net.corda.core.crypto

Class Crypto

net.corda.core.crypto.Crypto

public class Crypto

This object controls and provides the available and supported signature schemes for Corda. Any implemented class SignatureScheme should be strictly defined here. However, only the schemes returned by {@link #listSupportedSignatureSchemes()} are supported. Note that Corda currently supports the following signature schemes by their code names:

See Also:

class SignatureScheme

Field Summary

Fields

Modifier and Type	Field and Description
static SignatureScheme	COMPOSITE_KEY Corda composite key type
static SignatureScheme	DEFAULT_SIGNATURE_SCHEME Our default signature scheme if no algorithm is specified (e.g. for key generation).
static SignatureScheme	ECDSA_SECP256K1_SHA256 ECDSA signature scheme using the secp256k1 Koblitz curve.
static SignatureScheme	ECDSA_SECP256R1_SHA256 ECDSA signature scheme using the secp256r1 (NIST P-256) curve.
static SignatureScheme	EDDSA_ED25519_SHA512 EdDSA signature scheme using the ed255519 twisted Edwards curve.
static Crypto	INSTANCE This object controls and provides the available and supported signature schemes for Corda. Any implemented class SignatureScheme should be strictly defined here. However, only the schemes returned by {@link #listSupportedSignatureSchemes()} are supported. Note that Corda currently supports the following signature schemes by their code names:
static SignatureScheme	RSA_SHA256 RSA_SHA256 signature scheme using SHA256 as hash algorithm and MGF1 (with SHA256) as mask generation function. Note: Recommended key size >= 3072 bits.
static org.bouncycastle.asn1.DLSequence	SHA512_256 SPHINCS-256 hash-based signature scheme. It provides 128bit security against post-quantum attackers at the cost of larger key sizes and loss of compatibility.
static SignatureScheme	SPHINCS256_SHA256

