3-6 Oracle Fusion Middleware Reference for Oracle Security Developer Tools Cipher desCipher = Cipher.getInstanceAlgID.desCBC, desSymKey, Padding.PKCS5; When using CBC ciphers, the AlgorithmIdentifier object may hold cryptographic parameters such as the initialization vector IV or the effective key length for RC2 ciphers. To specify these parameters when creating or initializing block ciphers, build a CBCAlgorithmIdentifier object or RC2AlgorithmIdentifier object with the cryptographic parameters. Example 3–7 shows how to create and initialize a CBC cipher and a RC2 cipher. Example 3–7 Code Example for Creating and Initializing CBC Ciphers CBCAlgorithmIdentifier cbcAlgID = new CBCAlgorithmIdentifierAlgID.desCBC, iv; desCipher.initializecbcAlgID, desSymKey, Padding.PKCS5; RC2AlgorithmIdentifier rc2AlgID = new RC2AlgorithmIdentifieriv, 56; BlockCipher rc2Cipher = BlockCipherCipher.getInstancerc2AlgID, rc2SymKey, Padding.PKCS5;

3.3.3.2 The RSA Cipher

The RSA cipher is an implementation of PKCS1 v2.0 that supports the RSAES-OAEP and RSAES-PKCS1-v1_5 encryption schemes. According to the specification, RSAES-OAEP is recommended for new applications, and RSAES-PKCS1-v1_5 is included only for compatibility with existing applications and protocols. The encryption schemes are used to combine RSA encryption and decryption primitives with an encoding method. Encryption and decryption can only be done through the methods encryptbyte[] and decryptbyte[]. You can use an RSA cipher for four types of operations: ■ Encryption of raw data. Use one of the encrypt methods by passing data to be encrypted. ■ Decryption of encrypted data. Use one of the decrypt methods by passing encrypted data to be decrypted. ■ Wrapping of keys. Use the wrapKey method by passing the key to be encrypted. ■ Unwrapping of encrypted keys. Use the unwrapSymmetricKey method by passing the encrypted key to be decrypted. To create a new instance of Cipher, call the static getInstance method with AlgorithmIdentifier and Key objects as parameters. Example 3–8 demonstrates how to create an RSApkcs1 object and initialize it with the specified key. The cipher can then be used to encrypt or decrypt data. Example 3–8 Code Example for Creating and Initializing an RSA Cipher Cipher rsaEnc = Cipher.getInstanceAlgID.rsaEncryption, pubKey; byte[] encryptedData = rsaEnc.encryptdata; Cipher rsaDec = Cipher.getInstanceAlgID..rsaEncryption, privKey; byte[] decryptedData = rsaDec.decryptencryptedData; When using RSA ciphers, the AlgorithmIdentifier object may hold cryptographic parameters such as the mask generation function for RSAES-OAEP. To specify these parameters when creating or initializing RSA ciphers, build an OAEPAlgorithmIdentifier, or use the default one located in the oracle.security.crypto.core.AlgID interface. Oracle Crypto 3-7

3.3.3.3 Password Based Encryption

The abstract oracle.security.crypto.core.PBE class provides methods for Password Based Encryption PBE operations. The concrete classes extending the PBE are the PKCS5PBE and PKCS12PBE classes. You can use a PBE object for four types of operations: ■ Encryption of raw data. For example: byte[] encData = pbeEnc.encryptmyPassword, data; ■ Decryption of encrypted data. For example: byte[] decData = pbeDec.decryptmyPassword, encData; ■ Wrapping of private or symmetric keys. For example: byte[] encPrivKey = pbeEnc.encryptPrivateKeymyPassword, privKey; byte[] encSymKey = pbeEnc.encryptSymmetricKeymyPassword, symKey; ■ Unwrapping of private or symmetric encrypted keys. For example: PrivateKey decPrivKey = pbeDec.decryptPrivateKeymyPassword, encPrivKey; SymmetricKey decSymKey = pbeDec.decryptSymmetricKeymyPassword, encSymKey; To create a new instance of PBE, call the static getInstance method with a PBEAlgorithmIdentifier object as a parameter. For example: PBE pbeEnc = PBE.getInstancepbeAlgID; This will create a PKCS5PBE object and initialize it with the specified PBE algorithm. The PBE can then be used to encrypt or decrypt data, wrap or unwrap keys. When using PBE objects, the AlgorithmIdentifier object may hold cryptographic parameters such as the salt or the iteration count as well as the ASN.1 Object Identifier specifying the PBE algorithm to use. To specify these parameters when creating or initializing PBEs, build a PBEAlgorithmIdentifier object with the cryptographic parameters. Example 3–9 Code Example for Creating a PBE Object PBEAlgorithmIdentifier pbeAlgID = new PBEAlgorithmIdentifierPBEAlgorithmIdentifier.pbeWithMD5AndDES_CBC, salt, 1024; pbeEnc.initializepbeAlgID; PBE pbeDec = PBE.getInstancepbeAlgID;

3.3.4 Signatures