3-6 Oracle Fusion Middleware Reference for Oracle Security Developer Tools
Cipher desCipher = Cipher.getInstanceAlgID.desCBC, desSymKey, Padding.PKCS5; When using CBC ciphers, the AlgorithmIdentifier object may hold cryptographic
parameters such as the initialization vector IV or the effective key length for RC2 ciphers. To specify these parameters when creating or initializing block ciphers, build
a CBCAlgorithmIdentifier object or RC2AlgorithmIdentifier object with the cryptographic parameters.
Example 3–7 shows how to create and initialize a CBC
cipher and a RC2 cipher.
Example 3–7 Code Example for Creating and Initializing CBC Ciphers
CBCAlgorithmIdentifier cbcAlgID = new CBCAlgorithmIdentifierAlgID.desCBC, iv;
desCipher.initializecbcAlgID, desSymKey, Padding.PKCS5; RC2AlgorithmIdentifier rc2AlgID =
new RC2AlgorithmIdentifieriv, 56; BlockCipher rc2Cipher =
BlockCipherCipher.getInstancerc2AlgID, rc2SymKey, Padding.PKCS5;
3.3.3.2 The RSA Cipher
The RSA cipher is an implementation of PKCS1 v2.0 that supports the RSAES-OAEP and RSAES-PKCS1-v1_5 encryption schemes. According to the specification,
RSAES-OAEP is recommended for new applications, and RSAES-PKCS1-v1_5 is included only for compatibility with existing applications and protocols.
The encryption schemes are used to combine RSA encryption and decryption primitives with an encoding method. Encryption and decryption can only be done
through the methods encryptbyte[] and decryptbyte[].
You can use an RSA cipher for four types of operations:
■
Encryption of raw data. Use one of the encrypt methods by passing data to be encrypted.
■
Decryption of encrypted data. Use one of the decrypt methods by passing encrypted data to be decrypted.
■
Wrapping of keys. Use the wrapKey method by passing the key to be encrypted.
■
Unwrapping of encrypted keys. Use the unwrapSymmetricKey method by passing the encrypted key to be decrypted.
To create a new instance of Cipher, call the static getInstance method with AlgorithmIdentifier and Key objects as parameters.
Example 3–8 demonstrates
how to create an RSApkcs1 object and initialize it with the specified key. The cipher can then be used to encrypt or decrypt data.
Example 3–8 Code Example for Creating and Initializing an RSA Cipher
Cipher rsaEnc = Cipher.getInstanceAlgID.rsaEncryption, pubKey; byte[] encryptedData = rsaEnc.encryptdata;
Cipher rsaDec = Cipher.getInstanceAlgID..rsaEncryption, privKey; byte[] decryptedData = rsaDec.decryptencryptedData;
When using RSA ciphers, the AlgorithmIdentifier object may hold cryptographic parameters such as the mask generation function for RSAES-OAEP. To specify these
parameters when creating or initializing RSA ciphers, build an OAEPAlgorithmIdentifier, or use the default one located in the
oracle.security.crypto.core.AlgID interface.
Oracle Crypto 3-7
3.3.3.3 Password Based Encryption
The abstract oracle.security.crypto.core.PBE class provides methods for Password Based Encryption PBE operations. The concrete classes extending the PBE
are the PKCS5PBE and PKCS12PBE classes.
You can use a PBE object for four types of operations:
■
Encryption of raw data. For example: byte[] encData = pbeEnc.encryptmyPassword, data;
■
Decryption of encrypted data. For example: byte[] decData = pbeDec.decryptmyPassword, encData;
■
Wrapping of private or symmetric keys. For example: byte[] encPrivKey = pbeEnc.encryptPrivateKeymyPassword, privKey;
byte[] encSymKey = pbeEnc.encryptSymmetricKeymyPassword, symKey;
■
Unwrapping of private or symmetric encrypted keys. For example: PrivateKey decPrivKey = pbeDec.decryptPrivateKeymyPassword, encPrivKey;
SymmetricKey decSymKey = pbeDec.decryptSymmetricKeymyPassword, encSymKey; To create a new instance of PBE, call the static getInstance method with a
PBEAlgorithmIdentifier object as a parameter. For example: PBE pbeEnc = PBE.getInstancepbeAlgID;
This will create a PKCS5PBE object and initialize it with the specified PBE algorithm. The PBE can then be used to encrypt or decrypt data, wrap or unwrap keys.
When using PBE objects, the AlgorithmIdentifier object may hold cryptographic parameters such as the salt or the iteration count as well as the ASN.1 Object Identifier
specifying the PBE algorithm to use. To specify these parameters when creating or initializing PBEs, build a PBEAlgorithmIdentifier object with the cryptographic
parameters.
Example 3–9 Code Example for Creating a PBE Object
PBEAlgorithmIdentifier pbeAlgID = new PBEAlgorithmIdentifierPBEAlgorithmIdentifier.pbeWithMD5AndDES_CBC, salt, 1024;
pbeEnc.initializepbeAlgID; PBE pbeDec = PBE.getInstancepbeAlgID;
3.3.4 Signatures