Method Summary

Modifier and Type	Method and Description
static java.security.PrivateKey	decodePrivateKey(byte[] encodedKey) Decode a PKCS8 encoded key to its PrivateKey object. Use this method if the key type is a-priori unknown.
static java.security.PrivateKey	decodePrivateKey(java.lang.String schemeCodeName, byte[] encodedKey) Decode a PKCS8 encoded key to its PrivateKey object based on the input scheme code name. This should be used when the type key is known, e.g. during deserialisation or with key caches or key managers.
static java.security.PrivateKey	decodePrivateKey(SignatureScheme signatureScheme, byte[] encodedKey) Decode a PKCS8 encoded key to its PrivateKey object based on the input scheme code name. This should be used when the type key is known, e.g. during deserialisation or with key caches or key managers.
static java.security.PublicKey	decodePublicKey(byte[] encodedKey) Decode an X509 encoded key to its PublicKey object. Use this method if the key type is a-priori unknown.
static java.security.PublicKey	decodePublicKey(java.lang.String schemeCodeName, byte[] encodedKey) Decode an X509 encoded key to its PrivateKey object based on the input scheme code name. This should be used when the type key is known, e.g. during deserialisation or with key caches or key managers.
static java.security.PublicKey	decodePublicKey(SignatureScheme signatureScheme, byte[] encodedKey) Decode an X509 encoded key to its PrivateKey object based on the input scheme code name. This should be used when the type key is known, e.g. during deserialisation or with key caches or key managers.
static java.security.KeyPair	deriveKeyPair(SignatureScheme signatureScheme, java.security.PrivateKey privateKey, byte[] seed) Deterministically generate/derive a KeyPair using an existing private key and a seed as inputs. This operation is currently supported for ECDSA secp256r1 (NIST P-256), ECDSA secp256k1 and EdDSA ed25519.
static java.security.KeyPair	deriveKeyPair(java.security.PrivateKey privateKey, byte[] seed) Deterministically generate/derive a KeyPair using an existing private key and a seed as inputs. Use this method if the class SignatureScheme of the private key input is not known.
static java.security.KeyPair	deriveKeyPairFromEntropy(SignatureScheme signatureScheme, java.math.BigInteger entropy) Returns a key pair derived from the given BigInteger entropy. This is useful for unit tests and other cases where you want hard-coded private keys. Currently, EDDSA_ED25519_SHA512 is the sole scheme supported for this operation.
static java.security.KeyPair	deriveKeyPairFromEntropy(java.math.BigInteger entropy) Returns a DEFAULT_SIGNATURE_SCHEME key pair derived from the given BigInteger entropy.
static byte[]	doSign(java.security.PrivateKey privateKey, byte[] clearData) Generic way to sign ByteArray data with a PrivateKey. Strategy on on identifying the actual signing scheme is based on the PrivateKey type, but if the schemeCodeName is known, then better use doSign(signatureScheme: String, privateKey: PrivateKey, clearData: ByteArray).
static byte[]	doSign(java.lang.String schemeCodeName, java.security.PrivateKey privateKey, byte[] clearData) Generic way to sign ByteArray data with a PrivateKey and a known schemeCodeName String.
static byte[]	doSign(SignatureScheme signatureScheme, java.security.PrivateKey privateKey, byte[] clearData) Generic way to sign ByteArray data with a PrivateKey and a known Signature.
static TransactionSignature	doSign(java.security.KeyPair keyPair, SignableData signableData) Generic way to sign class SignableData objects with a PrivateKey. class SignableData is a wrapper over the transaction's id (Merkle root) in order to attach extra information, such as a timestamp or partial and blind signature indicators.
static boolean	doVerify(java.lang.String schemeCodeName, java.security.PublicKey publicKey, byte[] signatureData, byte[] clearData) Utility to simplify the act of verifying a digital signature. It returns true if it succeeds, but it always throws an exception if verification fails.
static boolean	doVerify(java.security.PublicKey publicKey, byte[] signatureData, byte[] clearData) Utility to simplify the act of verifying a digital signature by identifying the signature scheme used from the input public key's type. It returns true if it succeeds, but it always throws an exception if verification fails. Strategy on identifying the actual signing scheme is based on the PublicKey type, but if the schemeCodeName is known, then better use doVerify(schemeCodeName: String, publicKey: PublicKey, signatureData: ByteArray, clearData: ByteArray).
static boolean	doVerify(SignatureScheme signatureScheme, java.security.PublicKey publicKey, byte[] signatureData, byte[] clearData) Method to verify a digital signature. It returns true if it succeeds, but it always throws an exception if verification fails.
