The DataGroupHash object.
this exception is thrown if a buffer that is meant to have output
copied into it turns out to be too short, or if we've been given
insufficient input.
create a DataLengthException with the given message.
RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z
DC - static field in class org.bouncycastle.asn1.x509.
X509Name A declaration of majority.
decode the base 64 encoded input data.
decode the Hex encoded input data.
Decode the URL safe base 64 encoded input data - white space will be ignored.
decode the base 64 encoded byte data writing it to the given output stream,
whitespace characters will be ignored.
decode the Hex encoded byte data writing it to the given output stream,
whitespace characters will be ignored.
decode the URL safe base 64 encoded byte data writing it to the given output stream,
whitespace characters will be ignored.
decode the base 64 encoded String data - whitespace will be ignored.
decode the Hex encoded String data - whitespace will be ignored.
decode the URL safe base 64 encoded String data - whitespace will be ignored.
decode the base 64 encoded String data writing it to the given output stream,
whitespace characters will be ignored.
decode the base 64 encoded String data writing it to the given output stream,
whitespace characters will be ignored.
decode the Hex encoded String data writing it to the given output stream,
whitespace characters will be ignored.
decode the Hex encoded String data writing it to the given output stream,
whitespace characters will be ignored.
Decode the URL safe base 64 encoded String data writing it to the given output stream,
whitespace characters will be ignored.
Decrypt the given input starting at the given offset and place
the result in the provided buffer starting at the given offset.
Decrypt the given input starting at the given offset and place
the result in the provided buffer starting at the given offset.
Do the appropriate processing for CFB mode decryption.
look up table translating common symbols into their OIDS.
determines whether or not strings should be processed and printed
from back to front.
default look up table translating OID values into their common symbols following
the convention in RFC 2253 with a few extras
Base class for an application specific object
basic constructor - byte encoded string.
a general class for building up a vector of DER encodable objects -
this will eventually be superceded by ASN1EncodableVector so you should
use that class in preference.
base constructer from a java.util.date object
The correct format for this is YYYYMMDDHHMMSS[.f]Z, or without the Z
for local time, or Z+-HHMM on the end, for difference between local
time and UTC time.
DER IA5String object - this is an ascii string.
basic constructor - with bytes.
basic constructor - without validation.
Constructor with optional validation.
base interface for general purpose byte derivation functions.
Parameters for key/byte stream derivation classes
DER NumericString object - this is an ascii string of characters {0,1,2,3,4,5,6,7,8,9, }.
basic constructor - with bytes.
basic constructor - without validation..
Constructor with optional validation.
DER PrintableString object.
basic constructor - byte encoded string.
basic constructor - this does not validate the string
Constructor with optional validation.
create a sequence containing an array of objects.
create a sequence containing one object
create a sequence containing a vector of objects.
create a set from an array of objects.
basic interface for DER string objects.
DER T61String (also the teletex string)
basic constructor - with bytes.
basic constructor - with string.
DER TaggedObject - in ASN.1 nottation this is any object proceeded by
a [n] where n is some number - these are assume to follow the construction
rules (as with sequences).
create an implicitly tagged object that contains a zero
length sequence.
DER UniversalString object.
basic constructor - byte encoded string.
We insert one of these when we find a tag we don't recognise.
base constructer from a java.util.date object
The correct format for this is YYMMDDHHMMSSZ (it used to be that seconds were
never encoded.
DER VisibleString object.
basic constructor - byte encoded string.
DES9797Alg3with7816-4Padding
encryption algorithms preferences
encryption algorithms preferences
DESede - the default for this is to generate a key in
a-b-a format that's 24 bytes long but has 16 bytes of
key material (the first 8 bytes is repeated as the last
8 bytes).
generate a desEDE key in the a-b-c format.
DESede64with7816-4Padding
a class that provides a basic DESede (or Triple DES) engine.
basic test class for key generation for a DES-EDE block cipher, basically
this just exercises the provider, and makes sure we are behaving sensibly,
correctness of the implementation is shown in the lightweight test classes.
a class that provides a basic DES engine.
DESExample is a simple DES based encryptor/decryptor.
a Diffie-Hellman key exchange engine.
a Diffie-Hellman key agreement class.
a basic Diffie-Helman key pair generator.
RFC 2631 Diffie-hellman KEK derivation function.
a Diffie-Helman key pair generator.
utility class for converting jce/jca DH objects
objects into their org.bouncycastle.crypto counterparts.
interface that a message digest conforms to.
Random generation based on the digest with counter.
Describe constant DISPLAY_TEXT_MAXIMUM_SIZE
here.
DisplayText
class, used in
CertificatePolicies
X509 V3 extensions (in policy qualifiers).
Creates a new DisplayText
instance.
Creates a new DisplayText
instance.
Creates a new DisplayText
instance.
The DistributionPoint object.
The DistributionPointName object.
dnQualifier - DirectoryString(SIZE(1..64)
process the contents of the buffer using the underlying
cipher.
Finish the operation either appending or verifying the MAC at the end of the data.
Compute the final statge of the MAC writing the output to the out
parameter.
Process the last block in the buffer.
Compute the final statge of the MAC writing the output to the out
parameter.
Compute the final statge of the MAC writing the output to the out
parameter.
Process the last block in the buffer.
close the digest, producing the final digest value.
Finish the operation either appending or verifying the MAC at the end of the data.
close the digest, producing the final digest value.
Compute the final statge of the MAC writing the output to the out
parameter.
Compute the final statge of the MAC writing the output to the out
parameter.
Compute the final statge of the MAC writing the output to the out
parameter.
close the digest, producing the final digest value.
Process the last block in the buffer.
Process the last block in the buffer.
close the digest, producing the final digest value.
close the digest, producing the final digest value.
close the digest, producing the final digest value.
close the digest, producing the final digest value.
close the digest, producing the final digest value.
close the digest, producing the final digest value.
close the digest, producing the final digest value.
Compute the final statge of the MAC writing the output to the out
parameter.
check that doFinal is properly reseting the cipher.
DSA - interface org.bouncycastle.crypto.
DSA interface for classes implementing algorithms modeled similar to the Digital Signature Alorithm.
a DSA key pair generator.
generate suitable parameters for DSA, in line with FIPS 186-2.
The Digital Signature Algorithm - as described in "Handbook of Applied
Cryptography", pages 452 - 453.
utility class for converting jce/jca DSA objects
objects into their org.bouncycastle.crypto counterparts.
Dump - class org.bouncycastle.asn1.util.
Dump dump out a DER object as a formatted string
dump out a DER object as a formatted string
dump out a DER object as a formatted string
RFC 3039 Gender - PrintableString (SIZE(1)) -- "M", "F", "m" or "f"
base implementation of MD4 family style digest as outlined in
"Handbook of Applied Cryptography", pages 344 - 347.
When the subjectAltName extension contains an Internet mail address,
the address MUST be included as an rfc822Name.
Create a GeneralName for the given tag from the passed in String.
Construct a GeneralNames object containing one GeneralName.
Class for containing a restriction object subtrees in NameConstraints.
Constructor from a given details.
Generate an unsigned request
Generate an X509Extensions object based on the current state of the generator.
generate an X509 certificate, based on the current issuer and subject
using the default provider.
generate an X509 CRL, based on the current issuer and subject
using the default provider.
generate an X509 certificate, based on the current issuer and subject
using the default provider.
generate an X509 certificate, based on the current issuer and subject
using the default provider and the passed in source of randomness
Note: this differs from the deprecated method in that the default provider is
used - not "BC".
generate an X509 CRL, based on the current issuer and subject
using the default provider and an user defined SecureRandom object as
source of randomness.
generate an X509 certificate, based on the current issuer and subject
using the default provider, and the passed in source of randomness
(if required).
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing, and the passed in source
of randomness (if required).
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing.
generate an X509 certificate, based on the current issuer and subject
using the passed in provider for the signing.
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing.
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing, and the passed in source
of randomness (if required).
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing and the supplied source
of randomness, if required.
generate an X509 CRL, based on the current issuer and subject,
using the passed in provider for the signing.
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing and the supplied source
of randomness, if required.
Generate a suitable blind factor for the public key the generator was initialised with.
fill len bytes of the output buffer with bytes generated from
the derivation function.
fill len bytes of the output buffer with bytes generated from
the derivation function.
fill len bytes of the output buffer with bytes generated from
the derivation function.
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing.
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing and the supplied source
of randomness, if required.
Generate a key parameter for use with a MAC derived from the password,
salt, and iteration count we are currently initialised with.
generate derived parameters for a key of length keySize, specifically
for use with a MAC.
Generate a key parameter for use with a MAC derived from the password,
salt, and iteration count we are currently initialised with.
Generate a key parameter for use with a MAC derived from the password,
salt, and iteration count we are currently initialised with.
Generate a key parameter for use with a MAC derived from the password,
salt, and iteration count we are currently initialised with.
Generate a key parameter derived from the password, salt, and iteration
count we are currently initialised with.
generate derived parameters for a key of length keySize.
Generate a key parameter derived from the password, salt, and iteration
count we are currently initialised with.
Generate a key parameter derived from the password, salt, and iteration
count we are currently initialised with.
Generate a key parameter derived from the password, salt, and iteration
count we are currently initialised with.
Generate a key with initialisation vector parameter derived from
the password, salt, and iteration count we are currently initialised
with.
generate derived parameters for a key of length keySize, and
an initialisation vector (IV) of length ivSize.
Generate a key with initialisation vector parameter derived from
the password, salt, and iteration count we are currently initialised
with.
Generate a key with initialisation vector parameter derived from
the password, salt, and iteration count we are currently initialised
with.
