Agency in ECB mode anddoes not pad input data. |
static byte | ALG_KOREAN_SEED_ECB_NOPAD Cipher algorithm ALG_KOREAN_SEED_ECB_NOPAD provides a cipher using the Korean SEED algorithm specified in the Korean SEED Algorithm specification provided by KISA, Korea Information Security Agency in ECB mode anddoes not pad input data. |
static byte | ALG_RSA_ISO14888 Cipher algorithm ALG_RSA_ISO14888 provides a cipher using RSA, and padsinput data according to the ISO 14888 scheme. |
static byte |
*
|
static byte | ALG_RSA_NOPAD Cipher algorithm ALG_RSA_NOPAD provides a cipher using RSA anddoes not pad input data. |
static byte | ALG_RSA_PKCS1 Cipher algorithm ALG_RSA_PKCS1 provides a cipher using RSA, and padsinput data according to the PKCS#1 (v1.5) scheme. |
static byte | ALG_RSA_PKCS1_OAEP Cipher algorithm ALG_RSA_PKCS1_OAEP provides a cipher using RSA, andpads input data according to the PKCS#1-OAEP scheme (IEEE 1363-2000). |
static byte | MODE_DECRYPT Used in init() methods to indicate decryption mode. |
static byte | MODE_ENCRYPT Used in init() methods to indicate encryption mode. |
Constructor Summary | |
---|---|
protected | Cipher () Protected constructor. |
Method Summary | |
---|---|
abstract short | doFinal (byte[] inBuff,short inOffset,short inLength,byte[] outBuff,short outOffset) Generates encrypted/decrypted output from all/last input data. |
abstract byte | getAlgorithm () Gets the Cipher algorithm. |
static Cipher | getInstance (byte algorithm,boolean externalAccess) Creates a Cipher object instance of the selected algorithm. |
abstract void | init (Key theKey,byte theMode) Initializes the Cipher object with the appropriate Key. |
abstract void | init (Key theKey,byte theMode,byte[] bArray,short bOff,short bLen) Initializes the Cipher object with the appropriate Key and algorithm specific parameters. |
abstract short | update (byte[] inBuff,short inOffset,short inLength,byte[] outBuff,short outOffset) Generates encrypted/decrypted output from input data. |
Methods inherited from class java.lang.Object |
---|
equals |
Field Detail |
---|
public static final byte ALG_DES_CBC_NOPAD
Cipher algorithm ALG_DES_CBC_NOPAD provides a cipher using DES in CBC mode or triple DES in outer CBC mode, and does not pad input data. If the input data is not (8-byte) block aligned it throws CryptoException with the reason code ILLEGAL_USE.
See Also:Constant Field Values
public static final byte ALG_DES_CBC_ISO9797_M1
Cipher algorithm ALG_DES_CBC_ISO9797_M1 provides a cipher using DES in CBC mode or triple DES in outer CBC mode, and pads input data according to the ISO 9797 method 1 scheme.
See Also:Constant Field Values
public static final byte ALG_DES_CBC_ISO9797_M2
Cipher algorithm ALG_DES_CBC_ISO9797_M2 provides a cipher using DES in CBC mode or triple DES in outer CBC mode, and pads input data according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.
See Also:Constant Field Values
public static final byte ALG_DES_CBC_PKCS5
Cipher algorithm ALG_DES_CBC_PKCS5 provides a cipher using DES in CBC mode or triple DES in outer CBC mode, and pads input data according to the PKCS#5 scheme.
See Also:Constant Field Values
public static final byte ALG_DES_ECB_NOPAD
Cipher algorithm ALG_DES_ECB_NOPAD provides a cipher using DES in ECB mode, and does not pad input data. If the input data is not (8-byte) block aligned it throws CryptoException with the reason code ILLEGAL_USE.
See Also:Constant Field Values
public static final byte ALG_DES_ECB_ISO9797_M1
Cipher algorithm ALG_DES_ECB_ISO9797_M1 provides a cipher using DES in ECB mode, and pads input data according to the ISO 9797 method 1 scheme.