static boolean	doVerify(SecureHash txId, TransactionSignature transactionSignature) Utility to simplify the act of verifying a class TransactionSignature. It returns true if it succeeds, but it always throws an exception if verification fails.
static java.security.Provider	findProvider(java.lang.String name)
static SignatureScheme	findSignatureScheme(org.bouncycastle.asn1.x509.AlgorithmIdentifier algorithm)
static SignatureScheme	findSignatureScheme(java.lang.String schemeCodeName) Factory pattern to retrieve the corresponding class SignatureScheme based on the type of the String input. This function is usually called by key generators and verify signature functions. In case the input is not a key in the supportedSignatureSchemes map, null will be returned.
static SignatureScheme	findSignatureScheme(java.security.PublicKey key) Retrieve the corresponding class SignatureScheme based on the type of the input Key. This function is usually called when requiring to verify signatures and the signing schemes must be defined. For the supported signature schemes see class Crypto.
static SignatureScheme	findSignatureScheme(java.security.PrivateKey key) Retrieve the corresponding class SignatureScheme based on the type of the input Key. This function is usually called when requiring to verify signatures and the signing schemes must be defined. For the supported signature schemes see class Crypto.
static java.security.KeyPair	generateKeyPair(java.lang.String schemeCodeName) Utility to simplify the act of generating keys. Normally, we don't expect other errors here, assuming that key generation parameters for every supported signature scheme have been unit-tested.
static java.security.KeyPair	generateKeyPair(SignatureScheme signatureScheme) Generate a KeyPair for the selected class SignatureScheme. Note that RSA is the sole algorithm initialized specifically by its supported keySize.
static java.security.KeyPair	generateKeyPair() Generate a KeyPair for the selected class SignatureScheme. Note that RSA is the sole algorithm initialized specifically by its supported keySize.
static boolean	isSupportedSignatureScheme(SignatureScheme signatureScheme) Check if the requested class SignatureScheme is supported by the system.
static boolean	isValid(SecureHash txId, TransactionSignature transactionSignature) Utility to simplify the act of verifying a digital signature by identifying the signature scheme used from the input public key's type. It returns true if it succeeds and false if not. In comparison to doVerify if the key and signature do not match it returns false rather than throwing an exception. Normally you should use the function which throws, as it avoids the risk of failing to test the result.
static boolean	isValid(java.security.PublicKey publicKey, byte[] signatureData, byte[] clearData) Utility to simplify the act of verifying a digital signature by identifying the signature scheme used from the input public key's type. It returns true if it succeeds and false if not. In comparison to doVerify if the key and signature do not match it returns false rather than throwing an exception. Normally you should use the function which throws, as it avoids the risk of failing to test the result. Use this method if the signature scheme is not a-priori known.
static boolean	isValid(SignatureScheme signatureScheme, java.security.PublicKey publicKey, byte[] signatureData, byte[] clearData) Method to verify a digital signature. In comparison to doVerify if the key and signature do not match it returns false rather than throwing an exception. Use this method if the signature scheme type is a-priori unknown.
static boolean	publicKeyOnCurve(SignatureScheme signatureScheme, java.security.PublicKey publicKey) Check if a point's coordinates are on the expected curve to avoid certain types of ECC attacks. Point-at-infinity is not permitted as well.
static java.util.List<net.corda.core.crypto.SignatureScheme>	supportedSignatureSchemes()
static java.security.PrivateKey	toSupportedPrivateKey(java.security.PrivateKey key) Convert a private key to a supported implementation. This can be used to convert a SUN's EC key to an BC key. This method is usually required to retrieve keys from JKS keystores that by default return SUN implementations.
static java.security.PublicKey	toSupportedPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo key) Convert a public key to a supported implementation.
static java.security.PublicKey	toSupportedPublicKey(java.security.PublicKey key) Convert a public key to a supported implementation. This can be used to convert a SUN's EC key to an BC key. This method is usually required to retrieve a key (via its corresponding cert) from JKS keystores that by default return SUN implementations.

