iaik.pkcs.pkcs7
Class EncryptedDataStream

java.lang.Object
  |
  +--iaik.pkcs.pkcs7.EncryptedDataStream

public class EncryptedDataStream

extends java.lang.Object

implements ContentStream

This class represents the stream-supporting implementation of the PKCS#7 EncryptedData type.

Each PKCS#7 content type is associated with a specific object identifier, derived from:

 pkcs-7 OBJECT IDENTIFIER ::=
   { iso(1) member-body(2) US(840) rsadsi(113549)
       pkcs(1) 7 }
 

The object identifier for the EncryptedData content type is defined as:

encryptedData OBJECT IDENTIFIER ::= { pkcs-7 6 }

which corresponds to the OID string "1.2.840.1.113549.1.7.6".

The PKCS#7 Cryptographic Message Standard specifies the EncryptedData content type for providing a syntax for building encrypted contents. The encrypted-data content type consists of encrypted content of any type (Version 1.5):

 EncryptedData ::= SEQUENCE {
    version Version,
    encryptedContentInfo EncryptedContentInfo }
 

The encryptedContentInfo field specifies the type of the content being encrypted, the content-encryption algorithm used for encrypting the content, and the result of the content encryption. If the encrypted content value is not present in the encryptedContent field, it has to be supplied by other means:

 EncryptedContentInfo ::= SEQUENCE {
   contentType                 ContentType,
   contentEncryptionAlgorithm  ContentEncryptionAlgorithmIdentifier,
   encryptedContent            [0] IMPLICIT EncryptedContent OPTIONAL }
 

 EncryptedContent ::= OCTET STRING
 

The key that is used for encrypting the content is not included in the EncryptedData structure, it is assumed to be managed by other means.

This class only can be used for creating an EncryptedData from an already encrypted content. This class supports no mechanisms for performing content encryption. When creating a new EncryptedDataStream instance the encrypted content has to be supplied as EncryptedContentInfoStream object.

Example:

 //create a EncryptedContentInfoStream for the data to be encrypted, supplied from an input stream:
 InputStream dataStream = ...;
 EncryptedContentInfoStream eci = new EncryptedContentInfoStream(ObjectID.pkcs7_data, dataStream);
 //generate secret key and set up the cipher for encryption:
 SecretKey key = eci.setupCipher(AlgorithmID.des_EDE3_CBC);
 //create an EncryptedDataStream for the EncryptedContentInfoStream:
 EncryptedDataStream encrypted_data = new EncryptedDataStream(eci);
 //DER encode the EncryptedDataStream structure and write the encoding to an
 //output stream:
 OutputStream encoded_stream = ...;
 int blockSize = ...;
 encrypted_data.writeTo(encoded_stream, blockSize);
 

If a positive blocksize is specified, the encrypted content of the inherent EncryptedContentInfoStream will be encoded as indefinite primitive octet string instead of using the default primitive definite encoding scheme:

 0x24 0x80
           0x04 <blocksize> <first encrypted content block>
           0x04 <blocksize> <second encrypted content block>
           0x04 <blocksize> <third encrypted content block>
                ...
 0x00 0x00
 

instead of:

 0x04 <length> <encrypted content>
 

The indefinte constrcuted encoding scheme may be preferable for properly handling large amounts of data, or/and when intending to be compatible to the encoding practice of some particular application (for instance some versions of Netscape Navigator).

Decrypting goes the reverse way: From the DER encoded encryptedData a new EncryptedDataStream is created and parsed for the inherent EncryptedContentInfoStream. From the EncryptedContentInfoStream the encrypted content is obtained and decrypted using the same secret key:

 EncryptedDataStream encryptedData = new EncryptedDataStream(encoded_stream);
 EncryptedContentInfoStream eci =  (EncryptedContentInfoStream)encryptedData.getEncryptedContentInfo();
 //setup the cipher for decryption using the right secret key:
 eci.setupCipher(key);
 //get and read the data thereby actually performing the decryption
 InputStream data_is = signed_data.getInputStream();
 byte[] buf = new byte[1024];
 int r;
 while ((r = data_is.read(buf)) > 0) {
   // do something useful 
 }
 

See Also:

EncryptedContentInfoStream

Field Summary

protected int	block_size The block size for block oriented stream encoding.
protected int	version This class implements version 0 of the standard

Constructor Summary

protected	EncryptedDataStream() Default constructor for dynamic object creation in ContentInfo.
	EncryptedDataStream(EncryptedContentInfoStream encryptedContentInfo) Creates a PKCS#7 EncryptedDataStream from an EncryptedContentInfoStream.
	EncryptedDataStream(java.io.InputStream is) Creates a new EncryptedDataStream where the DER encoded data is read from the given InputStream.

Method Summary

void	decode(java.io.InputStream is) Reads and decodes the EncryptedDataStream from a DerInputStream.
ObjectID	getContentType() Returns the content type this class implements.
java.lang.Object	getEncryptedContentInfo() Returns the encrypted content info of this EncryptedDataStream object.
int	getVersion() Returns the syntax version number.
void	setBlockSize(int blockSize) Sets the block size for defining the length of each definite primitive encoded octet string component.
ASN1Object	toASN1Object() Returns this PKCS#7 EnvelopedDataStream as ASN1Object.
protected ASN1Object	toASN1Object(int blockSize) Returns this PKCS#7 EncryptedDataStream as ASN1Object where a constructed OCTET STRING is used for encoding the encrypted content.
java.lang.String	toString() Returns a string giving some information about this EncryptedDataStream object.
java.lang.String	toString(boolean detailed) Returns a string giving some - if requested - detailed information about this EncryptedDataStream object.
void	writeTo(java.io.OutputStream os) BER encodes and writes this EnvelopedDataStream to the supplied output stream.
void	writeTo(java.io.OutputStream os, int blockSize) Writes this object to the supplied output stream where a constructed OCTET STRING is used for encoding the content.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

version

protected int version

This class implements version 0 of the standard

block_size

protected int block_size

The block size for block oriented stream encoding.