See Also:Constant Field Values
public static final byte ALG_DES_ECB_ISO9797_M2
Cipher algorithm ALG_DES_ECB_ISO9797_M2 provides a cipher using DES in ECB mode, and pads input data according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.
See Also:Constant Field Values
public static final byte ALG_DES_ECB_PKCS5
Cipher algorithm ALG_DES_ECB_PKCS5 provides a cipher using DES in ECB mode, and pads input data according to the PKCS#5 scheme.
See Also:Constant Field Values
public static final byte ALG_RSA_ISO14888
Cipher algorithm ALG_RSA_ISO14888 provides a cipher using RSA, and pads input data according to the ISO 14888 scheme.
See Also:Constant Field Values
public static final byte ALG_RSA_PKCS1
Cipher algorithm ALG_RSA_PKCS1 provides a cipher using RSA, and pads
input data according to the PKCS#1 (v1.5) scheme.
Note:
See Also:Constant Field Values
public static final byte ALG_RSA_ISO9796
Deprecated.
This Cipher algorithm ALG_RSA_ISO9796 should not be used. The ISO 9796-1 algorithm was withdrawn by ISO in July 2000.
See Also:Constant Field Values
public static final byte ALG_RSA_NOPAD
Cipher algorithm ALG_RSA_NOPAD provides a cipher using RSA and
does not pad input data. If the input data is bounded by incorrect
padding bytes while using RSAPrivateCrtKey, incorrect output may result. If the input data is not block aligned it throws CryptoException with the reason code ILLEGAL_USE.
See Also:Constant Field Values
public static final byte ALG_AES_BLOCK_128_CBC_NOPAD
Cipher algorithm ALG_AES_BLOCK_128_CBC_NOPAD provides a cipher using AES with block size 128 in CBC mode and does not pad input data. If the input data is not block aligned it throws CryptoException with the reason code ILLEGAL_USE.
See Also:Constant Field Values
public static final byte ALG_AES_BLOCK_128_ECB_NOPAD
Cipher algorithm ALG_AES_BLOCK_128_ECB_NOPAD provides a cipher using AES with block size 128 in ECB mode and does not pad input data. If the input data is not block aligned it throws CryptoException with the reason code ILLEGAL_USE.
See Also:Constant Field Values
public static final byte ALG_RSA_PKCS1_OAEP
Cipher algorithm ALG_RSA_PKCS1_OAEP provides a cipher using RSA, and pads input data according to the PKCS#1-OAEP scheme (IEEE 1363-2000).
See Also:Constant Field Values
public static final byte ALG_KOREAN_SEED_ECB_NOPAD
Cipher algorithm ALG_KOREAN_SEED_ECB_NOPAD provides a cipher using the Korean SEED algorithm specified in the Korean SEED Algorithm specification provided by KISA, Korea Information Security Agency in ECB mode and does not pad input data. If the input data is not block aligned it throws CryptoException with the reason code ILLEGAL_USE.
See Also:Constant Field Values
public static final byte ALG_KOREAN_SEED_CBC_NOPAD
Cipher algorithm ALG_KOREAN_SEED_CBC_NOPAD provides a cipher using the Korean SEED algorithm specified in the Korean SEED Algorithm specification provided by KISA, Korea Information Security Agency in ECB mode and does not pad input data. If the input data is not block aligned it throws CryptoException with the reason code ILLEGAL_USE.
See Also:Constant Field Values
public static final byte MODE_DECRYPT
Used in init() methods to indicate decryption mode.
See Also:Constant Field Values
public static final byte MODE_ENCRYPT
Used in init() methods to indicate encryption mode.
See Also:Constant Field Values
Constructor Detail |
---|
protected Cipher()
Protected constructor.
Method Detail |
---|
public static final Cipher getInstance(byte algorithm, boolean externalAccess) throws CryptoException
Creates a Cipher object instance of the selected algorithm.