Field Detail

RSA_SHA256

public static SignatureScheme RSA_SHA256

RSA_SHA256 signature scheme using SHA256 as hash algorithm and MGF1 (with SHA256) as mask generation function. Note: Recommended key size >= 3072 bits.

ECDSA_SECP256K1_SHA256

public static SignatureScheme ECDSA_SECP256K1_SHA256

ECDSA signature scheme using the secp256k1 Koblitz curve.

ECDSA_SECP256R1_SHA256

public static SignatureScheme ECDSA_SECP256R1_SHA256

ECDSA signature scheme using the secp256r1 (NIST P-256) curve.

EDDSA_ED25519_SHA512

public static SignatureScheme EDDSA_ED25519_SHA512

EdDSA signature scheme using the ed255519 twisted Edwards curve.

SHA512_256

public static org.bouncycastle.asn1.DLSequence SHA512_256

SPHINCS-256 hash-based signature scheme. It provides 128bit security against post-quantum attackers at the cost of larger key sizes and loss of compatibility.

SPHINCS256_SHA256

public static SignatureScheme SPHINCS256_SHA256

COMPOSITE_KEY

public static SignatureScheme COMPOSITE_KEY

Corda composite key type

DEFAULT_SIGNATURE_SCHEME

public static SignatureScheme DEFAULT_SIGNATURE_SCHEME

Our default signature scheme if no algorithm is specified (e.g. for key generation).

INSTANCE

public static Crypto INSTANCE

This object controls and provides the available and supported signature schemes for Corda. Any implemented class SignatureScheme should be strictly defined here. However, only the schemes returned by {@link #listSupportedSignatureSchemes()} are supported. Note that Corda currently supports the following signature schemes by their code names:

See Also:

class SignatureScheme

Method Detail

supportedSignatureSchemes

public static java.util.List<net.corda.core.crypto.SignatureScheme> supportedSignatureSchemes()

findProvider

public static java.security.Provider findProvider(java.lang.String name)

findSignatureScheme

public static SignatureScheme findSignatureScheme(org.bouncycastle.asn1.x509.AlgorithmIdentifier algorithm)

findSignatureScheme

public static SignatureScheme findSignatureScheme(java.lang.String schemeCodeName)

Factory pattern to retrieve the corresponding class SignatureScheme based on the type of the String input. This function is usually called by key generators and verify signature functions. In case the input is not a key in the supportedSignatureSchemes map, null will be returned.

Parameters:

schemeCodeName - a String that should match a supported signature scheme code name (e.g. ECDSA_SECP256K1_SHA256), see class Crypto.

Returns:

a currently supported SignatureScheme.

Throws:

- if the requested signature scheme is not supported.

See Also:

class SignatureScheme, String

findSignatureScheme

public static SignatureScheme findSignatureScheme(java.security.PublicKey key)

Retrieve the corresponding class SignatureScheme based on the type of the input Key. This function is usually called when requiring to verify signatures and the signing schemes must be defined. For the supported signature schemes see class Crypto.

Parameters:

key - either private or public.

Returns:

a currently supported SignatureScheme.

Throws:

- if the requested key type is not supported.

See Also:

class SignatureScheme, Key, class Crypto

findSignatureScheme

public static SignatureScheme findSignatureScheme(java.security.PrivateKey key)

Retrieve the corresponding class SignatureScheme based on the type of the input Key. This function is usually called when requiring to verify signatures and the signing schemes must be defined. For the supported signature schemes see class Crypto.

Parameters:

key - either private or public.

Returns:

a currently supported SignatureScheme.

Throws:

- if the requested key type is not supported.

See Also:

class SignatureScheme, Key, class Crypto

decodePrivateKey

public static java.security.PrivateKey decodePrivateKey(byte[] encodedKey)

Decode a PKCS8 encoded key to its PrivateKey object. Use this method if the key type is a-priori unknown.

Parameters:

encodedKey - a PKCS8 encoded private key.

Throws:

- on not supported scheme or if the given key specification is inappropriate for this key factory to produce a private key.

See Also:

PrivateKey

decodePrivateKey

public static java.security.PrivateKey decodePrivateKey(java.lang.String schemeCodeName,
                                                        byte[] encodedKey)

Decode a PKCS8 encoded key to its PrivateKey object based on the input scheme code name. This should be used when the type key is known, e.g. during deserialisation or with key caches or key managers.

Parameters:

schemeCodeName - a String that should match a key in supportedSignatureSchemes map (e.g. ECDSA_SECP256K1_SHA256).

encodedKey - a PKCS8 encoded private key.

Throws:

- on not supported scheme or if the given key specification is inappropriate for this key factory to produce a private key.

See Also:

PrivateKey

decodePrivateKey

public static java.security.PrivateKey decodePrivateKey(SignatureScheme signatureScheme,
                                                        byte[] encodedKey)

Decode a PKCS8 encoded key to its PrivateKey object based on the input scheme code name. This should be used when the type key is known, e.g. during deserialisation or with key caches or key managers.

Parameters:

signatureScheme - a signature scheme (e.g. ECDSA_SECP256K1_SHA256).

encodedKey - a PKCS8 encoded private key.