Generate a key with initialisation vector parameter derived from
the password, salt, and iteration count we are currently initialised
with.
return an AsymmetricCipherKeyPair containing the generated keys.
return an AsymmetricCipherKeyPair containing the generated keys.
return an AsymmetricCipherKeyPair containing the generated keys.
return an AsymmetricCipherKeyPair containing the generated keys.
Given the domain parameters this routine generates an EC key
pair in accordance with X9.62 section 5.2.1 pages 26, 27.
return an AsymmetricCipherKeyPair containing the generated keys.
return an AsymmetricCipherKeyPair containing the generated keys.
return an AsymmetricCipherKeyPair containing the generated keys.
return an AsymmetricCipherKeyPair containing the generated keys.
which generates the p and g values from the given parameters,
returning the DHParameters object.
which generates the p and g values from the given parameters,
returning the DSAParameters object.
which generates the p and g values from the given parameters,
returning the ElGamalParameters object.
which generates the p , q and a values from the given parameters,
returning the GOST3410Parameters object.
generate a signature for the loaded message using the key we were
initialised with.
generate a signature for the loaded message using the key we were
initialised with.
generate a signature for the message we've been loaded with using
the key we were initialised with.
Generate a signature for the message we've been loaded with using the key
we were initialised with.
generate a signature for the message we've been loaded with using
the key we were initialised with.
sign the passed in message (usually the output of a hash function).
generate a signature for the given message using the key we were
initialised with.
generate a signature for the given message using the key we were
initialised with.
generate a signature for the given message using the key we were
initialised with.
generate a signature for the given message using the key we were
initialised with.
generate a signature for the given message using the key we were
initialised with.
generate an integer based working key based on our secret key
and what we processing we are planning to do.
generate an X509 certificate, based on the current issuer and subject
using the default provider "BC".
generate an X509 certificate, based on the current issuer and subject
using the default provider "BC".
generate an X509 certificate, based on the current issuer and subject
using the default provider "BC".
generate an X509 certificate, based on the current issuer and subject
using the default provider "BC".
generate an X509 certificate, based on the current issuer and subject
using the default provider "BC" and the passed in source of randomness
generate an X509 certificate, based on the current issuer and subject
using the default provider "BC" and the passed in source of randomness
generate an X509 certificate, based on the current issuer and subject
using the default provider "BC", and the passed in source of randomness
(if required).
generate an X509 certificate, based on the current issuer and subject
using the default provider "BC", and the passed in source of randomness
(if required).
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing, and the passed in source
of randomness (if required).
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing, and the passed in source
of randomness (if required).
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing.
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing.
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing, and the passed in source
of randomness (if required).
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing, and the passed in source
of randomness (if required).
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing and the supplied source
of randomness, if required.
generate an X509 certificate, based on the current issuer and subject,
using the passed in provider for the signing and the supplied source
of randomness, if required.
generate an X509 CRL, based on the current issuer and subject
using the default provider "BC".
generate an X509 CRL, based on the current issuer and subject
using the default provider "BC".
generate an X509 CRL, based on the current issuer and subject
using the default provider "BC" and an user defined SecureRandom object as
source of randomness.
generate an X509 CRL, based on the current issuer and subject
using the default provider "BC" and an user defined SecureRandom object as
source of randomness.
generate an X509 certificate, based on the current issuer and subject
using the passed in provider for the signing.
generate an X509 certificate, based on the current issuer and subject
using the passed in provider for the signing.
generate an X509 CRL, based on the current issuer and subject,
using the passed in provider for the signing.
generate an X509 CRL, based on the current issuer and subject,
using the passed in provider for the signing.
Return the first attribute matching the OBJECT IDENTIFIER oid.
Returns attribute certificates for an attribute authority
The aAcertificate holds the privileges of an attribute authority.
Returns an immutable List
of additional Bouncy Castle
Store
s used for finding CRLs, certificates, attribute
certificates or cross certificates.
return the time as an adjusted date
in the range of 1950 - 2049.
return a time string as an adjusted date with a 4 digit year.
Return the name of the algorithm.
Return the name of the algorithm the cipher implements.
Return the name of the algorithm the MAC implements.
Return the name of the algorithm the cipher implements.
return the algorithm name and mode.
Return the name of the algorithm the MAC implements.
return the algorithm name and mode.
Return the name of the algorithm the MAC implements.
return the algorithm name
Return the name of the algorithm.
return the algorithm name and mode.
return the algorithm name
Return the name of the algorithm the cipher implements.
Return the name of the algorithm the MAC implements.
Return the name of the algorithm the MAC implements.
Return the name of the algorithm the MAC implements.
return the algorithm name
return the algorithm name and mode.
return the algorithm name and mode.
return the algorithm name and mode.
Return the name of the algorithm the wrapper implements.
Return the name of the algorithm the wrapper implements.
return the algorithm name
return the algorithm name
return the algorithm name
return the algorithm name
return the algorithm name
return the algorithm name
return the algorithm name
return the name of the algorithm we are wrapping.
Return the name of the algorithm the cipher implements.
Return the name of the algorithm the cipher implements.
Return the name of the algorithm the cipher implements.
Return the name of the algorithm the MAC implements.
Return the name of the algorithm the wrapper implements.
Return the name of the algorithm the cipher implements.
Return all the attributes matching the OBJECT IDENTIFIER oid.
Returns the attribute certificate checker.
Returns the attribute certificate being checked.
Returns the revocation list for revoked attribute certificates for an
attribute authority
The attributeAuthorityList holds a list of AA certificates that have been
revoked.
Returns the attribute certificate which must be matched.
Returns an attribute certificate for an user.
Returns the revocation list for revoked attribute certificates.
Get the criteria for the validity.
Returns an attribute certificate for an authority
The attributeDescriptorCertificate is self signed by a source of
authority and holds a description of the privilege and its delegation
rules.
Return the attributes contained in the attribute block in the certificate.
Return the attributes contained in the attribute block in the certificate.
Return the attributes with the same type as the passed in oid.
Return the attributes with the same type as the passed in oid.
Returns the CRLs for issued certificates for other CAs matching the given
selector.
Return the block size for this cipher (in bytes).
return the blocksize for the underlying cipher.
Return the block size for this cipher (in bytes).
return the block size of the underlying cipher.
return the block size we are operating at.
return the block size we are operating at (in bytes).
return the block size we are operating at (in bytes).
return the block size we are operating at.
return the block size we are operating at.
Return the block size for this cipher (in bytes).
return the amount of data sitting in the buffer.
return the ECDomainParameters object for the given OID, null if it
isn't present.
return the GOST3410ParamSetParameters object for the given OID, null if it
isn't present.
return the X9ECParameters object for the named curve represented by
the passed in object identifier.
return the X9ECParameters object for the named curve represented by
the passed in object identifier.
return the X9ECParameters object for the named curve represented by
the passed in object identifier.
return the X9ECParameters object for the named curve represented by
the passed in object identifier.
Return the size in bytes of the internal buffer the digest applies it's compression
function to.
Return the size in bytes of the internal buffer the digest applies it's compression
function to.
Return the size in bytes of the internal buffer the digest applies it's compression
function to.
Return the size in bytes of the internal buffer the digest applies it's compression
function to.
Return the size in bytes of the internal buffer the digest applies it's compression
function to.
Return the size in bytes of the internal buffer the digest applies it's compression
function to.
return the correct number of bytes for a bit string defined in
a 32 bit constant
returns a vector with 0 or more objects of all the capabilities
matching the passed in capability OID.
Returns the cause of the exception.
Returns the cause of the exception.
Returns the cause of the exception.
Returns the certificate revocation lists for revoked certificates.
Get the X.509 certificates associated with this PKCS#7 object
Returns the list of certificates in this certification
path.
Return the certificates, if any associated with the response.
If the request is signed return a possibly empty CertStore containing the certificates in the
request.
Returns the certificate pair which is used for testing on equality.
Return the status object for the response - null indicates good.
Returns a copy of the Collection
.
Fetches complete CRLs according to RFC 3280.
Apply default coversion for the given value depending on the oid
and the character range of the value.
Convert the passed in String value into the appropriate ASN.1
encoded object.
Add the CRL issuers from the cRLIssuer field of the distribution point or
from the certificate if not given to the issuer criterion of the
selector
.
Get the X.509 certificate revocation lists associated with this PKCS#7 object
Returns cross certificate pairs.
return the CRT coefficient.
return the curve along which the base point lies.
return the private value D.
return the private number D
return the private value D.
return the time as a date based on whatever a 2 digit year will return.
size of the output block on decoding produced by getEncodedBlockSize()
bytes.
size of the output block on decoding produced by getEncodedBlockSize()
bytes.
Returns the delta revocation list for revoked certificates.
Fetches delta CRLs according to RFC 3280 section 5.2.4.
Return the DER encoding of the object, null if the DER encoding can not be made.
return the derivation vector.
return the underlying digest.
return the underlying digest.
return the message digest used as the basis for the function
return the message digest used as the basis for the function
return the message digest used as the basis for the function
return the underlying digest.
Returns the other object type ID if an object digest info is used.
Get the algorithm used to calculate the message digest
Returns the digest object type if an object digest info is used.
return the size, in bytes, of the digest produced by this message digest.
return the size, in bytes, of the digest produced by this message digest.
return the size, in bytes, of the digest produced by this message digest.
return the size, in bytes, of the digest produced by this message digest.
return the size, in bytes, of the digest produced by this message digest.
return the size, in bytes, of the digest produced by this message digest.
return the size, in bytes, of the digest produced by this message digest.
return the size, in bytes, of the digest produced by this message digest.
return the size, in bytes, of the digest produced by this message digest.
return the size, in bytes, of the digest produced by this message digest.
Return the distribution points making up the sequence.
return the ASN.1 encoded representation of this object.
Return a PKCS8 representation of the key.
Return a PKCS8 representation of the key.
Return a PKCS8 representation of the key.
Return a PKCS8 representation of the key.
Return a PKCS8 representation of the key.
Return a PKCS8 representation of the key.
return the ASN.1 encoded representation of this object.
return the ASN.1 encoded representation of this object.
return a DER encoded byte array representing this object
return the bytes for the PKCS7SignedData object.
Returns the encoded form of this certification path, using
the default encoding.
Return an ASN.1 encoded byte array representing the attribute certificate.
return a DER encoded byte array representing this object
Return an ASN.1 encoded byte array representing the attribute certificate.
Returns the encoded form of this certification path, using
the specified encoding.
size of the output block on encoding produced by getDecodedBlockSize()
bytes.
size of the output block on encoding produced by getDecodedBlockSize()
bytes.
Returns the issuer of an attribute certificate or certificate.
Returns an iteration of the encodings supported by this
certification path, with the default encoding
first.
return the encoding vector.
Returns the entityName for an v2 attribute certificate or the subjectName
for an v1 attribute certificate.
Return any principal objects inside the attribute certificate holder
entity names field.
Excluded certificates are not used for building a certification path.
return the extension represented by the object identifier
passed in.
Extract the value of the given extension, if it exists.
return the encoding format we produce in getEncoded().
return the encoding format we produce in getEncoded().
return the encoding format we produce in getEncoded().
return the encoding format we produce in getEncoded().
return the encoding format we produce in getEncoded().
return the encoding format we produce in getEncoded().
Returns the certificate from the other CA to this CA.
Returns the certicate selector for the forward part.
return the base point we are using for these domain parameters.
Returns the base generator g
.
return the cofactor H to the order of G.
Return the holder of the certificate.
Return the holder of the certificate.
returns the largest size an input block can be.
returns the largest size an input block can be.
Return the maximum size for an input block to this engine.
return the input block size.
Returns the input block size of this algorithm.
returns the largest size an input block can be.
returns the largest size an input block can be.
Return the maximum size for an input block to this engine.
Return the maximum size for an input block to this engine.
Return the maximum size for an input block to this engine.
return a DERBoolean from the passed in boolean.
return an Octet String from the given object.
return an ASN1Sequence from the given object.
return an ASN1Set from the given object.
return an Attribute object from the given object.
return an Attribute object from the given object.
return an Attribute object from the given object.
return a CompressedData object from the given object.
return a Bit String from the passed in object
return a BMP String from the given object.
return a boolean from the passed in object.
return an integer from the passed in object
return a generalized time from the passed in object
return a IA5 string from the passed in object
return an integer from the passed in object
return a Numeric string from the passed in object
return an OID from the passed in object
return a printable string from the passed in object.
return a T61 string from the passed in object.
return a Universal String from the passed in object.
return an UTC Time from the passed in object.
return an UTF8 string from the passed in object.
return a Visible String from the passed in object.
return an EncryptedContentInfo object from the given object.
return an EnvelopedData object from the given object.
return a KEKIdentifier object from the given object.
return a KEKRecipientInfo object from the given object.
return an KeyAgreeRecipientIdentifier object from the given object.
return a KeyAgreeRecipientInfo object from the given object.
return a KeyTransRecipientInfo object from the given object.
return an OriginatorIdentifierOrKey object from the given object.
return an OriginatorInfo object from the given object.
return an OriginatorPublicKey object from the given object.
return an OtherKeyAttribute object from the given object.
return a OtherRecipientInfo object from the given object.
return a PasswordRecipientInfo object from the given object.
return a RecipientEncryptedKey object from the given object.
return a RecipientIdentifier object from the given object.
return a RecipientKeyIdentifier object from the given object.
RoleSyntax factory method.
return a SignerIdentifier object from the given object.
return an Attribute object from the given object.
Creates an instance of a Target from the given object.
Creates an instance of a TargetInformation from the given object.
Creates an instance of a Targets from the given object.
return an Octet String from a tagged object.
Return an ASN1 sequence from a tagged object.
Return an ASN1 set from a tagged object.
return a CompressedData object from a tagged object.
return a Bit String from a tagged object.
return a BMP String from a tagged object.
return a Boolean from a tagged object.
return an Enumerated from a tagged object.
return a Generalized Time object from a tagged object.
return an IA5 String from a tagged object.
return an Integer from a tagged object.
return an Numeric String from a tagged object.
return an Object Identifier from a tagged object.
return a Printable String from a tagged object.
return an T61 String from a tagged object.
return a Universal String from a tagged object.
return an UTC Time from a tagged object.
return an UTF8 String from a tagged object.
return a Visible String from a tagged object.
return an EnvelopedData object from a tagged object.
return a KEKIdentifier object from a tagged object.
return a KEKRecipientInfo object from a tagged object.
return an KeyAgreeRecipientIdentifier object from a tagged object.
return a KeyAgreeRecipientInfo object from a tagged object.
return an OriginatorIdentifierOrKey object from a tagged object.
return an OriginatorInfo object from a tagged object.
return an OriginatorPublicKey object from a tagged object.
return a OtherRecipientInfo object from a tagged object.
return a PasswordRecipientInfo object from a tagged object.
return an RecipientEncryptedKey object from a tagged object.
return a RecipientKeyIdentifier object from a tagged object.
Return a X509Name based on the passed in tagged object.
Returns an instance of ExtendedPKIXParameters
which can be
safely casted to ExtendedPKIXBuilderParameters
.
Returns an instance with the parameters of a given
PKIXParameters
object.
Generates a StreamParser object that implements the specified type.
Generates a X509StreamParser object for the specified type from the
specified provider.
Generates a X509StreamParser object for the specified type from the
specified provider.
Returns an instance of this from a X509CertSelector
.
Returns an instance of this from a X509CRLSelector
.
Return the principals associated with the issuer attached to this holder
Return the issuer details for the certificate.
Returns the issuer criterion.
Return the issuer details for the certificate.
return the issuer of the given cert as an X509PrincipalObject.
return the issuer of the given CRL as an X509PrincipalObject.
Returns the issuing distribution point.
return the iteration count.
Returns the IV or null if this parameter set does not contain an IV.
Return the subgroup factor J.
Return the private value length in bits - if set, zero otherwise (use bitLength(P) - 1).
return private value limit - l
Return the minimum length of the private value.
Return the value of the MAC associated with the last stream processed.
Returns a byte array containing the mac calculated as part of the
last encrypt or decrypt operation.
Return the value of the MAC associated with the last stream processed.
return the key size in bits for the MAC used with the message
Return the block size for this MAC (in bytes).
Return the block size for this MAC (in bytes).
Return the block size for this MAC (in bytes).
Return the block size for this MAC (in bytes).
Return the block size for this MAC (in bytes).
Return the block size for this MAC (in bytes).
Return the block size for this MAC (in bytes).
Return the matches in the collection for the passed in selector.
Get the maximum base CRL number.
Returns the value of the maximum number of intermediate non-self-issued
certificates in the certification path.
Return the tagged object inside the distribution point name.
return the name of the curve the EC domain parameters belong to.
return the named curve name represented by the given object identifier.
return the named curve name represented by the given object identifier.
return the named curve name represented by the given object identifier.
return the named curve name represented by the given object identifier.
return the named curve name represented by the given object identifier.
returns an enumeration containing the name strings for parameters
contained in this structure.
return an enumeration of the names of the available curves.
return an enumeration of the names of the available curves.
returns an enumeration containing the name strings for parameters
contained in this structure.
returns an enumeration containing the name strings for curves
contained in this structure.
returns an enumeration containing the name strings for curves
contained in this structure.
returns an enumeration containing the name strings for curves
contained in this structure.
returns an enumeration containing the name strings for curves
contained in this structure.
Returns the neccessary attributes which must be contained in an attribute
certificate.
return the NextUpdate value - note: this is an optional field so may
be returned as null.
Return the next working key inheriting DSA parameters if necessary.
Return the date after which the certificate is not valid.
Return the date after which the certificate is not valid.
Return the date before which the certificate is not valid.
Return the date before which the certificate is not valid.
return whatever was following the tag.
Return the enclosed object assuming implicit tagging.
return the object at the sequence position indicated by index.
return the object at the set position indicated by index.
Returns the hash if an object digest info is used.
Return the object held in this tagged object as a parser assuming it has
the type of the passed in tag.
return the DER octets that make up this string.
return the object identifier signified by the passed in name.
return the object identifier signified by the passed in name.
return the object identifier signified by the passed in name.
return the object identifier signified by the passed in name.
return a vector of the oids in the name, in the order they were found.
Returns the digest algorithm ID if an object digest info is used.
returns the maximum size of the block produced by this cipher.
returns the maximum size of the block produced by this cipher.
Return the maximum size for an output block to this engine.
return the maximum possible size for the output.
Returns the output block size of this algorithm.
returns the maximum size of the block produced by this cipher.
returns the maximum size of the block produced by this cipher.
Return the maximum size for an output block to this engine.
Return the maximum size for an output block to this engine.
Return the maximum size for an output block to this engine.
return the size of the output buffer required for a processBytes plus a
doFinal with an input of len bytes.
return the size of the output buffer required for an update plus a
doFinal with an input of len bytes.
return the size of the output buffer required for an update plus a
doFinal with an input of len bytes.
return the size of the output buffer required for a processBytes plus a
doFinal with an input of len bytes.
return the size of the output buffer required for an update plus a
doFinal with an input of len bytes.
return the minimum size of the output buffer required for an update
plus a doFinal with an input of len bytes.
Returns the prime modulus p
.
retrieve the number of pad bits in the last decoded message.
return the correct number of pad bits for a bit string defined in
a 32 bit constant
Return the name of the algorithm the cipher implements.
Return the name of the algorithm the padder implements.
Return the name of the algorithm the padder implements.
Return the name of the algorithm the padder implements.
Return the name of the algorithm the padder implements.
Return the name of the algorithm the padder implements.
Return the name of the algorithm the padder implements.
return a parameter specification representing the EC domain parameters
for the key.
return a parameter specification representing the EC domain parameters
for the key.
return a parameter spec representing the passed in named
curve.
return a parameter spec representing the passed in named
curve.
return a parameter specification representing the EC domain parameters
for the key.
return the domain parameters for the curve
return a parameter specification representing the EC domain parameters
for the key.
return the password byte array.
in some cases positive values get crammed into a space,
that's not quite big enough...
return the prime exponent for P.
return the prime exponent for Q.
Returns the size in bits of the prime modulus.
Return any principal objects inside the attribute certificate issuer
object.
return the private key parameters.
return the local private key.
return the local private key.
Returns the attribute certificates which are not allowed.
return the public key parameters.
return the intended recipient's/sender's public key.
return the intended recipient's/sender's public key.
return the public exponent.
return the public exponent.
return the public key associated with the certification request -
the public key is created using the BC provider.
for when the public key is an encoded object - if the bitstring
can't be decoded this routine throws an IOException.
for when the public key is raw bits...
return the public point Q
return the public point q
return the random source associated with this
generator.
Return a reference to the recoveredMessage message.
Return a reference to the recoveredMessage message.
Returns a reference to what message was recovered (if any).
Return the certificate from this CA to the other CA.
Returns the certicate selector for the reverse part.
return the revocation reason.
Gets the role authority of this RoleSyntax.
Gets the role authority as a String[]
object.
Gets the role name of this RoleSyntax.
Gets the role name as a java.lang.String
object.
return the salt byte array.
Return the S-Box associated with SBoxName
return the seed used to generate this curve (if available).
Return the serial number associated with the issuer attached to this
holder.
return the serial number for the certificate associated
with this request.
Return the serial number for the certificate.
Gets the serial number the attribute certificate must have.
Return the serial number for the certificate.
return a more "meaningful" representation for the signature algorithm used in
the certficate.
return the object identifier for the signature.
return the signature parameters, or null if there aren't any.
Return an iterator of the signature names supported by the generator.
Return an iterator of the signature names supported by the generator.
Return an iterator of the signature names supported by the generator.
Return an iterator of the signature names supported by the generator.
Return an iterator of the signature names supported by the generator.
Return an iterator of the signature names supported by the generator.
return the object identifier representing the signature algorithm
Get the X.509 certificate actually used to sign the digest.
Get the version of the PKCS#7 "SignerInfo" object.
Returns an immutable List
of Bouncy Castle
Store
s used for finding CRLs, certificates, attribute
certificates or cross certificates.
return the bit strength for keys produced by this generator,
Returns the stored String
object.
Return the UTF8STRING at index i.
Return the SigPolicyQualifierInfo at index i.
return the subject of the given cert as an X509PrincipalObject.
Returns an immutable Set
of X.509 attribute certificate
extensions that this PKIXAttrCertChecker
supports or
null
if no extensions are supported.
Returns the required constraints on the target certificate or attribute
certificate.
Returns the targets in a Vector
.
Returns the targets in this target information extension.
Return the DER encoding of the tbsRequest field.
Return the DER encoding of the tbsResponseData field.
return the time - always in the form of
YYYYMMDDhhmmssGMT(+hh:mm|-hh:mm).
return the time - always in the form of
YYMMDDhhmmssGMT(+hh:mm|-hh:mm).
Returns the trusted attribute certificate issuers.
Return the tag number applying to the underlying choice.
return the cipher this object wraps.
return the underlying cipher for the buffer.
return the cipher this object wraps.
return the underlying block cipher that we are wrapping.
return the underlying block cipher that we are wrapping.
return the underlying block cipher that we are wrapping.
return the cipher this object wraps.
return the underlying block cipher that we are wrapping.
return the underlying block cipher that we are wrapping.
return the underlying block cipher that we are wrapping.
return the underlying block cipher that we are wrapping.
return the underlying block cipher that we are wrapping.
return the size of the output buffer required for a processBytes
an input of len bytes.
return the size of the output buffer required for an update
an input of len bytes.
return the size of the output buffer required for an update
an input of len bytes.
return the size of the output buffer required for a processBytes
an input of len bytes.
return the size of the output buffer required for an update
an input of len bytes.
return the size of the output buffer required for an update
an input of len bytes.
Returns all extended key usages.
Returns end certificates.
return a vector of the values found in the name, in the order they
were found.
return a vector of the values found in the name, in the order they
were found, with the DN label corresponding to passed in oid.
Returns 1 for v2 attribute certificates or 0 for v1 attribute
certificates.
Get the version of the PKCS#7 object.
Return the version number for the certificate.
Return the version number for the certificate.
Returns the private value x
.
Returns the private key x
.
Returns the public value y
.
Returns the public key y
.
implements the GOST 28147 OFB counter mode (GCTR).
implementation of GOST 28147-89
implementation of GOST 28147-89 MAC
A parameter spec for the GOST-28147 cipher.
basic test class for the GOST28147 cipher
Main interface for a GOST 3410-94 key.
a GOST3410 key pair generator.
table of the available named parameters for GOST 3410-94.
generate suitable parameters for GOST3410.
ParameterSpec for a GOST 3410-94 key.
This class specifies a GOST3410-94 private key with its associated parameters.
Creates a new GOST3410PrivateKeySpec with the specified parameter values.
ParameterSpec for a GOST 3410-94 key parameters.
Creates a new GOST3410ParameterSpec with the specified parameter values.
This class specifies a GOST3410-94 public key with its associated parameters.
Creates a new GOST3410PublicKeySpec with the specified parameter values.
GOST R 34.10-94 Signature Algorithm
utility class for converting jce/jca GOST3410-94 objects
objects into their org.bouncycastle.crypto counterparts.
implementation of GOST R 34.11-94
id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) x9-57 (10040) x9cm(4) 3 }
Some other information of non-restrictive nature regarding the usage of
this certificate.
Attribute to indicate admissions to certain professions.
Hash of a certificate in OCSP.
SingleOCSPResponse extension: Date, when certificate has been published
in the directory and status information has become available.
Certificate extensionDate of certificate generation
DateOfCertGenSyntax ::= GeneralizedTime
A declaration of majority.
Serial number of the smart card containing the corresponding private key
ICCSNSyntax ::= OCTET STRING (SIZE(8..20))
Indicates that an attribute certificate exists, which limits the
usability of this public key certificate.
Monetary limit for transactions.
Base ObjectIdentifier for naming authorities
Profession OIDs should always be defined under the OID branch of the
responsible naming authority.
Reference for a file of a smartcard that stores the public key of this
certificate and that is used as �security anchor�.
Attribute to indicate that the certificate holder may sign in the name of
a third person.
SingleOCSPResponse extension: The certificate requested by the client by
inserting the RetrieveIfAllowed extension in the request, will be
returned in this extension.
Some other restriction regarding the usage of this certificate.
(Single)Request extension: Clients may include this extension in a
(single) Request to request the responder to send the certificate in the
response message along with the status information.
The id-isismtt-cp-accredited OID indicates that the certificate is a
qualified certificate according to Directive 1999/93/EC of the European
Parliament and of the Council of 13 December 1999 on a Community
Framework for Electronic Signatures, which additionally conforms the
special requirements of the SigG and has been issued by an accredited CA.
Usage deprecated by RFC4945 - was { id-kp 5 }
Usage deprecated by RFC4945 - was { id-kp 6 }
Usage deprecated by RFC4945 - was { idkp 7 }
{ 1 3 6 1 4 1 311 20 2 2 }
Certificate policy IDs for German SigI (Signature Interoperability
Specification)
Certificate is conform to german signature law.
Key purpose IDs for German SigI (Signature Interoperability
Specification)
To be used for for the generation of directory service certificates.
Other Name IDs for German SigI (Signature Interoperability Specification)
A class that provides a basic International Data Encryption Algorithm (IDEA) engine.
key pair for use with an integrated encryptor - together
they provide what's required to generate the message.
support class for constructing intergrated encryption ciphers
for doing basic message exchanges on top of key agreement ciphers
set up for use with stream mode, where the key derivation function
is used to provide a stream of bytes to xor with the message.
set up for use in conjunction with a block cipher to handle the
message.
key pair for use with an integrated encryptor
parameters for using an integrated cipher in stream mode.
Parameter spec for an integrated encryptor, as in IEEE P1363a
test for ECIES - Elliptic Curve Integrated Encryption Scheme
Implementation of IetfAttrSyntax
as specified by RFC3281.
Example InfoTypeAndValue contents include, but are not limited
to, the following (un-comment in this ASN.1 module and use as
appropriate for a given environment):
id-it-caProtEncCert OBJECT IDENTIFIER ::= {id-it 1}
CAProtEncCertValue ::= CMPCertificate
id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2}
SignKeyPairTypesValue ::= SEQUENCE OF AlgorithmIdentifier
id-it-encKeyPairTypes OBJECT IDENTIFIER ::= {id-it 3}
EncKeyPairTypesValue ::= SEQUENCE OF AlgorithmIdentifier
id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4}
PreferredSymmAlgValue ::= AlgorithmIdentifier
id-it-caKeyUpdateInfo OBJECT IDENTIFIER ::= {id-it 5}
CAKeyUpdateInfoValue ::= CAKeyUpdAnnContent
id-it-currentCRL OBJECT IDENTIFIER ::= {id-it 6}
CurrentCRLValue ::= CertificateList
id-it-unsupportedOIDs OBJECT IDENTIFIER ::= {id-it 7}
UnsupportedOIDsValue ::= SEQUENCE OF OBJECT IDENTIFIER
id-it-keyPairParamReq OBJECT IDENTIFIER ::= {id-it 10}
KeyPairParamReqValue ::= OBJECT IDENTIFIER
id-it-keyPairParamRep OBJECT IDENTIFIER ::= {id-it 11}
KeyPairParamRepValue ::= AlgorithmIdentifer
id-it-revPassphrase OBJECT IDENTIFIER ::= {id-it 12}
RevPassphraseValue ::= EncryptedValue
id-it-implicitConfirm OBJECT IDENTIFIER ::= {id-it 13}
ImplicitConfirmValue ::= NULL
id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14}
ConfirmWaitTimeValue ::= GeneralizedTime
id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15}
OrigPKIMessageValue ::= PKIMessages
id-it-suppLangTags OBJECT IDENTIFIER ::= {id-it 16}
SuppLangTagsValue ::= SEQUENCE OF UTF8String
where
id-pkix OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
and
id-it OBJECT IDENTIFIER ::= {id-pkix 4}
initialise the underlying cipher.
initialise an AES cipher.
initialise an AES cipher.
initialise an AES cipher.
initialise a Blowfish cipher.
initialise the buffer and the underlying cipher.
initialise a CAST cipher.
Initialise the cipher and, possibly, the initialisation vector (IV).
Initialise the cipher and, possibly, the initialisation vector (IV).
initialise a DESede cipher.
initialise the signer for signature generation or signature
verification.
initialise the underlying cipher.
initialise the signer for signature generation or signature
verification.
initialise the signer for signature generation or signature
verification.
initialise the ElGamal engine.
Initialise the cipher and, possibly, the initialisation vector (IV).
initialise an GOST28147 cipher.
Initialise a HC-128 cipher.
Initialise a HC-256 cipher.
initialise an IDEA cipher.
initialise an ISAAC cipher.
Initializes this algorithm.
Initialise the cipher and, possibly, the initialisation vector (IV).
Initialise the cipher and, possibly, the initialisation vector (IV).
Initialise the cipher and, possibly, the initialisation vector (IV).
initialise a RC5-32 cipher.
initialise a RC5-64 cipher.
initialise a RC5-32 cipher.
initialise a Rijndael cipher.
initialise the RSA engine.
Initialise the blinding engine.
initialise the signer for signing or verification.
initialise the RSA engine.
initialise a Salsa20 cipher.
initialise a Serpent cipher.
Initialise the signer for signing or verification.
initialise a SKIPJACK cipher.
initialise the underlying cipher.
initialise a Twofish cipher.
initialise a VMPC cipher.
Initialise the encryptor.
Initialise - note the iteration count for this algorithm is fixed at 1.
initialise the PBE generator.
Initialise the parameters generator.
initialise the key generator.
initialise the key generator.
initialise the agreement engine.
initialise the agreement engine.
Initialise the factor generator
intialise the key pair generator.
initialise the key generator.
initialise the key generator - if strength is set to zero
the key generated will be 192 bits in size, otherwise
strength can be 128 or 192 (or 112 or 168 if you don't count
parity bits), depending on whether you wish to do 2-key or 3-key
triple DES.
intialise the key pair generator.
intialise the key pair generator.
intialise the key pair generator.
intialise the key pair generator.
intialise the key pair generator.
intialise the key pair generator.
intialise the key pair generator.
intialise the key pair generator.
Updates the permitted set of these name constraints with the intersection
with the given subtree.
this exception is thrown whenever we find something we don't expect in a
message.
create a InvalidCipherTextException with the given message.
Implementation of Bob Jenkin's ISAAC (Indirection Shift Accumulate Add and Count).
Returns if additional
X509Store
s for locations like LDAP found
in certificates or CRLs should be used.
If true
only complete CRLs are returned.
Returns if this selector must match CRLs with the delta CRL indicator
extension set.
Return true if there are no extension present in this generator.
return whether or not the object may be explicitly tagged.
return true if the passed in String can be represented without
loss as an IA5String, false otherwise.
Returns if the issuing distribution point criteria should be applied.
Return true if the string can be represented as a NumericString ('0'..'9', ' ')
A padder that adds ISO10126-2 padding to a block.
parameters for Key derivation functions for ISO-18033
The Iso4217CurrencyCode object.
A padder that adds the padding according to the scheme referenced in
ISO 7814-4 - scheme 2 from ISO 9797-1.
ISO9796-2 - mechanism using a hash function with recovery (scheme 2 and 3).
Constructor for a signer with an explicit digest trailer.
Generate a signer for the with either implicit or explicit trailers
for ISO9796-2, scheme 2 or 3.
ISO9796-2 - mechanism using a hash function with recovery (scheme 1)
Constructor for a signer with an explicit digest trailer.
Generate a signer for the with either implicit or explicit trailers
for ISO9796-2.
DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC)
This could as well be derived from CBCBlockCipherMac, but then the property mac in the base
class must be changed to protected
create a Retail-MAC based on a CBC block cipher.
create a Retail-MAC based on a block cipher with the size of the
MAC been given in bits.
create a standard MAC based on a block cipher with the size of the
MAC been given in bits.
create a Retail-MAC based on a CBC block cipher.
return true if the passed in String can be represented without
loss as a PrintableString, false otherwise.
Checks whether the given certificate is on this CRL.
Return whether or not this request is signed.
IssuingDistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
onlySomeReasons [3] ReasonFlags OPTIONAL,
indirectCRL [4] BOOLEAN DEFAULT FALSE,
onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
Issuing Distribution Point
Constructor from ASN1Sequence
Constructor from given details.
Validate the given IPv4 or IPv6 address.
return true if the passed in key is a DES-EDE weak key.
return true if the passed in key is a DES-EDE weak key.
P - field in class org.bouncycastle.crypto.engines.
VMPCEngine return the number of pad bytes present in the block.
return the number of pad bytes present in the block.
return the number of pad bytes present in the block.
return the number of pad bytes present in the block.
return the number of pad bytes present in the block.
return the number of pad bytes present in the block.
return the number of pad bytes present in the block.
A wrapper class that allows block ciphers to be used to process data in
a piecemeal fashion with PKCS5/PKCS7 padding.
Create a buffered block cipher with, or without, padding.
A wrapper class that allows block ciphers to be used to process data in
a piecemeal fashion with padding.
Create a buffered block cipher PKCS7 padding
Create a buffered block cipher with the desired padding.
Cipher parameters with a fixed salt value associated with them.
Parse the ServerCertificate message.
call back to allow a password to be fetched when one is requested.
PBE - interface org.bouncycastle.jce.provider.
PBE super class for all Password Based Encryption (PBE) parameter generator classes.
test out the various PBE modes, making sure the JCE implementations
are compatible woth the light weight ones.
PBEWithMD5And128BitAES-OpenSSL
PBEWithMD5And192BitAES-OpenSSL
PBEWithMD5And256BitAES-OpenSSL
PBEWithSHA256And128BitAES-BC
PBEWithSHA256And192BitAES-BC
PBEWithSHA256And256BitAES-BC
PBEWithSHA1And128BitAES-BC
PBEWithSHAAnd128BitRC2-CBC
PBEWithSHAAnd128BitRC2-CBC
PBEWithSHA1And192BitAES-BC
PBEWithSHA1And256BitAES-BC
PBEWithSHAAnd40BitRC2-CBC
PBEWithSHAAnd40BitRC2-CBC
PBEWithSHAAnd2-KeyTripleDES-CBC
PBEWithSHAAnd2-KeyTripleDES-CBC
PBEWithSHAAnd3-KeyTripleDES-CBC
PBEWithSHAAnd3-KeyTripleDES-CBC
Class for reading OpenSSL PEM encoded streams containing
X509 certificates, PKCS8 encoded keys and PKCS7 objects.
Create a new PEMReader with a password finder
Create a new PEMReader with a password finder
General purpose writer for OpenSSL PEM objects.
Contains personal data for the otherName field in the subjectAltNames
extension.
Constructor from a given details.
Pfx - class org.bouncycastle.asn1.pkcs.
Pfx the infamous Pfx from PKCS12
Implements OpenPGP's rather strange version of Cipher-FeedBack (CFB) mode on top of a simple cipher.
A class for verifying and creating PKCS10 Certification requests.
construct a PKCS10 certification request from a DER encoded
byte stream.
create a PKCS10 certfication request using the BC provider.
create a PKCS10 certfication request using the named provider.
create a PKCS10 certfication request using the BC provider.
create a PKCS10 certfication request using the named provider.
PKCS12 - static field in class org.bouncycastle.jce.provider.
PBE allow us to set attributes on objects that can go into a PKCS12 store.
Example of how to set up a certificiate chain and a PKCS 12 store for
a private individual - obviously you'll need to generate your own keys,
and you may need to add a NetscapeCertType extension or add a key
usage extension depending on your application, but you should get the
idea!
Generator for PBE derived keys and ivs as defined by PKCS 12 V1.0.
Construct a PKCS 12 Parameters generator.
converts a password to a byte array according to the scheme in
PKCS12 (unicode, big endian, 2 zero pad bytes at the end).
Exercise the various key stores, making sure we at least get back what we put in!
this does your basic PKCS 1 v1.5 padding - whether or not you should be using this
depends on your application - see PKCS1 Version 2 for details.
converts a password to a byte array according to the scheme in
PKCS5 (ascii, no padding)
PKCS5S1 - static field in class org.bouncycastle.jce.provider.
PBE Generator for PBE derived keys and ivs as defined by PKCS 5 V2.0 Scheme 1.
Construct a PKCS 5 Scheme 1 Parameters generator.
PKCS5S2 - static field in class org.bouncycastle.jce.provider.
PBE Generator for PBE derived keys and ivs as defined by PKCS 5 V2.0 Scheme 2.
construct a PKCS5 Scheme 2 Parameters generator.
A padder that adds PKCS7/PKCS5 padding to a block.
Represents a PKCS#7 object - specifically the "Signed Data"
type.
Read an existing PKCS#7 object from a DER encoded byte array using
the BC provider.
Read an existing PKCS#7 object from a DER encoded byte array
Create a new PKCS#7 object from the specified key.
Create a new PKCS#7 object from the specified key using the BC provider.
Create a new PKCS#7 object from the specified key.
PKIFailureInfo ::= BIT STRING {
badAlg (0),
-- unrecognized or unsupported Algorithm Identifier
badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
badRequest (2),
-- transaction not permitted or supported
badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
badCertId (4), -- no certificate could be found matching the provided criteria
badDataFormat (5),
-- the data submitted has the wrong format
wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
incorrectData (7), -- the requester's data is incorrect (for notary services)
missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
badPOP (9) -- the proof-of-possession failed
timeNotAvailable (14),
-- the TSA's time source is not available
unacceptedPolicy (15),
-- the requested TSA policy is not supported by the TSA
unacceptedExtension (16),
-- the requested extension is not supported by the TSA
addInfoNotAvailable (17)
-- the additional information requested could not be understood
-- or is not available
systemFailure (25)
-- the request cannot be handled due to system failure
This is the default PKIX validity model.
CertPathValidatorSpi implementation for X.509 Attribute Certificates la RFC 3281.
CertPath implementation for X.509 certificates.
Implements the PKIX CertPathBuilding algorithm for BouncyCastle.
CertPathValidatorSpi implementation for X.509 Certificate validation � la RFC
3280.
RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128)
PolicyMappings V3 extension, described in RFC3280.
Creates a new PolicyMappings
instance.
Creates a new PolicyMappings
instance.
PolicyQualifierId, used in the CertificatePolicies
X509V3 extension.
Policy qualifiers, used in the X509V3 CertificatePolicies
extension.
Creates a new PolicyQualifierInfo
instance.
Creates a new PolicyQualifierInfo
instance.
Creates a new PolicyQualifierInfo
containing a
cPSuri qualifier.
RFC 3039 PostalAddress - SEQUENCE SIZE (1..6) OF
DirectoryString(SIZE(1..30))
postalCode - DirectoryString(SIZE(1..40)
a utility class that will extract X509Principal objects from X.509 certificates.
Factory for creating private key objects from PKCS8 PrivateKeyInfo objects.
PrivateKeyUsagePeriod ::= SEQUENCE {
notBefore [0] GeneralizedTime OPTIONAL,
notAfter [1] GeneralizedTime OPTIONAL }
Process one block of input from the array in and write it to
the out array.
Process one block of input from the array in and write it to
the out array.
Process one block of input from the array in and write it to
the out array.
Process one block of input from the array in and write it to
the out array.
Process one block of input from the array in and write it to
the out array.
Process one block of input from the array in and write it to
the out array.
Process one block of input from the array in and write it to
the out array.
Process one block of input from the array in and write it to
the out array.
Process one block of input from the array in and write it to
the out array.
Process one block of input from the array in and write it to
the out array.
process the block of len bytes stored in in from offset inOff.
Process a single block using the basic ElGamal algorithm.
process the block of len bytes stored in in from offset inOff.
Process a single Block using the Naccache-Stern algorithm.
process the block of len bytes stored in in from offset inOff.
process the block of len bytes stored in in from offset inOff.
Process a single block using the basic RSA algorithm.
Process a single block using the RSA blinding algorithm.
Process a single block using the basic RSA algorithm.
add another byte for processing.
encrypt/decrypt a single byte.
process a single byte, producing an output block if neccessary.
process a single byte, producing an output block if neccessary.
encrypt/decrypt a single byte.
process a single byte, producing an output block if neccessary.
process a single byte, producing an output block if neccessary.
add len bytes to the buffer for processing.
process a block of bytes from in putting the result into out.
process an array of bytes, producing output if necessary.
process an array of bytes, producing output if necessary.
process a block of bytes from in putting the result into out.
process a block of bytes from in putting the result into out.
process an array of bytes, producing output if necessary.
process an array of bytes, producing output if necessary.
process a block of bytes from in putting the result into out.
process a block of bytes from in putting the result into out.
process a block of bytes from in putting the result into out.
If the DP includes cRLIssuer, then verify that the issuer field in the
complete CRL matches cRLIssuer in the DP and that the complete CRL
contains an issuing distribution point extension with the indirectCRL
boolean asserted.
If the complete CRL includes an issuing distribution point (IDP) CRL
extension check the following:
(i) If the distribution point name is present in the IDP CRL extension
and the distribution field is present in the DP, then verify that one of
the names in the IDP matches one of the names in the DP.
If use-deltas is set, verify the issuer and scope of the delta CRL.
Obtain and validate the certification path for the complete CRL issuer.
Convenience Method for data exchange with the cipher.
Attribute to indicate that the certificate holder may sign in the name of a
third person.
Constructor from a given details.
Constructor from a given details.
Professions, specializations, disciplines, fields of activity, etc.
Constructor from given details.
A permission class to define what can be done with the ConfigurableProvider interface.
RFC 3039 Pseudonym - DirectoryString(SIZE(1..64)
RSA-PSS as described in PKCS# 1 v 2.1.
The public key is hashed.
This is designed to parse
the PublicKeyAndChallenge created by the KEYGEN tag included by
Mozilla based browsers.
The public key certificate is hashed.
Factory to create asymmetric public key parameters for asymmetric ciphers
from range of ASN.1 encoded SubjectPublicKeyInfo objects.
T - static field in class org.bouncycastle.asn1.x509.
X509Name Title
Target structure used in target information extension for attribute
certificates from RFC 3281.
Constructor from given details.
Target information extension for attributes certificates according to RFC
3281.
TargetInformation extension in attribute certificates.
According to RFC 3281 only one targets element must be produced.
Constructs a target information from a single targets element.
Targets structure used in target information extension for attribute
certificates from RFC 3281.
Constructor from given targets.
A padder that adds Trailing-Bit-Compliment padding to a block.
The TBSCertificate object.
PKIX RFC-2459 - TBSCertList object.
Create an instance of the TEA encryption algorithm
and set some defaults
elliptic curves defined in "ECC Brainpool Standard Curves and Curve Generation"
http://www.ecc-brainpool.org/download/draft_pkix_additional_ecc_dp.txt
Test - interface org.bouncycastle.util.test.
Test A thread based seed generator - one source of randomness.
TIGER - static field in class org.bouncycastle.jce.provider.
PBE Time - class org.bouncycastle.asn1.cms.
Time Time - class org.bouncycastle.asn1.x509.
Time creates a time object from a given date - if the date is between 1950
and 2049 a UTCTime object is generated, otherwise a GeneralizedTime
is used.
creates a time object from a given date - if the date is between 1950
and 2049 a UTCTime object is generated, otherwise a GeneralizedTime
is used.
A generic TLS 1.0 block cipher suite.
A generic class for ciphersuites in TLS 1.0.
A manager for ciphersuite.
An InputStream for an TLS 1.0 connection.
A generic TLS MAC implementation, which can be used with any kind of
Digest to act as an HMAC.
Generate a new instance of an TlsMac.
A NULL CipherSuite in java, this should only be used during handshake.
An OutputStream for an TLS connection.
An implementation of all high level protocols in TLS 1.0.
Some helper fuctions for MicroTLS.
Accuracy ::= SEQUENCE {
seconds INTEGER OPTIONAL,
millis [0] INTEGER (1..999) OPTIONAL,
micros [1] INTEGER (1..999) OPTIONAL
}
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
AttributeTypeAndValue ::= SEQUENCE {
type OBJECT IDENTIFIER,
value ANY DEFINED BY type }
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
CAKeyUpdAnnContent ::= SEQUENCE {
oldWithNew CMPCertificate, -- old pub signed with new priv
newWithOld CMPCertificate, -- new pub signed with old priv
newWithNew CMPCertificate -- new pub signed with new priv
}
Produce an object suitable for an ASN1OutputStream.
CertConfirmContent ::= SEQUENCE OF CertStatus
Produce an object suitable for an ASN1OutputStream.
CertId ::= SEQUENCE {
issuer GeneralName,
serialNumber INTEGER }
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
PolicyInformation ::= SEQUENCE {
policyIdentifier CertPolicyId,
policyQualifiers SEQUENCE SIZE (1..MAX) OF
PolicyQualifierInfo OPTIONAL }
CertPolicyId ::= OBJECT IDENTIFIER
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId PolicyQualifierId,
qualifier ANY DEFINED BY policyQualifierId }
PolicyQualifierId ::=
OBJECT IDENTIFIER (id-qt-cps | id-qt-unotice)
CertifiedKeyPair ::= SEQUENCE {
certOrEncCert CertOrEncCert,
privateKey [0] EncryptedValue OPTIONAL,
-- see [CRMF] for comment on encoding
publicationInfo [1] PKIPublicationInfo OPTIONAL
}
CertOrEncCert ::= CHOICE {
certificate [0] CMPCertificate,
encryptedCert [1] EncryptedValue
}
CertRepMessage ::= SEQUENCE {
caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL,
response SEQUENCE OF CertResponse
}
CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
CertReqMsg ::= SEQUENCE {
certReq CertRequest,
pop ProofOfPossession OPTIONAL,
-- content depends upon key type
regInfo SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL }
CertRequest ::= SEQUENCE {
certReqId INTEGER, -- ID for matching request and reply
certTemplate CertTemplate, -- Selected fields of cert to be issued
controls Controls OPTIONAL } -- Attributes affecting issuance
CertResponse ::= SEQUENCE {
certReqId INTEGER,
-- to match this response with corresponding request (a value
-- of -1 is to be used if certReqId is not specified in the
-- corresponding request)
status PKIStatusInfo,
certifiedKeyPair CertifiedKeyPair OPTIONAL,
rspInfo OCTET STRING OPTIONAL
-- analogous to the id-regInfo-utf8Pairs string defined
-- for regInfo in CertReqMsg [CRMF]
}
CertStatus ::= SEQUENCE {
certHash OCTET STRING,
-- the hash of the certificate, using the same hash algorithm
-- as is used to create and verify the certificate signature
certReqId INTEGER,
-- to match this confirmation with the corresponding req/rep
statusInfo PKIStatusInfo OPTIONAL
}
Produce an object suitable for an ASN1OutputStream.
CertTemplate ::= SEQUENCE {
version [0] Version OPTIONAL,
serialNumber [1] INTEGER OPTIONAL,
signingAlg [2] AlgorithmIdentifier OPTIONAL,
issuer [3] Name OPTIONAL,
validity [4] OptionalValidity OPTIONAL,
subject [5] Name OPTIONAL,
publicKey [6] SubjectPublicKeyInfo OPTIONAL,
issuerUID [7] UniqueIdentifier OPTIONAL,
subjectUID [8] UniqueIdentifier OPTIONAL,
extensions [9] Extensions OPTIONAL }
Challenge ::= SEQUENCE {
owf AlgorithmIdentifier OPTIONAL,
-- MUST be present in the first Challenge; MAY be omitted in
-- any subsequent Challenge in POPODecKeyChallContent (if
-- omitted, then the owf used in the immediately preceding
-- Challenge is to be used).
CMPCertificate ::= CHOICE {
x509v3PKCert Certificate
}
CommitmentTypeIndication ::= SEQUENCE {
commitmentTypeId CommitmentTypeIdentifier,
commitmentTypeQualifier SEQUENCE SIZE (1..MAX) OF
CommitmentTypeQualifier OPTIONAL }
Returns a DER-encodable representation of this instance.
ContentHints ::= SEQUENCE {
contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
contentType ContentType }
The definition of ContentIdentifier is
ContentIdentifier ::= OCTET STRING
id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 7 }
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Controls ::= SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue
CRLAnnContent ::= SEQUENCE OF CertificateList
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..MAX)) }
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] Parameters OPTIONAL,
publicKey [1] BIT STRING OPTIONAL }
Produce an object suitable for an ASN1OutputStream.
EncryptedData ::= SEQUENCE {
version CMSVersion,
encryptedContentInfo EncryptedContentInfo,
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
Produce an object suitable for an ASN1OutputStream.
EncryptedValue ::= SEQUENCE {
intendedAlg [0] AlgorithmIdentifier OPTIONAL,
-- the intended algorithm for which the value will be used
symmAlg [1] AlgorithmIdentifier OPTIONAL,
-- the symmetric algorithm used to encrypt the value
encSymmKey [2] BIT STRING OPTIONAL,
-- the (encrypted) symmetric key used to encrypt the value
keyAlg [3] AlgorithmIdentifier OPTIONAL,
-- algorithm used to encrypt the symmetric key
valueHint [4] OCTET STRING OPTIONAL,
-- a brief description or identifier of the encValue content
-- (may be meaningful only to the sending entity, and used only
-- if EncryptedValue might be re-examined by the sending entity
-- in the future)
encValue BIT STRING }
-- the encrypted value itself
Produce an object suitable for an ASN1OutputStream.
ErrorMsgContent ::= SEQUENCE {
pKIStatusInfo PKIStatusInfo,
errorCode INTEGER OPTIONAL,
-- implementation-specific error codes
errorDetails PKIFreeText OPTIONAL
-- implementation-specific error details
}
ESSCertID ::= SEQUENCE {
certHash Hash,
issuerSerial IssuerSerial OPTIONAL }
ESSCertIDv2 ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier
DEFAULT {algorithm id-sha256 parameters NULL},
certHash Hash,
issuerSerial IssuerSerial OPTIONAL
}
Hash ::= OCTET STRING
IssuerSerial ::= SEQUENCE {
issuer GeneralNames,
serialNumber CertificateSerialNumber
}
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
GenRepContent ::= SEQUENCE OF InfoTypeAndValue
Gost28147-89-Parameters ::=
SEQUENCE {
iv Gost28147-89-IV,
encryptionParamSet OBJECT IDENTIFIER
}
Gost28147-89-IV ::= OCTET STRING (SIZE (8))
Produce an object suitable for an ASN1OutputStream.
IetfAttrSyntax ::= SEQUENCE {
policyAuthority [0] GeneralNames OPTIONAL,
values SEQUENCE OF CHOICE {
octets OCTET STRING,
oid OBJECT IDENTIFIER,
string UTF8String
}
}
InfoTypeAndValue ::= SEQUENCE {
infoType OBJECT IDENTIFIER,
infoValue ANY DEFINED BY infoType OPTIONAL
}
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
KeyRecRepContent ::= SEQUENCE {
status PKIStatusInfo,
newSigCert [0] CMPCertificate OPTIONAL,
caCerts [1] SEQUENCE SIZE (1..MAX) OF
CMPCertificate OPTIONAL,
keyPairHist [2] SEQUENCE SIZE (1..MAX) OF
CertifiedKeyPair OPTIONAL
}
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
MessageImprint ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashedMessage OCTET STRING }
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Describe toASN1Object
method here.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
OOBCertHash ::= SEQUENCE {
hashAlg [0] AlgorithmIdentifier OPTIONAL,
certId [1] CertId OPTIONAL,
hashVal BIT STRING
-- hashVal is calculated over the DER encoding of the
-- self-signed certificate with the identifier certID.
OptionalValidity ::= SEQUENCE {
notBefore [0] Time OPTIONAL,
notAfter [1] Time OPTIONAL } --at least one MUST be present
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
OtherCertID ::= SEQUENCE {
otherCertHash OtherHash,
issuerSerial IssuerSerial OPTIONAL }
OtherHash ::= CHOICE {
sha1Hash OCTET STRING,
otherHash OtherHashAlgAndValue }
OtherHashAlgAndValue ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashValue OCTET STRING }
OtherHashAlgAndValue ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashValue OtherHashValue }
OtherHashValue ::= OCTET STRING
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
The definition of OtherSigningCertificate is
OtherSigningCertificate ::= SEQUENCE {
certs SEQUENCE OF OtherCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL
}
id-aa-ets-otherSigCert OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 19 }
Produce an object suitable for an ASN1OutputStream.
PBMParameter ::= SEQUENCE {
salt OCTET STRING,
-- note: implementations MAY wish to limit acceptable sizes
-- of this string to values appropriate for their environment
-- in order to reduce the risk of denial-of-service attacks
owf AlgorithmIdentifier,
-- AlgId for a One-Way Function (SHA-1 recommended)
iterationCount INTEGER,
-- number of times the OWF is applied
-- note: implementations MAY wish to limit acceptable sizes
-- of this integer to values appropriate for their environment
-- in order to reduce the risk of denial-of-service attacks
mac AlgorithmIdentifier
-- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
} -- or HMAC [RFC2104, RFC2202])
Produce an object suitable for an ASN1OutputStream.
PKIBody ::= CHOICE { -- message-specific body elements
ir [0] CertReqMessages, --Initialization Request
ip [1] CertRepMessage, --Initialization Response
cr [2] CertReqMessages, --Certification Request
cp [3] CertRepMessage, --Certification Response
p10cr [4] CertificationRequest, --imported from [PKCS10]
popdecc [5] POPODecKeyChallContent, --pop Challenge
popdecr [6] POPODecKeyRespContent, --pop Response
kur [7] CertReqMessages, --Key Update Request
kup [8] CertRepMessage, --Key Update Response
krr [9] CertReqMessages, --Key Recovery Request
krp [10] KeyRecRepContent, --Key Recovery Response
rr [11] RevReqContent, --Revocation Request
rp [12] RevRepContent, --Revocation Response
ccr [13] CertReqMessages, --Cross-Cert.
PKIConfirmContent ::= NULL
PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
PKIHeader ::= SEQUENCE {
pvno INTEGER { cmp1999(1), cmp2000(2) },
sender GeneralName,
-- identifies the sender
recipient GeneralName,
-- identifies the intended recipient
messageTime [0] GeneralizedTime OPTIONAL,
-- time of production of this message (used when sender
-- believes that the transport will be "suitable"; i.e.,
-- that the time will still be meaningful upon receipt)
protectionAlg [1] AlgorithmIdentifier OPTIONAL,
-- algorithm used for calculation of protection bits
senderKID [2] KeyIdentifier OPTIONAL,
recipKID [3] KeyIdentifier OPTIONAL,
-- to identify specific keys used for protection
transactionID [4] OCTET STRING OPTIONAL,
-- identifies the transaction; i.e., this will be the same in
-- corresponding request, response, certConf, and PKIConf
-- messages
senderNonce [5] OCTET STRING OPTIONAL,
recipNonce [6] OCTET STRING OPTIONAL,
-- nonces used to provide replay protection, senderNonce
-- is inserted by the creator of this message; recipNonce
-- is a nonce previously inserted in a related message by
-- the intended recipient of this message
freeText [7] PKIFreeText OPTIONAL,
-- this may be used to indicate context-specific instructions
-- (this field is intended for human consumption)
generalInfo [8] SEQUENCE SIZE (1..MAX) OF
InfoTypeAndValue OPTIONAL
-- this may be used to convey context-specific information
-- (this field not primarily intended for human consumption)
}
PKIMessage ::= SEQUENCE {
header PKIHeader,
body PKIBody,
protection [0] PKIProtection OPTIONAL,
extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL
}
PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
PKIPublicationInfo ::= SEQUENCE {
action INTEGER {
dontPublish (0),
pleasePublish (1) },
pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
-- pubInfos MUST NOT be present if action is "dontPublish"
-- (if action is "pleasePublish" and pubInfos is omitted,
-- "dontCare" is assumed)
PKIStatusInfo ::= SEQUENCE {
status PKIStatus, (INTEGER)
statusString PKIFreeText OPTIONAL,
failInfo PKIFailureInfo OPTIONAL (BIT STRING)
}
PKIStatus:
granted (0), -- you got exactly what you asked for
grantedWithMods (1), -- you got something like what you asked for
rejection (2), -- you don't get it, more information elsewhere in the message
waiting (3), -- the request body part has not yet been processed, expect to hear more later
revocationWarning (4), -- this message contains a warning that a revocation is imminent
revocationNotification (5), -- notification that a revocation has occurred
keyUpdateWarning (6) -- update already done for the oldCertId specified in CertReqMsg
PKIFailureInfo:
badAlg (0), -- unrecognized or unsupported Algorithm Identifier
badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
badRequest (2), -- transaction not permitted or supported
badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
badCertId (4), -- no certificate could be found matching the provided criteria
badDataFormat (5), -- the data submitted has the wrong format
wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
incorrectData (7), -- the requester's data is incorrect (for notary services)
missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
badPOP (9) -- the proof-of-possession failed
Returns a DER-encodable representation of this instance.
PollRepContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER,
checkAfter INTEGER, -- time in seconds
reason PKIFreeText OPTIONAL
}
PollReqContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER
}
POPODecKeyChallContent ::= SEQUENCE OF Challenge
POPODecKeyRespContent ::= SEQUENCE OF INTEGER
POPOPrivKey ::= CHOICE {
thisMessage [0] BIT STRING, -- Deprecated
-- possession is proven in this message (which contains the private
-- key itself (encrypted for the CA))
subsequentMessage [1] SubsequentMessage,
-- possession will be proven in a subsequent message
dhMAC [2] BIT STRING, -- Deprecated
agreeMAC [3] PKMACValue,
encryptedKey [4] EnvelopedData }
POPOSigningKey ::= SEQUENCE {
poposkInput [0] POPOSigningKeyInput OPTIONAL,
algorithmIdentifier AlgorithmIdentifier,
signature BIT STRING }
-- The signature (using "algorithmIdentifier") is on the
-- DER-encoded value of poposkInput.
POPOSigningKeyInput ::= SEQUENCE {
authInfo CHOICE {
sender [0] GeneralName,
-- used only if an authenticated identity has been
-- established for the sender (e.g., a DN from a
-- previously-issued and currently-valid certificate
publicKeyMAC PKMACValue },
-- used if no authenticated GeneralName currently exists for
-- the sender; publicKeyMAC contains a password-based MAC
-- on the DER-encoded value of publicKey
publicKey SubjectPublicKeyInfo } -- from CertTemplate
write out an RSA private key with it's asscociated information
as described in PKCS8.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
ProofOfPossession ::= CHOICE {
raVerified [0] NULL,
-- used if the RA has already verified that the requester is in
-- possession of the private key
signature [1] POPOSigningKey,
keyEncipherment [2] POPOPrivKey,
keyAgreement [3] POPOPrivKey }
ProtectedPart ::= SEQUENCE {
header PKIHeader,
body PKIBody
}
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
RevAnnContent ::= SEQUENCE {
status PKIStatus,
certId CertId,
willBeRevokedAt GeneralizedTime,
badSinceDate GeneralizedTime,
crlDetails Extensions OPTIONAL
-- extra CRL details (e.g., crl number, reason, location, etc.)
RevDetails ::= SEQUENCE {
certDetails CertTemplate,
-- allows requester to specify as much as they can about
-- the cert. for which revocation is requested
-- (e.g., for cases in which serialNumber is not available)
crlEntryDetails Extensions OPTIONAL
-- requested crlEntryExtensions
}
Produce an object suitable for an ASN1OutputStream.
RevRepContent ::= SEQUENCE {
status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
-- in same order as was sent in RevReqContent
revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
-- IDs for which revocation was requested
-- (same order as status)
crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
-- the resulting CRLs (there may be more than one)
}
RevReqContent ::= SEQUENCE OF RevDetails
Implementation of the method toASN1Object
as
required by the superclass ASN1Encodable
.
RSAES-OAEP-params ::= SEQUENCE {
hashAlgorithm [0] OAEP-PSSDigestAlgorithms DEFAULT sha1,
maskGenAlgorithm [1] PKCS1MGFAlgorithms DEFAULT mgf1SHA1,
pSourceAlgorithm [2] PKCS1PSourceAlgorithms DEFAULT pSpecifiedEmpty
}
OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
{ OID id-sha1 PARAMETERS NULL }|
{ OID id-sha256 PARAMETERS NULL }|
{ OID id-sha384 PARAMETERS NULL }|
{ OID id-sha512 PARAMETERS NULL },
...
This outputs the key in PKCS1v2 format.
This outputs the key in PKCS1v2 format.
RSASSA-PSS-params ::= SEQUENCE {
hashAlgorithm [0] OAEP-PSSDigestAlgorithms DEFAULT sha1,
maskGenAlgorithm [1] PKCS1MGFAlgorithms DEFAULT mgf1SHA1,
saltLength [2] INTEGER DEFAULT 20,
trailerField [3] TrailerField DEFAULT trailerFieldBC
}
OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
{ OID id-sha1 PARAMETERS NULL }|
{ OID id-sha256 PARAMETERS NULL }|
{ OID id-sha384 PARAMETERS NULL }|
{ OID id-sha512 PARAMETERS NULL },
...
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
SignaturePolicyId ::= SEQUENCE {
sigPolicyId SigPolicyId,
sigPolicyHash SigPolicyHash,
sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF SigPolicyQualifierInfo OPTIONAL}
SignaturePolicyIdentifier ::= CHOICE{
SignaturePolicyId SignaturePolicyId,
SignaturePolicyImplied SignaturePolicyImplied }
SignaturePolicyImplied ::= NULL
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
SignerAttribute ::= SEQUENCE OF CHOICE {
claimedAttributes [0] ClaimedAttributes,
certifiedAttributes [1] CertifiedAttributes }
ClaimedAttributes ::= SEQUENCE OF Attribute
CertifiedAttributes ::= AttributeCertificate -- as defined in RFC 3281: see clause 4.1.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
SignerLocation ::= SEQUENCE {
countryName [0] DirectoryString OPTIONAL,
localityName [1] DirectoryString OPTIONAL,
postalAddress [2] PostalAddress OPTIONAL }
PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..
The definition of SigningCertificate is
SigningCertificate ::= SEQUENCE {
certs SEQUENCE OF ESSCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL
}
id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 12 }
The definition of SigningCertificateV2 is
SigningCertificateV2 ::= SEQUENCE {
certs SEQUENCE OF ESSCertIDv2,
policies SEQUENCE OF PolicyInformation OPTIONAL
}
id-aa-signingCertificateV2 OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 47 }
SigPolicyQualifierInfo ::= SEQUENCE {
sigPolicyQualifierId SigPolicyQualifierId,
sigQualifier ANY DEFINED BY sigPolicyQualifierId }
SigPolicyQualifierId ::= OBJECT IDENTIFIER
SigPolicyQualifiers ::= SEQUENCE SIZE (1..MAX) OF SigPolicyQualifierInfo
SinglePubInfo ::= SEQUENCE {
pubMethod INTEGER {
dontCare (0),
x500 (1),
web (2),
ldap (3) },
pubLocation GeneralName OPTIONAL }
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
SPUserNotice ::= SEQUENCE {
noticeRef NoticeReference OPTIONAL,
explicitText DisplayText OPTIONAL }
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
TimeStampReq ::= SEQUENCE {
version INTEGER { v1(1) },
messageImprint MessageImprint,
--a hash algorithm OID and the hash value of the data to be
--time-stamped
reqPolicy TSAPolicyId OPTIONAL,
nonce INTEGER OPTIONAL,
certReq BOOLEAN DEFAULT FALSE,
extensions [0] IMPLICIT Extensions OPTIONAL
}
TimeStampResp ::= SEQUENCE {
status PKIStatusInfo,
timeStampToken TimeStampToken OPTIONAL }
TSTInfo ::= SEQUENCE {
version INTEGER { v1(1) },
policy TSAPolicyId,
messageImprint MessageImprint,
-- MUST have the same value as the similar field in
-- TimeStampReq
serialNumber INTEGER,
-- Time-Stamping users MUST be ready to accommodate integers
-- up to 160 bits.
Produce an object suitable for an ASN1OutputStream.
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnId EXTENSION.&id ({ExtensionSet}),
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce an object suitable for an ASN1OutputStream.
Produce a DER encoding of the following structure.
A locale independent version of toLowerCase.
Returns a formatted string describing the parameters.
Returns a string representation of this CRL.
convert the structure to a string - if reverse is true the
oids and values are listed out starting with the last element
in the sequence (ala RFC 2253), otherwise the string will begin
with the first element of the structure.
A locale independent version of toUpperCase.
general interface for an translator.
A class that provides Twofish encryption operations.
The TypeOfBiometricData object.