Constructor Detail

EncryptedDataStream

protected EncryptedDataStream()

Default constructor for dynamic object creation in ContentInfo.

EncryptedDataStream

public EncryptedDataStream(EncryptedContentInfoStream encryptedContentInfo)

Creates a PKCS#7 EncryptedDataStream from an EncryptedContentInfoStream.

Parameters:

encryptedContentInfo - the already created encrypted content info

EncryptedDataStream

public EncryptedDataStream(java.io.InputStream is)
                    throws java.io.IOException,
                           PKCSParsingException

Creates a new EncryptedDataStream where the DER encoded data is read from the given InputStream.

Parameters:

is - the InputStream holding a DER encoded PKCS#7 EncryptedDataStream object

Throws:

java.io.IOException - if an I/O error occurs during reading from the InputStream

PKCSParsingException - if an error occurs while parsing the object

Method Detail

setBlockSize

public void setBlockSize(int blockSize)

Sets the block size for defining the length of each definite primitive encoded octet string component. If the value of blockSize is smaller or equal to zero the whole data is encoded as definite primitive octet string. This method may be used for enforcing block encoding when wrapping the EncryptedData into a ContentInfo.

Specified by:

setBlockSize in interface ContentStream

Parameters:

blockSize - for defining the encoding scheme and setting the octet string component length, if positive

See Also:

OCTET_STRING

decode

public void decode(java.io.InputStream is)
            throws java.io.IOException,
                   PKCSParsingException

Reads and decodes the EncryptedDataStream from a DerInputStream. If the supplied InputStream actually is not an instance of DerInputStream, internally a DerInputStream is created before parsing the data.

Specified by:

decode in interface ContentStream

Parameters:

is - the InputStream holding a DER encoded PKCS#7 EncryptedDataStream object

Throws:

java.io.IOException - if an I/O error occurs during reading from the InputStream

PKCSParsingException - if an error occurs while parsing the object

getContentType

public ObjectID getContentType()

Returns the content type this class implements.

Specified by:

getContentType in interface ContentStream

Returns:

ObjectID.pkcs7_encryptedData

getVersion

public int getVersion()

Returns the syntax version number.

Returns:

the syntax version number

toASN1Object

public ASN1Object toASN1Object()
                        throws PKCSException

Returns this PKCS#7 EnvelopedDataStream as ASN1Object.

Specified by:

toASN1Object in interface ContentStream

Returns:

this EnvelopedData as ASN1Object.

Throws:

PKCSException - if the ASN1Object could not be created

toASN1Object

protected ASN1Object toASN1Object(int blockSize)
                           throws PKCSException

Returns this PKCS#7 EncryptedDataStream as ASN1Object where a constructed OCTET STRING is used for encoding the encrypted content.

Parameters:

blockSize - the block size defining the encoding scheme - and specifying the length of each primitive encoded octet string component, if positive

Returns:

this PKCS#7 EncryptedDataStream as ASN1Object

Throws:

PKCSException - if the ASN1Object could not be created

writeTo

public void writeTo(java.io.OutputStream os)
             throws java.io.IOException

BER encodes and writes this EnvelopedDataStream to the supplied output stream.

Parameters:

os - the output stream to which this EnvelopedDataStream shall be written

writeTo

public void writeTo(java.io.OutputStream os,
                    int blockSize)
             throws java.io.IOException

Writes this object to the supplied output stream where a constructed OCTET STRING is used for encoding the content. If a positive blocksize is specified, the encrypted content of the inherent EncryptedContentInfoStream will be encoded as indefinite primitive octet string instead of using the default primitive definite encoding scheme:

 0x24 0x80
           0x04 <blocksize> <first encrypted content block>
           0x04 <blocksize> <second encrypted content block>
           0x04 <blocksize> <third encrypted content block>
                ...
 0x00 0x00
 

instead of:

 0x04 <length> <encrypted content>
 

The indefinte constrcuted encoding scheme may be preferable for properly handling large amounts of data, or/and when intending to be compatible to the encoding practice of some particular application (for instance some versions of Netscape Navigator).

Parameters:

os - the output stream to which this SignedData shall be written

blockSize - the block size defining the encoding scheme - and specifying the length of each primitive encoded octet string component, if positive

Throws:

java.io.IOException - if an error occurs during writing the object

getEncryptedContentInfo

public java.lang.Object getEncryptedContentInfo()

Returns the encrypted content info of this EncryptedDataStream object. When calling this method for obtaining the inherent EncryptedContentInfoStream an explicit cast to EncryptedContentInfoStream has to be made:

 EncryptedContentInfoStream eci = (EncryptedContentInfoStream)encrypted_data.getEncryptedContentInfo();
 

Returns:

the EncryptedContentInfoStream

toString

public java.lang.String toString()

Returns a string giving some information about this EncryptedDataStream object.

Overrides:

toString in class java.lang.Object

Returns:

the string representation

toString

public java.lang.String toString(boolean detailed)

Returns a string giving some - if requested - detailed information about this EncryptedDataStream object.

Specified by:

toString in interface ContentStream

Parameters:

detailed - - whether or not to give detailed information

Returns:

the string representation