Throws:

- on not supported scheme or if the given key specification is inappropriate for this key factory to produce a private key.

See Also:

PrivateKey

decodePublicKey

public static java.security.PublicKey decodePublicKey(byte[] encodedKey)

Decode an X509 encoded key to its PublicKey object. Use this method if the key type is a-priori unknown.

Parameters:

encodedKey - an X509 encoded public key.

Throws:

- on not supported scheme or if the given key specification is inappropriate for this key factory to produce a private key.

See Also:

PublicKey

decodePublicKey

public static java.security.PublicKey decodePublicKey(java.lang.String schemeCodeName,
                                                      byte[] encodedKey)

Decode an X509 encoded key to its PrivateKey object based on the input scheme code name. This should be used when the type key is known, e.g. during deserialisation or with key caches or key managers.

Parameters:

schemeCodeName - a String that should match a key in supportedSignatureSchemes map (e.g. ECDSA_SECP256K1_SHA256).

encodedKey - an X509 encoded public key.

Throws:

- if the requested scheme is not supported.

- if the given key specification is inappropriate for this key factory to produce a public key.

See Also:

PrivateKey

decodePublicKey

public static java.security.PublicKey decodePublicKey(SignatureScheme signatureScheme,
                                                      byte[] encodedKey)

Decode an X509 encoded key to its PrivateKey object based on the input scheme code name. This should be used when the type key is known, e.g. during deserialisation or with key caches or key managers.

Parameters:

signatureScheme - a signature scheme (e.g. ECDSA_SECP256K1_SHA256).

encodedKey - an X509 encoded public key.

Throws:

- if the requested scheme is not supported.

- if the given key specification is inappropriate for this key factory to produce a public key.

See Also:

PrivateKey

doSign

public static byte[] doSign(java.security.PrivateKey privateKey,
                            byte[] clearData)

Generic way to sign ByteArray data with a PrivateKey. Strategy on on identifying the actual signing scheme is based on the PrivateKey type, but if the schemeCodeName is known, then better use doSign(signatureScheme: String, privateKey: PrivateKey, clearData: ByteArray).

Parameters:

privateKey - the signer's PrivateKey.

clearData - the data/message to be signed in ByteArray form (usually the Merkle root).

Returns:

the digital signature (in ByteArray) on the input message.

Throws:

- if the signature scheme is not supported for this private key.

- if the private key is invalid.

- if signing is not possible due to malformed data or private key.

See Also:

ByteArray, PrivateKey, PrivateKey

doSign

public static byte[] doSign(java.lang.String schemeCodeName,
                            java.security.PrivateKey privateKey,
                            byte[] clearData)

Generic way to sign ByteArray data with a PrivateKey and a known schemeCodeName String.

Parameters:

schemeCodeName - a signature scheme's code name (e.g. ECDSA_SECP256K1_SHA256).

privateKey - the signer's PrivateKey.

clearData - the data/message to be signed in ByteArray form (usually the Merkle root).

Returns:

the digital signature (in ByteArray) on the input message.

Throws:

- if the signature scheme is not supported.

- if the private key is invalid.

- if signing is not possible due to malformed data or private key.

See Also:

ByteArray, PrivateKey, String

doSign

public static byte[] doSign(SignatureScheme signatureScheme,
                            java.security.PrivateKey privateKey,
                            byte[] clearData)

Generic way to sign ByteArray data with a PrivateKey and a known Signature.

Parameters:

signatureScheme - a class SignatureScheme object, retrieved from supported signature schemes, see class Crypto.

privateKey - the signer's PrivateKey.

clearData - the data/message to be signed in ByteArray form (usually the Merkle root).

Returns:

the digital signature (in ByteArray) on the input message.

Throws:

- if the signature scheme is not supported for this private key.

- if the private key is invalid.

- if signing is not possible due to malformed data or private key.

See Also:

ByteArray, PrivateKey, Signature

doSign

public static TransactionSignature doSign(java.security.KeyPair keyPair,
                                          SignableData signableData)

Generic way to sign class SignableData objects with a PrivateKey. class SignableData is a wrapper over the transaction's id (Merkle root) in order to attach extra information, such as a timestamp or partial and blind signature indicators.

Parameters:

keyPair - the signer's KeyPair.

signableData - a class SignableData object that adds extra information to a transaction.

Returns:

a class TransactionSignature object than contains the output of a successful signing, signer's public key and the signature metadata.

Throws:

- if the signature scheme is not supported for this private key.

- if the private key is invalid.

- if signing is not possible due to malformed data or private key.

See Also:

class SignableData, PrivateKey, class SignableData

doVerify

public static boolean doVerify(java.lang.String schemeCodeName,
                               java.security.PublicKey publicKey,
                               byte[] signatureData,
                               byte[] clearData)

Utility to simplify the act of verifying a digital signature. It returns true if it succeeds, but it always throws an exception if verification fails.

Parameters:

schemeCodeName - a signature scheme's code name (e.g. ECDSA_SECP256K1_SHA256).

publicKey - the signer's PublicKey.

signatureData - the signatureData on a message.

clearData - the clear data/message that was signed (usually the Merkle root).

Returns:

true if verification passes or throws an exception if verification fails.

Throws:

- if the key is invalid.

- if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

- if the signature scheme is not supported or if any of the clear or signature data is empty.

doVerify

public static boolean doVerify(java.security.PublicKey publicKey,
                               byte[] signatureData,
                               byte[] clearData)

Utility to simplify the act of verifying a digital signature by identifying the signature scheme used from the input public key's type. It returns true if it succeeds, but it always throws an exception if verification fails. Strategy on identifying the actual signing scheme is based on the PublicKey type, but if the schemeCodeName is known, then better use doVerify(schemeCodeName: String, publicKey: PublicKey, signatureData: ByteArray, clearData: ByteArray).

Parameters:

publicKey - the signer's PublicKey.

signatureData - the signatureData on a message.

clearData - the clear data/message that was signed (usually the Merkle root).

Returns:

true if verification passes or throws an exception if verification fails.

Throws:

- if the key is invalid.

- if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

- if the signature scheme is not supported or if any of the clear or signature data is empty.

See Also:

PublicKey

doVerify

public static boolean doVerify(SignatureScheme signatureScheme,
                               java.security.PublicKey publicKey,
                               byte[] signatureData,
                               byte[] clearData)

Method to verify a digital signature. It returns true if it succeeds, but it always throws an exception if verification fails.

Parameters:

signatureScheme - a class SignatureScheme object, retrieved from supported signature schemes, see class Crypto.

publicKey - the signer's PublicKey.

signatureData - the signatureData on a message.

clearData - the clear data/message that was signed (usually the Merkle root).

Returns:

true if verification passes or throws an exception if verification fails.

Throws:

- if the key is invalid.

- if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

- if the signature scheme is not supported or if any of the clear or signature data is empty.

doVerify

public static boolean doVerify(SecureHash txId,
                               TransactionSignature transactionSignature)

Utility to simplify the act of verifying a class TransactionSignature. It returns true if it succeeds, but it always throws an exception if verification fails.

Parameters:

txId - transaction's id (Merkle root).

transactionSignature - the signature on the transaction.

Returns:

true if verification passes or throw exception if verification fails.

Throws:

- if the key is invalid.

- if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

- if the signature scheme is not supported or if any of the clear or signature data is empty.

See Also:

class TransactionSignature

isValid

public static boolean isValid(SecureHash txId,
                              TransactionSignature transactionSignature)

Utility to simplify the act of verifying a digital signature by identifying the signature scheme used from the input public key's type. It returns true if it succeeds and false if not. In comparison to doVerify if the key and signature do not match it returns false rather than throwing an exception. Normally you should use the function which throws, as it avoids the risk of failing to test the result.

Parameters:

txId - transaction's id (Merkle root).

transactionSignature - the signature on the transaction.

Throws:

- if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

isValid

public static boolean isValid(java.security.PublicKey publicKey,
                              byte[] signatureData,
                              byte[] clearData)

Utility to simplify the act of verifying a digital signature by identifying the signature scheme used from the input public key's type. It returns true if it succeeds and false if not. In comparison to doVerify if the key and signature do not match it returns false rather than throwing an exception. Normally you should use the function which throws, as it avoids the risk of failing to test the result. Use this method if the signature scheme is not a-priori known.

Parameters:

publicKey - the signer's PublicKey.

signatureData - the signatureData on a message.

clearData - the clear data/message that was signed (usually the Merkle root).

Returns:

true if verification passes or false if verification fails.

Throws:

- if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

isValid

public static boolean isValid(SignatureScheme signatureScheme,
                              java.security.PublicKey publicKey,
                              byte[] signatureData,
                              byte[] clearData)

Method to verify a digital signature. In comparison to doVerify if the key and signature do not match it returns false rather than throwing an exception. Use this method if the signature scheme type is a-priori unknown.

Parameters:

signatureScheme - a class SignatureScheme object, retrieved from supported signature schemes, see class Crypto.

publicKey - the signer's PublicKey.

signatureData - the signatureData on a message.

clearData - the clear data/message that was signed (usually the Merkle root).

Returns:

true if verification passes or false if verification fails.

Throws:

- if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

- if the requested signature scheme is not supported.

generateKeyPair

public static java.security.KeyPair generateKeyPair(java.lang.String schemeCodeName)

Utility to simplify the act of generating keys. Normally, we don't expect other errors here, assuming that key generation parameters for every supported signature scheme have been unit-tested.

Parameters:

schemeCodeName - a signature scheme's code name (e.g. ECDSA_SECP256K1_SHA256).

Returns:

a KeyPair for the requested signature scheme code name.

Throws:

- if the requested signature scheme is not supported.

generateKeyPair

public static java.security.KeyPair generateKeyPair(SignatureScheme signatureScheme)

Generate a KeyPair for the selected class SignatureScheme. Note that RSA is the sole algorithm initialized specifically by its supported keySize.

Parameters:

signatureScheme - a supported class SignatureScheme, see class Crypto, default to DEFAULT_SIGNATURE_SCHEME if not provided.

Returns:

a new KeyPair for the requested class SignatureScheme.

Throws:

- if the requested signature scheme is not supported.

See Also:

KeyPair, class SignatureScheme

generateKeyPair

public static java.security.KeyPair generateKeyPair()

Generate a KeyPair for the selected class SignatureScheme. Note that RSA is the sole algorithm initialized specifically by its supported keySize.

Returns:

a new KeyPair for the requested class SignatureScheme.

Throws:

- if the requested signature scheme is not supported.

See Also:

KeyPair, class SignatureScheme

deriveKeyPair

public static java.security.KeyPair deriveKeyPair(SignatureScheme signatureScheme,
                                                  java.security.PrivateKey privateKey,
                                                  byte[] seed)

Deterministically generate/derive a KeyPair using an existing private key and a seed as inputs. This operation is currently supported for ECDSA secp256r1 (NIST P-256), ECDSA secp256k1 and EdDSA ed25519.

Similarly to BIP32, the implemented algorithm uses an HMAC function based on SHA512 and it is actually an implementation the HKDF rfc - Step 1: Extract function,

Parameters:

signatureScheme - the class SignatureScheme of the private key input.

privateKey - the PrivateKey that will be used as key to the HMAC-ed DKG function.

seed - an extra seed that will be used as value to the underlying HMAC.

Returns:

a new deterministically generated KeyPair.

Throws:

- if the requested signature scheme is not supported.

- if deterministic key generation is not supported for this particular scheme.

See Also:

KeyPair

deriveKeyPair

public static java.security.KeyPair deriveKeyPair(java.security.PrivateKey privateKey,
                                                  byte[] seed)

Deterministically generate/derive a KeyPair using an existing private key and a seed as inputs. Use this method if the class SignatureScheme of the private key input is not known.

Parameters:

privateKey - the PrivateKey that will be used as key to the HMAC-ed DKG function.

seed - an extra seed that will be used as value to the underlying HMAC.

Returns:

a new deterministically generated KeyPair.

Throws:

- if the requested signature scheme is not supported.

- if deterministic key generation is not supported for this particular scheme.

See Also:

KeyPair, class SignatureScheme

deriveKeyPairFromEntropy

public static java.security.KeyPair deriveKeyPairFromEntropy(SignatureScheme signatureScheme,
                                                             java.math.BigInteger entropy)

Returns a key pair derived from the given BigInteger entropy. This is useful for unit tests and other cases where you want hard-coded private keys. Currently, EDDSA_ED25519_SHA512 is the sole scheme supported for this operation.

Parameters:

signatureScheme - a supported class SignatureScheme, see class Crypto.

entropy - a BigInteger value.

Returns:

a new KeyPair from an entropy input.

Throws:

- if the requested signature scheme is not supported for KeyPair generation using an entropy input.

See Also:

BigInteger

deriveKeyPairFromEntropy

public static java.security.KeyPair deriveKeyPairFromEntropy(java.math.BigInteger entropy)

Returns a DEFAULT_SIGNATURE_SCHEME key pair derived from the given BigInteger entropy.

Parameters:

entropy - a BigInteger value.

Returns:

a new KeyPair from an entropy input.

See Also:

BigInteger

publicKeyOnCurve

public static boolean publicKeyOnCurve(SignatureScheme signatureScheme,
                                       java.security.PublicKey publicKey)

Check if a point's coordinates are on the expected curve to avoid certain types of ECC attacks. Point-at-infinity is not permitted as well.

Parameters:

publicKey - a PublicKey, usually used to validate a signer's public key in on the Curve.

signatureScheme - a class SignatureScheme object, retrieved from supported signature schemes, see class Crypto.

Returns:

true if the point lies on the curve or false if it doesn't.

Throws:

- if the requested signature scheme or the key type is not supported.

isSupportedSignatureScheme

public static boolean isSupportedSignatureScheme(SignatureScheme signatureScheme)

Check if the requested class SignatureScheme is supported by the system.

See Also:

class SignatureScheme

toSupportedPublicKey

public static java.security.PublicKey toSupportedPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo key)

Convert a public key to a supported implementation.

Parameters:

key - a public key.

Returns:

a supported implementation of the input public key.

Throws:

- on not supported scheme or if the given key specification is inappropriate for a supported key factory to produce a private key.

toSupportedPublicKey

public static java.security.PublicKey toSupportedPublicKey(java.security.PublicKey key)

Convert a public key to a supported implementation. This can be used to convert a SUN's EC key to an BC key. This method is usually required to retrieve a key (via its corresponding cert) from JKS keystores that by default return SUN implementations.

Parameters:

key - a public key.

Returns:

a supported implementation of the input public key.

Throws:

- on not supported scheme or if the given key specification is inappropriate for a supported key factory to produce a private key.

toSupportedPrivateKey

public static java.security.PrivateKey toSupportedPrivateKey(java.security.PrivateKey key)

Convert a private key to a supported implementation. This can be used to convert a SUN's EC key to an BC key. This method is usually required to retrieve keys from JKS keystores that by default return SUN implementations.

Parameters:

key - a private key.

Returns:

a supported implementation of the input private key.

Throws:

- on not supported scheme or if the given key specification is inappropriate for a supported key factory to produce a private key.