Parameters:algorithm - the desired Cipher algorithm. Valid codes listed in ALG_* constants above, for example, ALG_DES_CBC_NOPAD .
externalAccess - true indicates that the instance will be shared among multiple applet instances and that the Cipher instance will also be accessed (via a Shareable interface) when the owner of the Cipher instance is not the currently selected applet. If true the implementation must not allocate CLEAR_ON_DESELECT transient space for internal data.
Returns:the Cipher object instance of the requested algorithm
Throws:
CryptoException - with the following reason codes:
public abstract void init(Key theKey, byte theMode) throws CryptoException
Initializes the Cipher object with the appropriate Key.
This method should be used
for algorithms which do not need initialization parameters or use default parameter
values.
init() must be used to update the Cipher object with a new key.
If the Key object is modified after invoking the init() method,
the behavior of the update() and doFinal()
methods is unspecified.
Note:
Parameters:theKey - the key object to use for encrypting or decrypting
theMode - one of MODE_DECRYPT or MODE_ENCRYPT
Throws:
CryptoException - with the following reason codes:
public abstract void init(Key theKey, byte theMode, byte[] bArray, short bOff, short bLen) throws CryptoException
Initializes the Cipher object with the appropriate Key and algorithm specific
parameters.
init() must be used to update the Cipher object with a new key.
If the Key object is modified after invoking the init() method,
the behavior of the update() and doFinal()
methods is unspecified.
Note:
Parameters:theKey - the key object to use for encrypting or decrypting.
theMode - one of MODE_DECRYPT or MODE_ENCRYPT
bArray - byte array containing algorithm specific initialization info
bOff - offset within bArray where the algorithm specific data begins
bLen - byte length of algorithm specific parameter data
Throws:
CryptoException - with the following reason codes:
public abstract byte getAlgorithm()
Gets the Cipher algorithm.
Returns:the algorithm code defined above
public abstract short doFinal(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset) throws CryptoException
Generates encrypted/decrypted output from all/last input data. This method must be invoked
to complete a cipher operation. This method processes any remaining input data buffered by
one or more calls to the update() method as well as input data supplied in the
inBuff parameter.
A call to this method also resets this Cipher object to the state it was in
when previously initialized via a call to init().
That is, the object is reset and available to encrypt or decrypt
(depending on the operation mode that was specified in the call to init()) more data.
In addition, note that the initial vector(IV) used in AES, DES and Korean SEED algorithms will be reset to 0.
Notes:
Parameters:inBuff - the input buffer of data to be encrypted/decrypted
inOffset - the offset into the input buffer at which to begin encryption/decryption
inLength - the byte length to be encrypted/decrypted
outBuff - the output buffer, may be the same as the input buffer
outOffset - the offset into the output buffer where the resulting output data begins
Returns:number of bytes output in outBuff
Throws:
CryptoException - with the following reason codes:
public abstract short update(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset) throws CryptoException
Generates encrypted/decrypted output from input data. This method is intended for multiple-part
encryption/decryption operations.
This method requires temporary storage of
intermediate results. In addition, if the input data length is not block aligned
(multiple of block size)
then additional internal storage may be allocated at this time to store a partial
input data block.
This may result in additional resource consumption and/or slow performance.
This method should only be used if all the input data required for the cipher
is not available in one byte array. If all the input data required for the cipher
is located in a single byte array, use of the doFinal() method to
process all of the input data is recommended. The doFinal() method
must be invoked to complete processing of any remaining input data buffered by one or more calls
to the update() method.
Notes:
Parameters:inBuff - the input buffer of data to be encrypted/decrypted
inOffset - the offset into the input buffer at which to begin encryption/decryption
inLength - the byte length to be encrypted/decrypted
outBuff - the output buffer, may be the same as the input buffer
outOffset - the offset into the output buffer where the resulting ciphertext/plaintext begins
Returns:number of bytes output in outBuff
Throws:
CryptoException - with the following reason codes: