BouncyCastle.Crypto return the X9ECParameters object for the named curve represented by the passed in object identifier. Null if the curve isn't present. @param oid an object identifier representing a named curve, if present. return the object identifier signified by the passed in name. Null if there is no object identifier associated with name. @return the object identifier associated with name, if present. return the named curve name represented by the given object identifier. returns an enumeration containing the name strings for curves contained in this structure. Return the DER encoding of the object, null if the DER encoding can not be made. @return a DER byte array, null otherwise. a general purpose ASN.1 decoder - note: this class differs from the others in that it returns null after it has read the last object in the stream. If an ASN.1 Null is encountered a Der/BER Null object is returned. Create an ASN1InputStream where no DER object will be longer than limit. @param input stream containing ASN.1 encoded data. @param limit maximum size of a DER encoded object. Create an ASN1InputStream based on the input byte array. The length of DER objects in the stream is automatically limited to the length of the input array. @param input array containing ASN.1 encoded data. build an object given its tag and the number of bytes to construct it from. A Null object. Create a base ASN.1 object from a byte array. The byte array to parse. The base ASN.1 object represented by the byte array. If there is a problem parsing the data, or parsing an object did not exhaust the available data. Read a base ASN.1 object from a stream. The stream to parse. The base ASN.1 object represented by the byte array. If there is a problem parsing the data. return an Octet string from a tagged object. @param obj the tagged object holding the object we want. @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. return an Octet string from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. @param string the octets making up the octet string. return an Asn1Sequence from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Return an ASN1 sequence from a tagged object. There is a special case here, if an object appears to have been explicitly tagged on reading but we were expecting it to be implicitly tagged in the normal course of events it indicates that we lost the surrounding sequence - so we need to add it back (this will happen if the tagged object is a sequence that contains other sequences). If you are dealing with implicitly tagged sequences you really should be using this method. @param obj the tagged object. @param explicitly true if the object is meant to be explicitly tagged, false otherwise. @exception ArgumentException if the tagged object cannot be converted. return the object at the sequence position indicated by index. @param index the sequence number (starting at zero) of the object @return the object at the sequence position indicated by index. return an ASN1Set from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Return an ASN1 set from a tagged object. There is a special case here, if an object appears to have been explicitly tagged on reading but we were expecting it to be implicitly tagged in the normal course of events it indicates that we lost the surrounding set - so we need to add it back (this will happen if the tagged object is a sequence that contains other sequences). If you are dealing with implicitly tagged sets you really should be using this method. @param obj the tagged object. @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. return the object at the set position indicated by index. @param index the set number (starting at zero) of the object @return the object at the set position indicated by index. ASN.1 TaggedObject - in ASN.1 notation this is any object preceded by a [n] where n is some number - these are assumed to follow the construction rules (as with sequences). @param tagNo the tag number for this object. @param obj the tagged object. @param explicitly true if the object is explicitly tagged. @param tagNo the tag number for this object. @param obj the tagged object. return whether or not the object may be explicitly tagged.

Note: if the object has been read from an input stream, the only time you can be sure if isExplicit is returning the true state of affairs is if it returns false. An implicitly tagged object may appear to be explicitly tagged, so you need to understand the context under which the reading was done as well, see GetObject below.

return whatever was following the tag.

Note: tagged objects are generally context dependent if you're trying to extract a tagged object you should be going via the appropriate GetInstance method.

Return the object held in this tagged object as a parser assuming it has the type of the passed in tag. If the object doesn't have a parser associated with it, the base object is returned. iso.org.dod.internet.private.enterprise.legion-of-the-bouncy-castle

1.3.6.1.4.1.22554

pbe(1) algorithms

1.3.6.1.4.1.22554.1

SHA-1(1)

1.3.6.1.4.1.22554.1.1

SHA-2.SHA-256; 1.3.6.1.4.1.22554.1.2.1 SHA-2.SHA-384; 1.3.6.1.4.1.22554.1.2.2 SHA-2.SHA-512; 1.3.6.1.4.1.22554.1.2.3 SHA-2.SHA-224; 1.3.6.1.4.1.22554.1.2.4 PKCS-5(1)|PKCS-12(2) SHA-1.PKCS5; 1.3.6.1.4.1.22554.1.1.1 SHA-1.PKCS12; 1.3.6.1.4.1.22554.1.1.2 SHA-256.PKCS12; 1.3.6.1.4.1.22554.1.2.1.1 SHA-256.PKCS12; 1.3.6.1.4.1.22554.1.2.1.2 AES(1) . (CBC-128(2)|CBC-192(22)|CBC-256(42)) 1.3.6.1.4.1.22554.1.1.2.1.2 1.3.6.1.4.1.22554.1.1.2.1.22 1.3.6.1.4.1.22554.1.1.2.1.42 1.3.6.1.4.1.22554.1.1.2.2.2 1.3.6.1.4.1.22554.1.1.2.2.22 1.3.6.1.4.1.22554.1.1.2.2.42 signature(2) algorithms Sphincs-256 XMSS XMSS^MT key_exchange(3) algorithms NewHope A BER Null object. convert a vector of octet strings into a single byte string The octets making up the octet string. return the DER octets that make up this string. create an empty sequence create a sequence containing one object create a sequence containing a vector of objects. create an empty sequence create a set containing one object create a set containing a vector of objects. BER TaggedObject - in ASN.1 notation this is any object preceded by a [n] where n is some number - these are assumed to follow the construction rules (as with sequences). @param tagNo the tag number for this object. @param obj the tagged object. @param explicitly true if an explicitly tagged object. @param tagNo the tag number for this object. @param obj the tagged object. create an implicitly tagged object that contains a zero length sequence. See https://www.bsi.bund.de/cae/servlet/contentblob/471398/publicationFile/30615/BSI-TR-03111_pdf.pdf 0.4.0.127.0.7.1 ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963 OID: 0.4.0.127.0.7.1.1.5.1.1 ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963 with hash function SHA-1 OID: 0.4.0.127.0.7.1.1.5.1.1.1 ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963 with hash function SHA224 OID: 0.4.0.127.0.7.1.1.5.1.1.2 ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963 with hash function SHA256 OID: 0.4.0.127.0.7.1.1.5.1.1.3 ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963 with hash function SHA384 OID: 0.4.0.127.0.7.1.1.5.1.1.4 ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963 with hash function SHA512 OID: 0.4.0.127.0.7.1.1.5.1.1.5 ElGamal Elliptic Curve Key Agreement and Key Derivation according to X963 with hash function RIPEMD160 OID: 0.4.0.127.0.7.1.1.5.1.1.6 Key Derivation Function for Session Keys
            CAKeyUpdAnnContent ::= SEQUENCE {
                                        oldWithNew   CmpCertificate, -- old pub signed with new priv
                                        newWithOld   CmpCertificate, -- new pub signed with old priv
                                        newWithNew   CmpCertificate  -- new pub signed with new priv
             }
            
@return a basic ASN.1 object representation.
            CertConfirmContent ::= SEQUENCE OF CertStatus
            
@return a basic ASN.1 object representation.
            CertifiedKeyPair ::= SEQUENCE {
                                             certOrEncCert       CertOrEncCert,
                                             privateKey      [0] EncryptedValue      OPTIONAL,
                                             -- see [CRMF] for comment on encoding
                                             publicationInfo [1] PKIPublicationInfo  OPTIONAL
                  }
            
@return a basic ASN.1 object representation.
            CertOrEncCert ::= CHOICE {
                                 certificate     [0] CMPCertificate,
                                 encryptedCert   [1] EncryptedValue
                      }
            
@return a basic ASN.1 object representation.
            CertRepMessage ::= SEQUENCE {
                                     caPubs       [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
                                                                                        OPTIONAL,
                                     response         SEQUENCE OF CertResponse
            }
            
@return a basic ASN.1 object representation.
            CertResponse ::= SEQUENCE {
                                       certReqId           INTEGER,
                                       -- to match this response with corresponding request (a value
                                       -- of -1 is to be used if certReqId is not specified in the
                                       -- corresponding request)
                                       status              PKIStatusInfo,
                                       certifiedKeyPair    CertifiedKeyPair    OPTIONAL,
                                       rspInfo             OCTET STRING        OPTIONAL
                                       -- analogous to the id-regInfo-utf8Pairs string defined
                                       -- for regInfo in CertReqMsg [CRMF]
                        }
            
@return a basic ASN.1 object representation.
            CertStatus ::= SEQUENCE {
                              certHash    OCTET STRING,
                              -- the hash of the certificate, using the same hash algorithm
                              -- as is used to create and verify the certificate signature
                              certReqId   INTEGER,
                              -- to match this confirmation with the corresponding req/rep
                              statusInfo  PKIStatusInfo OPTIONAL
            }
            
@return a basic ASN.1 object representation.
             Challenge ::= SEQUENCE {
                             owf                 AlgorithmIdentifier  OPTIONAL,
            
                             -- MUST be present in the first Challenge; MAY be omitted in
                             -- any subsequent Challenge in POPODecKeyChallContent (if
                             -- omitted, then the owf used in the immediately preceding
                             -- Challenge is to be used).
            
                             witness             OCTET STRING,
                             -- the result of applying the one-way function (owf) to a
                             -- randomly-generated INTEGER, A.  [Note that a different
                             -- INTEGER MUST be used for each Challenge.]
                             challenge           OCTET STRING
                             -- the encryption (under the public key for which the cert.
                             -- request is being made) of Rand, where Rand is specified as
                             --   Rand ::= SEQUENCE {
                             --      int      INTEGER,
                             --       - the randomly-generated INTEGER A (above)
                             --      sender   GeneralName
                             --       - the sender's name (as included in PKIHeader)
                             --   }
                  }
             
@return a basic ASN.1 object representation.
Note: the addition of attribute certificates is a BC extension.
             CMPCertificate ::= CHOICE {
                        x509v3PKCert        Certificate
                        x509v2AttrCert      [1] AttributeCertificate
              }
             
Note: the addition of attribute certificates is a BC extension. @return a basic ASN.1 object representation.
            CrlAnnContent ::= SEQUENCE OF CertificateList
            
@return a basic ASN.1 object representation.
            ErrorMsgContent ::= SEQUENCE {
                                   pKIStatusInfo          PKIStatusInfo,
                                   errorCode              INTEGER           OPTIONAL,
                                   -- implementation-specific error codes
                                   errorDetails           PKIFreeText       OPTIONAL
                                   -- implementation-specific error details
            }
            
@return a basic ASN.1 object representation.
            GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
            
@return a basic ASN.1 object representation.
            GenRepContent ::= SEQUENCE OF InfoTypeAndValue
            
@return a basic ASN.1 object representation.
Example InfoTypeAndValue contents include, but are not limited to, the following (un-comment in this ASN.1 module and use as appropriate for a given environment):
               id-it-caProtEncCert    OBJECT IDENTIFIER ::= {id-it 1}
                  CAProtEncCertValue      ::= CMPCertificate
               id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2}
                 SignKeyPairTypesValue   ::= SEQUENCE OF AlgorithmIdentifier
               id-it-encKeyPairTypes  OBJECT IDENTIFIER ::= {id-it 3}
                 EncKeyPairTypesValue    ::= SEQUENCE OF AlgorithmIdentifier
               id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4}
                  PreferredSymmAlgValue   ::= AlgorithmIdentifier
               id-it-caKeyUpdateInfo  OBJECT IDENTIFIER ::= {id-it 5}
                  CAKeyUpdateInfoValue    ::= CAKeyUpdAnnContent
               id-it-currentCRL       OBJECT IDENTIFIER ::= {id-it 6}
                  CurrentCRLValue         ::= CertificateList
               id-it-unsupportedOIDs  OBJECT IDENTIFIER ::= {id-it 7}
                  UnsupportedOIDsValue    ::= SEQUENCE OF OBJECT IDENTIFIER
               id-it-keyPairParamReq  OBJECT IDENTIFIER ::= {id-it 10}
                  KeyPairParamReqValue    ::= OBJECT IDENTIFIER
               id-it-keyPairParamRep  OBJECT IDENTIFIER ::= {id-it 11}
                  KeyPairParamRepValue    ::= AlgorithmIdentifer
               id-it-revPassphrase    OBJECT IDENTIFIER ::= {id-it 12}
                  RevPassphraseValue      ::= EncryptedValue
               id-it-implicitConfirm  OBJECT IDENTIFIER ::= {id-it 13}
                  ImplicitConfirmValue    ::= NULL
               id-it-confirmWaitTime  OBJECT IDENTIFIER ::= {id-it 14}
                  ConfirmWaitTimeValue    ::= GeneralizedTime
               id-it-origPKIMessage   OBJECT IDENTIFIER ::= {id-it 15}
                  OrigPKIMessageValue     ::= PKIMessages
               id-it-suppLangTags     OBJECT IDENTIFIER ::= {id-it 16}
                  SuppLangTagsValue       ::= SEQUENCE OF UTF8String
            
             where
            
               id-pkix OBJECT IDENTIFIER ::= {
                  iso(1) identified-organization(3)
                  dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
             and
                  id-it   OBJECT IDENTIFIER ::= {id-pkix 4}
             
            InfoTypeAndValue ::= SEQUENCE {
                                    infoType               OBJECT IDENTIFIER,
                                    infoValue              ANY DEFINED BY infoType  OPTIONAL
            }
            
@return a basic ASN.1 object representation.
            KeyRecRepContent ::= SEQUENCE {
                                    status                  PKIStatusInfo,
                                    newSigCert          [0] CMPCertificate OPTIONAL,
                                    caCerts             [1] SEQUENCE SIZE (1..MAX) OF
                                                                      CMPCertificate OPTIONAL,
                                    keyPairHist         [2] SEQUENCE SIZE (1..MAX) OF
                                                                      CertifiedKeyPair OPTIONAL
                         }
            
@return a basic ASN.1 object representation.
            OobCertHash ::= SEQUENCE {
                                 hashAlg     [0] AlgorithmIdentifier     OPTIONAL,
                                 certId      [1] CertId                  OPTIONAL,
                                 hashVal         BIT STRING
                                 -- hashVal is calculated over the Der encoding of the
                                 -- self-signed certificate with the identifier certID.
                  }
            
@return a basic ASN.1 object representation.
             PbmParameter ::= SEQUENCE {
                                   salt                OCTET STRING,
                                   -- note:  implementations MAY wish to limit acceptable sizes
                                   -- of this string to values appropriate for their environment
                                   -- in order to reduce the risk of denial-of-service attacks
                                   owf                 AlgorithmIdentifier,
                                   -- AlgId for a One-Way Function (SHA-1 recommended)
                                   iterationCount      INTEGER,
                                   -- number of times the OWF is applied
                                   -- note:  implementations MAY wish to limit acceptable sizes
                                   -- of this integer to values appropriate for their environment
                                   -- in order to reduce the risk of denial-of-service attacks
                                   mac                 AlgorithmIdentifier
                                   -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
               }   -- or HMAC [RFC2104, RFC2202])
            
@return a basic ASN.1 object representation.
Creates a new PkiBody. @param type one of the TYPE_* constants @param content message content
            PkiBody ::= CHOICE {       -- message-specific body elements
                   ir       [0]  CertReqMessages,        --Initialization Request
                   ip       [1]  CertRepMessage,         --Initialization Response
                   cr       [2]  CertReqMessages,        --Certification Request
                   cp       [3]  CertRepMessage,         --Certification Response
                   p10cr    [4]  CertificationRequest,   --imported from [PKCS10]
                   popdecc  [5]  POPODecKeyChallContent, --pop Challenge
                   popdecr  [6]  POPODecKeyRespContent,  --pop Response
                   kur      [7]  CertReqMessages,        --Key Update Request
                   kup      [8]  CertRepMessage,         --Key Update Response
                   krr      [9]  CertReqMessages,        --Key Recovery Request
                   krp      [10] KeyRecRepContent,       --Key Recovery Response
                   rr       [11] RevReqContent,          --Revocation Request
                   rp       [12] RevRepContent,          --Revocation Response
                   ccr      [13] CertReqMessages,        --Cross-Cert. Request
                   ccp      [14] CertRepMessage,         --Cross-Cert. Response
                   ckuann   [15] CAKeyUpdAnnContent,     --CA Key Update Ann.
                   cann     [16] CertAnnContent,         --Certificate Ann.
                   rann     [17] RevAnnContent,          --Revocation Ann.
                   crlann   [18] CRLAnnContent,          --CRL Announcement
                   pkiconf  [19] PKIConfirmContent,      --Confirmation
                   nested   [20] NestedMessageContent,   --Nested Message
                   genm     [21] GenMsgContent,          --General Message
                   genp     [22] GenRepContent,          --General Response
                   error    [23] ErrorMsgContent,        --Error Message
                   certConf [24] CertConfirmContent,     --Certificate confirm
                   pollReq  [25] PollReqContent,         --Polling request
                   pollRep  [26] PollRepContent          --Polling response
            }
            
@return a basic ASN.1 object representation.
            PkiConfirmContent ::= NULL
            
@return a basic ASN.1 object representation.
            PKIFailureInfo ::= BIT STRING {
            badAlg               (0),
              -- unrecognized or unsupported Algorithm Identifier
            badMessageCheck      (1), -- integrity check failed (e.g., signature did not verify)
            badRequest           (2),
              -- transaction not permitted or supported
            badTime              (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
            badCertId            (4), -- no certificate could be found matching the provided criteria
            badDataFormat        (5),
              -- the data submitted has the wrong format
            wrongAuthority       (6), -- the authority indicated in the request is different from the one creating the response token
            incorrectData        (7), -- the requester's data is incorrect (for notary services)
            missingTimeStamp     (8), -- when the timestamp is missing but should be there (by policy)
            badPOP               (9)  -- the proof-of-possession failed
            certRevoked         (10),
            certConfirmed       (11),
            wrongIntegrity      (12),
            badRecipientNonce   (13), 
            timeNotAvailable    (14),
              -- the TSA's time source is not available
            unacceptedPolicy    (15),
              -- the requested TSA policy is not supported by the TSA
            unacceptedExtension (16),
              -- the requested extension is not supported by the TSA
            addInfoNotAvailable (17)
              -- the additional information requested could not be understood
              -- or is not available
            badSenderNonce      (18),
            badCertTemplate     (19),
            signerNotTrusted    (20),
            transactionIdInUse  (21),
            unsupportedVersion  (22),
            notAuthorized       (23),
            systemUnavail       (24),    
            systemFailure       (25),
              -- the request cannot be handled due to system failure
            duplicateCertReq    (26) 
            
Basic constructor. Return the number of string elements present. @return number of elements present. Return the UTF8STRING at index. @param index index of the string of interest @return the string at index.
            PkiFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
            
Value for a "null" recipient or sender.
             PkiHeader ::= SEQUENCE {
                       pvno                INTEGER     { cmp1999(1), cmp2000(2) },
                       sender              GeneralName,
                       -- identifies the sender
                       recipient           GeneralName,
                       -- identifies the intended recipient
                       messageTime     [0] GeneralizedTime         OPTIONAL,
                       -- time of production of this message (used when sender
                       -- believes that the transport will be "suitable"; i.e.,
                       -- that the time will still be meaningful upon receipt)
                       protectionAlg   [1] AlgorithmIdentifier     OPTIONAL,
                       -- algorithm used for calculation of protection bits
                       senderKID       [2] KeyIdentifier           OPTIONAL,
                       recipKID        [3] KeyIdentifier           OPTIONAL,
                       -- to identify specific keys used for protection
                       transactionID   [4] OCTET STRING            OPTIONAL,
                       -- identifies the transaction; i.e., this will be the same in
                       -- corresponding request, response, certConf, and PKIConf
                       -- messages
                       senderNonce     [5] OCTET STRING            OPTIONAL,
                       recipNonce      [6] OCTET STRING            OPTIONAL,
                       -- nonces used to provide replay protection, senderNonce
                       -- is inserted by the creator of this message; recipNonce
                       -- is a nonce previously inserted in a related message by
                       -- the intended recipient of this message
                       freeText        [7] PKIFreeText             OPTIONAL,
                       -- this may be used to indicate context-specific instructions
                       -- (this field is intended for human consumption)
                       generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
                                            InfoTypeAndValue     OPTIONAL
                       -- this may be used to convey context-specific information
                       -- (this field not primarily intended for human consumption)
            }
            
@return a basic ASN.1 object representation.
             PKIHeader ::= SEQUENCE {
                       pvno                INTEGER     { cmp1999(1), cmp2000(2) },
                       sender              GeneralName,
                       -- identifies the sender
                       recipient           GeneralName,
                       -- identifies the intended recipient
                       messageTime     [0] GeneralizedTime         OPTIONAL,
                       -- time of production of this message (used when sender
                       -- believes that the transport will be "suitable"; i.e.,
                       -- that the time will still be meaningful upon receipt)
                       protectionAlg   [1] AlgorithmIdentifier     OPTIONAL,
                       -- algorithm used for calculation of protection bits
                       senderKID       [2] KeyIdentifier           OPTIONAL,
                       recipKID        [3] KeyIdentifier           OPTIONAL,
                       -- to identify specific keys used for protection
                       transactionID   [4] OCTET STRING            OPTIONAL,
                       -- identifies the transaction; i.e., this will be the same in
                       -- corresponding request, response, certConf, and PKIConf
                       -- messages
                       senderNonce     [5] OCTET STRING            OPTIONAL,
                       recipNonce      [6] OCTET STRING            OPTIONAL,
                       -- nonces used to provide replay protection, senderNonce
                       -- is inserted by the creator of this message; recipNonce
                       -- is a nonce previously inserted in a related message by
                       -- the intended recipient of this message
                       freeText        [7] PKIFreeText             OPTIONAL,
                       -- this may be used to indicate context-specific instructions
                       -- (this field is intended for human consumption)
                       generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
                                            InfoTypeAndValue     OPTIONAL
                       -- this may be used to convey context-specific information
                       -- (this field not primarily intended for human consumption)
            }
            
@return a basic ASN.1 object representation.
Creates a new PkiMessage. @param header message header @param body message body @param protection message protection (may be null) @param extraCerts extra certificates (may be null)
            PkiMessage ::= SEQUENCE {
                             header           PKIHeader,
                             body             PKIBody,
                             protection   [0] PKIProtection OPTIONAL,
                             extraCerts   [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
                                                                                OPTIONAL
            }
            
@return a basic ASN.1 object representation.
            PkiMessages ::= SEQUENCE SIZE (1..MAX) OF PkiMessage
            
@return a basic ASN.1 object representation.
@param status @param status @param statusString
             PkiStatusInfo ::= SEQUENCE {
                 status        PKIStatus,                (INTEGER)
                 statusString  PkiFreeText     OPTIONAL,
                 failInfo      PkiFailureInfo  OPTIONAL  (BIT STRING)
             }
            
             PKIStatus:
               granted                (0), -- you got exactly what you asked for
               grantedWithMods        (1), -- you got something like what you asked for
               rejection              (2), -- you don't get it, more information elsewhere in the message
               waiting                (3), -- the request body part has not yet been processed, expect to hear more later
               revocationWarning      (4), -- this message contains a warning that a revocation is imminent
               revocationNotification (5), -- notification that a revocation has occurred
               keyUpdateWarning       (6)  -- update already done for the oldCertId specified in CertReqMsg
            
             PkiFailureInfo:
               badAlg           (0), -- unrecognized or unsupported Algorithm Identifier
               badMessageCheck  (1), -- integrity check failed (e.g., signature did not verify)
               badRequest       (2), -- transaction not permitted or supported
               badTime          (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
               badCertId        (4), -- no certificate could be found matching the provided criteria
               badDataFormat    (5), -- the data submitted has the wrong format
               wrongAuthority   (6), -- the authority indicated in the request is different from the one creating the response token
               incorrectData    (7), -- the requester's data is incorrect (for notary services)
               missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
               badPOP           (9)  -- the proof-of-possession failed
            
             
            PollRepContent ::= SEQUENCE OF SEQUENCE {
                    certReqId              INTEGER,
                    checkAfter             INTEGER,  -- time in seconds
                    reason                 PKIFreeText OPTIONAL
                }
            
@return a basic ASN.1 object representation.
            PollReqContent ::= SEQUENCE OF SEQUENCE {
                                   certReqId              INTEGER
            }
            
@return a basic ASN.1 object representation.
            PopoDecKeyChallContent ::= SEQUENCE OF Challenge
            
@return a basic ASN.1 object representation.
            PopoDecKeyRespContent ::= SEQUENCE OF INTEGER
            
@return a basic ASN.1 object representation.
            ProtectedPart ::= SEQUENCE {
                               header    PKIHeader,
                               body      PKIBody
            }
            
@return a basic ASN.1 object representation.
            RevAnnContent ::= SEQUENCE {
                  status              PKIStatus,
                  certId              CertId,
                  willBeRevokedAt     GeneralizedTime,
                  badSinceDate        GeneralizedTime,
                  crlDetails          Extensions  OPTIONAL
                   -- extra CRL details (e.g., crl number, reason, location, etc.)
            }
            
@return a basic ASN.1 object representation.
            RevDetails ::= SEQUENCE {
                             certDetails         CertTemplate,
                              -- allows requester to specify as much as they can about
                              -- the cert. for which revocation is requested
                              -- (e.g., for cases in which serialNumber is not available)
                              crlEntryDetails     Extensions       OPTIONAL
                              -- requested crlEntryExtensions
                        }
            
@return a basic ASN.1 object representation.
            RevRepContent ::= SEQUENCE {
                   status       SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
                   -- in same order as was sent in RevReqContent
                   revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
                   -- IDs for which revocation was requested
                   -- (same order as status)
                   crls     [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
                   -- the resulting CRLs (there may be more than one)
              }
            
@return a basic ASN.1 object representation.
            RevReqContent ::= SEQUENCE OF RevDetails
            
@return a basic ASN.1 object representation.
return an Attribute object from the given object. @param o the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            Attribute ::= SEQUENCE {
                attrType OBJECT IDENTIFIER,
                attrValues SET OF AttributeValue
            }
            
            Attributes ::=
              SET SIZE(1..MAX) OF Attribute -- according to RFC 5652
            
@return
Return the first attribute matching the given OBJECT IDENTIFIER Return all the attributes matching the OBJECT IDENTIFIER oid. The vector will be empty if there are no attributes of the required type present. @param oid type of attribute required. @return a vector of all the attributes found of type oid. Return a new table with the passed in attribute added. @param attrType @param attrValue @return return an AuthenticatedData object from a tagged object. @param obj the tagged object holding the object we want. @param isExplicit true if the object is meant to be explicitly tagged false otherwise. @throws ArgumentException if the object held by the tagged object cannot be converted. return an AuthenticatedData object from the given object. @param obj the object we want converted. @throws ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
             AuthenticatedData ::= SEQUENCE {
                   version CMSVersion,
                   originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
                   recipientInfos RecipientInfos,
                   macAlgorithm MessageAuthenticationCodeAlgorithm,
                   digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
                   encapContentInfo EncapsulatedContentInfo,
                   authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
                   mac MessageAuthenticationCode,
                   unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
            
             AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
            
             UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
            
             MessageAuthenticationCode ::= OCTET STRING
             
Produce an object suitable for an Asn1OutputStream.
             AuthenticatedData ::= SEQUENCE {
                   version CMSVersion,
                   originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
                   recipientInfos RecipientInfos,
                   macAlgorithm MessageAuthenticationCodeAlgorithm,
                   digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
                   encapContentInfo EncapsulatedContentInfo,
                   authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
                   mac MessageAuthenticationCode,
                   unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
            
             AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
            
             UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
            
             MessageAuthenticationCode ::= OCTET STRING
             
return an AuthEnvelopedData object from a tagged object. @param obj the tagged object holding the object we want. @param isExplicit true if the object is meant to be explicitly tagged false otherwise. @throws ArgumentException if the object held by the tagged object cannot be converted. return an AuthEnvelopedData object from the given object. @param obj the object we want converted. @throws ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            AuthEnvelopedData ::= SEQUENCE {
              version CMSVersion,
              originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
              recipientInfos RecipientInfos,
              authEncryptedContentInfo EncryptedContentInfo,
              authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
              mac MessageAuthenticationCode,
              unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
            
Produce an object suitable for an Asn1OutputStream.
            AuthEnvelopedData ::= SEQUENCE {
              version CMSVersion,
              originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
              recipientInfos RecipientInfos,
              authEncryptedContentInfo EncryptedContentInfo,
              authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
              mac MessageAuthenticationCode,
              unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
            
The other Revocation Info arc id-ri OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) ri(16) } RFC 3274 - CMS Compressed Data.
            CompressedData ::= Sequence {
             version CMSVersion,
             compressionAlgorithm CompressionAlgorithmIdentifier,
             encapContentInfo EncapsulatedContentInfo
            }
            
return a CompressedData object from a tagged object. @param ato the tagged object holding the object we want. @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return a CompressedData object from the given object. @param _obj the object we want converted. @exception ArgumentException if the object cannot be converted. RFC 3274 - CMS Compressed Data.
            CompressedData ::= SEQUENCE {
             version CMSVersion,
             compressionAlgorithm CompressionAlgorithmIdentifier,
             encapContentInfo EncapsulatedContentInfo
            }
            
Produce an object suitable for an Asn1OutputStream.
            ContentInfo ::= Sequence {
                     contentType ContentType,
                     content
                     [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
            
Produce an object suitable for an Asn1OutputStream.
            ContentInfo ::= SEQUENCE {
                     contentType ContentType,
                     content
                     [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
            
return an AuthEnvelopedData object from a tagged object. @param obj the tagged object holding the object we want. @param isExplicit true if the object is meant to be explicitly tagged false otherwise. @throws ArgumentException if the object held by the tagged object cannot be converted. return an AuthEnvelopedData object from the given object. @param obj the object we want converted. @throws ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            MQVuserKeyingMaterial ::= SEQUENCE {
              ephemeralPublicKey OriginatorPublicKey,
              addedukm [0] EXPLICIT UserKeyingMaterial OPTIONAL  }
            
return an EncryptedContentInfo object from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            EncryptedContentInfo ::= Sequence {
                contentType ContentType,
                contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
                encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
            }
            
            EncryptedContentInfo ::= SEQUENCE {
                contentType ContentType,
                contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
                encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
            }
            
                  EncryptedData ::= SEQUENCE {
                                version CMSVersion,
                                encryptedContentInfo EncryptedContentInfo,
                                unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
            
@return a basic ASN.1 object representation.
return an EnvelopedData object from a tagged object. @param obj the tagged object holding the object we want. @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return an EnvelopedData object from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            EnvelopedData ::= Sequence {
                version CMSVersion,
                originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
                recipientInfos RecipientInfos,
                encryptedContentInfo EncryptedContentInfo,
                unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
            }
            
Produce an object suitable for an Asn1OutputStream.
            EnvelopedData ::= SEQUENCE {
                version CMSVersion,
                originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
                recipientInfos RecipientInfos,
                encryptedContentInfo EncryptedContentInfo,
                unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
            }
            
return a KekIdentifier object from a tagged object. @param obj the tagged object holding the object we want. @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return a KekIdentifier object from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            KekIdentifier ::= Sequence {
                keyIdentifier OCTET STRING,
                date GeneralizedTime OPTIONAL,
                other OtherKeyAttribute OPTIONAL
            }
            
return a KekRecipientInfo object from a tagged object. @param obj the tagged object holding the object we want. @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return a KekRecipientInfo object from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            KekRecipientInfo ::= Sequence {
                version CMSVersion,  -- always set to 4
                kekID KekIdentifier,
                keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
                encryptedKey EncryptedKey
            }
            
return an KeyAgreeRecipientIdentifier object from a tagged object. @param obj the tagged object holding the object we want. @param isExplicit true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return an KeyAgreeRecipientIdentifier object from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            KeyAgreeRecipientIdentifier ::= CHOICE {
                issuerAndSerialNumber IssuerAndSerialNumber,
                rKeyId [0] IMPLICIT RecipientKeyIdentifier
            }
            
return a KeyAgreeRecipientInfo object from a tagged object. @param obj the tagged object holding the object we want. @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return a KeyAgreeRecipientInfo object from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. * Produce an object suitable for an Asn1OutputStream. *
                     * KeyAgreeRecipientInfo ::= Sequence {
                     *     version CMSVersion,  -- always set to 3
                     *     originator [0] EXPLICIT OriginatorIdentifierOrKey,
                     *     ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
                     *     keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
                     *     recipientEncryptedKeys RecipientEncryptedKeys
                     * }
            		 *
            		 * UserKeyingMaterial ::= OCTET STRING
                     * 
return a KeyTransRecipientInfo object from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            KeyTransRecipientInfo ::= Sequence {
                version CMSVersion,  -- always set to 0 or 2
                rid RecipientIdentifier,
                keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
                encryptedKey EncryptedKey
            }
            
            MetaData ::= SEQUENCE {
              hashProtected        BOOLEAN,
              fileName             UTF8String OPTIONAL,
              mediaType            IA5String OPTIONAL,
              otherMetaData        Attributes OPTIONAL
            }
            
@return
return an OriginatorIdentifierOrKey object from a tagged object. @param o the tagged object holding the object we want. @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return an OriginatorIdentifierOrKey object from the given object. @param o the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
             OriginatorIdentifierOrKey ::= CHOICE {
                 issuerAndSerialNumber IssuerAndSerialNumber,
                 subjectKeyIdentifier [0] SubjectKeyIdentifier,
                 originatorKey [1] OriginatorPublicKey
             }
            
             SubjectKeyIdentifier ::= OCTET STRING
             
return an OriginatorInfo object from a tagged object. @param obj the tagged object holding the object we want. @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return an OriginatorInfo object from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            OriginatorInfo ::= Sequence {
                certs [0] IMPLICIT CertificateSet OPTIONAL,
                crls [1] IMPLICIT CertificateRevocationLists OPTIONAL
            }
            
return an OriginatorPublicKey object from a tagged object. @param obj the tagged object holding the object we want. @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return an OriginatorPublicKey object from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            OriginatorPublicKey ::= Sequence {
                algorithm AlgorithmIdentifier,
                publicKey BIT STRING
            }
            
return an OtherKeyAttribute object from the given object. @param o the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            OtherKeyAttribute ::= Sequence {
                keyAttrId OBJECT IDENTIFIER,
                keyAttr ANY DEFINED BY keyAttrId OPTIONAL
            }
            
return a OtherRecipientInfo object from a tagged object. @param obj the tagged object holding the object we want. @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return a OtherRecipientInfo object from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            OtherRecipientInfo ::= Sequence {
               oriType OBJECT IDENTIFIER,
               oriValue ANY DEFINED BY oriType }
            
return a OtherRevocationInfoFormat object from a tagged object. @param obj the tagged object holding the object we want. @param explicit true if the object is meant to be explicitly tagged false otherwise. @exception IllegalArgumentException if the object held by the tagged object cannot be converted. return a OtherRevocationInfoFormat object from the given object. @param obj the object we want converted. @exception IllegalArgumentException if the object cannot be converted. Produce an object suitable for an ASN1OutputStream.
            OtherRevocationInfoFormat ::= SEQUENCE {
                 otherRevInfoFormat OBJECT IDENTIFIER,
                 otherRevInfo ANY DEFINED BY otherRevInfoFormat }
            
return a PasswordRecipientInfo object from a tagged object. @param obj the tagged object holding the object we want. @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return a PasswordRecipientInfo object from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            PasswordRecipientInfo ::= Sequence {
              version CMSVersion,   -- Always set to 0
              keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
                                        OPTIONAL,
             keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
             encryptedKey EncryptedKey }
            
return an RecipientEncryptedKey object from a tagged object. @param obj the tagged object holding the object we want. @param isExplicit true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return a RecipientEncryptedKey object from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            RecipientEncryptedKey ::= SEQUENCE {
                rid KeyAgreeRecipientIdentifier,
                encryptedKey EncryptedKey
            }
            
return a RecipientIdentifier object from the given object. @param o the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
             RecipientIdentifier ::= CHOICE {
                 issuerAndSerialNumber IssuerAndSerialNumber,
                 subjectKeyIdentifier [0] SubjectKeyIdentifier
             }
            
             SubjectKeyIdentifier ::= OCTET STRING
             
Produce an object suitable for an Asn1OutputStream.
            RecipientInfo ::= CHOICE {
                ktri KeyTransRecipientInfo,
                kari [1] KeyAgreeRecipientInfo,
                kekri [2] KekRecipientInfo,
                pwri [3] PasswordRecipientInfo,
                ori [4] OtherRecipientInfo }
            
return a RecipientKeyIdentifier object from a tagged object. @param _ato the tagged object holding the object we want. @param _explicit true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the object held by the tagged object cannot be converted. return a RecipientKeyIdentifier object from the given object. @param _obj the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
             RecipientKeyIdentifier ::= Sequence {
                 subjectKeyIdentifier SubjectKeyIdentifier,
                 date GeneralizedTime OPTIONAL,
                 other OtherKeyAttribute OPTIONAL
             }
            
             SubjectKeyIdentifier ::= OCTET STRING
             
               ScvpReqRes ::= SEQUENCE {
               request  [0] EXPLICIT ContentInfo OPTIONAL,
               response     ContentInfo }
            
@return the ASN.1 primitive representation.
a signed data object. Produce an object suitable for an Asn1OutputStream.
            SignedData ::= Sequence {
                version CMSVersion,
                digestAlgorithms DigestAlgorithmIdentifiers,
                encapContentInfo EncapsulatedContentInfo,
                certificates [0] IMPLICIT CertificateSet OPTIONAL,
                crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
                signerInfos SignerInfos
              }
            
            SignedData ::= SEQUENCE {
                version CMSVersion,
                digestAlgorithms DigestAlgorithmIdentifiers,
                encapContentInfo EncapsulatedContentInfo,
                certificates [0] IMPLICIT CertificateSet OPTIONAL,
                crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
                signerInfos SignerInfos
              }
            
return a SignerIdentifier object from the given object. @param o the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
             SignerIdentifier ::= CHOICE {
                 issuerAndSerialNumber IssuerAndSerialNumber,
                 subjectKeyIdentifier [0] SubjectKeyIdentifier
             }
            
             SubjectKeyIdentifier ::= OCTET STRING
             
Produce an object suitable for an Asn1OutputStream.
              SignerInfo ::= Sequence {
                  version Version,
                  SignerIdentifier sid,
                  digestAlgorithm DigestAlgorithmIdentifier,
                  authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
                  digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
                  encryptedDigest EncryptedDigest,
                  unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
              }
            
              EncryptedDigest ::= OCTET STRING
            
              DigestAlgorithmIdentifier ::= AlgorithmIdentifier
            
              DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
             
creates a time object from a given date - if the date is between 1950 and 2049 a UTCTime object is Generated, otherwise a GeneralizedTime is used. Produce an object suitable for an Asn1OutputStream.
            Time ::= CHOICE {
                        utcTime        UTCTime,
                        generalTime    GeneralizedTime }
            
            TimeStampAndCRL ::= SEQUENCE {
                timeStamp   TimeStampToken,          -- according to RFC 3161
                crl         CertificateList OPTIONAL -- according to RFC 5280
             }
            
@return
            TimeStampedData ::= SEQUENCE {
              version              INTEGER { v1(1) },
              dataUri              IA5String OPTIONAL,
              metaData             MetaData OPTIONAL,
              content              OCTET STRING OPTIONAL,
              temporalEvidence     Evidence
            }
            
@return
            TimeStampTokenEvidence ::=
               SEQUENCE SIZE(1..MAX) OF TimeStampAndCrl
            
@return
            AttributeTypeAndValue ::= SEQUENCE {
                      type         OBJECT IDENTIFIER,
                      value        ANY DEFINED BY type }
            
@return a basic ASN.1 object representation.
            CertId ::= SEQUENCE {
                            issuer           GeneralName,
                            serialNumber     INTEGER }
            
@return a basic ASN.1 object representation.
            CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
            
@return a basic ASN.1 object representation.
Creates a new CertReqMsg. @param certReq CertRequest @param popo may be null @param regInfo may be null
            CertReqMsg ::= SEQUENCE {
                               certReq   CertRequest,
                               pop       ProofOfPossession  OPTIONAL,
                               -- content depends upon key type
                               regInfo   SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL }
            
@return a basic ASN.1 object representation.
            CertRequest ::= SEQUENCE {
                                 certReqId     INTEGER,          -- ID for matching request and reply
                                 certTemplate  CertTemplate,  -- Selected fields of cert to be issued
                                 controls      Controls OPTIONAL }   -- Attributes affecting issuance
            
@return a basic ASN.1 object representation.
             CertTemplate ::= SEQUENCE {
                 version      [0] Version               OPTIONAL,
                 serialNumber [1] INTEGER               OPTIONAL,
                 signingAlg   [2] AlgorithmIdentifier   OPTIONAL,
                 issuer       [3] Name                  OPTIONAL,
                 validity     [4] OptionalValidity      OPTIONAL,
                 subject      [5] Name                  OPTIONAL,
                 publicKey    [6] SubjectPublicKeyInfo  OPTIONAL,
                 issuerUID    [7] UniqueIdentifier      OPTIONAL,
                 subjectUID   [8] UniqueIdentifier      OPTIONAL,
                 extensions   [9] Extensions            OPTIONAL }
            
@return a basic ASN.1 object representation.
Sets the X.509 version. Note: for X509v3, use 2 here. Sets the issuer unique ID (deprecated in X.509v3) Sets the subject unique ID (deprecated in X.509v3)
             CertTemplate ::= SEQUENCE {
                 version      [0] Version               OPTIONAL,
                 serialNumber [1] INTEGER               OPTIONAL,
                 signingAlg   [2] AlgorithmIdentifier   OPTIONAL,
                 issuer       [3] Name                  OPTIONAL,
                 validity     [4] OptionalValidity      OPTIONAL,
                 subject      [5] Name                  OPTIONAL,
                 publicKey    [6] SubjectPublicKeyInfo  OPTIONAL,
                 issuerUID    [7] UniqueIdentifier      OPTIONAL,
                 subjectUID   [8] UniqueIdentifier      OPTIONAL,
                 extensions   [9] Extensions            OPTIONAL }
            
@return a basic ASN.1 object representation.
            Controls  ::= SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue
            
@return a basic ASN.1 object representation.
            EncKeyWithID ::= SEQUENCE {
                 privateKey           PrivateKeyInfo,
                 identifier CHOICE {
                    string               UTF8String,
                    generalName          GeneralName
                } OPTIONAL
            }
            
@return
               EncryptedKey ::= CHOICE {
                   encryptedValue        EncryptedValue, -- deprecated
                   envelopedData     [0] EnvelopedData }
                   -- The encrypted private key MUST be placed in the envelopedData
                   -- encryptedContentInfo encryptedContent OCTET STRING.
            
            EncryptedValue ::= SEQUENCE {
                                intendedAlg   [0] AlgorithmIdentifier  OPTIONAL,
                                -- the intended algorithm for which the value will be used
                                symmAlg       [1] AlgorithmIdentifier  OPTIONAL,
                                -- the symmetric algorithm used to encrypt the value
                                encSymmKey    [2] BIT STRING           OPTIONAL,
                                -- the (encrypted) symmetric key used to encrypt the value
                                keyAlg        [3] AlgorithmIdentifier  OPTIONAL,
                                -- algorithm used to encrypt the symmetric key
                                valueHint     [4] OCTET STRING         OPTIONAL,
                                -- a brief description or identifier of the encValue content
                                -- (may be meaningful only to the sending entity, and used only
                                -- if EncryptedValue might be re-examined by the sending entity
                                -- in the future)
                                encValue       BIT STRING }
                                -- the encrypted value itself
            
@return a basic ASN.1 object representation.
            OptionalValidity ::= SEQUENCE {
                                   notBefore  [0] Time OPTIONAL,
                                   notAfter   [1] Time OPTIONAL } --at least one MUST be present
            
@return a basic ASN.1 object representation.
             PkiArchiveOptions ::= CHOICE {
                 encryptedPrivKey     [0] EncryptedKey,
                 -- the actual value of the private key
                 keyGenParameters     [1] KeyGenParameters,
                 -- parameters which allow the private key to be re-generated
                 archiveRemGenPrivKey [2] BOOLEAN }
                 -- set to TRUE if sender wishes receiver to archive the private
                 -- key of a key pair that the receiver generates in response to
                 -- this request; set to FALSE if no archival is desired.
            
            PkiPublicationInfo ::= SEQUENCE {
                             action     INTEGER {
                                            dontPublish (0),
                                            pleasePublish (1) },
                             pubInfos  SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
            -- pubInfos MUST NOT be present if action is "dontPublish"
            -- (if action is "pleasePublish" and pubInfos is omitted,
            -- "dontCare" is assumed)
            
@return a basic ASN.1 object representation.
Password-based MAC value for use with POPOSigningKeyInput. Creates a new PKMACValue. @param params parameters for password-based MAC @param value MAC of the DER-encoded SubjectPublicKeyInfo Creates a new PKMACValue. @param aid CMPObjectIdentifiers.passwordBasedMAC, with PBMParameter @param value MAC of the DER-encoded SubjectPublicKeyInfo
            PKMACValue ::= SEQUENCE {
                 algId  AlgorithmIdentifier,
                 -- algorithm value shall be PasswordBasedMac 1.2.840.113533.7.66.13
                 -- parameter value is PBMParameter
                 value  BIT STRING }
            
@return a basic ASN.1 object representation.
            PopoPrivKey ::= CHOICE {
                   thisMessage       [0] BIT STRING,         -- Deprecated
                    -- possession is proven in this message (which contains the private
                    -- key itself (encrypted for the CA))
                   subsequentMessage [1] SubsequentMessage,
                    -- possession will be proven in a subsequent message
                   dhMAC             [2] BIT STRING,         -- Deprecated
                   agreeMAC          [3] PKMACValue,
                   encryptedKey      [4] EnvelopedData }
            
Creates a new Proof of Possession object for a signing key. @param poposkIn the PopoSigningKeyInput structure, or null if the CertTemplate includes both subject and publicKey values. @param aid the AlgorithmIdentifier used to sign the proof of possession. @param signature a signature over the DER-encoded value of poposkIn, or the DER-encoded value of certReq if poposkIn is null.
            PopoSigningKey ::= SEQUENCE {
                                 poposkInput           [0] PopoSigningKeyInput OPTIONAL,
                                 algorithmIdentifier   AlgorithmIdentifier,
                                 signature             BIT STRING }
             -- The signature (using "algorithmIdentifier") is on the
             -- DER-encoded value of poposkInput.  NOTE: If the CertReqMsg
             -- certReq CertTemplate contains the subject and publicKey values,
             -- then poposkInput MUST be omitted and the signature MUST be
             -- computed on the DER-encoded value of CertReqMsg certReq.  If
             -- the CertReqMsg certReq CertTemplate does not contain the public
             -- key and subject values, then poposkInput MUST be present and
             -- MUST be signed.  This strategy ensures that the public key is
             -- not present in both the poposkInput and CertReqMsg certReq
             -- CertTemplate fields.
            
@return a basic ASN.1 object representation.
Creates a new PopoSigningKeyInput with sender name as authInfo. Creates a new PopoSigningKeyInput using password-based MAC. Returns the sender field, or null if authInfo is publicKeyMac Returns the publicKeyMac field, or null if authInfo is sender
            PopoSigningKeyInput ::= SEQUENCE {
                   authInfo             CHOICE {
                                            sender              [0] GeneralName,
                                            -- used only if an authenticated identity has been
                                            -- established for the sender (e.g., a DN from a
                                            -- previously-issued and currently-valid certificate
                                            publicKeyMac        PKMacValue },
                                            -- used if no authenticated GeneralName currently exists for
                                            -- the sender; publicKeyMac contains a password-based MAC
                                            -- on the DER-encoded value of publicKey
                   publicKey           SubjectPublicKeyInfo }  -- from CertTemplate
            
@return a basic ASN.1 object representation.
Creates a ProofOfPossession with type raVerified. Creates a ProofOfPossession for a signing key. Creates a ProofOfPossession for key encipherment or agreement. @param type one of TYPE_KEY_ENCIPHERMENT or TYPE_KEY_AGREEMENT
            ProofOfPossession ::= CHOICE {
                                      raVerified        [0] NULL,
                                      -- used if the RA has already verified that the requester is in
                                      -- possession of the private key
                                      signature         [1] PopoSigningKey,
                                      keyEncipherment   [2] PopoPrivKey,
                                      keyAgreement      [3] PopoPrivKey }
            
@return a basic ASN.1 object representation.
            SinglePubInfo ::= SEQUENCE {
                   pubMethod    INTEGER {
                      dontCare    (0),
                      x500        (1),
                      web         (2),
                      ldap        (3) },
                  pubLocation  GeneralName OPTIONAL }
            
@return a basic ASN.1 object representation.
Table of the available named parameters for GOST 3410-2001 / 2012. return the ECDomainParameters object for the given OID, null if it isn't present. @param oid an object identifier representing a named parameters, if present. returns an enumeration containing the name strings for curves contained in this structure. return the named curve name represented by the given object identifier.
             Gost28147-89-Parameters ::=
                           SEQUENCE {
                                   iv                   Gost28147-89-IV,
                                   encryptionParamSet   OBJECT IDENTIFIER
                            }
            
               Gost28147-89-IV ::= OCTET STRING (SIZE (8))
             
table of the available named parameters for GOST 3410-94. return the GOST3410ParamSetParameters object for the given OID, null if it isn't present. @param oid an object identifier representing a named parameters, if present. returns an enumeration containing the name strings for parameters contained in this structure. Base class for an application specific object Return the enclosed object assuming explicit tagging. @return the resulting object @throws IOException if reconstruction fails. Return the enclosed object assuming implicit tagging. @param derTagNo the type tag that should be applied to the object's contents. @return the resulting object @throws IOException if reconstruction fails. return a Bit string from the passed in object @exception ArgumentException if the object cannot be converted. return a Bit string from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. @param data the octets making up the bit string. @param padBits the number of extra bits at the end of the string. Return the octets contained in this BIT STRING, checking that this BIT STRING really does represent an octet aligned string. Only use this method when the standard you are following dictates that the BIT STRING will be octet aligned. @return a copy of the octet aligned data. @return the value of the bit string as an int (truncating if necessary) Der BMPString object. return a BMP string from the given object. @param obj the object we want converted. @exception ArgumentException if the object cannot be converted. return a BMP string from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. basic constructor - byte encoded string. basic constructor return a bool from the passed in object. @exception ArgumentException if the object cannot be converted. return a DerBoolean from the passed in bool. return a Boolean from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. return an integer from the passed in object @exception ArgumentException if the object cannot be converted. return an Enumerated from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. Class representing the DER-type External Creates a new instance of DerExternal See X.690 for more informations about the meaning of these parameters @param directReference The direct reference or null if not set. @param indirectReference The indirect reference or null if not set. @param dataValueDescriptor The data value descriptor or null if not set. @param externalData The external data in its encoded form. Creates a new instance of DerExternal. See X.690 for more informations about the meaning of these parameters @param directReference The direct reference or null if not set. @param indirectReference The indirect reference or null if not set. @param dataValueDescriptor The data value descriptor or null if not set. @param encoding The encoding to be used for the external data @param externalData The external data The encoding of the content. Valid values are
  • 0 single-ASN1-type
  • 1 OCTET STRING
  • 2 BIT STRING
Generalized time object. return a generalized time from the passed in object @exception ArgumentException if the object cannot be converted. return a Generalized Time object from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. The correct format for this is YYYYMMDDHHMMSS[.f]Z, or without the Z for local time, or Z+-HHMM on the end, for difference between local time and UTC time. The fractional second amount f must consist of at least one number with trailing zeroes removed. @param time the time string. @exception ArgumentException if string is an illegal format. base constructor from a local time object Return the time. @return The time string as it appeared in the encoded object. return the time - always in the form of YYYYMMDDhhmmssGMT(+hh:mm|-hh:mm).

Normally in a certificate we would expect "Z" rather than "GMT", however adding the "GMT" means we can just use:

                dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
            
To read in the time and Get a date which is compatible with our local time zone.

return a Graphic String from the passed in object @param obj a DerGraphicString or an object that can be converted into one. @exception IllegalArgumentException if the object cannot be converted. @return a DerGraphicString instance, or null. return a Graphic String from a tagged object. @param obj the tagged object holding the object we want @param explicit true if the object is meant to be explicitly tagged false otherwise. @exception IllegalArgumentException if the tagged object cannot be converted. @return a DerGraphicString instance, or null. basic constructor - with bytes. @param string the byte encoding of the characters making up the string. Der IA5String object - this is an ascii string. return a IA5 string from the passed in object @exception ArgumentException if the object cannot be converted. return an IA5 string from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. basic constructor - with bytes. basic constructor - without validation. Constructor with optional validation. @param string the base string to wrap. @param validate whether or not to check the string. @throws ArgumentException if validate is true and the string contains characters that should not be in an IA5String. return true if the passed in String can be represented without loss as an IA5String, false otherwise. @return true if in printable set, false otherwise. return an integer from the passed in object @exception ArgumentException if the object cannot be converted. return an Integer from a tagged object. @param obj the tagged object holding the object we want @param isExplicit true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. in some cases positive values Get crammed into a space, that's not quite big enough... A Null object. Der NumericString object - this is an ascii string of characters {0,1,2,3,4,5,6,7,8,9, }. return a Numeric string from the passed in object @exception ArgumentException if the object cannot be converted. return an Numeric string from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. basic constructor - with bytes. basic constructor - without validation.. Constructor with optional validation. @param string the base string to wrap. @param validate whether or not to check the string. @throws ArgumentException if validate is true and the string contains characters that should not be in a NumericString. Return true if the string can be represented as a NumericString ('0'..'9', ' ') @param str string to validate. @return true if numeric, fale otherwise. return an Oid from the passed in object @exception ArgumentException if the object cannot be converted. return an object Identifier from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. Return true if this oid is an extension of the passed in branch, stem. @param stem the arc or branch that is a possible parent. @return true if the branch is on the passed in stem, false otherwise. The octets making up the octet string. Der PrintableString object. return a printable string from the passed in object. @exception ArgumentException if the object cannot be converted. return a Printable string from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. basic constructor - byte encoded string. basic constructor - this does not validate the string Constructor with optional validation. @param string the base string to wrap. @param validate whether or not to check the string. @throws ArgumentException if validate is true and the string contains characters that should not be in a PrintableString. return true if the passed in String can be represented without loss as a PrintableString, false otherwise. @return true if in printable set, false otherwise. create an empty sequence create a sequence containing one object create a sequence containing a vector of objects. A Der encoded set object create an empty set @param obj - a single object that makes up the set. @param v - a vector of objects making up the set. Der T61String (also the teletex string) - 8-bit characters return a T61 string from the passed in object. @exception ArgumentException if the object cannot be converted. return an T61 string from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. basic constructor - with bytes. basic constructor - with string. DER TaggedObject - in ASN.1 notation this is any object preceded by a [n] where n is some number - these are assumed to follow the construction rules (as with sequences). @param tagNo the tag number for this object. @param obj the tagged object. @param explicitly true if an explicitly tagged object. @param tagNo the tag number for this object. @param obj the tagged object. create an implicitly tagged object that contains a zero length sequence. Der UniversalString object. return a Universal string from the passed in object. @exception ArgumentException if the object cannot be converted. return a Universal string from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. basic constructor - byte encoded string. UTC time object. return an UTC Time from the passed in object. @exception ArgumentException if the object cannot be converted. return an UTC Time from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. The correct format for this is YYMMDDHHMMSSZ (it used to be that seconds were never encoded. When you're creating one of these objects from scratch, that's what you want to use, otherwise we'll try to deal with whatever Gets read from the input stream... (this is why the input format is different from the GetTime() method output).

@param time the time string.

base constructor from a DateTime object return the time as a date based on whatever a 2 digit year will return. For standardised processing use ToAdjustedDateTime(). @return the resulting date @exception ParseException if the date string cannot be parsed. return the time as an adjusted date in the range of 1950 - 2049. @return a date in the range of 1950 to 2049. @exception ParseException if the date string cannot be parsed. return the time - always in the form of YYMMDDhhmmssGMT(+hh:mm|-hh:mm).

Normally in a certificate we would expect "Z" rather than "GMT", however adding the "GMT" means we can just use:

                dateF = new SimpleDateFormat("yyMMddHHmmssz");
            
To read in the time and Get a date which is compatible with our local time zone.

Note: In some cases, due to the local date processing, this may lead to unexpected results. If you want to stick the normal convention of 1950 to 2049 use the GetAdjustedTime() method.

Return a time string as an adjusted date with a 4 digit year. This goes in the range of 1950 - 2049. Der UTF8String object. return an UTF8 string from the passed in object. @exception ArgumentException if the object cannot be converted. return an UTF8 string from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. basic constructor - byte encoded string. basic constructor return a Videotex String from the passed in object @param obj a DERVideotexString or an object that can be converted into one. @exception IllegalArgumentException if the object cannot be converted. @return a DERVideotexString instance, or null. return a Videotex String from a tagged object. @param obj the tagged object holding the object we want @param explicit true if the object is meant to be explicitly tagged false otherwise. @exception IllegalArgumentException if the tagged object cannot be converted. @return a DERVideotexString instance, or null. basic constructor - with bytes. @param string the byte encoding of the characters making up the string. Der VisibleString object. return a Visible string from the passed in object. @exception ArgumentException if the object cannot be converted. return a Visible string from a tagged object. @param obj the tagged object holding the object we want @param explicitly true if the object is meant to be explicitly tagged false otherwise. @exception ArgumentException if the tagged object cannot be converted. basic constructor - byte encoded string. basic constructor Edwards Elliptic Curve Object Identifiers (RFC 8410) RFC 3126: 4.3.1 Certificate Values Attribute Definition CertificateValues ::= SEQUENCE OF Certificate
            CommitmentTypeIndication ::= SEQUENCE {
                 commitmentTypeId   CommitmentTypeIdentifier,
                 commitmentTypeQualifier   SEQUENCE SIZE (1..MAX) OF
                         CommitmentTypeQualifier OPTIONAL }
            
Commitment type qualifiers, used in the Commitment-Type-Indication attribute (RFC3126).
               CommitmentTypeQualifier ::= SEQUENCE {
                   commitmentTypeIdentifier  CommitmentTypeIdentifier,
                   qualifier          ANY DEFINED BY commitmentTypeIdentifier OPTIONAL }
             
Creates a new CommitmentTypeQualifier instance. @param commitmentTypeIdentifier a CommitmentTypeIdentifier value Creates a new CommitmentTypeQualifier instance. @param commitmentTypeIdentifier a CommitmentTypeIdentifier value @param qualifier the qualifier, defined by the above field. Creates a new CommitmentTypeQualifier instance. @param as CommitmentTypeQualifier structure encoded as an Asn1Sequence. Returns a DER-encodable representation of this instance. @return a Asn1Object value RFC 3126: 4.2.1 Complete Certificate Refs Attribute Definition CompleteCertificateRefs ::= SEQUENCE OF OtherCertID RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition CrlIdentifier ::= SEQUENCE { crlissuer Name, crlIssuedTime UTCTime, crlNumber INTEGER OPTIONAL } RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition CRLListID ::= SEQUENCE { crls SEQUENCE OF CrlValidatedID } RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition CrlOcspRef ::= SEQUENCE { crlids [0] CRLListID OPTIONAL, ocspids [1] OcspListID OPTIONAL, otherRev [2] OtherRevRefs OPTIONAL } RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition CrlValidatedID ::= SEQUENCE { crlHash OtherHash, crlIdentifier CrlIdentifier OPTIONAL} RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition OcspIdentifier ::= SEQUENCE { ocspResponderID ResponderID, -- As in OCSP response data producedAt GeneralizedTime -- As in OCSP response data } RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition OcspListID ::= SEQUENCE { ocspResponses SEQUENCE OF OcspResponsesID } RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition OcspResponsesID ::= SEQUENCE { ocspIdentifier OcspIdentifier, ocspRepHash OtherHash OPTIONAL } OtherCertID ::= SEQUENCE { otherCertHash OtherHash, issuerSerial IssuerSerial OPTIONAL } OtherHash ::= CHOICE { sha1Hash OtherHashValue, -- This contains a SHA-1 hash otherHash OtherHashAlgAndValue } OtherHashValue ::= OCTET STRING Summary description for OtherHashAlgAndValue. OtherHashAlgAndValue ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, hashValue OtherHashValue } OtherHashValue ::= OCTET STRING RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition OtherRevRefs ::= SEQUENCE { otherRevRefType OtherRevRefType, otherRevRefs ANY DEFINED BY otherRevRefType } OtherRevRefType ::= OBJECT IDENTIFIER RFC 3126: 4.3.2 Revocation Values Attribute Definition OtherRevVals ::= SEQUENCE { otherRevValType OtherRevValType, otherRevVals ANY DEFINED BY otherRevValType } OtherRevValType ::= OBJECT IDENTIFIER OtherSigningCertificate ::= SEQUENCE { certs SEQUENCE OF OtherCertID, policies SEQUENCE OF PolicyInformation OPTIONAL } RFC 5126: 6.3.4. revocation-values Attribute Definition RevocationValues ::= SEQUENCE { crlVals [0] SEQUENCE OF CertificateList OPTIONAL, ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL, otherRevVals [2] OtherRevVals OPTIONAL } SignaturePolicyId ::= SEQUENCE { sigPolicyIdentifier SigPolicyId, sigPolicyHash SigPolicyHash, sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF SigPolicyQualifierInfo OPTIONAL } SigPolicyId ::= OBJECT IDENTIFIER SigPolicyHash ::= OtherHashAlgAndValue SignaturePolicyIdentifier ::= CHOICE { SignaturePolicyId SignaturePolicyId, SignaturePolicyImplied SignaturePolicyImplied } SignaturePolicyImplied ::= NULL
              SignerAttribute ::= SEQUENCE OF CHOICE {
                  claimedAttributes   [0] ClaimedAttributes,
                  certifiedAttributes [1] CertifiedAttributes }
            
              ClaimedAttributes ::= SEQUENCE OF Attribute
              CertifiedAttributes ::= AttributeCertificate -- as defined in RFC 3281: see clause 4.1.
             
Signer-Location attribute (RFC3126).
               SignerLocation ::= SEQUENCE {
                   countryName        [0] DirectoryString OPTIONAL,
                   localityName       [1] DirectoryString OPTIONAL,
                   postalAddress      [2] PostalAddress OPTIONAL }
            
               PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString
             
               SignerLocation ::= SEQUENCE {
                   countryName        [0] DirectoryString OPTIONAL,
                   localityName       [1] DirectoryString OPTIONAL,
                   postalAddress      [2] PostalAddress OPTIONAL }
            
               PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString
            
               DirectoryString ::= CHOICE {
                     teletexString           TeletexString (SIZE (1..MAX)),
                     printableString         PrintableString (SIZE (1..MAX)),
                     universalString         UniversalString (SIZE (1..MAX)),
                     utf8String              UTF8String (SIZE (1.. MAX)),
                     bmpString               BMPString (SIZE (1..MAX)) }
             
SigPolicyQualifierInfo ::= SEQUENCE { sigPolicyQualifierId SigPolicyQualifierId, sigQualifier ANY DEFINED BY sigPolicyQualifierId } SigPolicyQualifierId ::= OBJECT IDENTIFIER constructor
            ContentHints ::= SEQUENCE {
              contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
              contentType ContentType }
            
Create from OCTET STRING whose octets represent the identifier. Create from byte array representing the identifier. The definition of ContentIdentifier is
            ContentIdentifier ::=  OCTET STRING
            
id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 7 }
constructor
            EssCertID ::= SEQUENCE {
                certHash Hash,
                issuerSerial IssuerSerial OPTIONAL }
            
             EssCertIDv2 ::=  SEQUENCE {
                 hashAlgorithm     AlgorithmIdentifier
                          DEFAULT {algorithm id-sha256},
                 certHash          Hash,
                 issuerSerial      IssuerSerial OPTIONAL
             }
            
             Hash ::= OCTET STRING
            
             IssuerSerial ::= SEQUENCE {
                 issuer         GeneralNames,
                 serialNumber   CertificateSerialNumber
             }
             
constructor
             OtherCertID ::= SEQUENCE {
                 otherCertHash    OtherHash,
                 issuerSerial     IssuerSerial OPTIONAL }
            
             OtherHash ::= CHOICE {
                 sha1Hash     OCTET STRING,
                 otherHash    OtherHashAlgAndValue }
            
             OtherHashAlgAndValue ::= SEQUENCE {
                 hashAlgorithm    AlgorithmIdentifier,
                 hashValue        OCTET STRING }
            
             
constructors The definition of OtherSigningCertificate is
            OtherSigningCertificate ::=  SEQUENCE {
                 certs        SEQUENCE OF OtherCertID,
                 policies     SEQUENCE OF PolicyInformation OPTIONAL
            }
            
id-aa-ets-otherSigCert OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 19 }
constructors The definition of SigningCertificate is
            SigningCertificate ::=  SEQUENCE {
                 certs        SEQUENCE OF EssCertID,
                 policies     SEQUENCE OF PolicyInformation OPTIONAL
            }
            
id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 12 }
The definition of SigningCertificateV2 is
            SigningCertificateV2 ::=  SEQUENCE {
                 certs        SEQUENCE OF EssCertIDv2,
                 policies     SEQUENCE OF PolicyInformation OPTIONAL
            }
            
id-aa-signingCertificateV2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 47 }
return the X9ECParameters object for the named curve represented by the passed in object identifier. Null if the curve isn't present. @param oid an object identifier representing a named curve, if present. return the object identifier signified by the passed in name. Null if there is no object identifier associated with name. @return the object identifier associated with name, if present. return the named curve name represented by the given object identifier. returns an enumeration containing the name strings for curves contained in this structure. 1.3.6.1.4.1.11591.15 - ellipticCurve Marker interface for CHOICE objects - if you implement this in a roll-your-own object, any attempt to tag the object implicitly will convert the tag to an explicit one as the encoding rules require.

If you use this interface your class should also implement the getInstance pattern which takes a tag object and the tagging mode used.

basic interface for Der string objects. The CscaMasterList object. This object can be wrapped in a CMSSignedData to be published in LDAP.
             CscaMasterList ::= SEQUENCE {
               version                CscaMasterListVersion,
               certList               SET OF Certificate }
               
             CscaMasterListVersion :: INTEGER {v0(0)}
             
The DataGroupHash object.
             DataGroupHash  ::=  SEQUENCE {
                  dataGroupNumber         DataGroupNumber,
                  dataGroupHashValue     OCTET STRING }
            
             DataGroupNumber ::= INTEGER {
                     dataGroup1    (1),
                     dataGroup1    (2),
                     dataGroup1    (3),
                     dataGroup1    (4),
                     dataGroup1    (5),
                     dataGroup1    (6),
                     dataGroup1    (7),
                     dataGroup1    (8),
                     dataGroup1    (9),
                     dataGroup1    (10),
                     dataGroup1    (11),
                     dataGroup1    (12),
                     dataGroup1    (13),
                     dataGroup1    (14),
                     dataGroup1    (15),
                     dataGroup1    (16) }
            
             
The LDSSecurityObject object (V1.8).
             LDSSecurityObject ::= SEQUENCE {
               version                LDSSecurityObjectVersion,
               hashAlgorithm          DigestAlgorithmIdentifier,
               dataGroupHashValues    SEQUENCE SIZE (2..ub-DataGroups) OF DataHashGroup,
               ldsVersionInfo         LDSVersionInfo OPTIONAL
                 -- if present, version MUST be v1 }
            
             DigestAlgorithmIdentifier ::= AlgorithmIdentifier,
            
             LDSSecurityObjectVersion :: INTEGER {V0(0)}
             
            LDSVersionInfo ::= SEQUENCE {
               ldsVersion PRINTABLE STRING
               unicodeVersion PRINTABLE STRING
             }
            
@return
The id-isismtt-cp-accredited OID indicates that the certificate is a qualified certificate according to Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community Framework for Electronic Signatures, which additionally conforms the special requirements of the SigG and has been issued by an accredited CA. Certificate extensionDate of certificate generation
            		DateOfCertGenSyntax ::= GeneralizedTime
             
Attribute to indicate that the certificate holder may sign in the name of a third person. May also be used as extension in a certificate. Attribute to indicate admissions to certain professions. May be used as attribute in attribute certificate or as extension in a certificate Monetary limit for transactions. The QcEuMonetaryLimit QC statement MUST be used in new certificates in place of the extension/attribute MonetaryLimit since January 1, 2004. For the sake of backward compatibility with certificates already in use, SigG conforming components MUST support MonetaryLimit (as well as QcEuLimitValue). A declaration of majority. May be used as attribute in attribute certificate or as extension in a certificate Serial number of the smart card containing the corresponding private key
            		ICCSNSyntax ::= OCTET STRING (SIZE(8..20))
             
Reference for a file of a smartcard that stores the public key of this certificate and that is used as �security anchor�.
            		PKReferenceSyntax ::= OCTET STRING (SIZE(20))
             
Some other restriction regarding the usage of this certificate. May be used as attribute in attribute certificate or as extension in a certificate.
            		RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
             
@see Org.BouncyCastle.Asn1.IsisMtt.X509.Restriction
(Single)Request extension: Clients may include this extension in a (single) Request to request the responder to send the certificate in the response message along with the status information. Besides the LDAP service, this extension provides another mechanism for the distribution of certificates, which MAY optionally be provided by certificate repositories.
            		RetrieveIfAllowed ::= BOOLEAN
             
SingleOCSPResponse extension: The certificate requested by the client by inserting the RetrieveIfAllowed extension in the request, will be returned in this extension. @see Org.BouncyCastle.Asn1.IsisMtt.Ocsp.RequestedCertificate Base ObjectIdentifier for naming authorities SingleOCSPResponse extension: Date, when certificate has been published in the directory and status information has become available. Currently, accrediting authorities enforce that SigG-conforming OCSP servers include this extension in the responses.
            		CertInDirSince ::= GeneralizedTime
             
Hash of a certificate in OCSP. @see Org.BouncyCastle.Asn1.IsisMtt.Ocsp.CertHash
            		NameAtBirth ::= DirectoryString(SIZE(1..64)
             
Used in {@link Org.BouncyCastle.Asn1.X509.SubjectDirectoryAttributes SubjectDirectoryAttributes}
Some other information of non-restrictive nature regarding the usage of this certificate. May be used as attribute in atribute certificate or as extension in a certificate.
                          AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
            
@see Org.BouncyCastle.Asn1.IsisMtt.X509.AdditionalInformationSyntax
Indicates that an attribute certificate exists, which limits the usability of this public key certificate. Whenever verifying a signature with the help of this certificate, the content of the corresponding attribute certificate should be concerned. This extension MUST be included in a PKC, if a corresponding attribute certificate (having the PKC as base certificate) contains some attribute that restricts the usability of the PKC too. Attribute certificates with restricting content MUST always be included in the signed document.
            		LiabilityLimitationFlagSyntax ::= BOOLEAN
             
ISIS-MTT PROFILE: The responder may include this extension in a response to send the hash of the requested certificate to the responder. This hash is cryptographically bound to the certificate and serves as evidence that the certificate is known to the responder (i.e. it has been issued and is present in the directory). Hence, this extension is a means to provide a positive statement of availability as described in T8.[8]. As explained in T13.[1], clients may rely on this information to be able to validate signatures after the expiry of the corresponding certificate. Hence, clients MUST support this extension. If a positive statement of availability is to be delivered, this extension syntax and OID MUST be used.

                CertHash ::= SEQUENCE {
                  hashAlgorithm AlgorithmIdentifier,
                  certificateHash OCTET STRING
                }
            
Constructor from Asn1Sequence.

The sequence is of type CertHash:

                 CertHash ::= SEQUENCE {
                   hashAlgorithm AlgorithmIdentifier,
                   certificateHash OCTET STRING
                 }
             
@param seq The ASN.1 sequence.
Constructor from a given details. @param hashAlgorithm The hash algorithm identifier. @param certificateHash The hash of the whole DER encoding of the certificate. Produce an object suitable for an Asn1OutputStream.

Returns:

                 CertHash ::= SEQUENCE {
                   hashAlgorithm AlgorithmIdentifier,
                   certificateHash OCTET STRING
                 }
             
@return an Asn1Object
ISIS-MTT-Optional: The certificate requested by the client by inserting the RetrieveIfAllowed extension in the request, will be returned in this extension.

ISIS-MTT-SigG: The signature act allows publishing certificates only then, when the certificate owner gives his isExplicit permission. Accordingly, there may be �nondownloadable� certificates, about which the responder must provide status information, but MUST NOT include them in the response. Clients may get therefore the following three kind of answers on a single request including the RetrieveIfAllowed extension:

  • a) the responder supports the extension and is allowed to publish the certificate: RequestedCertificate returned including the requested certificate
  • b) the responder supports the extension but is NOT allowed to publish the certificate: RequestedCertificate returned including an empty OCTET STRING
  • c) the responder does not support the extension: RequestedCertificate is not included in the response
Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If any of the OCTET STRING options is used, it MUST contain the DER encoding of the requested certificate.

                       RequestedCertificate ::= CHOICE {
                         Certificate Certificate,
                         publicKeyCertificate [0] EXPLICIT OCTET STRING,
                         attributeCertificate [1] EXPLICIT OCTET STRING
                       }
            
Constructor from a given details.

Only one parameter can be given. All other must be null. @param certificate Given as Certificate Produce an object suitable for an Asn1OutputStream.

Returns:

                        RequestedCertificate ::= CHOICE {
                          Certificate Certificate,
                          publicKeyCertificate [0] EXPLICIT OCTET STRING,
                          attributeCertificate [1] EXPLICIT OCTET STRING
                        }
             
@return an Asn1Object
Some other information of non-restrictive nature regarding the usage of this certificate.
               AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
            
Constructor from a given details. @param information The describtion of the information. Produce an object suitable for an Asn1OutputStream.

Returns:

               AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
             
@return an Asn1Object
An Admissions structure.

                        Admissions ::= SEQUENCE
                        {
                          admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
                          namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
                          professionInfos SEQUENCE OF ProfessionInfo
                        }
             

@see Org.BouncyCastle.Asn1.IsisMtt.X509.AdmissionSyntax @see Org.BouncyCastle.Asn1.IsisMtt.X509.ProfessionInfo @see Org.BouncyCastle.Asn1.IsisMtt.X509.NamingAuthority
Constructor from Asn1Sequence.

The sequence is of type ProcurationSyntax:

                        Admissions ::= SEQUENCE
                        {
                          admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
                          namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
                          professionInfos SEQUENCE OF ProfessionInfo
                        }
             
@param seq The ASN.1 sequence.
Constructor from a given details.

Parameter professionInfos is mandatory. @param admissionAuthority The admission authority. @param namingAuthority The naming authority. @param professionInfos The profession infos. Produce an object suitable for an Asn1OutputStream.

Returns:

                   Admissions ::= SEQUENCE
                   {
                     admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
                     namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
                     professionInfos SEQUENCE OF ProfessionInfo
                   }
             

@return an Asn1Object
Attribute to indicate admissions to certain professions.

                 AdmissionSyntax ::= SEQUENCE
                 {
                   admissionAuthority GeneralName OPTIONAL,
                   contentsOfAdmissions SEQUENCE OF Admissions
                 }
             

Admissions ::= SEQUENCE { admissionAuthority [0] EXPLICIT GeneralName OPTIONAL namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL professionInfos SEQUENCE OF ProfessionInfo }

NamingAuthority ::= SEQUENCE { namingAuthorityId OBJECT IDENTIFIER OPTIONAL, namingAuthorityUrl IA5String OPTIONAL, namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL }

ProfessionInfo ::= SEQUENCE { namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL, professionItems SEQUENCE OF DirectoryString (SIZE(1..128)), professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL, registrationNumber PrintableString(SIZE(1..128)) OPTIONAL, addProfessionInfo OCTET STRING OPTIONAL }

ISIS-MTT PROFILE: The relatively complex structure of AdmissionSyntax supports the following concepts and requirements:

  • External institutions (e.g. professional associations, chambers, unions, administrative bodies, companies, etc.), which are responsible for granting and verifying professional admissions, are indicated by means of the data field admissionAuthority. An admission authority is indicated by a GeneralName object. Here an X.501 directory name (distinguished name) can be indicated in the field directoryName, a URL address can be indicated in the field uniformResourceIdentifier, and an object identifier can be indicated in the field registeredId.
  • The names of authorities which are responsible for the administration of title registers are indicated in the data field namingAuthority. The name of the authority can be identified by an object identifier in the field namingAuthorityId, by means of a text string in the field namingAuthorityText, by means of a URL address in the field namingAuthorityUrl, or by a combination of them. For example, the text string can contain the name of the authority, the country and the name of the title register. The URL-option refers to a web page which contains lists with officially registered professions (text and possibly OID) as well as further information on these professions. Object identifiers for the component namingAuthorityId are grouped under the OID-branch id-isis-at-namingAuthorities and must be applied for.
  • See http://www.teletrust.de/anwend.asp?Id=30200&Sprache=E_&HomePG=0 for an application form and http://www.teletrust.de/links.asp?id=30220,11 for an overview of registered naming authorities.
  • By means of the data type ProfessionInfo certain professions, specializations, disciplines, fields of activity, etc. are identified. A profession is represented by one or more text strings, resp. profession OIDs in the fields professionItems and professionOIDs and by a registration number in the field registrationNumber. An indication in text form must always be present, whereas the other indications are optional. The component addProfessionInfo may contain additional applicationspecific information in DER-encoded form.

By means of different namingAuthority-OIDs or profession OIDs hierarchies of professions, specializations, disciplines, fields of activity, etc. can be expressed. The issuing admission authority should always be indicated (field admissionAuthority), whenever a registration number is presented. Still, information on admissions can be given without indicating an admission or a naming authority by the exclusive use of the component professionItems. In this case the certification authority is responsible for the verification of the admission information.

This attribute is single-valued. Still, several admissions can be captured in the sequence structure of the component contentsOfAdmissions of AdmissionSyntax or in the component professionInfos of Admissions. The component admissionAuthority of AdmissionSyntax serves as default value for the component admissionAuthority of Admissions. Within the latter component the default value can be overwritten, in case that another authority is responsible. The component namingAuthority of Admissions serves as a default value for the component namingAuthority of ProfessionInfo. Within the latter component the default value can be overwritten, in case that another naming authority needs to be recorded.

The length of the string objects is limited to 128 characters. It is recommended to indicate a namingAuthorityURL in all issued attribute certificates. If a namingAuthorityURL is indicated, the field professionItems of ProfessionInfo should contain only registered titles. If the field professionOIDs exists, it has to contain the OIDs of the professions listed in professionItems in the same order. In general, the field professionInfos should contain only one entry, unless the admissions that are to be listed are logically connected (e.g. they have been issued under the same admission number). @see Org.BouncyCastle.Asn1.IsisMtt.X509.Admissions @see Org.BouncyCastle.Asn1.IsisMtt.X509.ProfessionInfo @see Org.BouncyCastle.Asn1.IsisMtt.X509.NamingAuthority Constructor from Asn1Sequence.

The sequence is of type ProcurationSyntax:

                 AdmissionSyntax ::= SEQUENCE
                 {
                   admissionAuthority GeneralName OPTIONAL,
                   contentsOfAdmissions SEQUENCE OF Admissions
                 }
             

Admissions ::= SEQUENCE { admissionAuthority [0] EXPLICIT GeneralName OPTIONAL namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL professionInfos SEQUENCE OF ProfessionInfo }

NamingAuthority ::= SEQUENCE { namingAuthorityId OBJECT IDENTIFIER OPTIONAL, namingAuthorityUrl IA5String OPTIONAL, namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL }

ProfessionInfo ::= SEQUENCE { namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL, professionItems SEQUENCE OF DirectoryString (SIZE(1..128)), professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL, registrationNumber PrintableString(SIZE(1..128)) OPTIONAL, addProfessionInfo OCTET STRING OPTIONAL }

@param seq The ASN.1 sequence.
Constructor from given details. @param admissionAuthority The admission authority. @param contentsOfAdmissions The admissions. Produce an object suitable for an Asn1OutputStream.

Returns:

                 AdmissionSyntax ::= SEQUENCE
                 {
                   admissionAuthority GeneralName OPTIONAL,
                   contentsOfAdmissions SEQUENCE OF Admissions
                 }
             

Admissions ::= SEQUENCE { admissionAuthority [0] EXPLICIT GeneralName OPTIONAL namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL professionInfos SEQUENCE OF ProfessionInfo }

NamingAuthority ::= SEQUENCE { namingAuthorityId OBJECT IDENTIFIER OPTIONAL, namingAuthorityUrl IA5String OPTIONAL, namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL }

ProfessionInfo ::= SEQUENCE { namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL, professionItems SEQUENCE OF DirectoryString (SIZE(1..128)), professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL, registrationNumber PrintableString(SIZE(1..128)) OPTIONAL, addProfessionInfo OCTET STRING OPTIONAL }

@return an Asn1Object
@return Returns the admissionAuthority if present, null otherwise. @return Returns the contentsOfAdmissions. A declaration of majority.

                      DeclarationOfMajoritySyntax ::= CHOICE
                      {
                        notYoungerThan [0] IMPLICIT INTEGER,
                        fullAgeAtCountry [1] IMPLICIT SEQUENCE
                        {
                          fullAge BOOLEAN DEFAULT TRUE,
                          country PrintableString (SIZE(2))
                        }
                        dateOfBirth [2] IMPLICIT GeneralizedTime
                      }
            

fullAgeAtCountry indicates the majority of the owner with respect to the laws of a specific country. Produce an object suitable for an Asn1OutputStream.

Returns:

                       DeclarationOfMajoritySyntax ::= CHOICE
                       {
                         notYoungerThan [0] IMPLICIT INTEGER,
                         fullAgeAtCountry [1] IMPLICIT SEQUENCE
                         {
                           fullAge BOOLEAN DEFAULT TRUE,
                           country PrintableString (SIZE(2))
                         }
                         dateOfBirth [2] IMPLICIT GeneralizedTime
                       }
             
@return an Asn1Object
@return notYoungerThan if that's what we are, -1 otherwise Monetary limit for transactions. The QcEuMonetaryLimit QC statement MUST be used in new certificates in place of the extension/attribute MonetaryLimit since January 1, 2004. For the sake of backward compatibility with certificates already in use, components SHOULD support MonetaryLimit (as well as QcEuLimitValue).

Indicates a monetary limit within which the certificate holder is authorized to act. (This value DOES NOT express a limit on the liability of the certification authority).

               MonetaryLimitSyntax ::= SEQUENCE
               {
                 currency PrintableString (SIZE(3)),
                 amount INTEGER,
                 exponent INTEGER
               }
            

currency must be the ISO code.

value = amount�10*exponent Constructor from a given details.

value = amount�10^exponent @param currency The currency. Must be the ISO code. @param amount The amount @param exponent The exponent Produce an object suitable for an Asn1OutputStream.

Returns:

                MonetaryLimitSyntax ::= SEQUENCE
                {
                  currency PrintableString (SIZE(3)),
                  amount INTEGER,
                  exponent INTEGER
                }
             
@return an Asn1Object
Names of authorities which are responsible for the administration of title registers.
                        NamingAuthority ::= SEQUENCE 
                        {
                          namingAuthorityID OBJECT IDENTIFIER OPTIONAL,
                          namingAuthorityUrl IA5String OPTIONAL,
                          namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
                        }
            
@see Org.BouncyCastle.Asn1.IsisMtt.X509.AdmissionSyntax
Profession OIDs should always be defined under the OID branch of the responsible naming authority. At the time of this writing, the work group �Recht, Wirtschaft, Steuern� (�Law, Economy, Taxes�) is registered as the first naming authority under the OID id-isismtt-at-namingAuthorities. Constructor from Asn1Sequence.

                         NamingAuthority ::= SEQUENCE
                         {
                           namingAuthorityID OBJECT IDENTIFIER OPTIONAL,
                           namingAuthorityUrl IA5String OPTIONAL,
                           namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
                         }
             
@param seq The ASN.1 sequence.
@return Returns the namingAuthorityID. @return Returns the namingAuthorityText. @return Returns the namingAuthorityUrl. Constructor from given details.

All parameters can be combined. @param namingAuthorityID ObjectIdentifier for naming authority. @param namingAuthorityUrl URL for naming authority. @param namingAuthorityText Textual representation of naming authority. Produce an object suitable for an Asn1OutputStream.

Returns:

                         NamingAuthority ::= SEQUENCE
                         {
                           namingAuthorityID OBJECT IDENTIFIER OPTIONAL,
                           namingAuthorityUrl IA5String OPTIONAL,
                           namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
                         }
             
@return an Asn1Object
Attribute to indicate that the certificate holder may sign in the name of a third person.

ISIS-MTT PROFILE: The corresponding ProcurationSyntax contains either the name of the person who is represented (subcomponent thirdPerson) or a reference to his/her base certificate (in the component signingFor, subcomponent certRef), furthermore the optional components country and typeSubstitution to indicate the country whose laws apply, and respectively the type of procuration (e.g. manager, procuration, custody).

ISIS-MTT PROFILE: The GeneralName MUST be of type directoryName and MAY only contain: - RFC3039 attributes, except pseudonym (countryName, commonName, surname, givenName, serialNumber, organizationName, organizationalUnitName, stateOrProvincename, localityName, postalAddress) and - SubjectDirectoryName attributes (title, dateOfBirth, placeOfBirth, gender, countryOfCitizenship, countryOfResidence and NameAtBirth).

                          ProcurationSyntax ::= SEQUENCE {
                            country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
                            typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
                            signingFor [3] EXPLICIT SigningFor 
                          }
                          
                          SigningFor ::= CHOICE 
                          { 
                            thirdPerson GeneralName,
                            certRef IssuerSerial 
                          }
            
Constructor from Asn1Sequence.

The sequence is of type ProcurationSyntax:

                           ProcurationSyntax ::= SEQUENCE {
                             country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
                             typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
                             signingFor [3] EXPLICIT SigningFor
                           }
             

SigningFor ::= CHOICE { thirdPerson GeneralName, certRef IssuerSerial }

@param seq The ASN.1 sequence.
Constructor from a given details.

Either generalName or certRef MUST be null. @param country The country code whose laws apply. @param typeOfSubstitution The type of procuration. @param certRef Reference to certificate of the person who is represented. Constructor from a given details.

Either generalName or certRef MUST be null. @param country The country code whose laws apply. @param typeOfSubstitution The type of procuration. @param thirdPerson The GeneralName of the person who is represented. Produce an object suitable for an Asn1OutputStream.

Returns:

                           ProcurationSyntax ::= SEQUENCE {
                             country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
                             typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
                             signingFor [3] EXPLICIT SigningFor
                           }
             

SigningFor ::= CHOICE { thirdPerson GeneralName, certRef IssuerSerial }

@return an Asn1Object
Professions, specializations, disciplines, fields of activity, etc.
                          ProfessionInfo ::= SEQUENCE 
                          {
                            namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
                            professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
                            professionOids SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
                            registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
                            addProfessionInfo OCTET STRING OPTIONAL 
                          }
            
@see Org.BouncyCastle.Asn1.IsisMtt.X509.AdmissionSyntax
Rechtsanw�ltin Rechtsanwalt Rechtsbeistand Steuerberaterin Steuerberater Steuerbevollm�chtigte Steuerbevollm�chtigter Notarin Notar Notarvertreterin Notarvertreter Notariatsverwalterin Notariatsverwalter Wirtschaftspr�ferin Wirtschaftspr�fer Vereidigte Buchpr�ferin Vereidigter Buchpr�fer Patentanw�ltin Patentanwalt Constructor from Asn1Sequence.

                           ProfessionInfo ::= SEQUENCE
                           {
                             namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
                             professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
                             professionOids SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
                             registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
                             addProfessionInfo OCTET STRING OPTIONAL
                           }
             
@param seq The ASN.1 sequence.
Constructor from given details.

professionItems is mandatory, all other parameters are optional. @param namingAuthority The naming authority. @param professionItems Directory strings of the profession. @param professionOids DERObjectIdentfier objects for the profession. @param registrationNumber Registration number. @param addProfessionInfo Additional infos in encoded form. Produce an object suitable for an Asn1OutputStream.

Returns:

                           ProfessionInfo ::= SEQUENCE
                           {
                             namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
                             professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
                             professionOids SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
                             registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
                             addProfessionInfo OCTET STRING OPTIONAL
                           }
             
@return an Asn1Object
@return Returns the addProfessionInfo. @return Returns the namingAuthority. @return Returns the professionItems. @return Returns the professionOids. @return Returns the registrationNumber. Some other restriction regarding the usage of this certificate.

             RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
            
Constructor from DirectoryString.

The DirectoryString is of type RestrictionSyntax:

                  RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
             
@param restriction A IAsn1String.
Constructor from a given details. @param restriction The description of the restriction. Produce an object suitable for an Asn1OutputStream.

Returns:

                  RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
             

@return an Asn1Object
Produce an object suitable for an Asn1OutputStream.
            cast5CBCParameters ::= Sequence {
                                      iv         OCTET STRING DEFAULT 0,
                                             -- Initialization vector
                                      keyLength  Integer
                                             -- Key length, in bits
                                 }
            
Produce an object suitable for an Asn1OutputStream.
            IDEA-CBCPar ::= Sequence {
                                 iv    OCTET STRING OPTIONAL -- exactly 8 octets
                             }
            
The NetscapeCertType object.
               NetscapeCertType ::= BIT STRING {
                    SSLClient               (0),
                    SSLServer               (1),
                    S/MIME                  (2),
                    Object Signing          (3),
                    Reserved                (4),
                    SSL CA                  (5),
                    S/MIME CA               (6),
                    Object Signing CA       (7) }
            
Basic constructor. @param usage - the bitwise OR of the Key Usage flags giving the allowed uses for the key. e.g. (X509NetscapeCertType.sslCA | X509NetscapeCertType.smimeCA) This is designed to parse the PublicKeyAndChallenge created by the KEYGEN tag included by Mozilla based browsers.
              PublicKeyAndChallenge ::= SEQUENCE {
                spki SubjectPublicKeyInfo,
                challenge IA5STRING
              }
            
              
Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-3 return the X9ECParameters object for the named curve represented by the passed in object identifier. Null if the curve isn't present. @param oid an object identifier representing a named curve, if present. return the object identifier signified by the passed in name. Null if there is no object identifier associated with name. @return the object identifier associated with name, if present. return the named curve name represented by the given object identifier. returns an enumeration containing the name strings for curves contained in this structure. 2.16.840.1.101.3.4.3.5 2.16.840.1.101.3.4.3.6 2.16.840.1.101.3.4.3.7 2.16.840.1.101.3.4.3.8 2.16.840.1.101.3.4.3.9 2.16.840.1.101.3.4.3.10 2.16.840.1.101.3.4.3.11 2.16.840.1.101.3.4.3.12 2.16.840.1.101.3.4.3.9 2.16.840.1.101.3.4.3.10 2.16.840.1.101.3.4.3.11 2.16.840.1.101.3.4.3.12 From RFC 3657 Produce an object suitable for an Asn1OutputStream.
            BasicOcspResponse       ::= Sequence {
                 tbsResponseData      ResponseData,
                 signatureAlgorithm   AlgorithmIdentifier,
                 signature            BIT STRING,
                 certs                [0] EXPLICIT Sequence OF Certificate OPTIONAL }
            
Produce an object suitable for an Asn1OutputStream.
            CertID          ::=     Sequence {
                hashAlgorithm       AlgorithmIdentifier,
                issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
                issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
                serialNumber        CertificateSerialNumber }
            
create a CertStatus object with a tag of zero. Produce an object suitable for an Asn1OutputStream.
             CertStatus ::= CHOICE {
                             good        [0]     IMPLICIT Null,
                             revoked     [1]     IMPLICIT RevokedInfo,
                             unknown     [2]     IMPLICIT UnknownInfo }
            
Produce an object suitable for an Asn1OutputStream.
            CrlID ::= Sequence {
                crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
                crlNum               [1]     EXPLICIT Integer OPTIONAL,
                crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
            
Produce an object suitable for an Asn1OutputStream.
            OcspRequest     ::=     Sequence {
                tbsRequest                  TBSRequest,
                optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
            
Produce an object suitable for an Asn1OutputStream.
            OcspResponse ::= Sequence {
                responseStatus         OcspResponseStatus,
                responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
            
The OcspResponseStatus enumeration.
            OcspResponseStatus ::= Enumerated {
                successful            (0),  --Response has valid confirmations
                malformedRequest      (1),  --Illegal confirmation request
                internalError         (2),  --Internal error in issuer
                tryLater              (3),  --Try again later
                                            --(4) is not used
                sigRequired           (5),  --Must sign the request
                unauthorized          (6)   --Request unauthorized
            }
            
Produce an object suitable for an Asn1OutputStream.
            Request         ::=     Sequence {
                reqCert                     CertID,
                singleRequestExtensions     [0] EXPLICIT Extensions OPTIONAL }
            
Produce an object suitable for an Asn1OutputStream.
            ResponderID ::= CHOICE {
                 byName          [1] Name,
                 byKey           [2] KeyHash }
            
Produce an object suitable for an Asn1OutputStream.
            ResponseBytes ::=       Sequence {
                responseType   OBJECT IDENTIFIER,
                response       OCTET STRING }
            
Produce an object suitable for an Asn1OutputStream.
            ResponseData ::= Sequence {
                version              [0] EXPLICIT Version DEFAULT v1,
                responderID              ResponderID,
                producedAt               GeneralizedTime,
                responses                Sequence OF SingleResponse,
                responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
            
Produce an object suitable for an Asn1OutputStream.
            RevokedInfo ::= Sequence {
                 revocationTime              GeneralizedTime,
                 revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
            
Produce an object suitable for an Asn1OutputStream.
            ServiceLocator ::= Sequence {
                issuer    Name,
                locator   AuthorityInfoAccessSyntax OPTIONAL }
            
Produce an object suitable for an Asn1OutputStream.
            Signature       ::=     Sequence {
                signatureAlgorithm      AlgorithmIdentifier,
                signature               BIT STRING,
                certs               [0] EXPLICIT Sequence OF Certificate OPTIONAL}
            
Produce an object suitable for an Asn1OutputStream.
             SingleResponse ::= Sequence {
                     certID                       CertID,
                     certStatus                   CertStatus,
                     thisUpdate                   GeneralizedTime,
                     nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
                     singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
            
Produce an object suitable for an Asn1OutputStream.
            TBSRequest      ::=     Sequence {
                version             [0]     EXPLICIT Version DEFAULT v1,
                requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
                requestList                 Sequence OF Request,
                requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }
            
class for breaking up an Oid into it's component tokens, ala java.util.StringTokenizer. We need this class as some of the lightweight Java environment don't support classes like StringTokenizer. return an Attribute object from the given object. @param o the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            Attr ::= Sequence {
                attrType OBJECT IDENTIFIER,
                attrValues Set OF AttributeValue
            }
            
Pkcs10 Certfication request object.
            CertificationRequest ::= Sequence {
              certificationRequestInfo  CertificationRequestInfo,
              signatureAlgorithm        AlgorithmIdentifier{{ SignatureAlgorithms }},
              signature                 BIT STRING
            }
            
Pkcs10 CertificationRequestInfo object.
              CertificationRequestInfo ::= Sequence {
               version             Integer { v1(0) } (v1,...),
               subject             Name,
               subjectPKInfo   SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
               attributes          [0] Attributes{{ CRIAttributes }}
              }
            
              Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }}
            
              Attr { ATTRIBUTE:IOSet } ::= Sequence {
                type    ATTRIBUTE.&id({IOSet}),
                values  Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
              }
             
Produce an object suitable for an Asn1OutputStream.
            ContentInfo ::= Sequence {
                     contentType ContentType,
                     content
                     [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
            
The EncryptedData object.
                  EncryptedData ::= Sequence {
                       version Version,
                       encryptedContentInfo EncryptedContentInfo
                  }
            
            
                  EncryptedContentInfo ::= Sequence {
                      contentType ContentType,
                      contentEncryptionAlgorithm  ContentEncryptionAlgorithmIdentifier,
                      encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
                }
            
                EncryptedContent ::= OCTET STRING
             
Produce an object suitable for an Asn1OutputStream.
             EncryptedPrivateKeyInfo ::= Sequence {
                  encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
                  encryptedData EncryptedData
             }
            
             EncryptedData ::= OCTET STRING
            
             KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
                      ... -- For local profiles
             }
             
            MacData ::= SEQUENCE {
                mac      DigestInfo,
                macSalt  OCTET STRING,
                iterations INTEGER DEFAULT 1
                -- Note: The default is for historic reasons and its use is deprecated. A
                -- higher value, like 1024 is recommended.
            
@return the basic DERObject construction.
the infamous Pfx from Pkcs12 PKCS#1: 1.2.840.113549.1.1.15 PKCS#1: 1.2.840.113549.1.1.16 PKCS#9: 1.2.840.113549.1.9.16.2.37 - RFC 4108 PKCS#9: 1.2.840.113549.1.9.16.2.38 - RFC 4108 PKCS#9: 1.2.840.113549.1.9.16.2.54 RFC7030 PKCS#9: 1.2.840.113549.1.9.16.2.43 RFC7030 PKCS#9: 1.2.840.113549.1.9.16.2.40 RFC7030 RFC 5958
              [IMPLICIT TAGS]
            
              OneAsymmetricKey ::= SEQUENCE {
                  version                   Version,
                  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
                  privateKey                PrivateKey,
                  attributes            [0] Attributes OPTIONAL,
                  ...,
                  [[2: publicKey        [1] PublicKey OPTIONAL ]],
                  ...
              }
            
              PrivateKeyInfo ::= OneAsymmetricKey
            
              Version ::= INTEGER { v1(0), v2(1) } (v1, ..., v2)
            
              PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
                                                 { PUBLIC-KEY,
                                                   { PrivateKeyAlgorithms } }
            
              PrivateKey ::= OCTET STRING
                                 -- Content varies based on type of key.  The
                                 -- algorithm identifier dictates the format of
                                 -- the key.
            
              PublicKey ::= BIT STRING
                                 -- Content varies based on type of key.  The
                                 -- algorithm identifier dictates the format of
                                 -- the key.
            
              Attributes ::= SET OF Attribute { { OneAsymmetricKeyAttributes } }
              
Return true if a public key is present, false otherwise. For when the public key is an ASN.1 encoding. Return the public key as a raw bit string. The default version
              RSAES-OAEP-params ::= SEQUENCE {
                 hashAlgorithm      [0] OAEP-PSSDigestAlgorithms     DEFAULT sha1,
                 maskGenAlgorithm   [1] PKCS1MGFAlgorithms  DEFAULT mgf1SHA1,
                 pSourceAlgorithm   [2] PKCS1PSourceAlgorithms  DEFAULT pSpecifiedEmpty
               }
            
               OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
                 { OID id-sha1 PARAMETERS NULL   }|
                 { OID id-sha256 PARAMETERS NULL }|
                 { OID id-sha384 PARAMETERS NULL }|
                 { OID id-sha512 PARAMETERS NULL },
                 ...  -- Allows for future expansion --
               }
               PKCS1MGFAlgorithms    ALGORITHM-IDENTIFIER ::= {
                 { OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms },
                ...  -- Allows for future expansion --
               }
               PKCS1PSourceAlgorithms    ALGORITHM-IDENTIFIER ::= {
                 { OID id-pSpecified PARAMETERS OCTET STRING },
                 ...  -- Allows for future expansion --
              }
             
@return the asn1 primitive representing the parameters.
This outputs the key in Pkcs1v2 format.
                  RsaPrivateKey ::= Sequence {
                                      version Version,
                                      modulus Integer, -- n
                                      publicExponent Integer, -- e
                                      privateExponent Integer, -- d
                                      prime1 Integer, -- p
                                      prime2 Integer, -- q
                                      exponent1 Integer, -- d mod (p-1)
                                      exponent2 Integer, -- d mod (q-1)
                                      coefficient Integer -- (inverse of q) mod p
                                  }
            
                  Version ::= Integer
             

This routine is written to output Pkcs1 version 0, private keys.

The default version
             RSASSA-PSS-params ::= SEQUENCE {
               hashAlgorithm      [0] OAEP-PSSDigestAlgorithms  DEFAULT sha1,
                maskGenAlgorithm   [1] PKCS1MGFAlgorithms  DEFAULT mgf1SHA1,
                saltLength         [2] INTEGER  DEFAULT 20,
                trailerField       [3] TrailerField  DEFAULT trailerFieldBC
              }
            
             OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
                { OID id-sha1 PARAMETERS NULL   }|
                { OID id-sha256 PARAMETERS NULL }|
                { OID id-sha384 PARAMETERS NULL }|
                { OID id-sha512 PARAMETERS NULL },
                ...  -- Allows for future expansion --
             }
            
             PKCS1MGFAlgorithms    ALGORITHM-IDENTIFIER ::= {
               { OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms },
                ...  -- Allows for future expansion --
             }
            
             TrailerField ::= INTEGER { trailerFieldBC(1) }
             
@return the asn1 primitive representing the parameters.
a Pkcs#7 signed data object. Produce an object suitable for an Asn1OutputStream.
             SignedData ::= Sequence {
                 version Version,
                 digestAlgorithms DigestAlgorithmIdentifiers,
                 contentInfo ContentInfo,
                 certificates
                     [0] IMPLICIT ExtendedCertificatesAndCertificates
                              OPTIONAL,
                 crls
                     [1] IMPLICIT CertificateRevocationLists OPTIONAL,
                 signerInfos SignerInfos }
            
a Pkcs#7 signer info object. Produce an object suitable for an Asn1OutputStream.
              SignerInfo ::= Sequence {
                  version Version,
                  issuerAndSerialNumber IssuerAndSerialNumber,
                  digestAlgorithm DigestAlgorithmIdentifier,
                  authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
                  digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
                  encryptedDigest EncryptedDigest,
                  unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
              }
            
              EncryptedDigest ::= OCTET STRING
            
              DigestAlgorithmIdentifier ::= AlgorithmIdentifier
            
              DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
             
the elliptic curve private key object from SEC 1 ECPrivateKey ::= SEQUENCE { version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), privateKey OCTET STRING, parameters [0] Parameters OPTIONAL, publicKey [1] BIT STRING OPTIONAL } return the X9ECParameters object for the named curve represented by the passed in object identifier. Null if the curve isn't present. @param oid an object identifier representing a named curve, if present. return the object identifier signified by the passed in name. Null if there is no object identifier associated with name. @return the object identifier associated with name, if present. return the named curve name represented by the given object identifier. returns an enumeration containing the name strings for curves contained in this structure. EllipticCurve OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) certicom(132) curve(0) } Handler class for dealing with S/MIME Capabilities general preferences encryption algorithms preferences return an Attr object from the given object. @param o the object we want converted. @exception ArgumentException if the object cannot be converted. returns an ArrayList with 0 or more objects of all the capabilities matching the passed in capability Oid. If the Oid passed is null the entire set is returned. Produce an object suitable for an Asn1OutputStream.
            SMIMECapabilities ::= Sequence OF SMIMECapability
            
general preferences encryption algorithms preferences Produce an object suitable for an Asn1OutputStream.
            SMIMECapability ::= Sequence {
                capabilityID OBJECT IDENTIFIER,
                parameters ANY DEFINED BY capabilityID OPTIONAL
            }
            
Handler for creating a vector S/MIME Capabilities The SmimeEncryptionKeyPreference object.
            SmimeEncryptionKeyPreference ::= CHOICE {
                issuerAndSerialNumber   [0] IssuerAndSerialNumber,
                receipentKeyId          [1] RecipientKeyIdentifier,
                subjectAltKeyIdentifier [2] SubjectKeyIdentifier
            }
            
@param sKeyId the subjectKeyIdentifier value (normally the X.509 one) elliptic curves defined in "ECC Brainpool Standard Curves and Curve Generation" http://www.ecc-brainpool.org/download/draft_pkix_additional_ecc_dp.txt return the X9ECParameters object for the named curve represented by the passed in object identifier. Null if the curve isn't present. @param oid an object identifier representing a named curve, if present. return the object identifier signified by the passed in name. Null if there is no object identifier associated with name. @return the object identifier associated with name, if present. return the named curve name represented by the given object identifier. returns an enumeration containing the name strings for curves contained in this structure.
            Accuracy ::= SEQUENCE {
                        seconds        INTEGER              OPTIONAL,
                        millis     [0] INTEGER  (1..999)    OPTIONAL,
                        micros     [1] INTEGER  (1..999)    OPTIONAL
                        }
            
@param o @return a MessageImprint object.
               MessageImprint ::= SEQUENCE  {
                  hashAlgorithm                AlgorithmIdentifier,
                  hashedMessage                OCTET STRING  }
            
            TimeStampReq ::= SEQUENCE  {
             version                      INTEGER  { v1(1) },
             messageImprint               MessageImprint,
               --a hash algorithm OID and the hash value of the data to be
               --time-stamped
             reqPolicy             TSAPolicyId              OPTIONAL,
             nonce                 INTEGER                  OPTIONAL,
             certReq               BOOLEAN                  DEFAULT FALSE,
             extensions            [0] IMPLICIT Extensions  OPTIONAL
            }
            
            TimeStampResp ::= SEQUENCE  {
              status                  PkiStatusInfo,
              timeStampToken          TimeStampToken     OPTIONAL  }
            
            
                 TstInfo ::= SEQUENCE  {
                    version                      INTEGER  { v1(1) },
                    policy                       TSAPolicyId,
                    messageImprint               MessageImprint,
                      -- MUST have the same value as the similar field in
                      -- TimeStampReq
                    serialNumber                 INTEGER,
                     -- Time-Stamping users MUST be ready to accommodate integers
                     -- up to 160 bits.
                    genTime                      GeneralizedTime,
                    accuracy                     Accuracy                 OPTIONAL,
                    ordering                     BOOLEAN             DEFAULT FALSE,
                    nonce                        INTEGER                  OPTIONAL,
                      -- MUST be present if the similar field was present
                      -- in TimeStampReq.  In that case it MUST have the same value.
                    tsa                          [0] GeneralName          OPTIONAL,
                    extensions                   [1] IMPLICIT Extensions   OPTIONAL  }
            
             
Base OID: 1.2.804.2.1.1.1 DSTU4145 Little Endian presentation. OID: 1.2.804.2.1.1.1.1.3.1.1 DSTU4145 Big Endian presentation. OID: 1.2.804.2.1.1.1.1.3.1.1.1 DSTU7564 256-bit digest presentation. DSTU7564 384-bit digest presentation. DSTU7564 512-bit digest presentation. DSTU7564 256-bit mac presentation. DSTU7564 384-bit mac presentation. DSTU7564 512-bit mac presentation. DSTU7624 in ECB mode with 128 bit block/key presentation DSTU7624 in ECB mode with 256 bit block/key presentation DSTU7624 in ECB mode with 512 bit block/key presentation DSTU7624 in CTR mode with 128 bit block/key presentation DSTU7624 in CTR mode with 256 bit block/key presentation DSTU7624 in CTR mode with 512 bit block/key presentation DSTU7624 in CFB mode with 128 bit block/key presentation DSTU7624 in CFB mode with 256 bit block/key presentation DSTU7624 in CFB mode with 512 bit block/key presentation DSTU7624 in MAC mode with 128 bit block/key presentation DSTU7624 in MAC mode with 256 bit block/key presentation DSTU7624 in MAC mode with 512 bit block/key presentation DSTU7624 in CBC mode with 128 bit block/key presentation DSTU7624 in CBC mode with 256 bit block/key presentation DSTU7624 in CBC mode with 512 bit block/key presentation DSTU7624 in OFB mode with 128 bit block/key presentation DSTU7624 in OFB mode with 256 bit block/key presentation DSTU7624 in OFB mode with 512 bit block/key presentation DSTU7624 in GMAC (GCM witout encryption) mode with 128 bit block/key presentation DSTU7624 in GMAC (GCM witout encryption) mode with 256 bit block/key presentation DSTU7624 in GMAC (GCM witout encryption) mode with 512 bit block/key presentation DSTU7624 in CCM mode with 128 bit block/key presentation DSTU7624 in CCM mode with 256 bit block/key presentation DSTU7624 in CCM mode with 512 bit block/key presentation DSTU7624 in XTS mode with 128 bit block/key presentation DSTU7624 in XTS mode with 256 bit block/key presentation DSTU7624 in XTS mode with 512 bit block/key presentation DSTU7624 in key wrap (KW) mode with 128 bit block/key presentation DSTU7624 in key wrap (KW) mode with 256 bit block/key presentation DSTU7624 in key wrap (KW) mode with 512 bit block/key presentation dump a Der object as a formatted string with indentation @param obj the Asn1Object to be dumped out. dump out a DER object as a formatted string, in non-verbose mode @param obj the Asn1Encodable to be dumped out. @return the resulting string. Dump out the object as a string @param obj the Asn1Encodable to be dumped out. @param verbose if true, dump out the contents of octet and bit strings. @return the resulting string.
             DirectoryString ::= CHOICE {
               teletexString               TeletexString (SIZE (1..MAX)),
               printableString             PrintableString (SIZE (1..MAX)),
               universalString             UniversalString (SIZE (1..MAX)),
               utf8String                  UTF8String (SIZE (1..MAX)),
               bmpString                   BMPString (SIZE (1..MAX))  }
            
The AccessDescription object.
            AccessDescription  ::=  SEQUENCE {
                  accessMethod          OBJECT IDENTIFIER,
                  accessLocation        GeneralName  }
            
create an AccessDescription with the oid and location provided. @return the access method. @return the access location Return the OID in the Algorithm entry of this identifier. Return the parameters structure in the Parameters entry of this identifier. Produce an object suitable for an Asn1OutputStream.
                 AlgorithmIdentifier ::= Sequence {
                                       algorithm OBJECT IDENTIFIER,
                                       parameters ANY DEFINED BY algorithm OPTIONAL }
            
Don't use this one if you are trying to be RFC 3281 compliant. Use it for v1 attribute certificates only. Our GeneralNames structure Produce an object suitable for an Asn1OutputStream.
             AttCertIssuer ::= CHOICE {
                  v1Form   GeneralNames,  -- MUST NOT be used in this
                                          -- profile
                  v2Form   [0] V2Form     -- v2 only
             }
            
Produce an object suitable for an Asn1OutputStream.
             AttCertValidityPeriod  ::= Sequence {
                  notBeforeTime  GeneralizedTime,
                  notAfterTime   GeneralizedTime
             }
            
return an Attr object from the given object. @param o the object we want converted. @exception ArgumentException if the object cannot be converted. Produce an object suitable for an Asn1OutputStream.
            Attr ::= Sequence {
                attrType OBJECT IDENTIFIER,
                attrValues Set OF AttributeValue
            }
            
@param obj @return Produce an object suitable for an Asn1OutputStream.
             AttributeCertificate ::= Sequence {
                  acinfo               AttributeCertificateInfo,
                  signatureAlgorithm   AlgorithmIdentifier,
                  signatureValue       BIT STRING
             }
            
Produce an object suitable for an Asn1OutputStream.
              AttributeCertificateInfo ::= Sequence {
                   version              AttCertVersion -- version is v2,
                   holder               Holder,
                   issuer               AttCertIssuer,
                   signature            AlgorithmIdentifier,
                   serialNumber         CertificateSerialNumber,
                   attrCertValidityPeriod   AttCertValidityPeriod,
                   attributes           Sequence OF Attr,
                   issuerUniqueID       UniqueIdentifier OPTIONAL,
                   extensions           Extensions OPTIONAL
              }
            
              AttCertVersion ::= Integer { v2(1) }
             
The AuthorityInformationAccess object.
             id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
            
             AuthorityInfoAccessSyntax  ::=
                  Sequence SIZE (1..MAX) OF AccessDescription
             AccessDescription  ::=  Sequence {
                   accessMethod          OBJECT IDENTIFIER,
                   accessLocation        GeneralName  }
            
             id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
             id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
             id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
             
create an AuthorityInformationAccess with the oid and location provided. The AuthorityKeyIdentifier object.
             id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
            
               AuthorityKeyIdentifier ::= Sequence {
                  keyIdentifier             [0] IMPLICIT KeyIdentifier           OPTIONAL,
                  authorityCertIssuer       [1] IMPLICIT GeneralNames            OPTIONAL,
                  authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL  }
            
               KeyIdentifier ::= OCTET STRING
             
* * Calulates the keyidentifier using a SHA1 hash over the BIT STRING * from SubjectPublicKeyInfo as defined in RFC2459. * * Example of making a AuthorityKeyIdentifier: *
            	     *   SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
            		 *       publicKey.getEncoded()).readObject());
                     *   AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
                     * 
* *
create an AuthorityKeyIdentifier with the GeneralNames tag and the serial number provided as well. create an AuthorityKeyIdentifier with the GeneralNames tag and the serial number provided. create an AuthorityKeyIdentifier with a precomputed key identifier create an AuthorityKeyIdentifier with a precomupted key identifier and the GeneralNames tag and the serial number provided as well. Produce an object suitable for an Asn1OutputStream. create a cA=true object for the given path length constraint. @param pathLenConstraint Produce an object suitable for an Asn1OutputStream.
            BasicConstraints := Sequence {
               cA                  Boolean DEFAULT FALSE,
               pathLenConstraint   Integer (0..MAX) OPTIONAL
            }
            
PKIX RFC-2459 The X.509 v2 CRL syntax is as follows. For signature calculation, the data that is to be signed is ASN.1 Der encoded.
             CertificateList  ::=  Sequence  {
                  tbsCertList          TbsCertList,
                  signatureAlgorithm   AlgorithmIdentifier,
                  signatureValue       BIT STRING  }
             
This class helps to support crossCerfificatePairs in a LDAP directory according RFC 2587
                 crossCertificatePairATTRIBUTE::={
                   WITH SYNTAX   CertificatePair
                   EQUALITY MATCHING RULE certificatePairExactMatch
                   ID joint-iso-ccitt(2) ds(5) attributeType(4) crossCertificatePair(40)}
             
The forward elements of the crossCertificatePair attribute of a CA's directory entry shall be used to store all, except self-issued certificates issued to this CA. Optionally, the reverse elements of the crossCertificatePair attribute, of a CA's directory entry may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present in a single attribute value, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. When a reverse element is present, the forward element value and the reverse element value need not be stored in the same attribute value; in other words, they can be stored in either a single attribute value or two attribute values.
                   CertificatePair ::= SEQUENCE {
                     forward		[0]	Certificate OPTIONAL,
                     reverse		[1]	Certificate OPTIONAL,
                     -- at least one of the pair shall be present -- }
             
Constructor from Asn1Sequence.

The sequence is of type CertificatePair:

                   CertificatePair ::= SEQUENCE {
                     forward		[0]	Certificate OPTIONAL,
                     reverse		[1]	Certificate OPTIONAL,
                     -- at least one of the pair shall be present -- }
             
@param seq The ASN.1 sequence.
Constructor from a given details. @param forward Certificates issued to this CA. @param reverse Certificates issued by this CA to other CAs. Produce an object suitable for an Asn1OutputStream.

Returns:

                   CertificatePair ::= SEQUENCE {
                     forward		[0]	Certificate OPTIONAL,
                     reverse		[1]	Certificate OPTIONAL,
                     -- at least one of the pair shall be present -- }
             
@return a DERObject
@return Returns the forward. @return Returns the reverse. Construct a CertificatePolicies object containing one PolicyInformation. @param name the name to be contained. Produce an object suitable for an ASN1OutputStream.
            CertificatePolicies ::= SEQUENCE SIZE {1..MAX} OF PolicyInformation
            
CertPolicyId, used in the CertificatePolicies and PolicyMappings X509V3 Extensions.
                 CertPolicyId ::= OBJECT IDENTIFIER
             
Return the distribution points making up the sequence. @return DistributionPoint[] Produce an object suitable for an Asn1OutputStream.
            CrlDistPoint ::= Sequence SIZE {1..MAX} OF DistributionPoint
            
The CRLNumber object.
            CRLNumber::= Integer(0..MAX)
            
The CRLReason enumeration.
            CRLReason ::= Enumerated {
             unspecified             (0),
             keyCompromise           (1),
             cACompromise            (2),
             affiliationChanged      (3),
             superseded              (4),
             cessationOfOperation    (5),
             certificateHold         (6),
             removeFromCRL           (8),
             privilegeWithdrawn      (9),
             aACompromise           (10)
            }
            
The DigestInfo object.
            DigestInfo::=Sequence{
                     digestAlgorithm  AlgorithmIdentifier,
                     digest OCTET STRING }
            
DisplayText class, used in CertificatePolicies X509 V3 extensions (in policy qualifiers).

It stores a string in a chosen encoding.

             DisplayText ::= CHOICE {
                  ia5String        IA5String      (SIZE (1..200)),
                  visibleString    VisibleString  (SIZE (1..200)),
                  bmpString        BMPString      (SIZE (1..200)),
                  utf8String       UTF8String     (SIZE (1..200)) }
             

@see PolicyQualifierInfo @see PolicyInformation
Constant corresponding to ia5String encoding. Constant corresponding to bmpString encoding. Constant corresponding to utf8String encoding. Constant corresponding to visibleString encoding. Describe constant DisplayTextMaximumSize here. Creates a new DisplayText instance. @param type the desired encoding type for the text. @param text the text to store. Strings longer than 200 characters are truncated. Creates a new DisplayText instance. @param text the text to encapsulate. Strings longer than 200 characters are truncated. Creates a new DisplayText instance.

Useful when reading back a DisplayText class from it's Asn1Encodable form.

@param contents an Asn1Encodable instance.
Returns the stored string object. @return the stored text as a string. The DistributionPoint object.
            DistributionPoint ::= Sequence {
                 distributionPoint [0] DistributionPointName OPTIONAL,
                 reasons           [1] ReasonFlags OPTIONAL,
                 cRLIssuer         [2] GeneralNames OPTIONAL
            }
            
The DistributionPointName object.
            DistributionPointName ::= CHOICE {
                fullName                 [0] GeneralNames,
                nameRelativeToCRLIssuer  [1] RDN
            }
            
The extendedKeyUsage object.
                 extendedKeyUsage ::= Sequence SIZE (1..MAX) OF KeyPurposeId
            
Returns all extended key usages. The returned ArrayList contains DerObjectIdentifier instances. @return An ArrayList with all key purposes. The GeneralName object.
             GeneralName ::= CHOICE {
                  otherName                       [0]     OtherName,
                  rfc822Name                      [1]     IA5String,
                  dNSName                         [2]     IA5String,
                  x400Address                     [3]     ORAddress,
                  directoryName                   [4]     Name,
                  ediPartyName                    [5]     EDIPartyName,
                  uniformResourceIdentifier       [6]     IA5String,
                  iPAddress                       [7]     OCTET STRING,
                  registeredID                    [8]     OBJECT IDENTIFIER}
            
             OtherName ::= Sequence {
                  type-id    OBJECT IDENTIFIER,
                  value      [0] EXPLICIT ANY DEFINED BY type-id }
            
             EDIPartyName ::= Sequence {
                  nameAssigner            [0]     DirectoryString OPTIONAL,
                  partyName               [1]     DirectoryString }
             
When the subjectAltName extension contains an Internet mail address, the address MUST be included as an rfc822Name. The format of an rfc822Name is an "addr-spec" as defined in RFC 822 [RFC 822]. When the subjectAltName extension contains a domain name service label, the domain name MUST be stored in the dNSName (an IA5String). The name MUST be in the "preferred name syntax," as specified by RFC 1034 [RFC 1034]. When the subjectAltName extension contains a URI, the name MUST be stored in the uniformResourceIdentifier (an IA5String). The name MUST be a non-relative URL, and MUST follow the URL syntax and encoding rules specified in [RFC 1738]. The name must include both a scheme (e.g., "http" or "ftp") and a scheme-specific-part. The scheme- specific-part must include a fully qualified domain name or IP address as the host. When the subjectAltName extension contains a iPAddress, the address MUST be stored in the octet string in "network byte order," as specified in RFC 791 [RFC 791]. The least significant bit (LSB) of each octet is the LSB of the corresponding byte in the network address. For IP Version 4, as specified in RFC 791, the octet string MUST contain exactly four octets. For IP Version 6, as specified in RFC 1883, the octet string MUST contain exactly sixteen octets [RFC 1883]. Create a GeneralName for the given tag from the passed in string.

This constructor can handle:

  • rfc822Name
  • iPAddress
  • directoryName
  • dNSName
  • uniformResourceIdentifier
  • registeredID
For x400Address, otherName and ediPartyName there is no common string format defined.

Note: A directory name can be encoded in different ways into a byte representation. Be aware of this if the byte representation is used for comparing results.

@param tag tag number @param name string representation of name @throws ArgumentException if the string encoding is not correct or not supported.
Construct a GeneralNames object containing one GeneralName. The name to be contained. Produce an object suitable for an Asn1OutputStream.
            GeneralNames ::= Sequence SIZE {1..MAX} OF GeneralName
            
Class for containing a restriction object subtrees in NameConstraints. See RFC 3280.
            
                   GeneralSubtree ::= SEQUENCE
                   {
                     baseName                    GeneralName,
                     minimum         [0]     BaseDistance DEFAULT 0,
                     maximum         [1]     BaseDistance OPTIONAL
                   }
             
@see org.bouncycastle.asn1.x509.NameConstraints
Constructor from a given details. According RFC 3280, the minimum and maximum fields are not used with any name forms, thus minimum MUST be zero, and maximum MUST be absent.

If minimum is null, zero is assumed, if maximum is null, maximum is absent.

@param baseName A restriction. @param minimum Minimum @param maximum Maximum
Produce an object suitable for an Asn1OutputStream. Returns:
                   GeneralSubtree ::= SEQUENCE
                   {
                     baseName                    GeneralName,
                     minimum         [0]     BaseDistance DEFAULT 0,
                     maximum         [1]     BaseDistance OPTIONAL
                   }
             
@return a DERObject
The Holder object.

For an v2 attribute certificate this is:

                       Holder ::= SEQUENCE {
                             baseCertificateID   [0] IssuerSerial OPTIONAL,
                                      -- the issuer and serial number of
                                      -- the holder's Public Key Certificate
                             entityName          [1] GeneralNames OPTIONAL,
                                      -- the name of the claimant or role
                             objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                                      -- used to directly authenticate the holder,
                                      -- for example, an executable
                       }
            

For an v1 attribute certificate this is:

                    subject CHOICE {
                     baseCertificateID [0] IssuerSerial,
                     -- associated with a Public Key Certificate
                     subjectName [1] GeneralNames },
                     -- associated with a name
            

Constructor for a holder for an v1 attribute certificate. @param tagObj The ASN.1 tagged holder object. Constructor for a holder for an v2 attribute certificate. * @param seq The ASN.1 sequence. Constructs a holder from a IssuerSerial. @param baseCertificateID The IssuerSerial. @param version The version of the attribute certificate. Returns 1 for v2 attribute certificates or 0 for v1 attribute certificates. @return The version of the attribute certificate. Constructs a holder with an entityName for v2 attribute certificates or with a subjectName for v1 attribute certificates. @param entityName The entity or subject name. Constructs a holder with an entityName for v2 attribute certificates or with a subjectName for v1 attribute certificates. @param entityName The entity or subject name. @param version The version of the attribute certificate. Constructs a holder from an object digest info. @param objectDigestInfo The object digest info object. Returns the entityName for an v2 attribute certificate or the subjectName for an v1 attribute certificate. @return The entityname or subjectname. The Holder object.
             Holder ::= Sequence {
                   baseCertificateID   [0] IssuerSerial OPTIONAL,
                            -- the issuer and serial number of
                            -- the holder's Public Key Certificate
                   entityName          [1] GeneralNames OPTIONAL,
                            -- the name of the claimant or role
                   objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                            -- used to directly authenticate the holder,
                            -- for example, an executable
             }
            
Implementation of IetfAttrSyntax as specified by RFC3281.
            
              IetfAttrSyntax ::= Sequence {
                policyAuthority [0] GeneralNames OPTIONAL,
                values Sequence OF CHOICE {
                  octets OCTET STRING,
                  oid OBJECT IDENTIFIER,
                  string UTF8String
                }
              }
            
             
Produce an object suitable for an Asn1OutputStream.
             IssuerSerial  ::=  Sequence {
                  issuer         GeneralNames,
                  serial         CertificateSerialNumber,
                  issuerUid      UniqueIdentifier OPTIONAL
             }
            
            IssuingDistributionPoint ::= SEQUENCE { 
              distributionPoint          [0] DistributionPointName OPTIONAL, 
              onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE, 
              onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE, 
              onlySomeReasons            [3] ReasonFlags OPTIONAL, 
              indirectCRL                [4] BOOLEAN DEFAULT FALSE,
              onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
            
Constructor from given details. @param distributionPoint May contain an URI as pointer to most current CRL. @param onlyContainsUserCerts Covers revocation information for end certificates. @param onlyContainsCACerts Covers revocation information for CA certificates. @param onlySomeReasons Which revocation reasons does this point cover. @param indirectCRL If true then the CRL contains revocation information about certificates ssued by other CAs. @param onlyContainsAttributeCerts Covers revocation information for attribute certificates. Constructor from Asn1Sequence @return Returns the distributionPoint. @return Returns the onlySomeReasons. The KeyPurposeID object.
                KeyPurposeID ::= OBJECT IDENTIFIER
            
The KeyUsage object.
                id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
            
                KeyUsage ::= BIT STRING {
                     digitalSignature        (0),
                     nonRepudiation          (1),
                     keyEncipherment         (2),
                     dataEncipherment        (3),
                     keyAgreement            (4),
                     keyCertSign             (5),
                     cRLSign                 (6),
                     encipherOnly            (7),
                     decipherOnly            (8) }
             
Basic constructor. @param usage - the bitwise OR of the Key Usage flags giving the allowed uses for the key. e.g. (KeyUsage.keyEncipherment | KeyUsage.dataEncipherment) Constructor from a given details.

permitted and excluded are Vectors of GeneralSubtree objects.

@param permitted Permitted subtrees @param excluded Excluded subtrees
NoticeReference class, used in CertificatePolicies X509 V3 extensions (in policy qualifiers).
              NoticeReference ::= Sequence {
                  organization     DisplayText,
                  noticeNumbers    Sequence OF Integer }
            
             
@see PolicyQualifierInfo @see PolicyInformation
Creates a new NoticeReference instance. @param organization a String value @param numbers a Vector value Creates a new NoticeReference instance. @param organization a String value @param noticeNumbers an ASN1EncodableVector value Creates a new NoticeReference instance. @param organization displayText @param noticeNumbers an ASN1EncodableVector value Creates a new NoticeReference instance.

Useful for reconstructing a NoticeReference instance from its encodable/encoded form.

@param as an Asn1Sequence value obtained from either calling @{link ToAsn1Object()} for a NoticeReference instance or from parsing it from a Der-encoded stream.
Describe ToAsn1Object method here. @return a Asn1Object value ObjectDigestInfo ASN.1 structure used in v2 attribute certificates.
             
               ObjectDigestInfo ::= SEQUENCE {
                    digestedObjectType  ENUMERATED {
                            publicKey            (0),
                            publicKeyCert        (1),
                            otherObjectTypes     (2) },
                                    -- otherObjectTypes MUST NOT
                                    -- be used in this profile
                    otherObjectTypeID   OBJECT IDENTIFIER OPTIONAL,
                    digestAlgorithm     AlgorithmIdentifier,
                    objectDigest        BIT STRING
               }
              
            
The public key is hashed. The public key certificate is hashed. An other object is hashed. Constructor from given details.

If digestedObjectType is not {@link #publicKeyCert} or {@link #publicKey} otherObjectTypeID must be given, otherwise it is ignored.

@param digestedObjectType The digest object type. @param otherObjectTypeID The object type ID for otherObjectDigest. @param digestAlgorithm The algorithm identifier for the hash. @param objectDigest The hash value.
Produce an object suitable for an Asn1OutputStream.
             
               ObjectDigestInfo ::= SEQUENCE {
                    digestedObjectType  ENUMERATED {
                            publicKey            (0),
                            publicKeyCert        (1),
                            otherObjectTypes     (2) },
                                    -- otherObjectTypes MUST NOT
                                    -- be used in this profile
                    otherObjectTypeID   OBJECT IDENTIFIER OPTIONAL,
                    digestAlgorithm     AlgorithmIdentifier,
                    objectDigest        BIT STRING
               }
              
            
PolicyMappings V3 extension, described in RFC3280.
                PolicyMappings ::= Sequence SIZE (1..MAX) OF Sequence {
                  issuerDomainPolicy      CertPolicyId,
                  subjectDomainPolicy     CertPolicyId }
             
@see RFC 3280, section 4.2.1.6
Creates a new PolicyMappings instance. @param seq an Asn1Sequence constructed as specified in RFC 3280 Creates a new PolicyMappings instance. @param mappings a HashMap value that maps string oids to other string oids. PolicyQualifierId, used in the CertificatePolicies X509V3 extension.
                id-qt          OBJECT IDENTIFIER ::=  { id-pkix 2 }
                id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
                id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
              PolicyQualifierId ::=
                   OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
             
Policy qualifiers, used in the X509V3 CertificatePolicies extension.
               PolicyQualifierInfo ::= Sequence {
                   policyQualifierId  PolicyQualifierId,
                   qualifier          ANY DEFINED BY policyQualifierId }
             
Creates a new PolicyQualifierInfo instance. @param policyQualifierId a PolicyQualifierId value @param qualifier the qualifier, defined by the above field. Creates a new PolicyQualifierInfo containing a cPSuri qualifier. @param cps the CPS (certification practice statement) uri as a string. Creates a new PolicyQualifierInfo instance. @param as PolicyQualifierInfo X509 structure encoded as an Asn1Sequence. Returns a Der-encodable representation of this instance. @return a Asn1Object value
            PrivateKeyUsagePeriod ::= SEQUENCE
            {
            notBefore       [0]     GeneralizedTime OPTIONAL,
            notAfter        [1]     GeneralizedTime OPTIONAL }
            
The BiometricData object.
            BiometricData  ::=  SEQUENCE {
                  typeOfBiometricData  TypeOfBiometricData,
                  hashAlgorithm        AlgorithmIdentifier,
                  biometricDataHash    OCTET STRING,
                  sourceDataUri        IA5String OPTIONAL  }
            
The Iso4217CurrencyCode object.
            Iso4217CurrencyCode  ::=  CHOICE {
                  alphabetic              PrintableString (SIZE 3), --Recommended
                  numeric              INTEGER (1..999) }
            -- Alphabetic or numeric currency code as defined in ISO 4217
            -- It is recommended that the Alphabetic form is used
            
The MonetaryValue object.
            MonetaryValue  ::=  SEQUENCE {
                  currency              Iso4217CurrencyCode,
                  amount               INTEGER,
                  exponent             INTEGER }
            -- value = amount * 10^exponent
            
The QCStatement object.
            QCStatement ::= SEQUENCE {
              statementId        OBJECT IDENTIFIER,
              statementInfo      ANY DEFINED BY statementId OPTIONAL}
            
The SemanticsInformation object.
                   SemanticsInformation ::= SEQUENCE {
                     semanticsIdentifier        OBJECT IDENTIFIER   OPTIONAL,
                     nameRegistrationAuthorities NameRegistrationAuthorities
                                                                     OPTIONAL }
                     (WITH COMPONENTS {..., semanticsIdentifier PRESENT}|
                      WITH COMPONENTS {..., nameRegistrationAuthorities PRESENT})
            
                 NameRegistrationAuthorities ::=  SEQUENCE SIZE (1..MAX) OF
                     GeneralName
             
The TypeOfBiometricData object.
             TypeOfBiometricData ::= CHOICE {
               predefinedBiometricType   PredefinedBiometricType,
               biometricDataOid          OBJECT IDENTIFIER }
            
             PredefinedBiometricType ::= INTEGER {
               picture(0),handwritten-signature(1)}
               (picture|handwritten-signature)
             
The ReasonFlags object.
            ReasonFlags ::= BIT STRING {
               unused(0),
               keyCompromise(1),
               cACompromise(2),
               affiliationChanged(3),
               superseded(4),
               cessationOfOperation(5),
               certficateHold(6)
            }
            
@param reasons - the bitwise OR of the Key Reason flags giving the allowed uses for the key. Implementation of the RoleSyntax object as specified by the RFC3281.
             RoleSyntax ::= SEQUENCE {
                             roleAuthority  [0] GeneralNames OPTIONAL,
                             roleName       [1] GeneralName
                       }
             
RoleSyntax factory method. @param obj the object used to construct an instance of RoleSyntax. It must be an instance of RoleSyntax or Asn1Sequence. @return the instance of RoleSyntax built from the supplied object. @throws java.lang.ArgumentException if the object passed to the factory is not an instance of RoleSyntax or Asn1Sequence. Constructor. @param roleAuthority the role authority of this RoleSyntax. @param roleName the role name of this RoleSyntax. Constructor. Invoking this constructor is the same as invoking new RoleSyntax(null, roleName). @param roleName the role name of this RoleSyntax. Utility constructor. Takes a string argument representing the role name, builds a GeneralName to hold the role name and calls the constructor that takes a GeneralName. @param roleName Constructor that builds an instance of RoleSyntax by extracting the encoded elements from the Asn1Sequence object supplied. @param seq an instance of Asn1Sequence that holds the encoded elements used to build this RoleSyntax. Gets the role authority of this RoleSyntax. @return an instance of GeneralNames holding the role authority of this RoleSyntax. Gets the role name of this RoleSyntax. @return an instance of GeneralName holding the role name of this RoleSyntax. Gets the role name as a java.lang.string object. @return the role name of this RoleSyntax represented as a string object. Gets the role authority as a string[] object. @return the role authority of this RoleSyntax represented as a string[] array. Implementation of the method ToAsn1Object as required by the superclass ASN1Encodable.
             RoleSyntax ::= SEQUENCE {
                             roleAuthority  [0] GeneralNames OPTIONAL,
                             roleName       [1] GeneralName
                       }
             
This outputs the key in Pkcs1v2 format.
                 RSAPublicKey ::= Sequence {
                                     modulus Integer, -- n
                                     publicExponent Integer, -- e
                                 }
            
Structure for a name or pseudonym.
                  NameOrPseudonym ::= CHOICE {
                	   surAndGivenName SEQUENCE {
                	     surName DirectoryString,
                	     givenName SEQUENCE OF DirectoryString 
                    },
                	   pseudonym DirectoryString 
                  }
            
@see org.bouncycastle.asn1.x509.sigi.PersonalData
Constructor from DERString.

The sequence is of type NameOrPseudonym:

                  NameOrPseudonym ::= CHOICE {
                	   surAndGivenName SEQUENCE {
                	     surName DirectoryString,
                	     givenName SEQUENCE OF DirectoryString
                    },
                	   pseudonym DirectoryString
                  }
            
@param pseudonym pseudonym value to use.
Constructor from Asn1Sequence.

The sequence is of type NameOrPseudonym:

                   NameOrPseudonym ::= CHOICE {
                 	   surAndGivenName SEQUENCE {
                 	     surName DirectoryString,
                 	     givenName SEQUENCE OF DirectoryString
                     },
                 	   pseudonym DirectoryString
                   }
             
@param seq The ASN.1 sequence.
Constructor from a given details. @param pseudonym The pseudonym. Constructor from a given details. @param surname The surname. @param givenName A sequence of directory strings making up the givenName Produce an object suitable for an Asn1OutputStream.

Returns:

                   NameOrPseudonym ::= CHOICE {
                 	   surAndGivenName SEQUENCE {
                 	     surName DirectoryString,
                 	     givenName SEQUENCE OF DirectoryString
                     },
                 	   pseudonym DirectoryString
                   }
             
@return an Asn1Object
Contains personal data for the otherName field in the subjectAltNames extension.

                 PersonalData ::= SEQUENCE {
                   nameOrPseudonym NameOrPseudonym,
                   nameDistinguisher [0] INTEGER OPTIONAL,
                   dateOfBirth [1] GeneralizedTime OPTIONAL,
                   placeOfBirth [2] DirectoryString OPTIONAL,
                   gender [3] PrintableString OPTIONAL,
                   postalAddress [4] DirectoryString OPTIONAL
                   }
             
@see org.bouncycastle.asn1.x509.sigi.NameOrPseudonym @see org.bouncycastle.asn1.x509.sigi.SigIObjectIdentifiers
Constructor from Asn1Sequence.

The sequence is of type NameOrPseudonym:

                 PersonalData ::= SEQUENCE {
                   nameOrPseudonym NameOrPseudonym,
                   nameDistinguisher [0] INTEGER OPTIONAL,
                   dateOfBirth [1] GeneralizedTime OPTIONAL,
                   placeOfBirth [2] DirectoryString OPTIONAL,
                   gender [3] PrintableString OPTIONAL,
                   postalAddress [4] DirectoryString OPTIONAL
                   }
             
@param seq The ASN.1 sequence.
Constructor from a given details. @param nameOrPseudonym Name or pseudonym. @param nameDistinguisher Name distinguisher. @param dateOfBirth Date of birth. @param placeOfBirth Place of birth. @param gender Gender. @param postalAddress Postal Address. Produce an object suitable for an Asn1OutputStream.

Returns:

                 PersonalData ::= SEQUENCE {
                   nameOrPseudonym NameOrPseudonym,
                   nameDistinguisher [0] INTEGER OPTIONAL,
                   dateOfBirth [1] GeneralizedTime OPTIONAL,
                   placeOfBirth [2] DirectoryString OPTIONAL,
                   gender [3] PrintableString OPTIONAL,
                   postalAddress [4] DirectoryString OPTIONAL
                   }
             
@return an Asn1Object
Object Identifiers of SigI specifciation (German Signature Law Interoperability specification). Key purpose IDs for German SigI (Signature Interoperability Specification) Certificate policy IDs for German SigI (Signature Interoperability Specification) Other Name IDs for German SigI (Signature Interoperability Specification) To be used for for the generation of directory service certificates. ID for PersonalData Certificate is conform to german signature law. This extension may contain further X.500 attributes of the subject. See also RFC 3039.
                 SubjectDirectoryAttributes ::= Attributes
                 Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
                 Attribute ::= SEQUENCE
                 {
                   type AttributeType
                   values SET OF AttributeValue
                 }
            
                 AttributeType ::= OBJECT IDENTIFIER
                 AttributeValue ::= ANY DEFINED BY AttributeType
             
@see org.bouncycastle.asn1.x509.X509Name for AttributeType ObjectIdentifiers.
Constructor from Asn1Sequence. The sequence is of type SubjectDirectoryAttributes:
                  SubjectDirectoryAttributes ::= Attributes
                  Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
                  Attribute ::= SEQUENCE
                  {
                    type AttributeType
                    values SET OF AttributeValue
                  }
            
                  AttributeType ::= OBJECT IDENTIFIER
                  AttributeValue ::= ANY DEFINED BY AttributeType
             
@param seq The ASN.1 sequence.
Constructor from an ArrayList of attributes. The ArrayList consists of attributes of type {@link Attribute Attribute} @param attributes The attributes. Produce an object suitable for an Asn1OutputStream. Returns:
                  SubjectDirectoryAttributes ::= Attributes
                  Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
                  Attribute ::= SEQUENCE
                  {
                    type AttributeType
                    values SET OF AttributeValue
                  }
            
                  AttributeType ::= OBJECT IDENTIFIER
                  AttributeValue ::= ANY DEFINED BY AttributeType
             
@return a DERObject
@return Returns the attributes. The SubjectKeyIdentifier object.
            SubjectKeyIdentifier::= OCTET STRING
            
Calculates the keyIdentifier using a SHA1 hash over the BIT STRING from SubjectPublicKeyInfo as defined in RFC3280. @param spki the subject public key info. Return a RFC 3280 type 1 key identifier. As in:
            (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
            value of the BIT STRING subjectPublicKey (excluding the tag,
            length, and number of unused bits).
            
@param keyInfo the key info object containing the subjectPublicKey field. @return the key identifier.
Return a RFC 3280 type 2 key identifier. As in:
            (2) The keyIdentifier is composed of a four bit type field with
            the value 0100 followed by the least significant 60 bits of the
            SHA-1 hash of the value of the BIT STRING subjectPublicKey.
            
@param keyInfo the key info object containing the subjectPublicKey field. @return the key identifier.
The object that contains the public key stored in a certficate.

The GetEncoded() method in the public keys in the JCE produces a DER encoded one of these.

for when the public key is an encoded object - if the bitstring can't be decoded this routine raises an IOException. @exception IOException - if the bit string doesn't represent a Der encoded object. for when the public key is raw bits... Produce an object suitable for an Asn1OutputStream.
            SubjectPublicKeyInfo ::= Sequence {
                                     algorithm AlgorithmIdentifier,
                                     publicKey BIT STRING }
            
Target structure used in target information extension for attribute certificates from RFC 3281.
                Target  ::= CHOICE {
                  targetName          [0] GeneralName,
                  targetGroup         [1] GeneralName,
                  targetCert          [2] TargetCert
                }
            

The targetCert field is currently not supported and must not be used according to RFC 3281.

Creates an instance of a Target from the given object.

obj can be a Target or a {@link Asn1TaggedObject}

@param obj The object. @return A Target instance. @throws ArgumentException if the given object cannot be interpreted as Target.
Constructor from Asn1TaggedObject. @param tagObj The tagged object. @throws ArgumentException if the encoding is wrong. Constructor from given details.

Exactly one of the parameters must be not null.

@param type the choice type to apply to the name. @param name the general name. @throws ArgumentException if type is invalid.
@return Returns the targetGroup. @return Returns the targetName. Produce an object suitable for an Asn1OutputStream. Returns:
                Target  ::= CHOICE {
                  targetName          [0] GeneralName,
                  targetGroup         [1] GeneralName,
                  targetCert          [2] TargetCert
                }
            
@return an Asn1Object
Target information extension for attributes certificates according to RFC 3281.
                      SEQUENCE OF Targets
            
Creates an instance of a TargetInformation from the given object.

obj can be a TargetInformation or a {@link Asn1Sequence}

@param obj The object. @return A TargetInformation instance. @throws ArgumentException if the given object cannot be interpreted as TargetInformation.
Constructor from a Asn1Sequence. @param seq The Asn1Sequence. @throws ArgumentException if the sequence does not contain correctly encoded Targets elements. Returns the targets in this target information extension.

The ArrayList is cloned before it is returned.

@return Returns the targets.
Constructs a target information from a single targets element. According to RFC 3281 only one targets element must be produced. @param targets A Targets instance. According to RFC 3281 only one targets element must be produced. If multiple targets are given they must be merged in into one targets element. @param targets An array with {@link Targets}. Produce an object suitable for an Asn1OutputStream. Returns:
                     SEQUENCE OF Targets
            

According to RFC 3281 only one targets element must be produced. If multiple targets are given in the constructor they are merged into one targets element. If this was produced from a {@link Org.BouncyCastle.Asn1.Asn1Sequence} the encoding is kept.

@return an Asn1Object
Targets structure used in target information extension for attribute certificates from RFC 3281.
                       Targets ::= SEQUENCE OF Target
                      
                       Target  ::= CHOICE {
                         targetName          [0] GeneralName,
                         targetGroup         [1] GeneralName,
                         targetCert          [2] TargetCert
                       }
                      
                       TargetCert  ::= SEQUENCE {
                         targetCertificate    IssuerSerial,
                         targetName           GeneralName OPTIONAL,
                         certDigestInfo       ObjectDigestInfo OPTIONAL
                       }
            
@see org.bouncycastle.asn1.x509.Target @see org.bouncycastle.asn1.x509.TargetInformation
Creates an instance of a Targets from the given object.

obj can be a Targets or a {@link Asn1Sequence}

@param obj The object. @return A Targets instance. @throws ArgumentException if the given object cannot be interpreted as Target.
Constructor from Asn1Sequence. @param targets The ASN.1 SEQUENCE. @throws ArgumentException if the contents of the sequence are invalid. Constructor from given targets.

The ArrayList is copied.

@param targets An ArrayList of {@link Target}s. @see Target @throws ArgumentException if the ArrayList contains not only Targets.
Returns the targets in an ArrayList.

The ArrayList is cloned before it is returned.

@return Returns the targets.
Produce an object suitable for an Asn1OutputStream. Returns:
                       Targets ::= SEQUENCE OF Target
            
@return an Asn1Object
The TbsCertificate object.
            TbsCertificate ::= Sequence {
                 version          [ 0 ]  Version DEFAULT v1(0),
                 serialNumber            CertificateSerialNumber,
                 signature               AlgorithmIdentifier,
                 issuer                  Name,
                 validity                Validity,
                 subject                 Name,
                 subjectPublicKeyInfo    SubjectPublicKeyInfo,
                 issuerUniqueID    [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL,
                 subjectUniqueID   [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL,
                 extensions        [ 3 ] Extensions OPTIONAL
                 }
            

Note: issuerUniqueID and subjectUniqueID are both deprecated by the IETF. This class will parse them, but you really shouldn't be creating new ones.

PKIX RFC-2459 - TbsCertList object.
            TbsCertList  ::=  Sequence  {
                 version                 Version OPTIONAL,
                                              -- if present, shall be v2
                 signature               AlgorithmIdentifier,
                 issuer                  Name,
                 thisUpdate              Time,
                 nextUpdate              Time OPTIONAL,
                 revokedCertificates     Sequence OF Sequence  {
                      userCertificate         CertificateSerialNumber,
                      revocationDate          Time,
                      crlEntryExtensions      Extensions OPTIONAL
                                                    -- if present, shall be v2
                                           }  OPTIONAL,
                 crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
                                                    -- if present, shall be v2
                                           }
            
creates a time object from a given date - if the date is between 1950 and 2049 a UTCTime object is Generated, otherwise a GeneralizedTime is used. Return our time as DateTime. A date time. Produce an object suitable for an Asn1OutputStream.
            Time ::= CHOICE {
                        utcTime        UTCTime,
                        generalTime    GeneralizedTime }
            
UserNotice class, used in CertificatePolicies X509 extensions (in policy qualifiers).
             UserNotice ::= Sequence {
                  noticeRef        NoticeReference OPTIONAL,
                  explicitText     DisplayText OPTIONAL}
            
             
@see PolicyQualifierId @see PolicyInformation
Creates a new UserNotice instance. @param noticeRef a NoticeReference value @param explicitText a DisplayText value Creates a new UserNotice instance. @param noticeRef a NoticeReference value @param str the explicitText field as a string. Creates a new UserNotice instance.

Useful from reconstructing a UserNotice instance from its encodable/encoded form. @param as an ASN1Sequence value obtained from either calling @{link toASN1Object()} for a UserNotice instance or from parsing it from a DER-encoded stream.

Generator for Version 1 TbsCertificateStructures.
             TbsCertificate ::= Sequence {
                  version          [ 0 ]  Version DEFAULT v1(0),
                  serialNumber            CertificateSerialNumber,
                  signature               AlgorithmIdentifier,
                  issuer                  Name,
                  validity                Validity,
                  subject                 Name,
                  subjectPublicKeyInfo    SubjectPublicKeyInfo,
                  }
             
Generator for Version 2 AttributeCertificateInfo
             AttributeCertificateInfo ::= Sequence {
                   version              AttCertVersion -- version is v2,
                   holder               Holder,
                   issuer               AttCertIssuer,
                   signature            AlgorithmIdentifier,
                   serialNumber         CertificateSerialNumber,
                   attrCertValidityPeriod   AttCertValidityPeriod,
                   attributes           Sequence OF Attr,
                   issuerUniqueID       UniqueIdentifier OPTIONAL,
                   extensions           Extensions OPTIONAL
             }
             
@param attribute Produce an object suitable for an Asn1OutputStream.
             V2Form ::= Sequence {
                  issuerName            GeneralNames  OPTIONAL,
                  baseCertificateID     [0] IssuerSerial  OPTIONAL,
                  objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL
                    -- issuerName MUST be present in this profile
                    -- baseCertificateID and objectDigestInfo MUST NOT
                    -- be present in this profile
             }
            
Generator for Version 2 TbsCertList structures.
              TbsCertList  ::=  Sequence  {
                   version                 Version OPTIONAL,
                                                -- if present, shall be v2
                   signature               AlgorithmIdentifier,
                   issuer                  Name,
                   thisUpdate              Time,
                   nextUpdate              Time OPTIONAL,
                   revokedCertificates     Sequence OF Sequence  {
                        userCertificate         CertificateSerialNumber,
                        revocationDate          Time,
                        crlEntryExtensions      Extensions OPTIONAL
                                                      -- if present, shall be v2
                                             }  OPTIONAL,
                   crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
                                                      -- if present, shall be v2
                                             }
             
Note: This class may be subject to change
Generator for Version 3 TbsCertificateStructures.
             TbsCertificate ::= Sequence {
                  version          [ 0 ]  Version DEFAULT v1(0),
                  serialNumber            CertificateSerialNumber,
                  signature               AlgorithmIdentifier,
                  issuer                  Name,
                  validity                Validity,
                  subject                 Name,
                  subjectPublicKeyInfo    SubjectPublicKeyInfo,
                  issuerUniqueID    [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL,
                  subjectUniqueID   [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL,
                  extensions        [ 3 ] Extensions OPTIONAL
                  }
             
an X509Certificate structure.
             Certificate ::= Sequence {
                 tbsCertificate          TbsCertificate,
                 signatureAlgorithm      AlgorithmIdentifier,
                 signature               BIT STRING
             }
            
The default converter for X509 DN entries when going from their string value to ASN.1 strings. Apply default conversion for the given value depending on the oid and the character range of the value. @param oid the object identifier for the DN entry @param value the value associated with it @return the ASN.1 equivalent for the string value. an object for the elements in the X.509 V3 extension block. Convert the value of the passed in extension to an object. The extension to parse. The object the value string contains. If conversion is not possible. Subject Directory Attributes Subject Key Identifier Key Usage Private Key Usage Period Subject Alternative Name Issuer Alternative Name Basic Constraints CRL Number Reason code Hold Instruction Code Invalidity Date Delta CRL indicator Issuing Distribution Point Certificate Issuer Name Constraints CRL Distribution Points Certificate Policies Policy Mappings Authority Key Identifier Policy Constraints Extended Key Usage Freshest CRL Inhibit Any Policy Authority Info Access Subject Info Access Logo Type BiometricInfo QCStatements Audit identity extension in attribute certificates. NoRevAvail extension in attribute certificates. TargetInformation extension in attribute certificates. Expired Certificates on CRL extension Constructor from Asn1Sequence. the extensions are a list of constructed sequences, either with (Oid, OctetString) or (Oid, Boolean, OctetString) constructor from a table of extensions.

it's is assumed the table contains Oid/string pairs.

Constructor from a table of extensions with ordering.

It's is assumed the table contains Oid/string pairs.

Constructor from two vectors @param objectIDs an ArrayList of the object identifiers. @param values an ArrayList of the extension values. constructor from a table of extensions.

it's is assumed the table contains Oid/string pairs.

Constructor from a table of extensions with ordering.

It's is assumed the table contains Oid/string pairs.

Constructor from two vectors @param objectIDs an ArrayList of the object identifiers. @param values an ArrayList of the extension values. return an Enumeration of the extension field's object ids. return the extension represented by the object identifier passed in. @return the extension if it's present, null otherwise.
                 Extensions        ::=   SEQUENCE SIZE (1..MAX) OF Extension
            
                 Extension         ::=   SEQUENCE {
                    extnId            EXTENSION.&id ({ExtensionSet}),
                    critical          BOOLEAN DEFAULT FALSE,
                    extnValue         OCTET STRING }
             
Generator for X.509 extensions Reset the generator Add an extension with the given oid and the passed in value to be included in the OCTET STRING associated with the extension. OID for the extension. True if critical, false otherwise. The ASN.1 object to be included in the extension. Add an extension with the given oid and the passed in byte array to be wrapped in the OCTET STRING associated with the extension. OID for the extension. True if critical, false otherwise. The byte array to be wrapped. Return true if there are no extension present in this generator. True if empty, false otherwise Generate an X509Extensions object based on the current state of the generator. An X509Extensions object
                 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
            
                 RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
            
                 AttributeTypeAndValue ::= SEQUENCE {
                                               type  OBJECT IDENTIFIER,
                                               value ANY }
             
country code - StringType(SIZE(2)) organization - StringType(SIZE(1..64)) organizational unit name - StringType(SIZE(1..64)) Title common name - StringType(SIZE(1..64)) street - StringType(SIZE(1..64)) device serial number name - StringType(SIZE(1..64)) locality name - StringType(SIZE(1..64)) state, or province name - StringType(SIZE(1..64)) Naming attributes of type X520name businessCategory - DirectoryString(SIZE(1..128) postalCode - DirectoryString(SIZE(1..40) dnQualifier - DirectoryString(SIZE(1..64) RFC 3039 Pseudonym - DirectoryString(SIZE(1..64) RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128) RFC 3039 DateOfBirth - PrintableString (SIZE(1)) -- "M", "F", "m" or "f" RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166 codes only RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166 codes only ISIS-MTT NameAtBirth - DirectoryString(SIZE(1..64) RFC 3039 PostalAddress - SEQUENCE SIZE (1..6) OF DirectoryString(SIZE(1..30)) RFC 2256 dmdName id-at-telephoneNumber id-at-organizationIdentifier id-at-name Email address (RSA PKCS#9 extension) - IA5String.

Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here.

more from PKCS#9 email address in Verisign certificates LDAP User id. determines whether or not strings should be processed and printed from back to front. default look up table translating OID values into their common symbols following the convention in RFC 2253 with a few extras look up table translating OID values into their common symbols following the convention in RFC 2253 look up table translating OID values into their common symbols following the convention in RFC 1779 look up table translating common symbols into their OIDS. Return a X509Name based on the passed in tagged object. @param obj tag object holding name. @param explicitly true if explicitly tagged false otherwise. @return the X509Name Constructor from Asn1Sequence the principal will be a list of constructed sets, each containing an (OID, string) pair. Constructor from a table of attributes with ordering.

it's is assumed the table contains OID/string pairs, and the contents of the table are copied into an internal table as part of the construction process. The ordering ArrayList should contain the OIDs in the order they are meant to be encoded or printed in ToString.

Constructor from a table of attributes with ordering.

it's is assumed the table contains OID/string pairs, and the contents of the table are copied into an internal table as part of the construction process. The ordering ArrayList should contain the OIDs in the order they are meant to be encoded or printed in ToString.

The passed in converter will be used to convert the strings into their ASN.1 counterparts.

Takes two vectors one of the oids and the other of the values. Takes two vectors one of the oids and the other of the values.

The passed in converter will be used to convert the strings into their ASN.1 counterparts.

Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or some such, converting it into an ordered set of name attributes. Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or some such, converting it into an ordered set of name attributes with each string value being converted to its associated ASN.1 type using the passed in converter. Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or some such, converting it into an ordered set of name attributes. If reverse is true, create the encoded version of the sequence starting from the last element in the string. Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or some such, converting it into an ordered set of name attributes with each string value being converted to its associated ASN.1 type using the passed in converter. If reverse is true the ASN.1 sequence representing the DN will be built by starting at the end of the string, rather than the start. Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or some such, converting it into an ordered set of name attributes. lookUp should provide a table of lookups, indexed by lowercase only strings and yielding a DerObjectIdentifier, other than that OID. and numeric oids will be processed automatically.
If reverse is true, create the encoded version of the sequence starting from the last element in the string. @param reverse true if we should start scanning from the end (RFC 2553). @param lookUp table of names and their oids. @param dirName the X.500 string to be parsed.
Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or some such, converting it into an ordered set of name attributes. lookUp should provide a table of lookups, indexed by lowercase only strings and yielding a DerObjectIdentifier, other than that OID. and numeric oids will be processed automatically. The passed in converter is used to convert the string values to the right of each equals sign to their ASN.1 counterparts.
@param reverse true if we should start scanning from the end, false otherwise. @param lookUp table of names and oids. @param dirName the string dirName @param converter the converter to convert string values into their ASN.1 equivalents
return an IList of the oids in the name, in the order they were found. return an IList of the values found in the name, in the order they were found. return an IList of the values found in the name, in the order they were found, with the DN label corresponding to passed in oid. The X509Name object to test equivalency against. If true, the order of elements must be the same, as well as the values associated with each element. test for equivalence - note: case is ignored. convert the structure to a string - if reverse is true the oids and values are listed out starting with the last element in the sequence (ala RFC 2253), otherwise the string will begin with the first element of the structure. If no string definition for the oid is found in oidSymbols the string value of the oid is added. Two standard symbol tables are provided DefaultSymbols, and RFC2253Symbols as part of this class. @param reverse if true start at the end of the sequence and work back. @param oidSymbols look up table strings for oids. * It turns out that the number of standard ways the fields in a DN should be * encoded into their ASN.1 counterparts is rapidly approaching the * number of machines on the internet. By default the X509Name class * will produce UTF8Strings in line with the current recommendations (RFC 3280). *

* An example of an encoder look like below: *

                 * public class X509DirEntryConverter
                 *     : X509NameEntryConverter
                 * {
                 *     public Asn1Object GetConvertedValue(
                 *         DerObjectIdentifier  oid,
                 *         string               value)
                 *     {
                 *         if (str.Length() != 0 && str.charAt(0) == '#')
                 *         {
                 *             return ConvertHexEncoded(str, 1);
                 *         }
                 *         if (oid.Equals(EmailAddress))
                 *         {
                 *             return new DerIA5String(str);
                 *         }
                 *         else if (CanBePrintable(str))
                 *         {
                 *             return new DerPrintableString(str);
                 *         }
                 *         else if (CanBeUTF8(str))
                 *         {
                 *             return new DerUtf8String(str);
                 *         }
                 *         else
                 *         {
                 *             return new DerBmpString(str);
                 *         }
                 *     }
                 * }
            	 * 
*

Convert an inline encoded hex string rendition of an ASN.1 object back into its corresponding ASN.1 object. @param str the hex encoded object @param off the index at which the encoding starts @return the decoded object return true if the passed in string can be represented without loss as a PrintableString, false otherwise. Convert the passed in string value into the appropriate ASN.1 encoded object. @param oid the oid associated with the value in the DN. @param value the value of the particular DN component. @return the ASN.1 equivalent for the value. class for breaking up an X500 Name into it's component tokens, ala java.util.StringTokenizer. We need this class as some of the lightweight Java environment don't support classes like StringTokenizer. A general class that reads all X9.62 style EC curve tables. return a X9ECParameters object representing the passed in named curve. The routine returns null if the curve is not present. @param name the name of the curve requested @return an X9ECParameters object or null if the curve is not available. return the object identifier signified by the passed in name. Null if there is no object identifier associated with name. @return the object identifier associated with name, if present. return a X9ECParameters object representing the passed in named curve. @param oid the object id of the curve requested @return an X9ECParameters object or null if the curve is not available. return an enumeration of the names of the available curves. @return an enumeration of the names of the available curves. ASN.1 def for Diffie-Hellman key exchange KeySpecificInfo structure. See RFC 2631, or X9.42, for further details. Produce an object suitable for an Asn1OutputStream.
             KeySpecificInfo ::= Sequence {
                 algorithm OBJECT IDENTIFIER,
                 counter OCTET STRING SIZE (4..4)
             }
            
ANS.1 def for Diffie-Hellman key exchange OtherInfo structure. See RFC 2631, or X9.42, for further details. Produce an object suitable for an Asn1OutputStream.
             OtherInfo ::= Sequence {
                 keyInfo KeySpecificInfo,
                 partyAInfo [0] OCTET STRING OPTIONAL,
                 suppPubInfo [2] OCTET STRING
             }
            
table of the current named curves defined in X.962 EC-DSA. return the X9ECParameters object for the named curve represented by the passed in object identifier. Null if the curve isn't present. @param oid an object identifier representing a named curve, if present. return the object identifier signified by the passed in name. Null if there is no object identifier associated with name. @return the object identifier associated with name, if present. return the named curve name represented by the given object identifier. returns an enumeration containing the name strings for curves contained in this structure. Produce an object suitable for an Asn1OutputStream.
            Parameters ::= CHOICE {
               ecParameters ECParameters,
               namedCurve   CURVES.&id({CurveNames}),
               implicitlyCA Null
            }
            
ASN.1 def for Elliptic-Curve Curve structure. See X9.62, for further details. Produce an object suitable for an Asn1OutputStream.
             Curve ::= Sequence {
                 a               FieldElement,
                 b               FieldElement,
                 seed            BIT STRING      OPTIONAL
             }
            
ASN.1 def for Elliptic-Curve ECParameters structure. See X9.62, for further details. Return the ASN.1 entry representing the Curve. @return the X9Curve for the curve in these parameters. Return the ASN.1 entry representing the FieldID. @return the X9FieldID for the FieldID in these parameters. Return the ASN.1 entry representing the base point G. @return the X9ECPoint for the base point in these parameters. Produce an object suitable for an Asn1OutputStream.
             ECParameters ::= Sequence {
                 version         Integer { ecpVer1(1) } (ecpVer1),
                 fieldID         FieldID {{FieldTypes}},
                 curve           X9Curve,
                 base            X9ECPoint,
                 order           Integer,
                 cofactor        Integer OPTIONAL
             }
            
class for describing an ECPoint as a Der object. Produce an object suitable for an Asn1OutputStream.
             ECPoint ::= OCTET STRING
            

Octet string produced using ECPoint.GetEncoded().

Class for processing an ECFieldElement as a DER object. Produce an object suitable for an Asn1OutputStream.
             FieldElement ::= OCTET STRING
            

  1. if q is an odd prime then the field element is processed as an Integer and converted to an octet string according to x 9.62 4.3.1.
  2. if q is 2m then the bit string contained in the field element is converted into an octet string with the same ordering padded at the front if necessary.

ASN.1 def for Elliptic-Curve Field ID structure. See X9.62, for further details. Constructor for elliptic curves over prime fields F2. @param primeP The prime p defining the prime field. Constructor for elliptic curves over binary fields F2m. @param m The exponent m of F2m. @param k1 The integer k1 where xm + xk1 + 1 represents the reduction polynomial f(z). Constructor for elliptic curves over binary fields F2m. @param m The exponent m of F2m. @param k1 The integer k1 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z). @param k2 The integer k2 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z). @param k3 The integer k3 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z).. Produce a Der encoding of the following structure.
             FieldID ::= Sequence {
                 fieldType       FIELD-ID.&id({IOSet}),
                 parameters      FIELD-ID.&Type({IOSet}{@fieldType})
             }
            
id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 } X9.63 X9.42 reader for Base64 armored objects - read the headers and then start returning bytes when the data is reached. An IOException is thrown if the CRC check fails. decode the base 64 encoded input data. @return the offset the data starts in out. Create a stream for reading a PGP armoured message, parsing up to a header and then reading the data that follows. @param input Create an armoured input stream which will assume the data starts straight away, or parse for headers first depending on the value of hasHeaders. @param input @param hasHeaders true if headers are to be looked for, false otherwise. @return true if we are inside the clear text section of a PGP signed message. @return true if the stream is actually at end of file. Return the armor header line (if there is one) @return the armor header line, null if none present. Return the armor headers (the lines after the armor header line), @return an array of armor headers, null if there aren't any. Basic output stream. encode the input data producing a base 64 encoded byte array. Set an additional header entry. A null value will clear the entry for name. @param name the name of the header entry. @param v the value of the header entry. Reset the headers to only contain a Version string (if one is present). Start a clear text signed message. @param hashAlgorithm Note: Close() does not close the underlying stream. So it is possible to write multiple objects using armoring to a single stream. Basic type for a image attribute packet. Reader for PGP objects. Returns the next packet tag in the stream. A stream that overlays our input stream, allowing the user to only read a segment of it. NB: dataLength will be negative if the segment length is in the upper range above 2**31. Base class for a PGP object. Basic output stream. Create a stream representing a general packet. Output stream to write to. Create a stream representing an old style partial object. Output stream to write to. The packet tag for the object. Create a stream representing a general packet. Output stream to write to. Packet tag. Size of chunks making up the packet. If true, the header is written out in old format. Create a new style partial input stream buffered into chunks. Output stream to write to. Packet tag. Size of chunks making up the packet. Create a new style partial input stream buffered into chunks. Output stream to write to. Packet tag. Buffer to use for collecting chunks. Flush the underlying stream. Finish writing out the current packet without closing the underlying stream. Generic compressed data object. The algorithm tag value. Basic tags for compression algorithms. Basic type for a PGP packet. Base class for a DSA public key. The stream to read the packet from. The format, as a string, always "PGP". Return the standard PGP encoding of the key. Base class for a DSA secret key. @param in The format, as a string, always "PGP". Return the standard PGP encoding of the key. @return x Base class for an ECDH Public Key. The stream to read the packet from. Base class for an ECDSA Public Key. The stream to read the packet from. Base class for an EC Public Key. The stream to read the packet from. The format, as a string, always "PGP". Return the standard PGP encoding of the key. Base class for an EC Secret Key. The format, as a string, always "PGP". Return the standard PGP encoding of the key. Base class for an ElGamal public key. The format, as a string, always "PGP". Return the standard PGP encoding of the key. Base class for an ElGamal secret key. @param in @param x The format, as a string, always "PGP". Return the standard PGP encoding of the key. Basic packet for an experimental packet. Basic tags for hash algorithms. Base interface for a PGP key. The base format for this key - in the case of the symmetric keys it will generally be raw indicating that the key is just a straight byte representation, for an asymmetric key the format will be PGP, indicating the key is a string of MPIs encoded in PGP format. "RAW" or "PGP". Note: you can only read from this once... Generic literal data packet. The format tag value. The modification time of the file in milli-seconds (since Jan 1, 1970 UTC) Basic type for a marker packet. Basic packet for a modification detection code packet. A multiple precision integer Generic signature object The encryption algorithm tag. The hash algorithm tag. Basic PGP packet tag types. Public Key Algorithm tag numbers. Basic packet for a PGP public key. Basic packet for a PGP public key. Construct a version 4 public key packet. Basic packet for a PGP public subkey Construct a version 4 public subkey packet. Base class for an RSA public key. Construct an RSA public key from the passed in stream. The modulus. The public exponent. The format, as a string, always "PGP". Return the standard PGP encoding of the key. Base class for an RSA secret (or priate) key. The format, as a string, always "PGP". Return the standard PGP encoding of the key. The string to key specifier class. The hash algorithm. The IV for the key generation algorithm. The iteration count The protection mode - only if GnuDummyS2K Basic packet for a PGP secret key. Basic packet for a PGP secret key. Generic signature packet. Generate a version 4 signature packet. @param signatureType @param keyAlgorithm @param hashAlgorithm @param hashedData @param unhashedData @param fingerprint @param signature Generate a version 2/3 signature packet. @param signatureType @param keyAlgorithm @param hashAlgorithm @param fingerprint @param signature return the keyId @return the keyId that created the signature. return the signature trailer that must be included with the data to reconstruct the signature @return byte[] * return the signature as a set of integers - note this is normalised to be the * ASN.1 encoding of what appears in the signature packet. Return the byte encoding of the signature section. @return uninterpreted signature bytes. Return the creation time in milliseconds since 1 Jan., 1970 UTC. Basic type for a PGP Signature sub-packet. Return the generic data making up the packet. reader for signature sub-packets Basic PGP signature sub-packet tag types. Packet embedded signature packet giving signature creation time. packet giving signature expiration time. Identifier for the modification detection feature Returns if modification detection is supported. Returns if a particular feature is supported. Sets support for a particular feature. packet giving signature creation time. packet giving time after creation at which the key expires. Return the number of seconds after creation time a key is valid for. @return second count for key validity. Packet holding the key flag values. Return the flag values contained in the first 4 octets (note: at the moment the standard only uses the first one). Class provided a NotationData object according to RFC2440, Chapter 5.2.3.15. Notation Data packet giving signature creation time. packet giving whether or not the signature is signed using the primary user ID for the key. packet giving whether or not is revocable. packet giving signature creation time. packet giving signature expiration time. return time in seconds before signature expires after creation time. packet giving the User ID of the signer. packet giving trust. Represents revocation key OpenPGP signature sub packet. Represents revocation reason OpenPGP signature sub packet. Basic type for a symmetric key encrypted packet. Basic tags for symmetric key algorithms Basic type for a symmetric encrypted session key packet @return int @return S2k @return byte[] @return int Basic type for a trust packet. Basic type for a user attribute packet. Basic type for a user attribute sub-packet. return the generic data making up the packet. reader for user attribute sub-packets Basic PGP user attribute sub-packet tag types. Basic type for a user ID packet. Compressed data objects The algorithm used for compression Get the raw input stream contained in the object. Return an uncompressed input stream which allows reading of the compressed data. Class for producing compressed data packets.

Return an output stream which will save the data being written to the compressed object.

The stream created can be closed off by either calling Close() on the stream or Close() on the generator. Closing the returned stream does not close off the Stream parameter outStr.

Stream to be used for output. A Stream for output of the compressed data.

Return an output stream which will compress the data as it is written to it. The stream will be written out in chunks according to the size of the passed in buffer.

The stream created can be closed off by either calling Close() on the stream or Close() on the generator. Closing the returned stream does not close off the Stream parameter outStr.

Note: if the buffer is not a power of 2 in length only the largest power of 2 bytes worth of the buffer will be used.

Note: using this may break compatibility with RFC 1991 compliant tools. Only recent OpenPGP implementations are capable of accepting these streams.

Stream to be used for output. The buffer to use. A Stream for output of the compressed data.
Close the compressed object.summary> Thrown if the IV at the start of a data stream indicates the wrong key is being used. Return the raw input stream for the data stream. Return true if the message is integrity protected. True, if there is a modification detection code namespace associated with this stream. Note: This can only be called after the message has been read. True, if the message verifies, false otherwise Generator for encrypted objects. Existing SecureRandom constructor. The symmetric algorithm to use. Source of randomness. Creates a cipher stream which will have an integrity packet associated with it. Base constructor. The symmetric algorithm to use. Source of randomness. PGP 2.6.x compatibility required. Add a PBE encryption method to the encrypted object using the default algorithm (S2K_SHA1). Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). Add a PBE encryption method to the encrypted object. Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). Add a PBE encryption method to the encrypted object. The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes). Add a PBE encryption method to the encrypted object. Allows the caller to handle the encoding of the passphrase to bytes. Add a public key encrypted session key to the encrypted object.

If buffer is non null stream assumed to be partial, otherwise the length will be used to output a fixed length packet.

The stream created can be closed off by either calling Close() on the stream or Close() on the generator. Closing the returned stream does not close off the Stream parameter outStr.

Return an output stream which will encrypt the data as it is written to it.

The stream created can be closed off by either calling Close() on the stream or Close() on the generator. Closing the returned stream does not close off the Stream parameter outStr.

Return an output stream which will encrypt the data as it is written to it. The stream will be written out in chunks according to the size of the passed in buffer.

The stream created can be closed off by either calling Close() on the stream or Close() on the generator. Closing the returned stream does not close off the Stream parameter outStr.

Note: if the buffer is not a power of 2 in length only the largest power of 2 bytes worth of the buffer will be used.

Close off the encrypted object - this is equivalent to calling Close() on the stream returned by the Open() method.

Note: This does not close the underlying output stream, only the stream on top of it created by the Open() method.

A holder for a list of PGP encryption method packets. Generic exception class for PGP encoding/decoding problems. Key flag values for the KeyFlags subpacket. General class to handle JCA key pairs and convert them into OpenPGP ones.

A word for the unwary, the KeyId for an OpenPGP public key is calculated from a hash that includes the time of creation, if you pass a different date to the constructor below with the same public private key pair the KeyIs will not be the same as for previous generations of the key, so ideally you only want to do this once.

Create a key pair from a PgpPrivateKey and a PgpPublicKey. The public key. The private key. The keyId associated with this key pair. Generator for a PGP master and subkey ring. This class will generate both the secret and public key rings Create a new key ring generator using old style checksumming. It is recommended to use SHA1 checksumming where possible. Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). The certification level for keys on this ring. The master key pair. The id to be associated with the ring. The algorithm to be used to protect secret keys. The passPhrase to be used to protect secret keys. Packets to be included in the certification hash. Packets to be attached unhashed to the certification. input secured random. Create a new key ring generator. Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). The certification level for keys on this ring. The master key pair. The id to be associated with the ring. The algorithm to be used to protect secret keys. The passPhrase to be used to protect secret keys. Checksum the secret keys with SHA1 rather than the older 16 bit checksum. Packets to be included in the certification hash. Packets to be attached unhashed to the certification. input secured random. Create a new key ring generator. The certification level for keys on this ring. The master key pair. The id to be associated with the ring. The algorithm to be used to protect secret keys. If true, conversion of the passphrase to bytes uses Encoding.UTF8.GetBytes(), otherwise the conversion is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). The passPhrase to be used to protect secret keys. Checksum the secret keys with SHA1 rather than the older 16 bit checksum. Packets to be included in the certification hash. Packets to be attached unhashed to the certification. input secured random. Create a new key ring generator. The certification level for keys on this ring. The master key pair. The id to be associated with the ring. The algorithm to be used to protect secret keys. The passPhrase to be used to protect secret keys. Checksum the secret keys with SHA1 rather than the older 16 bit checksum. Packets to be included in the certification hash. Packets to be attached unhashed to the certification. input secured random. Create a new key ring generator. Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). The certification level for keys on this ring. The master key pair. The id to be associated with the ring. The algorithm to be used to protect secret keys. The hash algorithm. The passPhrase to be used to protect secret keys. Checksum the secret keys with SHA1 rather than the older 16 bit checksum. Packets to be included in the certification hash. Packets to be attached unhashed to the certification. input secured random. Create a new key ring generator. The certification level for keys on this ring. The master key pair. The id to be associated with the ring. The algorithm to be used to protect secret keys. The hash algorithm. If true, conversion of the passphrase to bytes uses Encoding.UTF8.GetBytes(), otherwise the conversion is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). The passPhrase to be used to protect secret keys. Checksum the secret keys with SHA1 rather than the older 16 bit checksum. Packets to be included in the certification hash. Packets to be attached unhashed to the certification. input secured random. Create a new key ring generator. Allows the caller to handle the encoding of the passphrase to bytes. The certification level for keys on this ring. The master key pair. The id to be associated with the ring. The algorithm to be used to protect secret keys. The hash algorithm. The passPhrase to be used to protect secret keys. Checksum the secret keys with SHA1 rather than the older 16 bit checksum. Packets to be included in the certification hash. Packets to be attached unhashed to the certification. input secured random. Add a subkey to the key ring to be generated with default certification. Add a subkey to the key ring to be generated with default certification. The key pair. The hash algorithm. Add a subkey with specific hashed and unhashed packets associated with it and default certification. Public/private key pair. Hashed packet values to be included in certification. Unhashed packets values to be included in certification. Add a subkey with specific hashed and unhashed packets associated with it and default certification. Public/private key pair. Hashed packet values to be included in certification. Unhashed packets values to be included in certification. The hash algorithm. exception adding subkey: Return the secret key ring. Return the public key ring that corresponds to the secret key ring. Thrown if the key checksum is invalid. Class for processing literal data objects. The special name indicating a "for your eyes only" packet. The format of the data stream - Binary or Text The file name that's associated with the data stream. Return the file name as an unintrepreted byte array. The modification time for the file. The raw input stream for the data stream. The input stream representing the data stream. Class for producing literal data packets. The special name indicating a "for your eyes only" packet. Generates literal data objects in the old format. This is important if you need compatibility with PGP 2.6.x. If true, uses old format.

Open a literal data packet, returning a stream to store the data inside the packet.

The stream created can be closed off by either calling Close() on the stream or Close() on the generator. Closing the returned stream does not close off the Stream parameter outStr.

The stream we want the packet in. The format we are using. The name of the 'file'. The length of the data we will write. The time of last modification we want stored.

Open a literal data packet, returning a stream to store the data inside the packet, as an indefinite length stream. The stream is written out as a series of partial packets with a chunk size determined by the size of the passed in buffer.

The stream created can be closed off by either calling Close() on the stream or Close() on the generator. Closing the returned stream does not close off the Stream parameter outStr.

Note: if the buffer is not a power of 2 in length only the largest power of 2 bytes worth of the buffer will be used.

The stream we want the packet in. The format we are using. The name of the 'file'. The time of last modification we want stored. The buffer to use for collecting data to put into chunks.

Open a literal data packet for the passed in FileInfo object, returning an output stream for saving the file contents.

The stream created can be closed off by either calling Close() on the stream or Close() on the generator. Closing the returned stream does not close off the Stream parameter outStr.

The stream we want the packet in. The format we are using. The FileInfo object containg the packet details.
Close the literal data packet - this is equivalent to calling Close() on the stream returned by the Open() method. A PGP marker packet - in general these should be ignored other than where the idea is to preserve the original input stream. General class for reading a PGP object stream.

Note: if this class finds a PgpPublicKey or a PgpSecretKey it will create a PgpPublicKeyRing, or a PgpSecretKeyRing for each key found. If all you are trying to do is read a key ring file use either PgpPublicKeyRingBundle or PgpSecretKeyRingBundle.

Return the next object in the stream, or null if the end is reached. On a parse error Return all available objects in a list. An IList containing all objects from this factory, in order. A one pass signature object. Initialise the signature object for verification. Verify the calculated signature against the passed in PgpSignature. Holder for a list of PgpOnePassSignature objects. Padding functions. A password based encryption object. Return the raw input stream for the data stream. Return the decrypted input stream, using the passed in passphrase. Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). Return the decrypted input stream, using the passed in passphrase. The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes). Return the decrypted input stream, using the passed in passphrase. Allows the caller to handle the encoding of the passphrase to bytes. General class to contain a private key for use with other OpenPGP objects. Create a PgpPrivateKey from a keyID, the associated public data packet, and a regular private key. ID of the corresponding public key. the public key data packet to be associated with this private key. the private key data packet to be associated with this private key. The keyId associated with the contained private key. The public key packet associated with this private key, if available. The contained private key. General class to handle a PGP public key object. Create a PgpPublicKey from the passed in lightweight one. Note: the time passed in affects the value of the key's keyId, so you probably only want to do this once for a lightweight key, or make sure you keep track of the time you used. Asymmetric algorithm type representing the public key. Actual public key to associate. Date of creation. If pubKey is not public. On key creation problem. Constructor for a sub-key. Copy constructor. The public key to copy. The version of this key. The creation time of this key. The number of valid days from creation time - zero means no expiry. WARNING: This method will return 1 for keys with version > 3 that expire in less than 1 day Return the trust data associated with the public key, if present. A byte array with trust data, null otherwise. The number of valid seconds from creation time - zero means no expiry. The keyId associated with the public key. The fingerprint of the key Check if this key has an algorithm type that makes it suitable to use for encryption. Note: with version 4 keys KeyFlags subpackets should also be considered when present for determining the preferred use of the key. true if this key algorithm is suitable for encryption. True, if this is a master key. The algorithm code associated with the public key. The strength of the key in bits. The public key contained in the object. A lightweight public key. If the key algorithm is not recognised. Allows enumeration of any user IDs associated with the key. An IEnumerable of string objects. Allows enumeration of any user attribute vectors associated with the key. An IEnumerable of PgpUserAttributeSubpacketVector objects. Allows enumeration of any signatures associated with the passed in id. The ID to be matched. An IEnumerable of PgpSignature objects. Allows enumeration of signatures associated with the passed in user attributes. The vector of user attributes to be matched. An IEnumerable of PgpSignature objects. Allows enumeration of signatures of the passed in type that are on this key. The type of the signature to be returned. An IEnumerable of PgpSignature objects. Allows enumeration of all signatures/certifications associated with this key. An IEnumerable with all signatures/certifications. Return all signatures/certifications directly associated with this key (ie, not to a user id). @return an iterator (possibly empty) with all signatures/certifications. Check whether this (sub)key has a revocation signature on it. True, if this (sub)key has been revoked. Add a certification for an id to the given public key. The key the certification is to be added to. The ID the certification is associated with. The new certification. The re-certified key. Add a certification for the given UserAttributeSubpackets to the given public key. The key the certification is to be added to. The attributes the certification is associated with. The new certification. The re-certified key. Remove any certifications associated with a user attribute subpacket on a key. The key the certifications are to be removed from. The attributes to be removed. The re-certified key, or null if the user attribute subpacket was not found on the key. Remove any certifications associated with a given ID on a key. The key the certifications are to be removed from. The ID that is to be removed. The re-certified key, or null if the ID was not found on the key. Remove a certification associated with a given ID on a key. The key the certifications are to be removed from. The ID that the certfication is to be removed from. The certfication to be removed. The re-certified key, or null if the certification was not found. Remove a certification associated with a given user attributes on a key. The key the certifications are to be removed from. The user attributes that the certfication is to be removed from. The certification to be removed. The re-certified key, or null if the certification was not found. Add a revocation or some other key certification to a key. The key the revocation is to be added to. The key signature to be added. The new changed public key object. Remove a certification from the key. The key the certifications are to be removed from. The certfication to be removed. The modified key, null if the certification was not found. A public key encrypted data object. The key ID for the key used to encrypt the data. Return the algorithm code for the symmetric algorithm used to encrypt the data. Return the decrypted data stream for the packet. Class to hold a single master public key and its subkeys.

Often PGP keyring files consist of multiple master keys, if you are trying to process or construct one of these you should use the PgpPublicKeyRingBundle class.

Return the first public key in the ring. Return the public key referred to by the passed in key ID if it is present. Allows enumeration of all the public keys. An IEnumerable of PgpPublicKey objects. Returns a new key ring with the public key passed in either added or replacing an existing one. The public key ring to be modified. The public key to be inserted. A new PgpPublicKeyRing Returns a new key ring with the public key passed in removed from the key ring. The public key ring to be modified. The public key to be removed. A new PgpPublicKeyRing, or null if pubKey is not found. Often a PGP key ring file is made up of a succession of master/sub-key key rings. If you want to read an entire public key file in one hit this is the class for you. Build a PgpPublicKeyRingBundle from the passed in input stream. Input stream containing data. If a problem parsing the stream occurs. If an object is encountered which isn't a PgpPublicKeyRing. Return the number of key rings in this collection. Allow enumeration of the public key rings making up this collection. Allow enumeration of the key rings associated with the passed in userId. The user ID to be matched. An IEnumerable of key rings which matched (possibly none). Allow enumeration of the key rings associated with the passed in userId. The user ID to be matched. If true, userId need only be a substring of an actual ID string to match. An IEnumerable of key rings which matched (possibly none). Allow enumeration of the key rings associated with the passed in userId. The user ID to be matched. If true, userId need only be a substring of an actual ID string to match. If true, case is ignored in user ID comparisons. An IEnumerable of key rings which matched (possibly none). Return the PGP public key associated with the given key id. The ID of the public key to return. Return the public key ring which contains the key referred to by keyId key ID to match against Return true if a key matching the passed in key ID is present, false otherwise. key ID to look for. Return a new bundle containing the contents of the passed in bundle and the passed in public key ring. The PgpPublicKeyRingBundle the key ring is to be added to. The key ring to be added. A new PgpPublicKeyRingBundle merging the current one with the passed in key ring. If the keyId for the passed in key ring is already present. Return a new bundle containing the contents of the passed in bundle with the passed in public key ring removed. The PgpPublicKeyRingBundle the key ring is to be removed from. The key ring to be removed. A new PgpPublicKeyRingBundle not containing the passed in key ring. If the keyId for the passed in key ring is not present. General class to handle a PGP secret key object. Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). If utf8PassPhrase is true, conversion of the passphrase to bytes uses Encoding.UTF8.GetBytes(), otherwise the conversion is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). Allows the caller to handle the encoding of the passphrase to bytes. Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). If utf8PassPhrase is true, conversion of the passphrase to bytes uses Encoding.UTF8.GetBytes(), otherwise the conversion is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). Allows the caller to handle the encoding of the passphrase to bytes. Check if this key has an algorithm type that makes it suitable to use for signing. Note: with version 4 keys KeyFlags subpackets should also be considered when present for determining the preferred use of the key. true if this key algorithm is suitable for use with signing. True, if this is a master key. Detect if the Secret Key's Private Key is empty or not The algorithm the key is encrypted with. The key ID of the public key associated with this key. Return the S2K usage associated with this key. Return the S2K used to process this key. The public key associated with this key. Allows enumeration of any user IDs associated with the key. An IEnumerable of string objects. Allows enumeration of any user attribute vectors associated with the key. An IEnumerable of string objects. Extract a PgpPrivateKey from this secret key's encrypted contents. Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). Extract a PgpPrivateKey from this secret key's encrypted contents. The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes). Extract a PgpPrivateKey from this secret key's encrypted contents. Allows the caller to handle the encoding of the passphrase to bytes. Return a copy of the passed in secret key, encrypted using a new password and the passed in algorithm. Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). The PgpSecretKey to be copied. The current password for the key. The new password for the key. The algorithm to be used for the encryption. Source of randomness. Return a copy of the passed in secret key, encrypted using a new password and the passed in algorithm. The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes). The PgpSecretKey to be copied. The current password for the key. The new password for the key. The algorithm to be used for the encryption. Source of randomness. Return a copy of the passed in secret key, encrypted using a new password and the passed in algorithm. Allows the caller to handle the encoding of the passphrase to bytes. The PgpSecretKey to be copied. The current password for the key. The new password for the key. The algorithm to be used for the encryption. Source of randomness. Replace the passed the public key on the passed in secret key. Secret key to change. New public key. A new secret key. If KeyId's do not match. Parse a secret key from one of the GPG S expression keys associating it with the passed in public key. Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). Parse a secret key from one of the GPG S expression keys associating it with the passed in public key. The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes). Parse a secret key from one of the GPG S expression keys associating it with the passed in public key. Allows the caller to handle the encoding of the passphrase to bytes. Parse a secret key from one of the GPG S expression keys. Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). Parse a secret key from one of the GPG S expression keys. The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes). Parse a secret key from one of the GPG S expression keys. Allows the caller to handle the encoding of the passphrase to bytes. Parse a secret key from one of the GPG S expression keys. Class to hold a single master secret key and its subkeys.

Often PGP keyring files consist of multiple master keys, if you are trying to process or construct one of these you should use the PgpSecretKeyRingBundle class.

Return the public key for the master key. Return the master private key. Allows enumeration of the secret keys. An IEnumerable of PgpSecretKey objects. Return an iterator of the public keys in the secret key ring that have no matching private key. At the moment only personal certificate data appears in this fashion. An IEnumerable of unattached, or extra, public keys. Replace the public key set on the secret ring with the corresponding key off the public ring. Secret ring to be changed. Public ring containing the new public key set. Return a copy of the passed in secret key ring, with the master key and sub keys encrypted using a new password and the passed in algorithm. The PgpSecretKeyRing to be copied. The current password for key. The new password for the key. The algorithm to be used for the encryption. Source of randomness. Returns a new key ring with the secret key passed in either added or replacing an existing one with the same key ID. The secret key ring to be modified. The secret key to be inserted. A new PgpSecretKeyRing Returns a new key ring with the secret key passed in removed from the key ring. The secret key ring to be modified. The secret key to be removed. A new PgpSecretKeyRing, or null if secKey is not found. Often a PGP key ring file is made up of a succession of master/sub-key key rings. If you want to read an entire secret key file in one hit this is the class for you. Build a PgpSecretKeyRingBundle from the passed in input stream. Input stream containing data. If a problem parsing the stream occurs. If an object is encountered which isn't a PgpSecretKeyRing. Return the number of rings in this collection. Allow enumeration of the secret key rings making up this collection. Allow enumeration of the key rings associated with the passed in userId. The user ID to be matched. An IEnumerable of key rings which matched (possibly none). Allow enumeration of the key rings associated with the passed in userId. The user ID to be matched. If true, userId need only be a substring of an actual ID string to match. An IEnumerable of key rings which matched (possibly none). Allow enumeration of the key rings associated with the passed in userId. The user ID to be matched. If true, userId need only be a substring of an actual ID string to match. If true, case is ignored in user ID comparisons. An IEnumerable of key rings which matched (possibly none). Return the PGP secret key associated with the given key id. The ID of the secret key to return. Return the secret key ring which contains the key referred to by keyId The ID of the secret key Return true if a key matching the passed in key ID is present, false otherwise. key ID to look for. Return a new bundle containing the contents of the passed in bundle and the passed in secret key ring. The PgpSecretKeyRingBundle the key ring is to be added to. The key ring to be added. A new PgpSecretKeyRingBundle merging the current one with the passed in key ring. If the keyId for the passed in key ring is already present. Return a new bundle containing the contents of the passed in bundle with the passed in secret key ring removed. The PgpSecretKeyRingBundle the key ring is to be removed from. The key ring to be removed. A new PgpSecretKeyRingBundle not containing the passed in key ring. If the keyId for the passed in key ring is not present. A PGP signature object. The OpenPGP version number for this signature. The key algorithm associated with this signature. The hash algorithm associated with this signature. Return true if this signature represents a certification. Verify the signature as certifying the passed in public key as associated with the passed in user attributes. User attributes the key was stored under. The key to be verified. True, if the signature matches, false otherwise. Verify the signature as certifying the passed in public key as associated with the passed in ID. ID the key was stored under. The key to be verified. True, if the signature matches, false otherwise. Verify a certification for the passed in key against the passed in master key. The key we are verifying against. The key we are verifying. True, if the certification is valid, false otherwise. Verify a key certification, such as revocation, for the passed in key. The key we are checking. True, if the certification is valid, false otherwise. The ID of the key that created the signature. The creation time of this signature. Return true if the signature has either hashed or unhashed subpackets. Return true if the passed in signature type represents a certification, false if the signature type is not. true if signatureType is a certification, false otherwise. Generator for PGP signatures. Create a generator for the passed in keyAlgorithm and hashAlgorithm codes. Initialise the generator for signing. Initialise the generator for signing. Return the one pass header associated with the current signature. Return a signature object containing the current signature state. Generate a certification for the passed in ID and key. The ID we are certifying against the public key. The key we are certifying against the ID. The certification. Generate a certification for the passed in userAttributes. The ID we are certifying against the public key. The key we are certifying against the ID. The certification. Generate a certification for the passed in key against the passed in master key. The key we are certifying against. The key we are certifying. The certification. Generate a certification, such as a revocation, for the passed in key. The key we are certifying. The certification. A list of PGP signatures - normally in the signature block after literal data. Generator for signature subpackets. Add a TrustSignature packet to the signature. The values for depth and trust are largely installation dependent but there are some guidelines in RFC 4880 - 5.2.3.13. true if the packet is critical. depth level. trust amount. Set the number of seconds a key is valid for after the time of its creation. A value of zero means the key never expires. True, if should be treated as critical, false otherwise. The number of seconds the key is valid, or zero if no expiry. Set the number of seconds a signature is valid for after the time of its creation. A value of zero means the signature never expires. True, if should be treated as critical, false otherwise. The number of seconds the signature is valid, or zero if no expiry. Set the creation time for the signature.

Note: this overrides the generation of a creation time when the signature is generated.

Sets revocation reason sub packet Sets revocation key sub packet Sets issuer key sub packet Container for a list of signature subpackets. Return true if a particular subpacket type exists. @param type type to look for. @return true if present, false otherwise. Return all signature subpackets of the passed in type. @param type subpacket type code @return an array of zero or more matching subpackets. Return the number of seconds a signature is valid for after its creation date. A value of zero means the signature never expires. Seconds a signature is valid for. Return the number of seconds a key is valid for after its creation date. A value of zero means the key never expires. Seconds a signature is valid for. Return the number of packets this vector contains. Container for a list of user attribute subpackets. Basic utility class. Conversion of the passphrase characters to bytes is performed using Convert.ToByte(), which is the historical behaviour of the library (1.7 and earlier). The passphrase is encoded to bytes using UTF8 (Encoding.UTF8.GetBytes). Allows the caller to handle the encoding of the passphrase to bytes. Write out the passed in file as a literal data packet. Write out the passed in file as a literal data packet in partial packet format. Return either an ArmoredInputStream or a BcpgInputStream based on whether the initial characters of the stream are binary PGP encodings or not. Generator for old style PGP V3 Signatures. Create a generator for the passed in keyAlgorithm and hashAlgorithm codes. Initialise the generator for signing. Initialise the generator for signing. Return the one pass header associated with the current signature. Return a V3 signature object containing the current signature state. Utility functions for looking a S-expression keys. This class will move when it finds a better home!

Format documented here: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/keyformat.txt;h=42c4b1f06faf1bbe71ffadc2fee0fad6bec91a97;hb=refs/heads/master

Wrap a PKIMessage ASN.1 structure. PKI message. Create a PKIMessage from the passed in bytes. BER/DER encoding of the PKIMessage Return true if this message has protection bits on it. A return value of true indicates the message can be used to construct a ProtectedPKIMessage. Wrapper for a PKIMessage with protection attached to it. Wrap a general message. If the general message does not have protection. The General message Wrap a PKI message. If the PKI message does not have protection. The PKI message Message header Message Body Return the underlying ASN.1 structure contained in this object. PKI Message structure Determine whether the message is protected by a password based MAC. Use verify(PKMACBuilder, char[]) to verify the message if this method returns true. true if protection MAC PBE based, false otherwise. Return the extra certificates associated with this message. an array of extra certificates, zero length if none present. Verify a message with a public key based signature attached. a factory of signature verifiers. true if the provider is able to create a verifier that validates the signature, false otherwise. Verify a message with password based MAC protection. MAC builder that can be used to construct the appropriate MacCalculator the MAC password true if the passed in password and MAC builder verify the message, false otherwise. if algorithm not MAC based, or an exception is thrown verifying the MAC. The 'Signature' parameter is only available when generating unsigned attributes. containing class for an CMS Authenticated Data object return the object identifier for the content MAC algorithm. return a store of the intended recipients for this message return the ContentInfo return a table of the digested attributes indexed by the OID of the attribute. return a table of the undigested attributes indexed by the OID of the attribute. return the ASN.1 encoded representation of this object. General class for generating a CMS authenticated-data message. A simple example of usage.
                  CMSAuthenticatedDataGenerator  fact = new CMSAuthenticatedDataGenerator();
            
                  fact.addKeyTransRecipient(cert);
            
                  CMSAuthenticatedData         data = fact.generate(content, algorithm, "BC");
             
base constructor constructor allowing specific source of randomness @param rand instance of SecureRandom to use generate an enveloped object that contains an CMS Enveloped Data object using the given provider and the passed in key generator. generate an authenticated object that contains an CMS Authenticated Data object Parsing class for an CMS Authenticated Data object from an input stream.

Note: that because we are in a streaming mode only one recipient can be tried and it is important that the methods on the parser are called in the appropriate order.

Example of use - assuming the first recipient matches the private key we have.

                  CMSAuthenticatedDataParser     ad = new CMSAuthenticatedDataParser(inputStream);
            
                  RecipientInformationStore  recipients = ad.getRecipientInfos();
            
                  Collection  c = recipients.getRecipients();
                  Iterator    it = c.iterator();
            
                  if (it.hasNext())
                  {
                      RecipientInformation   recipient = (RecipientInformation)it.next();
            
                      CMSTypedStream recData = recipient.getContentStream(privateKey, "BC");
            
                      processDataStream(recData.getContentStream());
            
                      if (!Arrays.equals(ad.getMac(), recipient.getMac())
                      {
                          System.err.println("Data corrupted!!!!");
                      }
                  }
              
Note: this class does not introduce buffering - if you are processing large files you should create the parser with:
                      CMSAuthenticatedDataParser     ep = new CMSAuthenticatedDataParser(new BufferedInputStream(inputStream, bufSize));
              
where bufSize is a suitably large buffer size.

return the object identifier for the mac algorithm. return the ASN.1 encoded encryption algorithm parameters, or null if there aren't any. return a store of the intended recipients for this message return a table of the unauthenticated attributes indexed by the OID of the attribute. @exception java.io.IOException return a table of the unauthenticated attributes indexed by the OID of the attribute. @exception java.io.IOException General class for generating a CMS authenticated-data message stream.

A simple example of usage.

                  CMSAuthenticatedDataStreamGenerator edGen = new CMSAuthenticatedDataStreamGenerator();
            
                  edGen.addKeyTransRecipient(cert);
            
                  ByteArrayOutputStream  bOut = new ByteArrayOutputStream();
            
                  OutputStream out = edGen.open(
                                          bOut, CMSAuthenticatedDataGenerator.AES128_CBC, "BC");*
                  out.write(data);
            
                  out.close();
             

base constructor constructor allowing specific source of randomness @param rand instance of SecureRandom to use Set the underlying string size for encapsulated data @param bufferSize length of octet strings to buffer the data. Use a BER Set to store the recipient information generate an enveloped object that contains an CMS Enveloped Data object using the given provider and the passed in key generator. @throws java.io.IOException generate an enveloped object that contains an CMS Enveloped Data object generate an enveloped object that contains an CMS Enveloped Data object base constructor constructor allowing specific source of randomness @param rand instance of SecureRandom to use containing class for an CMS AuthEnveloped Data object containing class for an CMS Compressed Data object Return the uncompressed content. @return the uncompressed content @throws CmsException if there is an exception uncompressing the data. Return the uncompressed content, throwing an exception if the data size is greater than the passed in limit. If the content is exceeded getCause() on the CMSException will contain a StreamOverflowException @param limit maximum number of bytes to read @return the content read @throws CMSException if there is an exception uncompressing the data. return the ContentInfo return the ASN.1 encoded representation of this object. * General class for generating a compressed CMS message. *

* A simple example of usage.

*

*

                *      CMSCompressedDataGenerator fact = new CMSCompressedDataGenerator();
                *      CMSCompressedData data = fact.Generate(content, algorithm);
                * 
*

Generate an object that contains an CMS Compressed Data Class for reading a CMS Compressed Data stream.
                 CMSCompressedDataParser cp = new CMSCompressedDataParser(inputStream);
            
                 process(cp.GetContent().GetContentStream());
             
Note: this class does not introduce buffering - if you are processing large files you should create the parser with:
                  CMSCompressedDataParser     ep = new CMSCompressedDataParser(new BufferedInputStream(inputStream, bufSize));
              
where bufSize is a suitably large buffer size.
General class for generating a compressed CMS message stream.

A simple example of usage.

                  CMSCompressedDataStreamGenerator gen = new CMSCompressedDataStreamGenerator();
            
                  Stream cOut = gen.Open(outputStream, CMSCompressedDataStreamGenerator.ZLIB);
            
                  cOut.Write(data);
            
                  cOut.Close();
             
base constructor Set the underlying string size for encapsulated data @param bufferSize length of octet strings to buffer the data. Close the underlying data stream. @throws IOException if the close fails. containing class for an CMS Enveloped Data object return the object identifier for the content encryption algorithm. return a store of the intended recipients for this message return the ContentInfo return a table of the unprotected attributes indexed by the OID of the attribute. return the ASN.1 encoded representation of this object. General class for generating a CMS enveloped-data message. A simple example of usage.
                  CmsEnvelopedDataGenerator  fact = new CmsEnvelopedDataGenerator();
            
                  fact.AddKeyTransRecipient(cert);
            
                  CmsEnvelopedData         data = fact.Generate(content, algorithm);
             
Constructor allowing specific source of randomness Instance of SecureRandom to use. Generate an enveloped object that contains a CMS Enveloped Data object using the passed in key generator. Generate an enveloped object that contains an CMS Enveloped Data object. Generate an enveloped object that contains an CMS Enveloped Data object. Parsing class for an CMS Enveloped Data object from an input stream.

Note: that because we are in a streaming mode only one recipient can be tried and it is important that the methods on the parser are called in the appropriate order.

Example of use - assuming the first recipient matches the private key we have.

                  CmsEnvelopedDataParser     ep = new CmsEnvelopedDataParser(inputStream);
            
                  RecipientInformationStore  recipients = ep.GetRecipientInfos();
            
                  Collection  c = recipients.getRecipients();
                  Iterator    it = c.iterator();
            
                  if (it.hasNext())
                  {
                      RecipientInformation   recipient = (RecipientInformation)it.next();
            
                      CMSTypedStream recData = recipient.getContentStream(privateKey);
            
                      processDataStream(recData.getContentStream());
                  }
              
Note: this class does not introduce buffering - if you are processing large files you should create the parser with:
                      CmsEnvelopedDataParser     ep = new CmsEnvelopedDataParser(new BufferedInputStream(inputStream, bufSize));
              
where bufSize is a suitably large buffer size.

return the object identifier for the content encryption algorithm. return the ASN.1 encoded encryption algorithm parameters, or null if there aren't any. return a store of the intended recipients for this message return a table of the unprotected attributes indexed by the OID of the attribute. @throws IOException General class for generating a CMS enveloped-data message stream.

A simple example of usage.

                  CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
            
                  edGen.AddKeyTransRecipient(cert);
            
                  MemoryStream  bOut = new MemoryStream();
            
                  Stream out = edGen.Open(
                                          bOut, CMSEnvelopedDataGenerator.AES128_CBC);*
                  out.Write(data);
            
                  out.Close();
             

Constructor allowing specific source of randomness Instance of SecureRandom to use. Set the underlying string size for encapsulated data. Length of octet strings to buffer the data. Use a BER Set to store the recipient information. Generate an enveloped object that contains an CMS Enveloped Data object using the passed in key generator. generate an enveloped object that contains an CMS Enveloped Data object @throws IOException generate an enveloped object that contains an CMS Enveloped Data object @throws IOException General class for generating a CMS enveloped-data message. A simple example of usage.
                  CMSEnvelopedDataGenerator  fact = new CMSEnvelopedDataGenerator();
            
                  fact.addKeyTransRecipient(cert);
            
                  CMSEnvelopedData         data = fact.generate(content, algorithm, "BC");
             
Constructor allowing specific source of randomness Instance of SecureRandom to use. add a recipient. @param cert recipient's public key certificate @exception ArgumentException if there is a problem with the certificate add a recipient @param key the public key used by the recipient @param subKeyId the identifier for the recipient's public key @exception ArgumentException if there is a problem with the key add a KEK recipient. @param key the secret key to use for wrapping @param keyIdentifier the byte string that identifies the key add a KEK recipient. @param key the secret key to use for wrapping @param keyIdentifier the byte string that identifies the key Add a key agreement based recipient. @param agreementAlgorithm key agreement algorithm to use. @param senderPrivateKey private key to initialise sender side of agreement with. @param senderPublicKey sender public key to include with message. @param recipientCert recipient's public key certificate. @param cekWrapAlgorithm OID for key wrapping algorithm to use. @exception SecurityUtilityException if the algorithm requested cannot be found @exception InvalidKeyException if the keys are inappropriate for the algorithm specified Add multiple key agreement based recipients (sharing a single KeyAgreeRecipientInfo structure). @param agreementAlgorithm key agreement algorithm to use. @param senderPrivateKey private key to initialise sender side of agreement with. @param senderPublicKey sender public key to include with message. @param recipientCerts recipients' public key certificates. @param cekWrapAlgorithm OID for key wrapping algorithm to use. @exception SecurityUtilityException if the algorithm requested cannot be found @exception InvalidKeyException if the keys are inappropriate for the algorithm specified Add a generator to produce the recipient info required. a generator of a recipient info object. Generic routine to copy out the data we want processed. This routine may be called multiple times. a holding class for a byte array of data to be processed. A clone of the byte array a holding class for a file of data to be processed. The file handle general class for handling a pkcs7-signature message. A simple example of usage - note, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer...
              IX509Store              certs = s.GetCertificates();
              SignerInformationStore  signers = s.GetSignerInfos();
            
              foreach (SignerInformation signer in signers.GetSigners())
              {
                  ArrayList       certList = new ArrayList(certs.GetMatches(signer.SignerID));
                  X509Certificate cert = (X509Certificate) certList[0];
            
                  if (signer.Verify(cert.GetPublicKey()))
                  {
                      verified++;
                  }
              }
             
Content with detached signature, digests precomputed @param hashes a map of precomputed digests for content indexed by name of hash. @param sigBlock the signature object. base constructor - content with detached signature. @param signedContent the content that was signed. @param sigData the signature object. base constructor - with encapsulated content Return the version number for this object. return the collection of signers that are associated with the signatures for the message. return a X509Store containing the attribute certificates, if any, contained in this message. @param type type of store to create @return a store of attribute certificates @exception NoSuchStoreException if the store type isn't available. @exception CmsException if a general exception prevents creation of the X509Store return a X509Store containing the public key certificates, if any, contained in this message. @param type type of store to create @return a store of public key certificates @exception NoSuchStoreException if the store type isn't available. @exception CmsException if a general exception prevents creation of the X509Store return a X509Store containing CRLs, if any, contained in this message. @param type type of store to create @return a store of CRLs @exception NoSuchStoreException if the store type isn't available. @exception CmsException if a general exception prevents creation of the X509Store Return the DerObjectIdentifier associated with the encapsulated content info structure carried in the signed data. return the ContentInfo return the ASN.1 encoded representation of this object. Replace the signerinformation store associated with this CmsSignedData object with the new one passed in. You would probably only want to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete one. @param signedData the signed data object to be used as a base. @param signerInformationStore the new signer information store to use. @return a new signed data object. Replace the certificate and CRL information associated with this CmsSignedData object with the new one passed in. @param signedData the signed data object to be used as a base. @param x509Certs the new certificates to be used. @param x509Crls the new CRLs to be used. @return a new signed data object. @exception CmsException if there is an error processing the stores * general class for generating a pkcs7-signature message. *

* A simple example of usage. * *

                 *      IX509Store certs...
                 *      IX509Store crls...
                 *      CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
                 *
                 *      gen.AddSigner(privKey, cert, CmsSignedGenerator.DigestSha1);
                 *      gen.AddCertificates(certs);
                 *      gen.AddCrls(crls);
                 *
                 *      CmsSignedData data = gen.Generate(content);
                 * 
*

Constructor allowing specific source of randomness Instance of SecureRandom to use. * add a signer - no attributes other than the default ones will be * provided here. * * @param key signing key to use * @param cert certificate containing corresponding public key * @param digestOID digest algorithm OID add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be provided here. @param key signing key to use @param cert certificate containing corresponding public key @param encryptionOID digest encryption algorithm OID @param digestOID digest algorithm OID add a signer - no attributes other than the default ones will be provided here. add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be provided here. * add a signer with extra signed/unsigned attributes. * * @param key signing key to use * @param cert certificate containing corresponding public key * @param digestOID digest algorithm OID * @param signedAttr table of attributes to be included in signature * @param unsignedAttr table of attributes to be included as unsigned add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes. @param key signing key to use @param cert certificate containing corresponding public key @param encryptionOID digest encryption algorithm OID @param digestOID digest algorithm OID @param signedAttr table of attributes to be included in signature @param unsignedAttr table of attributes to be included as unsigned * add a signer with extra signed/unsigned attributes. * * @param key signing key to use * @param subjectKeyID subjectKeyID of corresponding public key * @param digestOID digest algorithm OID * @param signedAttr table of attributes to be included in signature * @param unsignedAttr table of attributes to be included as unsigned add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes. @param key signing key to use @param subjectKeyID subjectKeyID of corresponding public key @param encryptionOID digest encryption algorithm OID @param digestOID digest algorithm OID @param signedAttr table of attributes to be included in signature @param unsignedAttr table of attributes to be included as unsigned add a signer with extra signed/unsigned attributes based on generators. add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes based on generators. add a signer with extra signed/unsigned attributes based on generators. add a signer, including digest encryption algorithm, with extra signed/unsigned attributes based on generators. generate a signed object that for a CMS Signed Data object generate a signed object that for a CMS Signed Data object - if encapsulate is true a copy of the message will be included in the signature. The content type is set according to the OID represented by the string signedContentType. generate a signed object that for a CMS Signed Data object - if encapsulate is true a copy of the message will be included in the signature with the default content type "data". generate a set of one or more SignerInformation objects representing counter signatures on the passed in SignerInformation object. @param signer the signer to be countersigned @param sigProvider the provider to be used for counter signing. @return a store containing the signers. Parsing class for an CMS Signed Data object from an input stream.

Note: that because we are in a streaming mode only one signer can be tried and it is important that the methods on the parser are called in the appropriate order.

A simple example of usage for an encapsulated signature.

Two notes: first, in the example below the validity of the certificate isn't verified, just the fact that one of the certs matches the given signer, and, second, because we are in a streaming mode the order of the operations is important.

                  CmsSignedDataParser     sp = new CmsSignedDataParser(encapSigData);
            
                  sp.GetSignedContent().Drain();
            
                  IX509Store              certs = sp.GetCertificates();
                  SignerInformationStore  signers = sp.GetSignerInfos();
            
                  foreach (SignerInformation signer in signers.GetSigners())
                  {
                      ArrayList       certList = new ArrayList(certs.GetMatches(signer.SignerID));
                      X509Certificate cert = (X509Certificate) certList[0];
            
                      Console.WriteLine("verify returns: " + signer.Verify(cert));
                  }
             
Note also: this class does not introduce buffering - if you are processing large files you should create the parser with:
                      CmsSignedDataParser     ep = new CmsSignedDataParser(new BufferedInputStream(encapSigData, bufSize));
              
where bufSize is a suitably large buffer size.
base constructor - with encapsulated content base constructor @param signedContent the content that was signed. @param sigData the signature object. Return the version number for the SignedData object @return the version number return the collection of signers that are associated with the signatures for the message. @throws CmsException return a X509Store containing the attribute certificates, if any, contained in this message. @param type type of store to create @return a store of attribute certificates @exception org.bouncycastle.x509.NoSuchStoreException if the store type isn't available. @exception CmsException if a general exception prevents creation of the X509Store return a X509Store containing the public key certificates, if any, contained in this message. @param type type of store to create @return a store of public key certificates @exception NoSuchStoreException if the store type isn't available. @exception CmsException if a general exception prevents creation of the X509Store return a X509Store containing CRLs, if any, contained in this message. @param type type of store to create @return a store of CRLs @exception NoSuchStoreException if the store type isn't available. @exception CmsException if a general exception prevents creation of the X509Store Return the DerObjectIdentifier associated with the encapsulated content info structure carried in the signed data. Replace the signerinformation store associated with the passed in message contained in the stream original with the new one passed in. You would probably only want to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete one.

The output stream is returned unclosed.

@param original the signed data stream to be used as a base. @param signerInformationStore the new signer information store to use. @param out the stream to Write the new signed data object to. @return out.
Replace the certificate and CRL information associated with this CMSSignedData object with the new one passed in.

The output stream is returned unclosed.

@param original the signed data stream to be used as a base. @param certsAndCrls the new certificates and CRLs to be used. @param out the stream to Write the new signed data object to. @return out. @exception CmsException if there is an error processing the CertStore
General class for generating a pkcs7-signature message stream.

A simple example of usage.

                  IX509Store                   certs...
                  CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
            
                  gen.AddSigner(privateKey, cert, CmsSignedDataStreamGenerator.DIGEST_SHA1);
            
                  gen.AddCertificates(certs);
            
                  Stream sigOut = gen.Open(bOut);
            
                  sigOut.Write(Encoding.UTF8.GetBytes("Hello World!"));
            
                  sigOut.Close();
             
Constructor allowing specific source of randomness Instance of SecureRandom to use. Set the underlying string size for encapsulated data @param bufferSize length of octet strings to buffer the data. add a signer - no attributes other than the default ones will be provided here. @throws NoSuchAlgorithmException @throws InvalidKeyException add a signer, specifying the digest encryption algorithm - no attributes other than the default ones will be provided here. @throws NoSuchProviderException @throws NoSuchAlgorithmException @throws InvalidKeyException add a signer with extra signed/unsigned attributes. @throws NoSuchAlgorithmException @throws InvalidKeyException add a signer with extra signed/unsigned attributes - specifying digest encryption algorithm. @throws NoSuchProviderException @throws NoSuchAlgorithmException @throws InvalidKeyException add a signer - no attributes other than the default ones will be provided here. @throws NoSuchAlgorithmException @throws InvalidKeyException add a signer - no attributes other than the default ones will be provided here. @throws NoSuchProviderException @throws NoSuchAlgorithmException @throws InvalidKeyException add a signer with extra signed/unsigned attributes. @throws NoSuchAlgorithmException @throws InvalidKeyException generate a signed object that for a CMS Signed Data object generate a signed object that for a CMS Signed Data object - if encapsulate is true a copy of the message will be included in the signature with the default content type "data". generate a signed object that for a CMS Signed Data object using the given provider - if encapsulate is true a copy of the message will be included in the signature with the default content type "data". If dataOutputStream is non null the data being signed will be written to the stream as it is processed. @param out stream the CMS object is to be written to. @param encapsulate true if data should be encapsulated. @param dataOutputStream output stream to copy the data being signed to. generate a signed object that for a CMS Signed Data object - if encapsulate is true a copy of the message will be included in the signature. The content type is set according to the OID represented by the string signedContentType. generate a signed object that for a CMS Signed Data object using the given provider - if encapsulate is true a copy of the message will be included in the signature. The content type is set according to the OID represented by the string signedContentType. @param out stream the CMS object is to be written to. @param signedContentType OID for data to be signed. @param encapsulate true if data should be encapsulated. @param dataOutputStream output stream to copy the data being signed to. Default type for the signed data. Constructor allowing specific source of randomness Instance of SecureRandom to use. Add the attribute certificates contained in the passed in store to the generator. @param store a store of Version 2 attribute certificates @throws CmsException if an error occurse processing the store. Add a store of precalculated signers to the generator. @param signerStore store of signers Return a map of oids and byte arrays representing the digests calculated on the content during the last generate. @return a map of oids (as string objects) and byte[] representing digests. Return the digest algorithm using one of the standard JCA string representations rather than the algorithm identifier (if possible). Return the digest encryption algorithm using one of the standard JCA string representations rather than the algorithm identifier (if possible). Default authenticated attributes generator. Initialise to use all defaults Initialise with some extra attributes or overrides. @param attributeTable initial attribute table to use. Create a standard attribute table from the passed in parameters - this will normally include contentType and messageDigest. If the constructor using an AttributeTable was used, entries in it for contentType and messageDigest will override the generated ones. @param parameters source parameters for table generation. @return a filled in IDictionary of attributes. @param parameters source parameters @return the populated attribute table Default signed attributes generator. Initialise to use all defaults Initialise with some extra attributes or overrides. @param attributeTable initial attribute table to use. Create a standard attribute table from the passed in parameters - this will normally include contentType, signingTime, and messageDigest. If the constructor using an AttributeTable was used, entries in it for contentType, signingTime, and messageDigest will override the generated ones. @param parameters source parameters for table generation. @return a filled in Hashtable of attributes. @param parameters source parameters @return the populated attribute table the RecipientInfo class for a recipient who has been sent a message encrypted using a secret key known to the other side. decrypt the content and return an input stream. the RecipientInfo class for a recipient who has been sent a message encrypted using key agreement. decrypt the content and return an input stream. the KeyTransRecipientInformation class for a recipient who has been sent a secret key encrypted using their public key that needs to be used to extract the message. decrypt the content and return it as a byte array. a basic index for an originator. Return the certificates stored in the underlying OriginatorInfo object. @return a Store of X509CertificateHolder objects. Return the CRLs stored in the underlying OriginatorInfo object. @return a Store of X509CRLHolder objects. Return the underlying ASN.1 object defining this SignerInformation object. @return a OriginatorInfo. the RecipientInfo class for a recipient who has been sent a message encrypted using a password. return the object identifier for the key derivation algorithm, or null if there is none present. @return OID for key derivation algorithm, if present. decrypt the content and return an input stream. PKCS5 scheme-2 - password converted to bytes assuming ASCII. PKCS5 scheme-2 - password converted to bytes using UTF-8. Generate a RecipientInfo object for the given key. A A A * return the object identifier for the key encryption algorithm. * * @return OID for key encryption algorithm. * return the ASN.1 encoded key encryption algorithm parameters, or null if * there aren't any. * * @return ASN.1 encoding of key encryption algorithm parameters. Return the MAC calculated for the content stream. Note: this call is only meaningful once all the content has been read. @return byte array containing the mac. Return the first RecipientInformation object that matches the passed in selector. Null if there are no matches. @param selector to identify a recipient @return a single RecipientInformation object. Null if none matches. Return the number of recipients in the collection. @return number of recipients identified. Return all recipients in the collection @return a collection of recipients. Return possible empty collection with recipients matching the passed in RecipientID @param selector a recipient id to select against. @return a collection of RecipientInformation objects. a basic index for a signer. If the passed in flag is true, the signer signature will be based on the data, not a collection of signed attributes, and no signed attributes will be included. @return the builder object Provide a custom signed attribute generator. @param signedGen a generator of signed attributes. @return the builder object Provide a generator of unsigned attributes. @param unsignedGen a generator for signed attributes. @return the builder object Build a generator with the passed in X.509 certificate issuer and serial number as the signerIdentifier. @param contentSigner operator for generating the final signature in the SignerInfo with. @param certificate X.509 certificate related to the contentSigner. @return a SignerInfoGenerator @throws OperatorCreationException if the generator cannot be built. Build a generator with the passed in subjectKeyIdentifier as the signerIdentifier. If used you should try to follow the calculation described in RFC 5280 section 4.2.1.2. @param signerFactory operator factory for generating the final signature in the SignerInfo with. @param subjectKeyIdentifier key identifier to identify the public key for verifying the signature. @return a SignerInfoGenerator an expanded SignerInfo block from a CMS Signed message Protected constructor. In some cases clients have their own idea about how to encode the signed attributes and calculate the signature. This constructor is to allow developers to deal with that by extending off the class and overridng methods like getSignedAttributes(). @param baseInfo the SignerInformation to base this one on. return the version number for this objects underlying SignerInfo structure. return the object identifier for the signature. return the signature parameters, or null if there aren't any. return the content digest that was calculated during verification. return the object identifier for the signature. return the signature/encryption algorithm parameters, or null if there aren't any. return a table of the signed attributes - indexed by the OID of the attribute. return a table of the unsigned attributes indexed by the OID of the attribute. return the encoded signature Return a SignerInformationStore containing the counter signatures attached to this signer. If no counter signatures are present an empty store is returned. return the DER encoding of the signed attributes. @throws IOException if an encoding error occurs. verify that the given public key successfully handles and confirms the signature associated with this signer. verify that the given certificate successfully handles and confirms the signature associated with this signer and, if a signingTime attribute is available, that the certificate was valid at the time the signature was generated. Return the base ASN.1 CMS structure that this object contains. @return an object containing a CMS SignerInfo structure. Return a signer information object with the passed in unsigned attributes replacing the ones that are current associated with the object passed in. @param signerInformation the signerInfo to be used as the basis. @param unsignedAttributes the unsigned attributes to add. @return a copy of the original SignerInformationObject with the changed attributes. Return a signer information object with passed in SignerInformationStore representing counter signatures attached as an unsigned attribute. @param signerInformation the signerInfo to be used as the basis. @param counterSigners signer info objects carrying counter signature. @return a copy of the original SignerInformationObject with the changed attributes. Create a store containing a single SignerInformation object. @param signerInfo the signer information to contain. Create a store containing a collection of SignerInformation objects. @param signerInfos a collection signer information objects to contain. Return the first SignerInformation object that matches the passed in selector. Null if there are no matches. @param selector to identify a signer @return a single SignerInformation object. Null if none matches. The number of signers in the collection. An ICollection of all signers in the collection Return possible empty collection with signers matching the passed in SignerID @param selector a signer id to select against. @return a collection of SignerInformation objects. Basic generator that just returns a preconstructed attribute table Carrier for an authenticator control. Basic constructor - build from a UTF-8 string representing the token. UTF-8 string representing the token. Basic constructor - build from a string representing the token. string representing the token. Return the type of this control. Return the token associated with this control (a UTF8String). Create a CertificateRequestMessage from the passed in bytes. BER/DER encoding of the CertReqMsg structure. Return the underlying ASN.1 object defining this CertificateRequestMessage object. A CertReqMsg Return the certificate template contained in this message. a CertTemplate structure. Return whether or not this request has control values associated with it. true if there are control values present, false otherwise. Return whether or not this request has a specific type of control value. the type OID for the control value we are checking for. true if a control value of type is present, false otherwise. Return a control value of the specified type. the type OID for the control value we are checking for. the control value if present, null otherwise. Return whether or not this request message has a proof-of-possession field in it. true if proof-of-possession is present, false otherwise. Return the type of the proof-of-possession this request message provides. one of: popRaVerified, popSigningKey, popKeyEncipherment, popKeyAgreement Return whether or not the proof-of-possession (POP) is of the type popSigningKey and it has a public key MAC associated with it. true if POP is popSigningKey and a PKMAC is present, false otherwise. Return whether or not a signing key proof-of-possession (POP) is valid. a provider that can produce content verifiers for the signature contained in this POP. true if the POP is valid, false otherwise. if there is a problem in verification or content verifier creation. if POP not appropriate. Return the ASN.1 encoding of the certReqMsg we wrap. a byte array containing the binary encoding of the certReqMsg. Create a builder that makes EncryptedValue structures. wrapper a wrapper for key used to encrypt the actual data contained in the EncryptedValue. encryptor an output encryptor to encrypt the actual data contained in the EncryptedValue. Create a builder that makes EncryptedValue structures with fixed length blocks padded using the passed in padder. a wrapper for key used to encrypt the actual data contained in the EncryptedValue. encryptor an output encryptor to encrypt the actual data contained in the EncryptedValue. padder a padder to ensure that the EncryptedValue created will always be a constant length. Build an EncryptedValue structure containing the passed in pass phrase. a revocation pass phrase. an EncryptedValue containing the encrypted pass phrase. Build an EncryptedValue structure containing the certificate contained in the passed in holder. a holder containing a certificate. an EncryptedValue containing the encrypted certificate. on a failure to encrypt the data, or wrap the symmetric key for this value. Build an EncryptedValue structure containing the private key contained in the passed info structure. a PKCS#8 private key info structure. an EncryptedValue containing an EncryptedPrivateKeyInfo structure. on a failure to encrypt the data, or wrap the symmetric key for this value. Generic interface for a CertificateRequestMessage control value. Return the type of this control. Return the value contained in this control object. An encrypted value padder is used to make sure that prior to a value been encrypted the data is padded to a standard length. Return a byte array of padded data. the data to be padded. a padded byte array containing data. Return a byte array of with padding removed. the data to be padded. an array containing the original unpadded data. Basic constructor - build from an PKIArchiveOptions structure. the ASN.1 structure that will underlie this control. Return the type of this control. CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions Return the underlying ASN.1 object. a PKIArchiveOptions structure. Return the archive control type, one of: encryptedPrivKey,keyGenParameters,or archiveRemGenPrivKey. the archive control type. Return whether this control contains enveloped data. true if the control contains enveloped data, false otherwise. Return the enveloped data structure contained in this control. a CMSEnvelopedData object. Basic constructor - specify the contents of the PKIArchiveControl structure. the private key to be archived. the general name to be associated with the private key. Add a recipient generator to this control. recipient generator created for a specific recipient. this builder object. Build the PKIArchiveControl using the passed in encryptor to encrypt its contents. a suitable content encryptor. a PKIArchiveControl object. Default, IterationCount = 1000, OIW=IdSha1, Mac=HmacSHA1 Defaults with IPKMacPrimitivesProvider Create. The Mac provider Digest Algorithm Id Mac Algorithm Id Create a PKMAC builder enforcing a ceiling on the maximum iteration count. supporting calculator max allowable value for iteration count. Set the salt length in octets. @param saltLength length in octets of the salt to be generated. @return the generator Set the iteration count. the iteration count. this if iteration count is less than 100 Set PbmParameters The parameters. this The Secure random The random. this Build an IMacFactory. The password. IMacFactory Basic constructor - build from a UTF-8 string representing the token. UTF-8 string representing the token. Basic constructor - build from a string representing the token. string representing the token. Return the type of this control. CRMFObjectIdentifiers.id_regCtrl_regToken Return the token associated with this control (a UTF8String). a UTF8String. a Diffie-Hellman key exchange engine.

note: This uses MTI/A0 key agreement in order to make the key agreement secure against passive attacks. If you're doing Diffie-Hellman and both parties have long term public keys you should look at using this. For further information have a look at RFC 2631.

It's possible to extend this to more than two parties as well, for the moment that is left as an exercise for the reader.

calculate our initial message. given a message from a given party and the corresponding public key calculate the next message in the agreement sequence. In this case this will represent the shared secret. a Diffie-Hellman key agreement class.

note: This is only the basic algorithm, it doesn't take advantage of long term public keys if they are available. See the DHAgreement class for a "better" implementation.

given a short term public key from a given party calculate the next message in the agreement sequence. Standard Diffie-Hellman groups from various IETF specifications. Existence of a "hidden SNFS" backdoor cannot be ruled out. see https://eprint.iacr.org/2016/961.pdf . Existence of a "hidden SNFS" backdoor cannot be ruled out. see https://eprint.iacr.org/2016/961.pdf . Existence of a "hidden SNFS" backdoor cannot be ruled out. see https://eprint.iacr.org/2016/961.pdf . P1363 7.2.1 ECSVDP-DH ECSVDP-DH is Elliptic Curve Secret Value Derivation Primitive, Diffie-Hellman version. It is based on the work of [DH76], [Mil86], and [Kob87]. This primitive derives a shared secret value from one party's private key and another party's public key, where both have the same set of EC domain parameters. If two parties correctly execute this primitive, they will produce the same output. This primitive can be invoked by a scheme to derive a shared secret key; specifically, it may be used with the schemes ECKAS-DH1 and DL/ECKAS-DH2. It assumes that the input keys are valid (see also Section 7.2.2). P1363 7.2.2 ECSVDP-DHC ECSVDP-DHC is Elliptic Curve Secret Value Derivation Primitive, Diffie-Hellman version with cofactor multiplication. It is based on the work of [DH76], [Mil86], [Kob87], [LMQ98] and [Kal98a]. This primitive derives a shared secret value from one party's private key and another party's public key, where both have the same set of EC domain parameters. If two parties correctly execute this primitive, they will produce the same output. This primitive can be invoked by a scheme to derive a shared secret key; specifically, it may be used with the schemes ECKAS-DH1 and DL/ECKAS-DH2. It does not assume the validity of the input public key (see also Section 7.2.1).

Note: As stated P1363 compatibility mode with ECDH can be preset, and in this case the implementation doesn't have a ECDH compatibility mode (if you want that just use ECDHBasicAgreement and note they both implement BasicAgreement!).

A participant in a Password Authenticated Key Exchange by Juggling (J-PAKE) exchange. The J-PAKE exchange is defined by Feng Hao and Peter Ryan in the paper "Password Authenticated Key Exchange by Juggling, 2008." The J-PAKE protocol is symmetric. There is no notion of a client or server, but rather just two participants. An instance of JPakeParticipant represents one participant, and is the primary interface for executing the exchange. To execute an exchange, construct a JPakeParticipant on each end, and call the following 7 methods (once and only once, in the given order, for each participant, sending messages between them as described): CreateRound1PayloadToSend() - and send the payload to the other participant ValidateRound1PayloadReceived(JPakeRound1Payload) - use the payload received from the other participant CreateRound2PayloadToSend() - and send the payload to the other participant ValidateRound2PayloadReceived(JPakeRound2Payload) - use the payload received from the other participant CalculateKeyingMaterial() CreateRound3PayloadToSend(BigInteger) - and send the payload to the other participant ValidateRound3PayloadReceived(JPakeRound3Payload, BigInteger) - use the payload received from the other participant Each side should derive a session key from the keying material returned by CalculateKeyingMaterial(). The caller is responsible for deriving the session key using a secure key derivation function (KDF). Round 3 is an optional key confirmation process. If you do not execute round 3, then there is no assurance that both participants are using the same key. (i.e. if the participants used different passwords, then their session keys will differ.) If the round 3 validation succeeds, then the keys are guaranteed to be the same on both sides. The symmetric design can easily support the asymmetric cases when one party initiates the communication. e.g. Sometimes the round1 payload and round2 payload may be sent in one pass. Also, in some cases, the key confirmation payload can be sent together with the round2 payload. These are the trivial techniques to optimize the communication. The key confirmation process is implemented as specified in NIST SP 800-56A Revision 1, Section 8.2 Unilateral Key Confirmation for Key Agreement Schemes. This class is stateful and NOT threadsafe. Each instance should only be used for ONE complete J-PAKE exchange (i.e. a new JPakeParticipant should be constructed for each new J-PAKE exchange). Convenience constructor for a new JPakeParticipant that uses the JPakePrimeOrderGroups#NIST_3072 prime order group, a SHA-256 digest, and a default SecureRandom implementation. After construction, the State state will be STATE_INITIALIZED. Throws NullReferenceException if any argument is null. Throws ArgumentException if password is empty. Unique identifier of this participant. The two participants in the exchange must NOT share the same id. Shared secret. A defensive copy of this array is made (and cleared once CalculateKeyingMaterial() is called). Caller should clear the input password as soon as possible. Convenience constructor for a new JPakeParticipant that uses a SHA-256 digest, and a default SecureRandom implementation. After construction, the State state will be STATE_INITIALIZED. Throws NullReferenceException if any argument is null. Throws ArgumentException if password is empty. Unique identifier of this participant. The two participants in the exchange must NOT share the same id. Shared secret. A defensive copy of this array is made (and cleared once CalculateKeyingMaterial() is called). Caller should clear the input password as soon as possible. Prime order group. See JPakePrimeOrderGroups for standard groups. Constructor for a new JPakeParticipant. After construction, the State state will be STATE_INITIALIZED. Throws NullReferenceException if any argument is null. Throws ArgumentException if password is empty. Unique identifier of this participant. The two participants in the exchange must NOT share the same id. Shared secret. A defensive copy of this array is made (and cleared once CalculateKeyingMaterial() is called). Caller should clear the input password as soon as possible. Prime order group. See JPakePrimeOrderGroups for standard groups. Digest to use during zero knowledge proofs and key confirmation (SHA-256 or stronger preferred). Source of secure random data for x1 and x2, and for the zero knowledge proofs. Gets the current state of this participant. See the STATE_* constants for possible values. Creates and returns the payload to send to the other participant during round 1. After execution, the State state} will be STATE_ROUND_1_CREATED}. Validates the payload received from the other participant during round 1. Must be called prior to CreateRound2PayloadToSend(). After execution, the State state will be STATE_ROUND_1_VALIDATED. Throws CryptoException if validation fails. Throws InvalidOperationException if called multiple times. Creates and returns the payload to send to the other participant during round 2. ValidateRound1PayloadReceived(JPakeRound1Payload) must be called prior to this method. After execution, the State state will be STATE_ROUND_2_CREATED. Throws InvalidOperationException if called prior to ValidateRound1PayloadReceived(JPakeRound1Payload), or multiple times Validates the payload received from the other participant during round 2. Note that this DOES NOT detect a non-common password. The only indication of a non-common password is through derivation of different keys (which can be detected explicitly by executing round 3 and round 4) Must be called prior to CalculateKeyingMaterial(). After execution, the State state will be STATE_ROUND_2_VALIDATED. Throws CryptoException if validation fails. Throws InvalidOperationException if called prior to ValidateRound1PayloadReceived(JPakeRound1Payload), or multiple times Calculates and returns the key material. A session key must be derived from this key material using a secure key derivation function (KDF). The KDF used to derive the key is handled externally (i.e. not by JPakeParticipant). The keying material will be identical for each participant if and only if each participant's password is the same. i.e. If the participants do not share the same password, then each participant will derive a different key. Therefore, if you immediately start using a key derived from the keying material, then you must handle detection of incorrect keys. If you want to handle this detection explicitly, you can optionally perform rounds 3 and 4. See JPakeParticipant for details on how to execute rounds 3 and 4. The keying material will be in the range [0, p-1]. ValidateRound2PayloadReceived(JPakeRound2Payload) must be called prior to this method. As a side effect, the internal password array is cleared, since it is no longer needed. After execution, the State state will be STATE_KEY_CALCULATED. Throws InvalidOperationException if called prior to ValidateRound2PayloadReceived(JPakeRound2Payload), or if called multiple times. Creates and returns the payload to send to the other participant during round 3. See JPakeParticipant for more details on round 3. After execution, the State state} will be STATE_ROUND_3_CREATED. Throws InvalidOperationException if called prior to CalculateKeyingMaterial, or multiple times. The keying material as returned from CalculateKeyingMaterial(). Validates the payload received from the other participant during round 3. See JPakeParticipant for more details on round 3. After execution, the State state will be STATE_ROUND_3_VALIDATED. Throws CryptoException if validation fails. Throws InvalidOperationException if called prior to CalculateKeyingMaterial or multiple times The round 3 payload received from the other participant. The keying material as returned from CalculateKeyingMaterial(). A pre-computed prime order group for use during a J-PAKE exchange. Typically a Schnorr group is used. In general, J-PAKE can use any prime order group that is suitable for public key cryptography, including elliptic curve cryptography. See JPakePrimeOrderGroups for convenient standard groups. NIST publishes many groups that can be used for the desired level of security. Constructs a new JPakePrimeOrderGroup. In general, you should use one of the pre-approved groups from JPakePrimeOrderGroups, rather than manually constructing one. The following basic checks are performed: p-1 must be evenly divisible by q g must be in [2, p-1] g^q mod p must equal 1 p must be prime (within reasonably certainty) q must be prime (within reasonably certainty) The prime checks are performed using BigInteger#isProbablePrime(int), and are therefore subject to the same probability guarantees. These checks prevent trivial mistakes. However, due to the small uncertainties if p and q are not prime, advanced attacks are not prevented. Use it at your own risk. Throws NullReferenceException if any argument is null. Throws InvalidOperationException is any of the above validations fail. Constructor used by the pre-approved groups in JPakePrimeOrderGroups. These pre-approved groups can avoid the expensive checks. User-specified groups should not use this constructor. Standard pre-computed prime order groups for use by J-PAKE. (J-PAKE can use pre-computed prime order groups, same as DSA and Diffie-Hellman.)

This class contains some convenient constants for use as input for constructing {@link JPAKEParticipant}s.

The prime order groups below are taken from Sun's JDK JavaDoc (docs/guide/security/CryptoSpec.html#AppB), and from the prime order groups published by NIST.

From Sun's JDK JavaDoc (docs/guide/security/CryptoSpec.html#AppB) 1024-bit p, 160-bit q and 1024-bit g for 80-bit security. From NIST. 2048-bit p, 224-bit q and 2048-bit g for 112-bit security. From NIST. 3072-bit p, 256-bit q and 3072-bit g for 128-bit security. The payload sent/received during the first round of a J-PAKE exchange. Each JPAKEParticipant creates and sends an instance of this payload to the other. The payload to send should be created via JPAKEParticipant.CreateRound1PayloadToSend(). Each participant must also validate the payload received from the other. The received payload should be validated via JPAKEParticipant.ValidateRound1PayloadReceived(JPakeRound1Payload). The id of the JPAKEParticipant who created/sent this payload. The value of g^x1 The value of g^x2 The zero knowledge proof for x1. This is a two element array, containing {g^v, r} for x1. The zero knowledge proof for x2. This is a two element array, containing {g^v, r} for x2. The payload sent/received during the second round of a J-PAKE exchange. Each JPAKEParticipant creates and sends an instance of this payload to the other JPAKEParticipant. The payload to send should be created via JPAKEParticipant#createRound2PayloadToSend() Each JPAKEParticipant must also validate the payload received from the other JPAKEParticipant. The received payload should be validated via JPAKEParticipant#validateRound2PayloadReceived(JPakeRound2Payload) The id of the JPAKEParticipant who created/sent this payload. The value of A, as computed during round 2. The zero knowledge proof for x2 * s. This is a two element array, containing {g^v, r} for x2 * s. The payload sent/received during the optional third round of a J-PAKE exchange, which is for explicit key confirmation. Each JPAKEParticipant creates and sends an instance of this payload to the other JPAKEParticipant. The payload to send should be created via JPAKEParticipant#createRound3PayloadToSend(BigInteger) Eeach JPAKEParticipant must also validate the payload received from the other JPAKEParticipant. The received payload should be validated via JPAKEParticipant#validateRound3PayloadReceived(JPakeRound3Payload, BigInteger) The id of the {@link JPAKEParticipant} who created/sent this payload. The value of MacTag, as computed by round 3. See JPAKEUtil#calculateMacTag(string, string, BigInteger, BigInteger, BigInteger, BigInteger, BigInteger, org.bouncycastle.crypto.Digest) Primitives needed for a J-PAKE exchange. The recommended way to perform a J-PAKE exchange is by using two JPAKEParticipants. Internally, those participants call these primitive operations in JPakeUtilities. The primitives, however, can be used without a JPAKEParticipant if needed. Return a value that can be used as x1 or x3 during round 1. The returned value is a random value in the range [0, q-1]. Return a value that can be used as x2 or x4 during round 1. The returned value is a random value in the range [1, q-1]. Converts the given password to a BigInteger for use in arithmetic calculations. Calculate g^x mod p as done in round 1. Calculate ga as done in round 2. Calculate x2 * s as done in round 2. Calculate A as done in round 2. Calculate a zero knowledge proof of x using Schnorr's signature. The returned array has two elements {g^v, r = v-x*h} for x. Validates that g^x4 is not 1. throws CryptoException if g^x4 is 1 Validates that ga is not 1. As described by Feng Hao... Alice could simply check ga != 1 to ensure it is a generator. In fact, as we will explain in Section 3, (x1 + x3 + x4 ) is random over Zq even in the face of active attacks. Hence, the probability for ga = 1 is extremely small - on the order of 2^160 for 160-bit q. throws CryptoException if ga is 1 Validates the zero knowledge proof (generated by calculateZeroKnowledgeProof(BigInteger, BigInteger, BigInteger, BigInteger, BigInteger, string, Digest, SecureRandom) is correct. throws CryptoException if the zero knowledge proof is not correct Calculates the keying material, which can be done after round 2 has completed. A session key must be derived from this key material using a secure key derivation function (KDF). The KDF used to derive the key is handled externally (i.e. not by JPAKEParticipant). KeyingMaterial = (B/g^{x2*x4*s})^x2 Validates that the given participant ids are not equal. (For the J-PAKE exchange, each participant must use a unique id.) Throws CryptoException if the participantId strings are equal. Validates that the given participant ids are equal. This is used to ensure that the payloads received from each round all come from the same participant. Validates that the given object is not null. throws NullReferenceException if the object is null. object in question name of the object (to be used in exception message) Calculates the MacTag (to be used for key confirmation), as defined by NIST SP 800-56A Revision 1, Section 8.2 Unilateral Key Confirmation for Key Agreement Schemes. MacTag = HMAC(MacKey, MacLen, MacData) MacKey = H(K || "JPAKE_KC") MacData = "KC_1_U" || participantId || partnerParticipantId || gx1 || gx2 || gx3 || gx4 Note that both participants use "KC_1_U" because the sender of the round 3 message is always the initiator for key confirmation. HMAC = {@link HMac} used with the given {@link Digest} H = The given {@link Digest} MacLen = length of MacTag Calculates the MacKey (i.e. the key to use when calculating the MagTag for key confirmation). MacKey = H(K || "JPAKE_KC") Validates the MacTag received from the partner participant. throws CryptoException if the participantId strings are equal. Generator for Concatenation Key Derivation Function defined in NIST SP 800-56A, Sect 5.8.1 @param digest the digest to be used as the source of generated bytes return the underlying digest. fill len bytes of the output buffer with bytes generated from the derivation function. @throws DataLengthException if the out buffer is too small. RFC 2631 Diffie-hellman KEK derivation function. X9.63 based key derivation function for ECDH CMS. SM2 Key Exchange protocol - based on https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 Implements the client side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe. This implementation of SRP is based on the optimized message sequence put forth by Thomas Wu in the paper "SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, 2002" Initialises the client to begin new authentication attempt @param N The safe prime associated with the client's verifier @param g The group parameter associated with the client's verifier @param digest The digest algorithm associated with the client's verifier @param random For key generation Generates client's credentials given the client's salt, identity and password @param salt The salt used in the client's verifier. @param identity The user's identity (eg. username) @param password The user's password @return Client's public value to send to server Generates client's verification message given the server's credentials @param serverB The server's credentials @return Client's verification message for the server @throws CryptoException If server's credentials are invalid Computes the client evidence message M1 using the previously received values. To be called after calculating the secret S. @return M1: the client side generated evidence message @throws CryptoException Authenticates the server evidence message M2 received and saves it only if correct. @param M2: the server side generated evidence message @return A boolean indicating if the server message M2 was the expected one. @throws CryptoException Computes the final session key as a result of the SRP successful mutual authentication To be called after verifying the server evidence message M2. @return Key: the mutually authenticated symmetric session key @throws CryptoException Implements the server side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe. This implementation of SRP is based on the optimized message sequence put forth by Thomas Wu in the paper "SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, 2002" Initialises the server to accept a new client authentication attempt @param N The safe prime associated with the client's verifier @param g The group parameter associated with the client's verifier @param v The client's verifier @param digest The digest algorithm associated with the client's verifier @param random For key generation Generates the server's credentials that are to be sent to the client. @return The server's public value to the client Processes the client's credentials. If valid the shared secret is generated and returned. @param clientA The client's credentials @return A shared secret BigInteger @throws CryptoException If client's credentials are invalid Authenticates the received client evidence message M1 and saves it only if correct. To be called after calculating the secret S. @param M1: the client side generated evidence message @return A boolean indicating if the client message M1 was the expected one. @throws CryptoException Computes the server evidence message M2 using the previously verified values. To be called after successfully verifying the client evidence message M1. @return M2: the server side generated evidence message @throws CryptoException Computes the final session key as a result of the SRP successful mutual authentication To be called after calculating the server evidence message M2. @return Key: the mutual authenticated symmetric session key @throws CryptoException Computes the client evidence message (M1) according to the standard routine: M1 = H( A | B | S ) @param digest The Digest used as the hashing function H @param N Modulus used to get the pad length @param A The public client value @param B The public server value @param S The secret calculated by both sides @return M1 The calculated client evidence message Computes the server evidence message (M2) according to the standard routine: M2 = H( A | M1 | S ) @param digest The Digest used as the hashing function H @param N Modulus used to get the pad length @param A The public client value @param M1 The client evidence message @param S The secret calculated by both sides @return M2 The calculated server evidence message Computes the final Key according to the standard routine: Key = H(S) @param digest The Digest used as the hashing function H @param N Modulus used to get the pad length @param S The secret calculated by both sides @return Generates new SRP verifier for user Initialises generator to create new verifiers @param N The safe prime to use (see DHParametersGenerator) @param g The group parameter to use (see DHParametersGenerator) @param digest The digest to use. The same digest type will need to be used later for the actual authentication attempt. Also note that the final session key size is dependent on the chosen digest. Creates a new SRP verifier @param salt The salt to use, generally should be large and random @param identity The user's identifying information (eg. username) @param password The user's password @return A new verifier for use in future SRP authentication a holding class for public/private parameter pairs. basic constructor. @param publicParam a public key parameters object. @param privateParam the corresponding private key parameters. return the public key parameters. @return the public key parameters. return the private key parameters. @return the private key parameters. The AEAD block ciphers already handle buffering internally, so this class just takes care of implementing IBufferedCipher methods. initialise the cipher. @param forEncryption if true the cipher is initialised for encryption, if false for decryption. @param param the key and other data required by the cipher. @exception ArgumentException if the parameters argument is inappropriate. return the blocksize for the underlying cipher. @return the blocksize for the underlying cipher. return the size of the output buffer required for an update an input of len bytes. @param len the length of the input. @return the space required to accommodate a call to update with len bytes of input. return the size of the output buffer required for an update plus a doFinal with an input of len bytes. @param len the length of the input. @return the space required to accommodate a call to update and doFinal with len bytes of input. process a single byte, producing an output block if necessary. @param in the input byte. @param out the space for any output that might be produced. @param outOff the offset from which the output will be copied. @return the number of output bytes copied to out. @exception DataLengthException if there isn't enough space in out. @exception InvalidOperationException if the cipher isn't initialised. process an array of bytes, producing output if necessary. @param in the input byte array. @param inOff the offset at which the input data starts. @param len the number of bytes to be copied out of the input array. @param out the space for any output that might be produced. @param outOff the offset from which the output will be copied. @return the number of output bytes copied to out. @exception DataLengthException if there isn't enough space in out. @exception InvalidOperationException if the cipher isn't initialised. Process the last block in the buffer. @param out the array the block currently being held is copied into. @param outOff the offset at which the copying starts. @return the number of output bytes copied to out. @exception DataLengthException if there is insufficient space in out for the output, or the input is not block size aligned and should be. @exception InvalidOperationException if the underlying cipher is not initialised. @exception InvalidCipherTextException if padding is expected and not found. @exception DataLengthException if the input is not block size aligned. Reset the buffer and cipher. After resetting the object is in the same state as it was after the last init (if there was one). a buffer wrapper for an asymmetric block cipher, allowing input to be accumulated in a piecemeal fashion until final processing. base constructor. @param cipher the cipher this buffering object wraps. return the amount of data sitting in the buffer. @return the amount of data sitting in the buffer. initialise the buffer and the underlying cipher. @param forEncryption if true the cipher is initialised for encryption, if false for decryption. @param param the key and other data required by the cipher. process the contents of the buffer using the underlying cipher. @return the result of the encryption/decryption process on the buffer. @exception InvalidCipherTextException if we are given a garbage block. Reset the buffer A wrapper class that allows block ciphers to be used to process data in a piecemeal fashion. The BufferedBlockCipher outputs a block only when the buffer is full and more data is being added, or on a doFinal.

Note: in the case where the underlying cipher is either a CFB cipher or an OFB one the last block may not be a multiple of the block size.

constructor for subclasses Create a buffered block cipher without padding. @param cipher the underlying block cipher this buffering object wraps. false otherwise. initialise the cipher. @param forEncryption if true the cipher is initialised for encryption, if false for decryption. @param param the key and other data required by the cipher. @exception ArgumentException if the parameters argument is inappropriate. return the blocksize for the underlying cipher. @return the blocksize for the underlying cipher. return the size of the output buffer required for an update an input of len bytes. @param len the length of the input. @return the space required to accommodate a call to update with len bytes of input. return the size of the output buffer required for an update plus a doFinal with an input of len bytes. @param len the length of the input. @return the space required to accommodate a call to update and doFinal with len bytes of input. process a single byte, producing an output block if necessary. @param in the input byte. @param out the space for any output that might be produced. @param outOff the offset from which the output will be copied. @return the number of output bytes copied to out. @exception DataLengthException if there isn't enough space in out. @exception InvalidOperationException if the cipher isn't initialised. process an array of bytes, producing output if necessary. @param in the input byte array. @param inOff the offset at which the input data starts. @param len the number of bytes to be copied out of the input array. @param out the space for any output that might be produced. @param outOff the offset from which the output will be copied. @return the number of output bytes copied to out. @exception DataLengthException if there isn't enough space in out. @exception InvalidOperationException if the cipher isn't initialised. Process the last block in the buffer. @param out the array the block currently being held is copied into. @param outOff the offset at which the copying starts. @return the number of output bytes copied to out. @exception DataLengthException if there is insufficient space in out for the output, or the input is not block size aligned and should be. @exception InvalidOperationException if the underlying cipher is not initialised. @exception InvalidCipherTextException if padding is expected and not found. @exception DataLengthException if the input is not block size aligned. Reset the buffer and cipher. After resetting the object is in the same state as it was after the last init (if there was one). The base class for symmetric, or secret, cipher key generators. initialise the key generator. @param param the parameters to be used for key generation Generate a secret key. @return a byte array containing the key value. this exception is thrown if a buffer that is meant to have output copied into it turns out to be too short, or if we've been given insufficient input. In general this exception will Get thrown rather than an ArrayOutOfBounds exception. base constructor. create a DataLengthException with the given message. @param message the message to be carried with the exception. Basic sized constructor - size in bits. @param digestSize size of the digest in bits Blake2b for authentication ("Prefix-MAC mode"). After calling the doFinal() method, the key will remain to be used for further computations of this instance. The key can be overwritten using the clearKey() method. @param key A key up to 64 bytes or null Blake2b with key, required digest length (in bytes), salt and personalization. After calling the doFinal() method, the key, the salt and the personal string will remain and might be used for further computations with this instance. The key can be overwritten using the clearKey() method, the salt (pepper) can be overwritten using the clearSalt() method. @param key A key up to 64 bytes or null @param digestLength from 1 up to 64 bytes @param salt 16 bytes or null @param personalization 16 bytes or null update the message digest with a single byte. @param b the input byte to be entered. update the message digest with a block of bytes. @param message the byte array containing the data. @param offset the offset into the byte array where the data starts. @param len the length of the data. close the digest, producing the final digest value. The doFinal call leaves the digest reset. Key, salt and personal string remain. @param out the array the digest is to be copied into. @param outOffset the offset into the out array the digest is to start at. Reset the digest back to it's initial state. The key, the salt and the personal string will remain for further computations. return the algorithm name @return the algorithm name return the size, in bytes, of the digest produced by this message digest. @return the size, in bytes, of the digest produced by this message digest. Return the size in bytes of the internal buffer the digest applies it's compression function to. @return byte length of the digests internal buffer. Overwrite the key if it is no longer used (zeroization) Overwrite the salt (pepper) if it is secret and no longer used (zeroization) Implementation of the cryptographic hash function BLAKE2s.

BLAKE2s offers a built-in keying mechanism to be used directly for authentication ("Prefix-MAC") rather than a HMAC construction.

BLAKE2s offers a built-in support for a salt for randomized hashing and a personal string for defining a unique hash function for each application.

BLAKE2s is optimized for 32-bit platforms and produces digests of any size between 1 and 32 bytes. BLAKE2s Initialization Vector Message word permutations Whenever this buffer overflows, it will be processed in the Compress() function. For performance issues, long messages will not use this buffer. Position of last inserted byte Internal state, in the BLAKE2 paper it is called v State vector, in the BLAKE2 paper it is called h holds least significant bits of counter holds most significant bits of counter finalization flag, for last block: ~0 BLAKE2s-256 for hashing. BLAKE2s for hashing. @param digestBits the desired digest length in bits. Must be a multiple of 8 and less than 256. BLAKE2s for authentication ("Prefix-MAC mode").

After calling the doFinal() method, the key will remain to be used for further computations of this instance. The key can be overwritten using the clearKey() method. @param key a key up to 32 bytes or null BLAKE2s with key, required digest length, salt and personalization.

After calling the doFinal() method, the key, the salt and the personal string will remain and might be used for further computations with this instance. The key can be overwritten using the clearKey() method, the salt (pepper) can be overwritten using the clearSalt() method. @param key a key up to 32 bytes or null @param digestBytes from 1 up to 32 bytes @param salt 8 bytes or null @param personalization 8 bytes or null Update the message digest with a single byte. @param b the input byte to be entered. Update the message digest with a block of bytes. @param message the byte array containing the data. @param offset the offset into the byte array where the data starts. @param len the length of the data. Close the digest, producing the final digest value. The doFinal() call leaves the digest reset. Key, salt and personal string remain. @param out the array the digest is to be copied into. @param outOffset the offset into the out array the digest is to start at. Reset the digest back to its initial state. The key, the salt and the personal string will remain for further computations. Return the algorithm name. @return the algorithm name Return the size in bytes of the digest produced by this message digest. @return the size in bytes of the digest produced by this message digest. Return the size in bytes of the internal buffer the digest applies its compression function to. @return byte length of the digest's internal buffer. Overwrite the key if it is no longer used (zeroization). Overwrite the salt (pepper) if it is secret and no longer used (zeroization). implementation of Ukrainian DSTU 7564 hash function base implementation of MD4 family style digest as outlined in "Handbook of Applied Cryptography", pages 344 - 347. implementation of GOST R 34.11-94 Standard constructor Constructor to allow use of a particular sbox with GOST28147 @see GOST28147Engine#getSBox(String) Copy constructor. This will copy the state of the provided message digest. reset the chaining variables to the IV values.

Implementation of Keccak based on following KeccakNISTInterface.c from http://keccak.noekeon.org/ Following the naming conventions used in the C source code to enable easy review of the implementation.
Return the size of block that the compression function is applied to in bytes. @return internal byte length of a block. Base class for SHA-384 and SHA-512. Constructor for variable length word Copy constructor. We are using copy constructors in place of the object.Clone() interface as this interface is not supported by J2ME. adjust the byte counts so that byteCount2 represents the upper long (less 3 bits) word of the byte count. implementation of MD2 as outlined in RFC1319 by B.Kaliski from RSA Laboratories April 1992 return the algorithm name @return the algorithm name Close the digest, producing the final digest value. The doFinal call leaves the digest reset. @param out the array the digest is to be copied into. @param outOff the offset into the out array the digest is to start at. reset the digest back to it's initial state. update the message digest with a single byte. @param in the input byte to be entered. update the message digest with a block of bytes. @param in the byte array containing the data. @param inOff the offset into the byte array where the data starts. @param len the length of the data. implementation of MD4 as RFC 1320 by R. Rivest, MIT Laboratory for Computer Science and RSA Data Security, Inc.

NOTE: This algorithm is only included for backwards compatibility with legacy applications, it's not secure, don't use it for anything new!

Standard constructor Copy constructor. This will copy the state of the provided message digest. reset the chaining variables to the IV values. implementation of MD5 as outlined in "Handbook of Applied Cryptography", pages 346 - 347. Copy constructor. This will copy the state of the provided message digest. reset the chaining variables to the IV values. Wrapper removes exposure to the IMemoable interface on an IDigest implementation. Base constructor. @param baseDigest underlying digest to use. @exception IllegalArgumentException if baseDigest is null implementation of RipeMD128 Standard constructor Copy constructor. This will copy the state of the provided message digest. reset the chaining variables to the IV values. implementation of RipeMD see, http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html Standard constructor Copy constructor. This will copy the state of the provided message digest. reset the chaining variables to the IV values.

Implementation of RipeMD256.

Note: this algorithm offers the same level of security as RipeMD128.

Standard constructor Copy constructor. This will copy the state of the provided message digest. reset the chaining variables to the IV values.

Implementation of RipeMD 320.

Note: this algorithm offers the same level of security as RipeMD160.

Standard constructor Copy constructor. This will copy the state of the provided message digest. reset the chaining variables to the IV values. implementation of SHA-1 as outlined in "Handbook of Applied Cryptography", pages 346 - 349. It is interesting to ponder why the, apart from the extra IV, the other difference here from MD5 is the "endianness" of the word processing! Copy constructor. This will copy the state of the provided message digest. reset the chaining variables SHA-224 as described in RFC 3874
                    block  word  digest
            SHA-1   512    32    160
            SHA-224 512    32    224
            SHA-256 512    32    256
            SHA-384 1024   64    384
            SHA-512 1024   64    512
            
Standard constructor Copy constructor. This will copy the state of the provided message digest. reset the chaining variables Draft FIPS 180-2 implementation of SHA-256. Note: As this is based on a draft this implementation is subject to change.
                     block  word  digest
             SHA-1   512    32    160
             SHA-256 512    32    256
             SHA-384 1024   64    384
             SHA-512 1024   64    512
             
Copy constructor. This will copy the state of the provided message digest. reset the chaining variables Draft FIPS 180-2 implementation of SHA-384. Note: As this is based on a draft this implementation is subject to change.
                     block  word  digest
             SHA-1   512    32    160
             SHA-256 512    32    256
             SHA-384 1024   64    384
             SHA-512 1024   64    512
             
Copy constructor. This will copy the state of the provided message digest. reset the chaining variables Implementation of SHA-3 based on following KeccakNISTInterface.c from http://keccak.noekeon.org/ Following the naming conventions used in the C source code to enable easy review of the implementation. Draft FIPS 180-2 implementation of SHA-512. Note: As this is based on a draft this implementation is subject to change.
                     block  word  digest
             SHA-1   512    32    160
             SHA-256 512    32    256
             SHA-384 1024   64    384
             SHA-512 1024   64    512
             
Copy constructor. This will copy the state of the provided message digest. reset the chaining variables FIPS 180-4 implementation of SHA-512/t Standard constructor Copy constructor. This will copy the state of the provided message digest. reset the chaining variables Implementation of SHAKE based on following KeccakNISTInterface.c from http://keccak.noekeon.org/ Following the naming conventions used in the C source code to enable easy review of the implementation. Wrapper class that reduces the output length of a particular digest to only the first n bytes of the digest function. Base constructor. @param baseDigest underlying digest to use. @param length length in bytes of the output of doFinal. @exception ArgumentException if baseDigest is null, or length is greater than baseDigest.GetDigestSize(). Implementation of the Skein parameterised hash function in 256, 512 and 1024 bit block sizes, based on the Threefish tweakable block cipher. This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3 competition in October 2010.

Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.

256 bit block size - Skein-256
512 bit block size - Skein-512 1024 bit block size - Skein-1024 Constructs a Skein digest with an internal state size and output size. the internal state size in bits - one of or . the output/digest size to produce in bits, which must be an integral number of bytes. Optionally initialises the Skein digest with the provided parameters. See for details on the parameterisation of the Skein hash function. the parameters to apply to this engine, or null to use no parameters. Implementation of the Skein family of parameterised hash functions in 256, 512 and 1024 bit block sizes, based on the Threefish tweakable block cipher. This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3 competition in October 2010.

Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.

This implementation is the basis for and , implementing the parameter based configuration system that allows Skein to be adapted to multiple applications.
Initialising the engine with allows standard and arbitrary parameters to be applied during the Skein hash function.

Implemented:

  • 256, 512 and 1024 bit internal states.
  • Full 96 bit input length.
  • Parameters defined in the Skein specification, and arbitrary other pre and post message parameters.
  • Arbitrary output size in 1 byte intervals.

Not implemented:

  • Sub-byte length input (bit padding).
  • Tree hashing.
256 bit block size - Skein-256 512 bit block size - Skein-512 1024 bit block size - Skein-1024 The parameter type for the Skein key. The parameter type for the Skein configuration block. The parameter type for the message. The parameter type for the output transformation. Precalculated UBI(CFG) states for common state/output combinations without key or other pre-message params. Point at which position might overflow long, so switch to add with carry logic Bit 127 = final Bit 126 = first UBI uses a 128 bit tweak Whether 64 bit position exceeded Advances the position in the tweak by the specified value. The Unique Block Iteration chaining mode. Buffer for the current block of message data Offset into the current message block Buffer for message words for feedback into encrypted block Underlying Threefish tweakable block cipher Size of the digest output, in bytes The current chaining/state value The initial state value The (optional) key parameter Parameters to apply prior to the message Parameters to apply after the message, but prior to output The current UBI operation Buffer for single byte update method Constructs a Skein digest with an internal state size and output size. the internal state size in bits - one of or . the output/digest size to produce in bits, which must be an integral number of bytes. Creates a SkeinEngine as an exact copy of an existing instance. Initialises the Skein engine with the provided parameters. See for details on the parameterisation of the Skein hash function. the parameters to apply to this engine, or null to use no parameters. Calculate the initial (pre message block) chaining state. Reset the engine to the initial state (with the key and any pre-message parameters , ready to accept message input. Implementation of Chinese SM3 digest as described at http://tools.ietf.org/html/draft-shen-sm3-hash-00 and at .... ( Chinese PDF ) The specification says "process a bit stream", but this is written to process bytes in blocks of 4, meaning this will process 32-bit word groups. But so do also most other digest specifications, including the SHA-256 which was a origin for this specification. Standard constructor Copy constructor. This will copy the state of the provided message digest. reset the chaining variables implementation of Tiger based on: http://www.cs.technion.ac.il/~biham/Reports/Tiger Standard constructor Copy constructor. This will copy the state of the provided message digest. reset the chaining variables Implementation of WhirlpoolDigest, based on Java source published by Barreto and Rijmen. Copy constructor. This will copy the state of the provided message digest. Reset the chaining variables return the X9ECParameters object for the named curve represented by the passed in object identifier. Null if the curve isn't present. @param oid an object identifier representing a named curve, if present. return the object identifier signified by the passed in name. Null if there is no object identifier associated with name. @return the object identifier associated with name, if present. return the named curve name represented by the given object identifier. returns an enumeration containing the name strings for curves contained in this structure. ISO 9796-1 padding. Note in the light of recent results you should only use this with RSA (rather than the "simpler" Rabin keys) and you should never use it with anything other than a hash (ie. even if the message is small don't sign the message, sign it's hash) or some "random" value. See your favorite search engine for details. return the input block size. The largest message we can process is (key_size_in_bits + 3)/16, which in our world comes to key_size_in_bytes / 2. return the maximum possible size for the output. set the number of bits in the next message to be treated as pad bits. retrieve the number of pad bits in the last decoded message. @exception InvalidCipherTextException if the decrypted block is not a valid ISO 9796 bit string Optimal Asymmetric Encryption Padding (OAEP) - see PKCS 1 V 2. @exception InvalidCipherTextException if the decrypted block turns out to be badly formatted. int to octet string. mask generator function, as described in PKCS1v2. this does your basic Pkcs 1 v1.5 padding - whether or not you should be using this depends on your application - see Pkcs1 Version 2 for details. some providers fail to include the leading zero in PKCS1 encoded blocks. If you need to work with one of these set the system property Org.BouncyCastle.Pkcs1.Strict to false. The same effect can be achieved by setting the static property directly

The static property is checked during construction of the encoding object, it is set to true by default.

Basic constructor. @param cipher Constructor for decryption with a fixed plaintext length. @param cipher The cipher to use for cryptographic operation. @param pLen Length of the expected plaintext. Constructor for decryption with a fixed plaintext length and a fallback value that is returned, if the padding is incorrect. @param cipher The cipher to use for cryptographic operation. @param fallback The fallback value, we don't to a arraycopy here. Checks if the argument is a correctly PKCS#1.5 encoded Plaintext for encryption. @param encoded The Plaintext. @param pLen Expected length of the plaintext. @return Either 0, if the encoding is correct, or -1, if it is incorrect. Decode PKCS#1.5 encoding, and return a random value if the padding is not correct. @param in The encrypted block. @param inOff Offset in the encrypted block. @param inLen Length of the encrypted block. @param pLen Length of the desired output. @return The plaintext without padding, or a random value if the padding was incorrect. @throws InvalidCipherTextException @exception InvalidCipherTextException if the decrypted block is not in Pkcs1 format. an implementation of the AES (Rijndael), from FIPS-197.

For further details see: http://csrc.nist.gov/encryption/aes/. This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at http://fp.gladman.plus.com/cryptography_technology/rijndael/ There are three levels of tradeoff of speed vs memory Because java has no preprocessor, they are written as three separate classes from which to choose The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption and 4 for decryption. The middle performance version uses only one 256 word table for each, for a total of 2Kbytes, adding 12 rotate operations per round to compute the values contained in the other tables from the contents of the first. The slowest version uses no static tables at all and computes the values in each round.

This file contains the middle performance version with 2Kbytes of static tables for round precomputation.

Calculate the necessary round keys The number of calculations depends on key size and block size AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits This code is written assuming those are the only possible values default constructor - 128 bit block size. initialise an AES cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. an implementation of the AES (Rijndael)), from FIPS-197.

For further details see: http://csrc.nist.gov/encryption/aes/. This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at http://fp.gladman.plus.com/cryptography_technology/rijndael/ There are three levels of tradeoff of speed vs memory Because java has no preprocessor), they are written as three separate classes from which to choose The fastest uses 8Kbytes of static tables to precompute round calculations), 4 256 word tables for encryption and 4 for decryption. The middle performance version uses only one 256 word table for each), for a total of 2Kbytes), adding 12 rotate operations per round to compute the values contained in the other tables from the contents of the first The slowest version uses no static tables at all and computes the values in each round

This file contains the fast version with 8Kbytes of static tables for round precomputation

Unfortunately this class has a few side channel issues. In an environment where encryption/decryption may be closely observed it should not be used.
Calculate the necessary round keys The number of calculations depends on key size and block size AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits This code is written assuming those are the only possible values default constructor - 128 bit block size. initialise an AES cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. an implementation of the AES (Rijndael), from FIPS-197.

For further details see: http://csrc.nist.gov/encryption/aes/. This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at http://fp.gladman.plus.com/cryptography_technology/rijndael/ There are three levels of tradeoff of speed vs memory Because java has no preprocessor, they are written as three separate classes from which to choose The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption and 4 for decryption. The middle performance version uses only one 256 word table for each, for a total of 2Kbytes, adding 12 rotate operations per round to compute the values contained in the other tables from the contents of the first The slowest version uses no static tables at all and computes the values in each round.

This file contains the slowest performance version with no static tables for round precomputation, but it has the smallest foot print.

Calculate the necessary round keys The number of calculations depends on key size and block size AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits This code is written assuming those are the only possible values default constructor - 128 bit block size. initialise an AES cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. An implementation of the AES Key Wrapper from the NIST Key Wrap Specification.

For further details see: http://csrc.nist.gov/encryption/kms/key-wrap.pdf. A class that provides Blowfish key encryption operations, such as encoding data and generating keys. All the algorithms herein are from Applied Cryptography and implement a simplified cryptography interface. initialise a Blowfish cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. apply the encryption cycle to each value pair in the table. Encrypt the given input starting at the given offset and place the result in the provided buffer starting at the given offset. The input will be an exact multiple of our blocksize. Decrypt the given input starting at the given offset and place the result in the provided buffer starting at the given offset. The input will be an exact multiple of our blocksize. Camellia - based on RFC 3713. Camellia - based on RFC 3713, smaller implementation, about half the size of CamelliaEngine. An implementation of the Camellia key wrapper based on RFC 3657/RFC 3394.

For further details see: http://www.ietf.org/rfc/rfc3657.txt. A class that provides CAST key encryption operations, such as encoding data and generating keys. All the algorithms herein are from the Internet RFC's RFC2144 - Cast5 (64bit block, 40-128bit key) RFC2612 - CAST6 (128bit block, 128-256bit key) and implement a simplified cryptography interface. initialise a CAST cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. Encrypt the given input starting at the given offset and place the result in the provided buffer starting at the given offset. @param src The plaintext buffer @param srcIndex An offset into src @param dst The ciphertext buffer @param dstIndex An offset into dst Decrypt the given input starting at the given offset and place the result in the provided buffer starting at the given offset. @param src The plaintext buffer @param srcIndex An offset into src @param dst The ciphertext buffer @param dstIndex An offset into dst The first of the three processing functions for the encryption and decryption. @param D the input to be processed @param Kmi the mask to be used from Km[n] @param Kri the rotation value to be used The second of the three processing functions for the encryption and decryption. @param D the input to be processed @param Kmi the mask to be used from Km[n] @param Kri the rotation value to be used The third of the three processing functions for the encryption and decryption. @param D the input to be processed @param Kmi the mask to be used from Km[n] @param Kri the rotation value to be used Does the 16 rounds to encrypt the block. @param L0 the LH-32bits of the plaintext block @param R0 the RH-32bits of the plaintext block A class that provides CAST6 key encryption operations, such as encoding data and generating keys. All the algorithms herein are from the Internet RFC RFC2612 - CAST6 (128bit block, 128-256bit key) and implement a simplified cryptography interface. Encrypt the given input starting at the given offset and place the result in the provided buffer starting at the given offset. @param src The plaintext buffer @param srcIndex An offset into src @param dst The ciphertext buffer @param dstIndex An offset into dst Decrypt the given input starting at the given offset and place the result in the provided buffer starting at the given offset. @param src The plaintext buffer @param srcIndex An offset into src @param dst The ciphertext buffer @param dstIndex An offset into dst Does the 12 quad rounds rounds to encrypt the block. @param A the 00-31 bits of the plaintext block @param B the 32-63 bits of the plaintext block @param C the 64-95 bits of the plaintext block @param D the 96-127 bits of the plaintext block @param result the resulting ciphertext Does the 12 quad rounds rounds to decrypt the block. @param A the 00-31 bits of the ciphertext block @param B the 32-63 bits of the ciphertext block @param C the 64-95 bits of the ciphertext block @param D the 96-127 bits of the ciphertext block @param result the resulting plaintext

Implementation of Daniel J. Bernstein's ChaCha stream cipher.
Creates a 20 rounds ChaCha engine. Implementation of Daniel J. Bernstein's ChaCha stream cipher. Creates a 20 rounds ChaCha engine. Creates a ChaCha engine with a specific number of rounds. the number of rounds (must be an even number). ChaCha function. The number of ChaCha rounds to execute The input words. The ChaCha state to modify. A class that provides a basic DESede (or Triple DES) engine. initialise a DESede cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. * Wrap keys according to * * draft-ietf-smime-key-wrap-01.txt. *

* Note: *

    *
  • this is based on a draft, and as such is subject to change - don't use this class for anything requiring long term storage.
  • *
  • if you are using this to wrap triple-des keys you need to set the * parity bits on the key and, if it's a two-key triple-des key, pad it * yourself.
  • *
*

Field engine Field param Field paramPlusIV Field iv Field forWrapping Field IV2 Method init @param forWrapping @param param Method GetAlgorithmName @return Method wrap @param in @param inOff @param inLen @return Method unwrap @param in @param inOff @param inLen @return @throws InvalidCipherTextException Some key wrap algorithms make use of the Key Checksum defined in CMS [CMS-Algorithms]. This is used to provide an integrity check value for the key being wrapped. The algorithm is - Compute the 20 octet SHA-1 hash on the key being wrapped. - Use the first 8 octets of this hash as the checksum value. @param key @return @throws Exception @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum @param key @param checksum @return @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum A class that provides a basic DES engine. initialise a DES cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. what follows is mainly taken from "Applied Cryptography", by Bruce Schneier, however it also bears great resemblance to Richard Outerbridge's D3DES... Generate an integer based working key based on our secret key and what we processing we are planning to do. Acknowledgements for this routine go to James Gillogly and Phil Karn. (whoever, and wherever they are!). the DES engine. implementation of DSTU 7624 (Kalyna) this does your basic ElGamal algorithm. initialise the ElGamal engine. @param forEncryption true if we are encrypting, false otherwise. @param param the necessary ElGamal key parameters. Return the maximum size for an input block to this engine. For ElGamal this is always one byte less than the size of P on encryption, and twice the length as the size of P on decryption. @return maximum size for an input block. Return the maximum size for an output block to this engine. For ElGamal this is always one byte less than the size of P on decryption, and twice the length as the size of P on encryption. @return maximum size for an output block. Process a single block using the basic ElGamal algorithm. @param in the input array. @param inOff the offset into the input buffer where the data starts. @param length the length of the data to be processed. @return the result of the ElGamal process. @exception DataLengthException the input block is too large. implementation of GOST 28147-89 standard constructor. initialise an Gost28147 cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. Return the S-Box associated with SBoxName @param sBoxName name of the S-Box @return byte array representing the S-Box HC-128 is a software-efficient stream cipher created by Hongjun Wu. It generates keystream from a 128-bit secret key and a 128-bit initialization vector.

http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf

It is a third phase candidate in the eStream contest, and is patent-free. No attacks are known as of today (April 2007). See http://www.ecrypt.eu.org/stream/hcp3.html

Initialise a HC-128 cipher. @param forEncryption whether or not we are for encryption. Irrelevant, as encryption and decryption are the same. @param params the parameters required to set up the cipher. @throws ArgumentException if the params argument is inappropriate (ie. the key is not 128 bit long). HC-256 is a software-efficient stream cipher created by Hongjun Wu. It generates keystream from a 256-bit secret key and a 256-bit initialization vector.

http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf

Its brother, HC-128, is a third phase candidate in the eStream contest. The algorithm is patent-free. No attacks are known as of today (April 2007). See http://www.ecrypt.eu.org/stream/hcp3.html

Initialise a HC-256 cipher. @param forEncryption whether or not we are for encryption. Irrelevant, as encryption and decryption are the same. @param params the parameters required to set up the cipher. @throws ArgumentException if the params argument is inappropriate (ie. the key is not 256 bit long). A class that provides a basic International Data Encryption Algorithm (IDEA) engine.

This implementation is based on the "HOWTO: INTERNATIONAL DATA ENCRYPTION ALGORITHM" implementation summary by Fauzan Mirza (F.U.Mirza@sheffield.ac.uk). (barring 1 typo at the end of the MulInv function!).

It can be found at ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/idea/

Note: This algorithm was patented in the USA, Japan and Europe. These patents expired in 2011/2012.

standard constructor. initialise an IDEA cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. return x = x * y where the multiplication is done modulo 65537 (0x10001) (as defined in the IDEA specification) and a zero input is taken to be 65536 (0x10000). @param x the x value @param y the y value @return x = x * y The following function is used to expand the user key to the encryption subkey. The first 16 bytes are the user key, and the rest of the subkey is calculated by rotating the previous 16 bytes by 25 bits to the left, and so on until the subkey is completed. This function computes multiplicative inverse using Euclid's Greatest Common Divisor algorithm. Zero and one are self inverse.

i.e. x * MulInv(x) == 1 (modulo BASE)

Return the additive inverse of x.

i.e. x + AddInv(x) == 0

The function to invert the encryption subkey to the decryption subkey. It also involves the multiplicative inverse and the additive inverse functions. support class for constructing intergrated encryption ciphers for doing basic message exchanges on top of key agreement ciphers set up for use with stream mode, where the key derivation function is used to provide a stream of bytes to xor with the message. @param agree the key agreement used as the basis for the encryption @param kdf the key derivation function used for byte generation @param mac the message authentication code generator for the message set up for use in conjunction with a block cipher to handle the message. @param agree the key agreement used as the basis for the encryption @param kdf the key derivation function used for byte generation @param mac the message authentication code generator for the message @param cipher the cipher to used for encrypting the message Initialise the encryptor. @param forEncryption whether or not this is encryption/decryption. @param privParam our private key parameters @param pubParam the recipient's/sender's public key parameters @param param encoding and derivation parameters. Implementation of Bob Jenkin's ISAAC (Indirection Shift Accumulate Add and Count). see: http://www.burtleburtle.net/bob/rand/isaacafa.html initialise an ISAAC cipher. @param forEncryption whether or not we are for encryption. @param params the parameters required to set up the cipher. @exception ArgumentException if the params argument is inappropriate. NaccacheStern Engine. For details on this cipher, please see http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf Initializes this algorithm. Must be called before all other Functions. @see org.bouncycastle.crypto.AsymmetricBlockCipher#init(bool, org.bouncycastle.crypto.CipherParameters) Returns the input block size of this algorithm. @see org.bouncycastle.crypto.AsymmetricBlockCipher#GetInputBlockSize() Returns the output block size of this algorithm. @see org.bouncycastle.crypto.AsymmetricBlockCipher#GetOutputBlockSize() Process a single Block using the Naccache-Stern algorithm. @see org.bouncycastle.crypto.AsymmetricBlockCipher#ProcessBlock(byte[], int, int) Encrypts a BigInteger aka Plaintext with the public key. @param plain The BigInteger to encrypt @return The byte[] representation of the encrypted BigInteger (i.e. crypted.toByteArray()) Adds the contents of two encrypted blocks mod sigma @param block1 the first encrypted block @param block2 the second encrypted block @return encrypt((block1 + block2) mod sigma) @throws InvalidCipherTextException Convenience Method for data exchange with the cipher. Determines blocksize and splits data to blocksize. @param data the data to be processed @return the data after it went through the NaccacheSternEngine. @throws InvalidCipherTextException Computes the integer x that is expressed through the given primes and the congruences with the chinese remainder theorem (CRT). @param congruences the congruences c_i @param primes the primes p_i @return an integer x for that x % p_i == c_i A Noekeon engine, using direct-key mode. Create an instance of the Noekeon encryption algorithm and set some defaults initialise @param forEncryption whether or not we are for encryption. @param params the parameters required to set up the cipher. @exception ArgumentException if the params argument is inappropriate. Re-key the cipher. @param key the key to be used The no-op engine that just copies bytes through, irrespective of whether encrypting and decrypting. Provided for the sake of completeness. an implementation of RC2 as described in RFC 2268 "A Description of the RC2(r) Encryption Algorithm" R. Rivest. initialise a RC2 cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. return the result rotating the 16 bit number in x left by y Wrap keys according to RFC 3217 - RC2 mechanism Field engine Field param Field paramPlusIV Field iv Field forWrapping Field IV2 Method init @param forWrapping @param param Method GetAlgorithmName @return Method wrap @param in @param inOff @param inLen @return Method unwrap @param in @param inOff @param inLen @return @throws InvalidCipherTextException Some key wrap algorithms make use of the Key Checksum defined in CMS [CMS-Algorithms]. This is used to provide an integrity check value for the key being wrapped. The algorithm is - Compute the 20 octet SHA-1 hash on the key being wrapped. - Use the first 8 octets of this hash as the checksum value. @param key @return @throws Exception @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum @param key @param checksum @return @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum initialise a RC4 cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. The specification for RC5 came from the RC5 Encryption Algorithm publication in RSA CryptoBytes, Spring of 1995. http://www.rsasecurity.com/rsalabs/cryptobytes.

This implementation has a word size of 32 bits.

Create an instance of the RC5 encryption algorithm and set some defaults initialise a RC5-32 cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. Re-key the cipher. @param key the key to be used Encrypt the given block starting at the given offset and place the result in the provided buffer starting at the given offset. @param in in byte buffer containing data to encrypt @param inOff offset into src buffer @param out out buffer where encrypted data is written @param outOff offset into out buffer Perform a left "spin" of the word. The rotation of the given word x is rotated left by y bits. Only the lg(32) low-order bits of y are used to determine the rotation amount. Here it is assumed that the wordsize used is a power of 2. @param x word to rotate @param y number of bits to rotate % 32 Perform a right "spin" of the word. The rotation of the given word x is rotated left by y bits. Only the lg(32) low-order bits of y are used to determine the rotation amount. Here it is assumed that the wordsize used is a power of 2. @param x word to rotate @param y number of bits to rotate % 32 The specification for RC5 came from the RC5 Encryption Algorithm publication in RSA CryptoBytes, Spring of 1995. http://www.rsasecurity.com/rsalabs/cryptobytes.

This implementation is set to work with a 64 bit word size.

Create an instance of the RC5 encryption algorithm and set some defaults initialise a RC5-64 cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. Re-key the cipher. @param key the key to be used Encrypt the given block starting at the given offset and place the result in the provided buffer starting at the given offset. @param in in byte buffer containing data to encrypt @param inOff offset into src buffer @param out out buffer where encrypted data is written @param outOff offset into out buffer Perform a left "spin" of the word. The rotation of the given word x is rotated left by y bits. Only the lg(wordSize) low-order bits of y are used to determine the rotation amount. Here it is assumed that the wordsize used is a power of 2. @param x word to rotate @param y number of bits to rotate % wordSize Perform a right "spin" of the word. The rotation of the given word x is rotated left by y bits. Only the lg(wordSize) low-order bits of y are used to determine the rotation amount. Here it is assumed that the wordsize used is a power of 2. @param x word to rotate @param y number of bits to rotate % wordSize An RC6 engine. Create an instance of the RC6 encryption algorithm and set some defaults initialise a RC5-32 cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. Re-key the cipher. @param inKey the key to be used Perform a left "spin" of the word. The rotation of the given word x is rotated left by y bits. Only the lg(wordSize) low-order bits of y are used to determine the rotation amount. Here it is assumed that the wordsize used is a power of 2. @param x word to rotate @param y number of bits to rotate % wordSize Perform a right "spin" of the word. The rotation of the given word x is rotated left by y bits. Only the lg(wordSize) low-order bits of y are used to determine the rotation amount. Here it is assumed that the wordsize used is a power of 2. @param x word to rotate @param y number of bits to rotate % wordSize an implementation of the RFC 3211 Key Wrap Specification. An implementation of the AES Key Wrapper from the NIST Key Wrap Specification as described in RFC 3394.

For further details see: http://www.ietf.org/rfc/rfc3394.txt and http://csrc.nist.gov/encryption/kms/key-wrap.pdf. an implementation of Rijndael, based on the documentation and reference implementation by Paulo Barreto, Vincent Rijmen, for v2.0 August '99.

Note: this implementation is based on information prior to readonly NIST publication.

multiply two elements of GF(2^m) needed for MixColumn and InvMixColumn xor corresponding text input and round key input bytes Row 0 remains unchanged The other three rows are shifted a variable amount Replace every byte of the input by the byte at that place in the nonlinear S-box Mix the bytes of every column in a linear way Mix the bytes of every column in a linear way This is the opposite operation of Mixcolumn Calculate the necessary round keys The number of calculations depends on keyBits and blockBits default constructor - 128 bit block size. basic constructor - set the cipher up for a given blocksize @param blocksize the blocksize in bits, must be 128, 192, or 256. initialise a Rijndael cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. this does your basic RSA algorithm with blinding initialise the RSA engine. @param forEncryption true if we are encrypting, false otherwise. @param param the necessary RSA key parameters. Return the maximum size for an input block to this engine. For RSA this is always one byte less than the key size on encryption, and the same length as the key size on decryption. @return maximum size for an input block. Return the maximum size for an output block to this engine. For RSA this is always one byte less than the key size on decryption, and the same length as the key size on encryption. @return maximum size for an output block. Process a single block using the basic RSA algorithm. @param inBuf the input array. @param inOff the offset into the input buffer where the data starts. @param inLen the length of the data to be processed. @return the result of the RSA process. @exception DataLengthException the input block is too large. This does your basic RSA Chaum's blinding and unblinding as outlined in "Handbook of Applied Cryptography", page 475. You need to use this if you are trying to get another party to generate signatures without them being aware of the message they are signing. Initialise the blinding engine. @param forEncryption true if we are encrypting (blinding), false otherwise. @param param the necessary RSA key parameters. Return the maximum size for an input block to this engine. For RSA this is always one byte less than the key size on encryption, and the same length as the key size on decryption. @return maximum size for an input block. Return the maximum size for an output block to this engine. For RSA this is always one byte less than the key size on decryption, and the same length as the key size on encryption. @return maximum size for an output block. Process a single block using the RSA blinding algorithm. @param in the input array. @param inOff the offset into the input buffer where the data starts. @param inLen the length of the data to be processed. @return the result of the RSA process. @throws DataLengthException the input block is too large. this does your basic RSA algorithm. initialise the RSA engine. @param forEncryption true if we are encrypting, false otherwise. @param param the necessary RSA key parameters. Return the maximum size for an input block to this engine. For RSA this is always one byte less than the key size on encryption, and the same length as the key size on decryption. @return maximum size for an input block. Return the maximum size for an output block to this engine. For RSA this is always one byte less than the key size on decryption, and the same length as the key size on encryption. @return maximum size for an output block. this does your basic RSA algorithm. initialise the RSA engine. @param forEncryption true if we are encrypting, false otherwise. @param param the necessary RSA key parameters. Return the maximum size for an input block to this engine. For RSA this is always one byte less than the key size on encryption, and the same length as the key size on decryption. @return maximum size for an input block. Return the maximum size for an output block to this engine. For RSA this is always one byte less than the key size on decryption, and the same length as the key size on encryption. @return maximum size for an output block. Process a single block using the basic RSA algorithm. @param inBuf the input array. @param inOff the offset into the input buffer where the data starts. @param inLen the length of the data to be processed. @return the result of the RSA process. @exception DataLengthException the input block is too large. Implementation of Daniel J. Bernstein's Salsa20 stream cipher, Snuffle 2005 Constants Creates a 20 round Salsa20 engine. Creates a Salsa20 engine with a specific number of rounds. the number of rounds (must be an even number). Rotate left @param x value to rotate @param y amount to rotate x @return rotated x Implementation of the SEED algorithm as described in RFC 4009 An implementation of the SEED key wrapper based on RFC 4010/RFC 3394.

For further details see: http://www.ietf.org/rfc/rfc4010.txt. * Serpent is a 128-bit 32-round block cipher with variable key lengths, * including 128, 192 and 256 bit keys conjectured to be at least as * secure as three-key triple-DES. *

* Serpent was designed by Ross Anderson, Eli Biham and Lars Knudsen as a * candidate algorithm for the NIST AES Quest. *

*

* For full details see The Serpent home page *

Expand a user-supplied key material into a session key. @param key The user-key bytes (multiples of 4) to use. @exception ArgumentException Encrypt one block of plaintext. @param input the array containing the input data. @param inOff offset into the in array the data starts at. @param output the array the output data will be copied into. @param outOff the offset into the out array the output will start at. Decrypt one block of ciphertext. @param input the array containing the input data. @param inOff offset into the in array the data starts at. @param output the array the output data will be copied into. @param outOff the offset into the out array the output will start at. initialise a Serpent cipher. @param encrypting whether or not we are for encryption. @param params the parameters required to set up the cipher. @throws IllegalArgumentException if the params argument is inappropriate. Process one block of input from the array in and write it to the out array. @param in the array containing the input data. @param inOff offset into the in array the data starts at. @param out the array the output data will be copied into. @param outOff the offset into the out array the output will start at. @return the number of bytes processed and produced. @throws DataLengthException if there isn't enough data in in, or space in out. @throws IllegalStateException if the cipher isn't initialised. InvSO - {13, 3,11, 0,10, 6, 5,12, 1,14, 4, 7,15, 9, 8, 2 } - 15 terms. S1 - {15,12, 2, 7, 9, 0, 5,10, 1,11,14, 8, 6,13, 3, 4 } - 14 terms. InvS1 - { 5, 8, 2,14,15, 6,12, 3,11, 4, 7, 9, 1,13,10, 0 } - 14 steps. S2 - { 8, 6, 7, 9, 3,12,10,15,13, 1,14, 4, 0,11, 5, 2 } - 16 terms. InvS2 - {12, 9,15, 4,11,14, 1, 2, 0, 3, 6,13, 5, 8,10, 7 } - 16 steps. S3 - { 0,15,11, 8,12, 9, 6, 3,13, 1, 2, 4,10, 7, 5,14 } - 16 terms. InvS3 - { 0, 9,10, 7,11,14, 6,13, 3, 5,12, 2, 4, 8,15, 1 } - 15 terms S4 - { 1,15, 8, 3,12, 0,11, 6, 2, 5, 4,10, 9,14, 7,13 } - 15 terms. InvS4 - { 5, 0, 8, 3,10, 9, 7,14, 2,12,11, 6, 4,15,13, 1 } - 15 terms. S5 - {15, 5, 2,11, 4,10, 9,12, 0, 3,14, 8,13, 6, 7, 1 } - 16 terms. InvS5 - { 8,15, 2, 9, 4, 1,13,14,11, 6, 5, 3, 7,12,10, 0 } - 16 terms. S6 - { 7, 2,12, 5, 8, 4, 6,11,14, 9, 1,15,13, 3,10, 0 } - 15 terms. InvS6 - {15,10, 1,13, 5, 3, 6, 0, 4, 9,14, 7, 2,12, 8,11 } - 15 terms. S7 - { 1,13,15, 0,14, 8, 2,11, 7, 4,12,10, 9, 3, 5, 6 } - 16 terms. InvS7 - { 3, 0, 6,13, 9,14,15, 8, 5,12,11, 7,10, 1, 4, 2 } - 17 terms. Apply the linear transformation to the register set. Apply the inverse of the linear transformation to the register set. a class that provides a basic SKIPJACK engine. initialise a SKIPJACK cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. The G permutation the inverse of the G permutation. SM2 public key encryption engine - based on https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02. SM4 Block Cipher - SM4 is a 128 bit block cipher with a 128 bit key. The implementation here is based on the document http://eprint.iacr.org/2008/329.pdf by Whitfield Diffie and George Ledin, which is a translation of Prof. LU Shu-wang's original standard. An TEA engine. Create an instance of the TEA encryption algorithm and set some defaults initialise @param forEncryption whether or not we are for encryption. @param params the parameters required to set up the cipher. @exception ArgumentException if the params argument is inappropriate. Re-key the cipher. @param key the key to be used Implementation of the Threefish tweakable large block cipher in 256, 512 and 1024 bit block sizes. This is the 1.3 version of Threefish defined in the Skein hash function submission to the NIST SHA-3 competition in October 2010.

Threefish was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.

This implementation inlines all round functions, unrolls 8 rounds, and uses 1.2k of static tables to speed up key schedule injection.
2 x block size state is retained by each cipher instance.

256 bit block size - Threefish-256
512 bit block size - Threefish-512 1024 bit block size - Threefish-1024 Size of the tweak in bytes (always 128 bit/16 bytes) Rounds in Threefish-256 Rounds in Threefish-512 Rounds in Threefish-1024 Max rounds of any of the variants Key schedule parity constant Block size in bytes Block size in 64 bit words Buffer for byte oriented processBytes to call internal word API Tweak bytes (2 byte t1,t2, calculated t3 and repeat of t1,t2 for modulo free lookup Key schedule words The internal cipher implementation (varies by blocksize) Constructs a new Threefish cipher, with a specified block size. the block size in bits, one of , , . Initialise the engine. Initialise for encryption if true, for decryption if false. an instance of or (to use a 0 tweak) Initialise the engine, specifying the key and tweak directly. the cipher mode. the words of the key, or null to use the current key. the 2 word (128 bit) tweak, or null to use the current tweak. Process a block of data represented as 64 bit words. the number of 8 byte words processed (which will be the same as the block size). a block sized buffer of words to process. a block sized buffer of words to receive the output of the operation. if either the input or output is not block sized if this engine is not initialised Read a single 64 bit word from input in LSB first order. Write a 64 bit word to output in LSB first order. Rotate left + xor part of the mix operation. Rotate xor + rotate right part of the unmix operation. The extended + repeated tweak words The extended + repeated key words Mix rotation constants defined in Skein 1.3 specification Mix rotation constants defined in Skein 1.3 specification Mix rotation constants defined in Skein 1.3 specification Mix rotation constants defined in Skein 1.3 specification Mix rotation constants defined in Skein 1.3 specification Mix rotation constants defined in Skein 1.3 specification Mix rotation constants defined in Skein 1.3 specification Mix rotation constants defined in Skein 1.3 specification Mix rotation constants defined in Skein 1.3 specification Mix rotation constants defined in Skein 1.3 specification Tnepres is a 128-bit 32-round block cipher with variable key lengths, including 128, 192 and 256 bit keys conjectured to be at least as secure as three-key triple-DES.

Tnepres is based on Serpent which was designed by Ross Anderson, Eli Biham and Lars Knudsen as a candidate algorithm for the NIST AES Quest. Unfortunately there was an endianness issue with test vectors in the AES submission and the resulting confusion lead to the Tnepres cipher as well, which is a byte swapped version of Serpent.

For full details see The Serpent home page

Expand a user-supplied key material into a session key. @param key The user-key bytes (multiples of 4) to use. @exception ArgumentException Encrypt one block of plaintext. @param input the array containing the input data. @param inOff offset into the in array the data starts at. @param output the array the output data will be copied into. @param outOff the offset into the out array the output will start at. Decrypt one block of ciphertext. @param input the array containing the input data. @param inOff offset into the in array the data starts at. @param output the array the output data will be copied into. @param outOff the offset into the out array the output will start at. A class that provides Twofish encryption operations. This Java implementation is based on the Java reference implementation provided by Bruce Schneier and developed by Raif S. Naffah. Define the fixed p0/p1 permutations used in keyed S-box lookup. By changing the following constant definitions, the S-boxes will automatically Get changed in the Twofish engine. gSubKeys[] and gSBox[] are eventually used in the encryption and decryption methods. initialise a Twofish cipher. @param forEncryption whether or not we are for encryption. @param parameters the parameters required to set up the cipher. @exception ArgumentException if the parameters argument is inappropriate. Encrypt the given input starting at the given offset and place the result in the provided buffer starting at the given offset. The input will be an exact multiple of our blocksize. encryptBlock uses the pre-calculated gSBox[] and subKey[] arrays. Decrypt the given input starting at the given offset and place the result in the provided buffer starting at the given offset. The input will be an exact multiple of our blocksize. Use (12, 8) Reed-Solomon code over GF(256) to produce a key S-box 32-bit entity from 2 key material 32-bit entities. @param k0 first 32-bit entity @param k1 second 32-bit entity @return Remainder polynomial Generated using RS code * Reed-Solomon code parameters: (12,8) reversible code: *

*

                    * G(x) = x^4 + (a+1/a)x^3 + ax^2 + (a+1/a)x + 1
                    * 
* where a = primitive root of field generator 0x14D *

initialise a VMPC cipher. @param forEncryption whether or not we are for encryption. @param params the parameters required to set up the cipher. @exception ArgumentException if the params argument is inappropriate. Implementation of Daniel J. Bernstein's XSalsa20 stream cipher - Salsa20 with an extended nonce. XSalsa20 requires a 256 bit key, and a 192 bit nonce. XSalsa20 key generation: process 256 bit input key and 128 bits of the input nonce using a core Salsa20 function without input addition to produce 256 bit working key and use that with the remaining 64 bits of nonce to initialize a standard Salsa20 engine state. An XTEA engine. Create an instance of the TEA encryption algorithm and set some defaults initialise @param forEncryption whether or not we are for encryption. @param params the parameters required to set up the cipher. @exception ArgumentException if the params argument is inappropriate. Re-key the cipher. @param key the key to be used Basic KDF generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033
This implementation is based on ISO 18033/P1363a.
Construct a KDF Parameters generator. @param counterStart value of counter. @param digest the digest to be used as the source of derived keys. return the underlying digest. fill len bytes of the output buffer with bytes generated from the derivation function. @throws ArgumentException if the size of the request will cause an overflow. @throws DataLengthException if the out buffer is too small. Core of password hashing scheme Bcrypt, designed by Niels Provos and David Mazières, corresponds to the C reference implementation.

This implementation does not correspondent to the 1999 published paper "A Future-Adaptable Password Scheme" of Niels Provos and David Mazières, see: https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node1.html. In contrast to the paper, the order of key setup and salt setup is reversed: state <- ExpandKey(state, 0, key) state %lt;- ExpandKey(state, 0, salt) This corresponds to the OpenBSD reference implementation of Bcrypt.

Note: There is no successful cryptanalysis (status 2015), but the amount of memory and the band width of Bcrypt may be insufficient to effectively prevent attacks with custom hardware like FPGAs, ASICs

This implementation uses some parts of Bouncy Castle's BlowfishEngine.

Derives a raw 192 bit Bcrypt key @param cost the cost factor, treated as an exponent of 2 @param salt a 16 byte salt @param psw the password @return a 192 bit key Size of the salt parameter in bytes Minimum value of cost parameter, equal to log2(bytes of salt) Maximum value of cost parameter (31 == 2,147,483,648) Maximum size of password == max (unrestricted) size of Blowfish key Converts a character password to bytes incorporating the required trailing zero byte. @param password the password to be encoded. @return a byte representation of the password in UTF8 + trailing zero. Calculates the bcrypt hash of a password.

This implements the raw bcrypt function as defined in the bcrypt specification, not the crypt encoded version implemented in OpenBSD.

@param password the password bytes (up to 72 bytes) to use for this invocation. @param salt the 128 bit salt to use for this invocation. @param cost the bcrypt cost parameter. The cost of the bcrypt function grows as 2^cost. Legal values are 4..31 inclusive. @return the output of the raw bcrypt operation: a 192 bit (24 byte) hash.
initialise the key generator - if strength is set to zero the key Generated will be 192 bits in size, otherwise strength can be 128 or 192 (or 112 or 168 if you don't count parity bits), depending on whether you wish to do 2-key or 3-key triple DES. @param param the parameters to be used for key generation initialise the key generator - if strength is set to zero the key generated will be 64 bits in size, otherwise strength can be 64 or 56 bits (if you don't count the parity bits). @param param the parameters to be used for key generation a basic Diffie-Hellman key pair generator. This generates keys consistent for use with the basic algorithm for Diffie-Hellman. a Diffie-Hellman key pair generator. This generates keys consistent for use in the MTI/A0 key agreement protocol as described in "Handbook of Applied Cryptography", Pages 516-519. which Generates the p and g values from the given parameters, returning the DHParameters object.

Note: can take a while...

a DSA key pair generator. This Generates DSA keys in line with the method described in FIPS 186-3 B.1 FFC Key Pair Generation. Generate suitable parameters for DSA, in line with FIPS 186-2, or FIPS 186-3. Initialise the generator This form can only be used for older DSA (pre-DSA2) parameters the size of keys in bits (from 512 up to 1024, and a multiple of 64) measure of robustness of primes (at least 80 for FIPS 186-2 compliance) the source of randomness to use Initialise the generator for DSA 2 You must use this Init method if you need to generate parameters for DSA 2 keys An instance of DsaParameterGenerationParameters used to configure this generator Generates a set of DsaParameters Can take a while... generate suitable parameters for DSA, in line with FIPS 186-3 A.1 Generation of the FFC Primes p and q. Given the domain parameters this routine generates an EC key pair in accordance with X9.62 section 5.2.1 pages 26, 27. a ElGamal key pair generator.

This Generates keys consistent for use with ElGamal as described in page 164 of "Handbook of Applied Cryptography".

* which Generates the p and g values from the given parameters, * returning the ElGamalParameters object. *

* Note: can take a while... *

a GOST3410 key pair generator. This generates GOST3410 keys in line with the method described in GOST R 34.10-94. generate suitable parameters for GOST3410. initialise the key generator. @param size size of the key @param typeProcedure type procedure A,B = 1; A',B' - else @param random random byte source. Procedure C procedure generates the a value from the given p,q, returning the a value. which generates the p , q and a values from the given parameters, returning the Gost3410Parameters object. HMAC-based Extract-and-Expand Key Derivation Function (HKDF) implemented according to IETF RFC 5869, May 2010 as specified by H. Krawczyk, IBM Research & P. Eronen, Nokia. It uses a HMac internally to compute de OKM (output keying material) and is likely to have better security properties than KDF's based on just a hash function. Creates a HKDFBytesGenerator based on the given hash function. @param hash the digest to be used as the source of generatedBytes bytes Performs the extract part of the key derivation function. @param salt the salt to use @param ikm the input keying material @return the PRK as KeyParameter Performs the expand part of the key derivation function, using currentT as input and output buffer. @throws DataLengthException if the total number of bytes generated is larger than the one specified by RFC 5869 (255 * HashLen) KFD2 generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033
This implementation is based on IEEE P1363/ISO 18033.
Construct a KDF1 byte generator. @param digest the digest to be used as the source of derived keys. KDF2 generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033
This implementation is based on IEEE P1363/ISO 18033.
Construct a KDF2 bytes generator. Generates key material according to IEEE P1363 or ISO 18033 depending on the initialisation. @param digest the digest to be used as the source of derived keys. Generator for MGF1 as defined in Pkcs 1v2 @param digest the digest to be used as the source of Generated bytes return the underlying digest. int to octet string. fill len bytes of the output buffer with bytes Generated from the derivation function. @throws DataLengthException if the out buffer is too small. Key generation parameters for NaccacheStern cipher. For details on this cipher, please see http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf Generates a permuted ArrayList from the original one. The original List is not modified @param arr the ArrayList to be permuted @param rand the source of Randomness for permutation @return a new IList with the permuted elements. Finds the first 'count' primes starting with 3 @param count the number of primes to find @return a vector containing the found primes as Integer Password hashing scheme BCrypt, designed by Niels Provos and David Mazières, using the String format and the Base64 encoding of the reference implementation on OpenBSD Creates a 60 character Bcrypt String, including version, cost factor, salt and hash, separated by '$' @param version the version, 2y,2b or 2a. (2a is not backwards compatible.) @param cost the cost factor, treated as an exponent of 2 @param salt a 16 byte salt @param password the password @return a 60 character Bcrypt String Creates a 60 character Bcrypt String, including version, cost factor, salt and hash, separated by '$' using version '2y'. @param cost the cost factor, treated as an exponent of 2 @param salt a 16 byte salt @param password the password @return a 60 character Bcrypt String Creates a 60 character Bcrypt String, including version, cost factor, salt and hash, separated by '$' @param version the version, may be 2b, 2y or 2a. (2a is not backwards compatible.) @param cost the cost factor, treated as an exponent of 2 @param salt a 16 byte salt @param password the password @return a 60 character Bcrypt String Checks if a password corresponds to a 60 character Bcrypt String @param bcryptString a 60 character Bcrypt String, including version, cost factor, salt and hash, separated by '$' @param password the password as an array of chars @return true if the password corresponds to the Bcrypt String, otherwise false Generator for PBE derived keys and ivs as usd by OpenSSL.

The scheme is a simple extension of PKCS 5 V2.0 Scheme 1 using MD5 with an iteration count of 1.

Construct a OpenSSL Parameters generator. Initialise - note the iteration count for this algorithm is fixed at 1. @param password password to use. @param salt salt to use. the derived key function, the ith hash of the password and the salt. Generate a key parameter derived from the password, salt, and iteration count we are currently initialised with. @param keySize the size of the key we want (in bits) @return a KeyParameter object. @exception ArgumentException if the key length larger than the base hash size. Generate a key with initialisation vector parameter derived from the password, salt, and iteration count we are currently initialised with. @param keySize the size of the key we want (in bits) @param ivSize the size of the iv we want (in bits) @return a ParametersWithIV object. @exception ArgumentException if keySize + ivSize is larger than the base hash size. Generate a key parameter for use with a MAC derived from the password, salt, and iteration count we are currently initialised with. @param keySize the size of the key we want (in bits) @return a KeyParameter object. @exception ArgumentException if the key length larger than the base hash size. Generator for Pbe derived keys and ivs as defined by Pkcs 12 V1.0.

The document this implementation is based on can be found at RSA's Pkcs12 Page

Construct a Pkcs 12 Parameters generator. @param digest the digest to be used as the source of derived keys. @exception ArgumentException if an unknown digest is passed in. add a + b + 1, returning the result in a. The a value is treated as a BigInteger of length (b.Length * 8) bits. The result is modulo 2^b.Length in case of overflow. generation of a derived key ala Pkcs12 V1.0. Generate a key parameter derived from the password, salt, and iteration count we are currently initialised with. @param keySize the size of the key we want (in bits) @return a KeyParameter object. Generate a key with initialisation vector parameter derived from the password, salt, and iteration count we are currently initialised with. @param keySize the size of the key we want (in bits) @param ivSize the size of the iv we want (in bits) @return a ParametersWithIV object. Generate a key parameter for use with a MAC derived from the password, salt, and iteration count we are currently initialised with. @param keySize the size of the key we want (in bits) @return a KeyParameter object. Generator for Pbe derived keys and ivs as defined by Pkcs 5 V2.0 Scheme 1. Note this generator is limited to the size of the hash produced by the digest used to drive it.

The document this implementation is based on can be found at RSA's Pkcs5 Page

Construct a Pkcs 5 Scheme 1 Parameters generator. @param digest the digest to be used as the source of derived keys. the derived key function, the ith hash of the mPassword and the mSalt. Generate a key parameter derived from the mPassword, mSalt, and iteration count we are currently initialised with. @param keySize the size of the key we want (in bits) @return a KeyParameter object. @exception ArgumentException if the key length larger than the base hash size. Generate a key with initialisation vector parameter derived from the mPassword, mSalt, and iteration count we are currently initialised with. @param keySize the size of the key we want (in bits) @param ivSize the size of the iv we want (in bits) @return a ParametersWithIV object. @exception ArgumentException if keySize + ivSize is larger than the base hash size. Generate a key parameter for use with a MAC derived from the mPassword, mSalt, and iteration count we are currently initialised with. @param keySize the size of the key we want (in bits) @return a KeyParameter object. @exception ArgumentException if the key length larger than the base hash size. Generator for Pbe derived keys and ivs as defined by Pkcs 5 V2.0 Scheme 2. This generator uses a SHA-1 HMac as the calculation function.

The document this implementation is based on can be found at RSA's Pkcs5 Page

construct a Pkcs5 Scheme 2 Parameters generator. Generate a key parameter derived from the password, salt, and iteration count we are currently initialised with. @param keySize the size of the key we want (in bits) @return a KeyParameter object. Generate a key with initialisation vector parameter derived from the password, salt, and iteration count we are currently initialised with. @param keySize the size of the key we want (in bits) @param ivSize the size of the iv we want (in bits) @return a ParametersWithIV object. Generate a key parameter for use with a MAC derived from the password, salt, and iteration count we are currently initialised with. @param keySize the size of the key we want (in bits) @return a KeyParameter object. Generates keys for the Poly1305 MAC. Poly1305 keys are 256 bit keys consisting of a 128 bit secret key used for the underlying block cipher followed by a 128 bit {@code r} value used for the polynomial portion of the Mac.
The {@code r} value has a specific format with some bits required to be cleared, resulting in an effective 106 bit key.
A separately generated 256 bit key can be modified to fit the Poly1305 key format by using the {@link #clamp(byte[])} method to clear the required bits.
Initialises the key generator. Poly1305 keys are always 256 bits, so the key length in the provided parameters is ignored. Generates a 256 bit key in the format required for Poly1305 - e.g. k[0] ... k[15], r[0] ... r[15] with the required bits in r cleared as per . Modifies an existing 32 byte key value to comply with the requirements of the Poly1305 key by clearing required bits in the r (second 16 bytes) portion of the key.
Specifically:
  • r[3], r[7], r[11], r[15] have top four bits clear (i.e., are {0, 1, . . . , 15})
  • r[4], r[8], r[12] have bottom two bits clear (i.e., are in {0, 4, 8, . . . , 252})
a 32 byte key value k[0] ... k[15], r[0] ... r[15]
Checks a 32 byte key for compliance with the Poly1305 key requirements, e.g. k[0] ... k[15], r[0] ... r[15] with the required bits in r cleared as per . Key. if the key is of the wrong length, or has invalid bits set in the r portion of the key. Generate a random factor suitable for use with RSA blind signatures as outlined in Chaum's blinding and unblinding as outlined in "Handbook of Applied Cryptography", page 475. Initialise the factor generator @param param the necessary RSA key parameters. Generate a suitable blind factor for the public key the generator was initialised with. @return a random blind factor an RSA key pair generator. Choose a random prime value for use with RSA the bit-length of the returned prime the RSA public exponent a prime p, with (p-1) relatively prime to e Implementation of the scrypt a password-based key derivation function. Scrypt was created by Colin Percival and is specified in draft-josefsson-scrypt-kd. Generate a key using the scrypt key derivation function. the bytes of the pass phrase. the salt to use for this invocation. CPU/Memory cost parameter. Must be larger than 1, a power of 2 and less than 2^(128 * r / 8). the block size, must be >= 1. Parallelization parameter. Must be a positive integer less than or equal to Int32.MaxValue / (128 * r * 8). the length of the key to generate. the generated key. Base interface for a public/private key block cipher. The name of the algorithm this cipher implements. Initialise the cipher. Initialise for encryption if true, for decryption if false. The key or other data required by the cipher. The maximum size, in bytes, an input block may be. The maximum size, in bytes, an output block will be. Process a block. The input buffer. The offset into inBuf that the input block begins. The length of the input block. Input decrypts improperly. Input is too large for the cipher. interface that a public/private key pair generator should conform to. intialise the key pair generator. @param the parameters the key pair is to be initialised with. return an AsymmetricCipherKeyPair containing the Generated keys. @return an AsymmetricCipherKeyPair containing the Generated keys. The basic interface that basic Diffie-Hellman implementations conforms to. initialise the agreement engine. return the field size for the agreement algorithm in bytes. given a public key from a given party calculate the next message in the agreement sequence. Base interface for a symmetric key block cipher. The name of the algorithm this cipher implements. Initialise the cipher. Initialise for encryption if true, for decryption if false. The key or other data required by the cipher. The block size for this cipher, in bytes. Indicates whether this cipher can handle partial blocks. Process a block. The input buffer. The offset into inBuf that the input block begins. The output buffer. The offset into outBuf to write the output block. If input block is wrong size, or outBuf too small. The number of bytes processed and produced. Reset the cipher to the same state as it was after the last init (if there was one). Operators that reduce their input to a single block return an object of this type. Return the final result of the operation. A block of bytes, representing the result of an operation. Store the final result of the operation by copying it into the destination array. The number of bytes copied into destination. The byte array to copy the result into. The offset into destination to start copying the result at. Block cipher engines are expected to conform to this interface. The name of the algorithm this cipher implements. Initialise the cipher. If true the cipher is initialised for encryption, if false for decryption. The key and other data required by the cipher. Reset the cipher. After resetting the cipher is in the same state as it was after the last init (if there was one). Base interface for a ciphers that do not require data to be block aligned. Note: In cases where the underlying algorithm is block based, these ciphers may add or remove padding as needed. Return the size of the output buffer required for a Write() plus a close() with the write() being passed inputLen bytes. The returned size may be dependent on the initialisation of this cipher and may not be accurate once subsequent input data is processed as the cipher may add, add or remove padding, as it sees fit. The space required to accommodate a call to processBytes and doFinal with inputLen bytes of input. The length of the expected input. Return the size of the output buffer required for a write() with the write() being passed inputLen bytes and just updating the cipher output. The space required to accommodate a call to processBytes with inputLen bytes of input. The length of the expected input. Gets the stream for reading/writing data processed/to be processed. The stream associated with this cipher. Base interface for cipher builders. Return the algorithm and parameter details associated with any cipher built. Return the maximum output size that a given input will produce. the length of the expected input. The maximum possible output size that can produced for the expected input length. Build a cipher that operates on the passed in stream. The stream to write/read any encrypted/decrypted data. A cipher based around the given stream. A cipher builder that can also return the key it was initialized with. Return the key we were initialized with. all parameter classes implement this. Interface describing a provider of cipher builders for creating decrypting ciphers. Return a cipher builder for creating decrypting ciphers. The algorithm details/parameters to use to create the final cipher. A new cipher builder. base interface for general purpose byte derivation functions. return the message digest used as the basis for the function Parameters for key/byte stream derivation classes interface that a message digest conforms to. return the algorithm name @return the algorithm name return the size, in bytes, of the digest produced by this message digest. @return the size, in bytes, of the digest produced by this message digest. return the size, in bytes, of the internal buffer used by this digest. @return the size, in bytes, of the internal buffer used by this digest. update the message digest with a single byte. @param inByte the input byte to be entered. update the message digest with a block of bytes. @param input the byte array containing the data. @param inOff the offset into the byte array where the data starts. @param len the length of the data. Close the digest, producing the final digest value. The doFinal call leaves the digest reset. @param output the array the digest is to be copied into. @param outOff the offset into the out array the digest is to start at. reset the digest back to it's initial state. interface for classes implementing the Digital Signature Algorithm initialise the signer for signature generation or signature verification. @param forSigning true if we are generating a signature, false otherwise. @param param key parameters for signature generation. sign the passed in message (usually the output of a hash function). @param message the message to be signed. @return two big integers representing the r and s values respectively. verify the message message against the signature values r and s. @param message the message that was supposed to have been signed. @param r the r signature value. @param s the s signature value. An "extended" interface for classes implementing DSA-style algorithms, that provides access to the group order. The order of the group that the r, s values in signatures belong to. Base interface describing an entropy source for a DRBG. Return whether or not this entropy source is regarded as prediction resistant. true if this instance is prediction resistant; otherwise, false. Return a byte array of entropy. The entropy bytes. Return the number of bits of entropy this source can produce. The size, in bits, of the return value of getEntropy. Base interface describing a provider of entropy sources. Return an entropy source providing a block of entropy. The size of the block of entropy required. An entropy source providing bitsRequired blocks of entropy. Base interface for a key unwrapper. The parameter set used to configure this key unwrapper. Unwrap the passed in data. The array containing the data to be unwrapped. The offset into cipherText at which the unwrapped data starts. The length of the data to be unwrapped. an IBlockResult containing the unwrapped key data. Base interface for a key wrapper. The parameter set used to configure this key wrapper. Wrap the passed in key data. The key data to be wrapped. an IBlockResult containing the wrapped key data. The base interface for implementations of message authentication codes (MACs). Initialise the MAC. @param param the key and other data required by the MAC. @exception ArgumentException if the parameters argument is inappropriate. Return the name of the algorithm the MAC implements. @return the name of the algorithm the MAC implements. Return the block size for this MAC (in bytes). @return the block size for this MAC in bytes. add a single byte to the mac for processing. @param in the byte to be processed. @exception InvalidOperationException if the MAC is not initialised. @param in the array containing the input. @param inOff the index in the array the data begins at. @param len the length of the input starting at inOff. @exception InvalidOperationException if the MAC is not initialised. @exception DataLengthException if there isn't enough data in in. Compute the final stage of the MAC writing the output to the out parameter.

doFinal leaves the MAC in the same state it was after the last init.

@param out the array the MAC is to be output to. @param outOff the offset into the out buffer the output is to start at. @exception DataLengthException if there isn't enough space in out. @exception InvalidOperationException if the MAC is not initialised.
Reset the MAC. At the end of resetting the MAC should be in the in the same state it was after the last init (if there was one). The algorithm details object for this calculator. Create a stream calculator for this signature calculator. The stream calculator is used for the actual operation of entering the data to be signed and producing the signature block. A calculator producing an IBlockResult with a signature in it. this exception is thrown whenever we find something we don't expect in a message. base constructor. create a InvalidCipherTextException with the given message. @param message the message to be carried with the exception. Base interface for operators that serve as stream-based signature calculators. The algorithm details object for this calculator. Create a stream calculator for this signature calculator. The stream calculator is used for the actual operation of entering the data to be signed and producing the signature block. A calculator producing an IBlockResult with a signature in it. Return the name of the algorithm the signer implements. @return the name of the algorithm the signer implements. Initialise the signer for signing or verification. @param forSigning true if for signing, false otherwise @param param necessary parameters. update the internal digest with the byte b update the internal digest with the byte array in Generate a signature for the message we've been loaded with using the key we were initialised with. return true if the internal state represents the signature described in the passed in array. reset the internal state Signer with message recovery. Returns true if the signer has recovered the full message as part of signature verification. @return true if full message recovered. Returns a reference to what message was recovered (if any). @return full/partial message, null if nothing. Perform an update with the recovered message before adding any other data. This must be the first update method called, and calling it will result in the signer assuming that further calls to update will include message content past what is recoverable. @param signature the signature that we are in the process of verifying. @throws IllegalStateException Base interface for cryptographic operations such as Hashes, MACs, and Signatures which reduce a stream of data to a single value. Return a "sink" stream which only exists to update the implementing object. A stream to write to in order to update the implementing object. Return the result of processing the stream. This value is only available once the stream has been closed. The result of processing the stream. The interface stream ciphers conform to. The name of the algorithm this cipher implements. Initialise the cipher. If true the cipher is initialised for encryption, if false for decryption. The key and other data required by the cipher. If the parameters argument is inappropriate. encrypt/decrypt a single byte returning the result. the byte to be processed. the result of processing the input byte. Process a block of bytes from input putting the result into output. The input byte array. The offset into input where the data to be processed starts. The number of bytes to be processed. The output buffer the processed bytes go into. The offset into output the processed data starts at. If the output buffer is too small. Reset the cipher to the same state as it was after the last init (if there was one). Operators that reduce their input to the validation of a signature produce this type. Return true if the passed in data matches what is expected by the verification result. The bytes representing the signature. true if the signature verifies, false otherwise. Return true if the length bytes from off in the source array match the signature expected by the verification result. Byte array containing the signature. The offset into the source array where the signature starts. The number of bytes in source making up the signature. true if the signature verifies, false otherwise. Base interface for operators that serve as stream-based signature verifiers. The algorithm details object for this verifier. Create a stream calculator for this verifier. The stream calculator is used for the actual operation of entering the data to be verified and producing a result which can be used to verify the original signature. A calculator producing an IVerifier which can verify the signature. Base interface for a provider to support the dynamic creation of signature verifiers. Return a signature verfier for signature algorithm described in the passed in algorithm details object. The details of the signature algorithm verification is required for. A new signature verifier. The name of the algorithm this cipher implements. With FIPS PUB 202 a new kind of message digest was announced which supported extendable output, or variable digest sizes. This interface provides the extra method required to support variable output on a digest implementation. Output the results of the final calculation for this digest to outLen number of bytes. output array to write the output bytes to. offset to start writing the bytes at. the number of output bytes requested. the number of bytes written Start outputting the results of the final calculation for this digest. Unlike DoFinal, this method will continue producing output until the Xof is explicitly reset, or signals otherwise. output array to write the output bytes to. offset to start writing the bytes at. the number of output bytes requested. the number of bytes written The base class for parameters to key generators. initialise the generator with a source of randomness and a strength (in bits). @param random the random byte source. @param strength the size, in bits, of the keys we want to produce. return the random source associated with this generator. @return the generators random source. return the bit strength for keys produced by this generator, @return the strength of the keys this generator produces (in bits). standard CBC Block Cipher MAC - if no padding is specified the default of pad of zeroes is used. create a standard MAC based on a CBC block cipher. This will produce an authentication code half the length of the block size of the cipher. @param cipher the cipher to be used as the basis of the MAC generation. create a standard MAC based on a CBC block cipher. This will produce an authentication code half the length of the block size of the cipher. @param cipher the cipher to be used as the basis of the MAC generation. @param padding the padding to be used to complete the last block. create a standard MAC based on a block cipher with the size of the MAC been given in bits. This class uses CBC mode as the basis for the MAC generation.

Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), or 16 bits if being used as a data authenticator (FIPS Publication 113), and in general should be less than the size of the block cipher as it reduces the chance of an exhaustive attack (see Handbook of Applied Cryptography).

@param cipher the cipher to be used as the basis of the MAC generation. @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
create a standard MAC based on a block cipher with the size of the MAC been given in bits. This class uses CBC mode as the basis for the MAC generation.

Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), or 16 bits if being used as a data authenticator (FIPS Publication 113), and in general should be less than the size of the block cipher as it reduces the chance of an exhaustive attack (see Handbook of Applied Cryptography).

@param cipher the cipher to be used as the basis of the MAC generation. @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. @param padding the padding to be used to complete the last block.
Reset the mac generator. implements a Cipher-FeedBack (CFB) mode on top of a simple cipher. Basic constructor. @param cipher the block cipher to be used as the basis of the feedback mode. @param blockSize the block size in bits (note: a multiple of 8) Initialise the cipher and, possibly, the initialisation vector (IV). If an IV isn't passed as part of the parameter, the IV will be all zeros. An IV which is too short is handled in FIPS compliant fashion. @param param the key and other data required by the cipher. @exception ArgumentException if the parameters argument is inappropriate. return the algorithm name and mode. @return the name of the underlying algorithm followed by "/CFB" and the block size in bits. return the block size we are operating at. @return the block size we are operating at (in bytes). Process one block of input from the array in and write it to the out array. @param in the array containing the input data. @param inOff offset into the in array the data starts at. @param out the array the output data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. reset the chaining vector back to the IV and reset the underlying cipher. create a standard MAC based on a CFB block cipher. This will produce an authentication code half the length of the block size of the cipher, with the CFB mode set to 8 bits. @param cipher the cipher to be used as the basis of the MAC generation. create a standard MAC based on a CFB block cipher. This will produce an authentication code half the length of the block size of the cipher, with the CFB mode set to 8 bits. @param cipher the cipher to be used as the basis of the MAC generation. @param padding the padding to be used. create a standard MAC based on a block cipher with the size of the MAC been given in bits. This class uses CFB mode as the basis for the MAC generation.

Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), or 16 bits if being used as a data authenticator (FIPS Publication 113), and in general should be less than the size of the block cipher as it reduces the chance of an exhaustive attack (see Handbook of Applied Cryptography).

@param cipher the cipher to be used as the basis of the MAC generation. @param cfbBitSize the size of an output block produced by the CFB mode. @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
create a standard MAC based on a block cipher with the size of the MAC been given in bits. This class uses CFB mode as the basis for the MAC generation.

Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), or 16 bits if being used as a data authenticator (FIPS Publication 113), and in general should be less than the size of the block cipher as it reduces the chance of an exhaustive attack (see Handbook of Applied Cryptography).

@param cipher the cipher to be used as the basis of the MAC generation. @param cfbBitSize the size of an output block produced by the CFB mode. @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. @param padding a padding to be used.
Reset the mac generator. CMAC - as specified at www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html

CMAC is analogous to OMAC1 - see also en.wikipedia.org/wiki/CMAC

CMAC is a NIST recomendation - see csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf

CMAC/OMAC1 is a blockcipher-based message authentication code designed and analyzed by Tetsu Iwata and Kaoru Kurosawa.

CMAC/OMAC1 is a simple variant of the CBC MAC (Cipher Block Chaining Message Authentication Code). OMAC stands for One-Key CBC MAC.

It supports 128- or 64-bits block ciphers, with any key size, and returns a MAC with dimension less or equal to the block size of the underlying cipher.

create a standard MAC based on a CBC block cipher (64 or 128 bit block). This will produce an authentication code the length of the block size of the cipher. @param cipher the cipher to be used as the basis of the MAC generation. create a standard MAC based on a block cipher with the size of the MAC been given in bits.

Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), or 16 bits if being used as a data authenticator (FIPS Publication 113), and in general should be less than the size of the block cipher as it reduces the chance of an exhaustive attack (see Handbook of Applied Cryptography). @param cipher the cipher to be used as the basis of the MAC generation. @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and @lt;= 128. Reset the mac generator.

Implementation of DSTU7564 mac mode
implementation of DSTU 7624 MAC The GMAC specialisation of Galois/Counter mode (GCM) detailed in NIST Special Publication 800-38D. GMac is an invocation of the GCM mode where no data is encrypted (i.e. all input data to the Mac is processed as additional authenticated data with the underlying GCM block cipher). Creates a GMAC based on the operation of a block cipher in GCM mode. This will produce an authentication code the length of the block size of the cipher. the cipher to be used in GCM mode to generate the MAC. Creates a GMAC based on the operation of a 128 bit block cipher in GCM mode. This will produce an authentication code the length of the block size of the cipher. the cipher to be used in GCM mode to generate the MAC. the mac size to generate, in bits. Must be a multiple of 8, between 32 and 128 (inclusive). Sizes less than 96 are not recommended, but are supported for specialized applications. Initialises the GMAC - requires a providing a and a nonce. implementation of GOST 28147-89 MAC HMAC implementation based on RFC2104 H(K XOR opad, H(K XOR ipad, text)) Reset the mac generator. DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC) This could as well be derived from CBCBlockCipherMac, but then the property mac in the base class must be changed to protected create a Retail-MAC based on a CBC block cipher. This will produce an authentication code of the length of the block size of the cipher. @param cipher the cipher to be used as the basis of the MAC generation. This must be DESEngine. create a Retail-MAC based on a CBC block cipher. This will produce an authentication code of the length of the block size of the cipher. @param cipher the cipher to be used as the basis of the MAC generation. @param padding the padding to be used to complete the last block. create a Retail-MAC based on a block cipher with the size of the MAC been given in bits. This class uses single DES CBC mode as the basis for the MAC generation.

Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), or 16 bits if being used as a data authenticator (FIPS Publication 113), and in general should be less than the size of the block cipher as it reduces the chance of an exhaustive attack (see Handbook of Applied Cryptography).

@param cipher the cipher to be used as the basis of the MAC generation. @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
create a standard MAC based on a block cipher with the size of the MAC been given in bits. This class uses single DES CBC mode as the basis for the MAC generation. The final block is decrypted and then encrypted using the middle and right part of the key.

Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), or 16 bits if being used as a data authenticator (FIPS Publication 113), and in general should be less than the size of the block cipher as it reduces the chance of an exhaustive attack (see Handbook of Applied Cryptography).

@param cipher the cipher to be used as the basis of the MAC generation. @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. @param padding the padding to be used to complete the last block.
Reset the mac generator. Poly1305 message authentication code, designed by D. J. Bernstein. Poly1305 computes a 128-bit (16 bytes) authenticator, using a 128 bit nonce and a 256 bit key consisting of a 128 bit key applied to an underlying cipher, and a 128 bit key (with 106 effective key bits) used in the authenticator. The polynomial calculation in this implementation is adapted from the public domain poly1305-donna-unrolled C implementation by Andrew M (@floodyberry). Polynomial key Polynomial key Polynomial key Polynomial key Polynomial key Precomputed 5 * r[1..4] Precomputed 5 * r[1..4] Precomputed 5 * r[1..4] Precomputed 5 * r[1..4] Encrypted nonce Encrypted nonce Encrypted nonce Encrypted nonce Current block of buffered input Current offset in input buffer Polynomial accumulator Polynomial accumulator Polynomial accumulator Polynomial accumulator Polynomial accumulator Constructs a Poly1305 MAC, where the key passed to init() will be used directly. Constructs a Poly1305 MAC, using a 128 bit block cipher. Initialises the Poly1305 MAC. a {@link ParametersWithIV} containing a 128 bit nonce and a {@link KeyParameter} with a 256 bit key complying to the {@link Poly1305KeyGenerator Poly1305 key format}. Implementation of SipHash as specified in "SipHash: a fast short-input PRF", by Jean-Philippe Aumasson and Daniel J. Bernstein (https://131002.net/siphash/siphash.pdf). "SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d are the number of compression rounds and the number of finalization rounds. A compression round is identical to a finalization round and this round function is called SipRound. Given a 128-bit key k and a (possibly empty) byte string m, SipHash-c-d returns a 64-bit value..." SipHash-2-4 SipHash-c-d the number of compression rounds the number of finalization rounds Implementation of the Skein parameterised MAC function in 256, 512 and 1024 bit block sizes, based on the Threefish tweakable block cipher. This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3 competition in October 2010.

Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.

256 bit block size - Skein-256
512 bit block size - Skein-512 1024 bit block size - Skein-1024 Constructs a Skein MAC with an internal state size and output size. the internal state size in bits - one of or . the output/MAC size to produce in bits, which must be an integral number of bytes. Optionally initialises the Skein digest with the provided parameters. See for details on the parameterisation of the Skein hash function. the parameters to apply to this engine, or null to use no parameters. This exception is thrown whenever a cipher requires a change of key, iv or similar after x amount of bytes enciphered implements Cipher-Block-Chaining (CBC) mode on top of a simple cipher. Basic constructor. @param cipher the block cipher to be used as the basis of chaining. return the underlying block cipher that we are wrapping. @return the underlying block cipher that we are wrapping. Initialise the cipher and, possibly, the initialisation vector (IV). If an IV isn't passed as part of the parameter, the IV will be all zeros. @param forEncryption if true the cipher is initialised for encryption, if false for decryption. @param param the key and other data required by the cipher. @exception ArgumentException if the parameters argument is inappropriate. return the algorithm name and mode. @return the name of the underlying algorithm followed by "/CBC". return the block size of the underlying cipher. @return the block size of the underlying cipher. Process one block of input from the array in and write it to the out array. @param in the array containing the input data. @param inOff offset into the in array the data starts at. @param out the array the output data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. reset the chaining vector back to the IV and reset the underlying cipher. Do the appropriate chaining step for CBC mode encryption. @param in the array containing the data to be encrypted. @param inOff offset into the in array the data starts at. @param out the array the encrypted data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. Do the appropriate chaining step for CBC mode decryption. @param in the array containing the data to be decrypted. @param inOff offset into the in array the data starts at. @param out the array the decrypted data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. Implements the Counter with Cipher Block Chaining mode (CCM) detailed in NIST Special Publication 800-38C.

Note: this mode is a packet mode - it needs all the data up front.

Basic constructor. @param cipher the block cipher to be used. return the underlying block cipher that we are wrapping. @return the underlying block cipher that we are wrapping. Returns a byte array containing the mac calculated as part of the last encrypt or decrypt operation. @return the last mac calculated. Process a packet of data for either CCM decryption or encryption. @param in data for processing. @param inOff offset at which data starts in the input array. @param inLen length of the data in the input array. @return a byte array containing the processed input.. @throws IllegalStateException if the cipher is not appropriately set up. @throws InvalidCipherTextException if the input data is truncated or the mac check fails. Process a packet of data for either CCM decryption or encryption. @param in data for processing. @param inOff offset at which data starts in the input array. @param inLen length of the data in the input array. @param output output array. @param outOff offset into output array to start putting processed bytes. @return the number of bytes added to output. @throws IllegalStateException if the cipher is not appropriately set up. @throws InvalidCipherTextException if the input data is truncated or the mac check fails. @throws DataLengthException if output buffer too short. implements a Cipher-FeedBack (CFB) mode on top of a simple cipher. Basic constructor. @param cipher the block cipher to be used as the basis of the feedback mode. @param blockSize the block size in bits (note: a multiple of 8) return the underlying block cipher that we are wrapping. @return the underlying block cipher that we are wrapping. Initialise the cipher and, possibly, the initialisation vector (IV). If an IV isn't passed as part of the parameter, the IV will be all zeros. An IV which is too short is handled in FIPS compliant fashion. @param forEncryption if true the cipher is initialised for encryption, if false for decryption. @param param the key and other data required by the cipher. @exception ArgumentException if the parameters argument is inappropriate. return the algorithm name and mode. @return the name of the underlying algorithm followed by "/CFB" and the block size in bits. return the block size we are operating at. @return the block size we are operating at (in bytes). Process one block of input from the array in and write it to the out array. @param in the array containing the input data. @param inOff offset into the in array the data starts at. @param out the array the output data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. Do the appropriate processing for CFB mode encryption. @param in the array containing the data to be encrypted. @param inOff offset into the in array the data starts at. @param out the array the encrypted data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. Do the appropriate processing for CFB mode decryption. @param in the array containing the data to be decrypted. @param inOff offset into the in array the data starts at. @param out the array the encrypted data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. reset the chaining vector back to the IV and reset the underlying cipher. A Cipher Text Stealing (CTS) mode cipher. CTS allows block ciphers to be used to produce cipher text which is the same outLength as the plain text. Create a buffered block cipher that uses Cipher Text Stealing @param cipher the underlying block cipher this buffering object wraps. return the size of the output buffer required for an update of 'length' bytes. @param length the outLength of the input. @return the space required to accommodate a call to update with length bytes of input. return the size of the output buffer required for an update plus a doFinal with an input of length bytes. @param length the outLength of the input. @return the space required to accommodate a call to update and doFinal with length bytes of input. process a single byte, producing an output block if necessary. @param in the input byte. @param out the space for any output that might be produced. @param outOff the offset from which the output will be copied. @return the number of output bytes copied to out. @exception DataLengthException if there isn't enough space in out. @exception InvalidOperationException if the cipher isn't initialised. process an array of bytes, producing output if necessary. @param in the input byte array. @param inOff the offset at which the input data starts. @param length the number of bytes to be copied out of the input array. @param out the space for any output that might be produced. @param outOff the offset from which the output will be copied. @return the number of output bytes copied to out. @exception DataLengthException if there isn't enough space in out. @exception InvalidOperationException if the cipher isn't initialised. Process the last block in the buffer. @param out the array the block currently being held is copied into. @param outOff the offset at which the copying starts. @return the number of output bytes copied to out. @exception DataLengthException if there is insufficient space in out for the output. @exception InvalidOperationException if the underlying cipher is not initialised. @exception InvalidCipherTextException if cipher text decrypts wrongly (in case the exception will never Get thrown). A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and Efficiency - by M. Bellare, P. Rogaway, D. Wagner. http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf EAX is an AEAD scheme based on CTR and OMAC1/CMAC, that uses a single block cipher to encrypt and authenticate data. It's on-line (the length of a message isn't needed to begin processing it), has good performances, it's simple and provably secure (provided the underlying block cipher is secure). Of course, this implementations is NOT thread-safe. Constructor that accepts an instance of a block cipher engine. @param cipher the engine to use Implements the Galois/Counter mode (GCM) detailed in NIST Special Publication 800-38D. MAC sizes from 32 bits to 128 bits (must be a multiple of 8) are supported. The default is 128 bits. Sizes less than 96 are not recommended, but are supported for specialized applications. implements the GOST 28147 OFB counter mode (GCTR). Basic constructor. @param cipher the block cipher to be used as the basis of the counter mode (must have a 64 bit block size). return the underlying block cipher that we are wrapping. @return the underlying block cipher that we are wrapping. Initialise the cipher and, possibly, the initialisation vector (IV). If an IV isn't passed as part of the parameter, the IV will be all zeros. An IV which is too short is handled in FIPS compliant fashion. @param encrypting if true the cipher is initialised for encryption, if false for decryption. @param parameters the key and other data required by the cipher. @exception ArgumentException if the parameters argument is inappropriate. return the algorithm name and mode. @return the name of the underlying algorithm followed by "/GCTR" and the block size in bits return the block size we are operating at (in bytes). @return the block size we are operating at (in bytes). Process one block of input from the array in and write it to the out array. @param in the array containing the input data. @param inOff offset into the in array the data starts at. @param out the array the output data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. reset the feedback vector back to the IV and reset the underlying cipher. A block cipher mode that includes authenticated encryption with a streaming mode and optional associated data. The name of the algorithm this cipher implements. The block cipher underlying this algorithm. Initialise the cipher. Parameter can either be an AeadParameters or a ParametersWithIV object. Initialise for encryption if true, for decryption if false. The key or other data required by the cipher. The block size for this cipher, in bytes. Add a single byte to the associated data check. If the implementation supports it, this will be an online operation and will not retain the associated data. The byte to be processed. Add a sequence of bytes to the associated data check. If the implementation supports it, this will be an online operation and will not retain the associated data. The input byte array. The offset into the input array where the data to be processed starts. The number of bytes to be processed. Encrypt/decrypt a single byte. @param input the byte to be processed. @param outBytes the output buffer the processed byte goes into. @param outOff the offset into the output byte array the processed data starts at. @return the number of bytes written to out. @exception DataLengthException if the output buffer is too small. Process a block of bytes from in putting the result into out. @param inBytes the input byte array. @param inOff the offset into the in array where the data to be processed starts. @param len the number of bytes to be processed. @param outBytes the output buffer the processed bytes go into. @param outOff the offset into the output byte array the processed data starts at. @return the number of bytes written to out. @exception DataLengthException if the output buffer is too small. Finish the operation either appending or verifying the MAC at the end of the data. @param outBytes space for any resulting output data. @param outOff offset into out to start copying the data at. @return number of bytes written into out. @throws InvalidOperationException if the cipher is in an inappropriate state. @throws InvalidCipherTextException if the MAC fails to match. Return the value of the MAC associated with the last stream processed. @return MAC for plaintext data. Return the size of the output buffer required for a ProcessBytes an input of len bytes. @param len the length of the input. @return the space required to accommodate a call to ProcessBytes with len bytes of input. Return the size of the output buffer required for a ProcessBytes plus a DoFinal with an input of len bytes. @param len the length of the input. @return the space required to accommodate a call to ProcessBytes and DoFinal with len bytes of input. Reset the cipher to the same state as it was after the last init (if there was one). Base constructor. Nb value is set to 4. base cipher to use under CCM. Constructor allowing Nb configuration. Nb is a parameter specified in CCM mode of DSTU7624 standard. This parameter specifies maximum possible length of input.It should be calculated as follows: Nb = 1 / 8 * (-3 + log[2]Nmax) + 1, where Nmax - length of input message in bits.For practical reasons Nmax usually less than 4Gb, e.g. for Nmax = 2^32 - 1, Nb = 4. base cipher to use under CCM. Nb value to use. Implements a Gamming or Counter (CTR) mode on top of a DSTU 7624 block cipher. Basic constructor. @param cipher the block cipher to be used as the basis of the feedback mode. return the underlying block cipher that we are wrapping. @return the underlying block cipher that we are wrapping. Initialise the cipher and, possibly, the initialisation vector (IV). If an IV isn't passed as part of the parameter, the IV will be all zeros. An IV which is too short is handled in FIPS compliant fashion. @param forEncryption if true the cipher is initialised for encryption, if false for decryption. @param param the key and other data required by the cipher. @exception ArgumentException if the parameters argument is inappropriate. return the algorithm name and mode. @return the name of the underlying algorithm followed by "/KCTR" and the block size in bits. return the block size we are operating at. @return the block size we are operating at (in bytes). Process one block of input from the array in and write it to the out array. @param input the array containing the input data. @param inOff offset into the in array the data starts at. @param output the array the output data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. reset the chaining vector back to the IV and reset the underlying cipher. An implementation of RFC 7253 on The OCB Authenticated-Encryption Algorithm, licensed per:

License for Open-Source Software Implementations of OCB (Jan 9, 2013) - 'License 1'
Under this license, you are authorized to make, use, and distribute open-source software implementations of OCB. This license terminates for you if you sue someone over their open-source software implementation of OCB claiming that you have a patent covering their implementation.

This is a non-binding summary of a legal document (the link above). The parameters of the license are specified in the license document and that document is controlling.

implements a Output-FeedBack (OFB) mode on top of a simple cipher. Basic constructor. @param cipher the block cipher to be used as the basis of the feedback mode. @param blockSize the block size in bits (note: a multiple of 8) return the underlying block cipher that we are wrapping. @return the underlying block cipher that we are wrapping. Initialise the cipher and, possibly, the initialisation vector (IV). If an IV isn't passed as part of the parameter, the IV will be all zeros. An IV which is too short is handled in FIPS compliant fashion. @param forEncryption if true the cipher is initialised for encryption, if false for decryption. @param param the key and other data required by the cipher. @exception ArgumentException if the parameters argument is inappropriate. return the algorithm name and mode. @return the name of the underlying algorithm followed by "/OFB" and the block size in bits return the block size we are operating at (in bytes). @return the block size we are operating at (in bytes). Process one block of input from the array in and write it to the out array. @param in the array containing the input data. @param inOff offset into the in array the data starts at. @param out the array the output data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. reset the feedback vector back to the IV and reset the underlying cipher. * Implements OpenPGP's rather strange version of Cipher-FeedBack (CFB) mode * on top of a simple cipher. This class assumes the IV has been prepended * to the data stream already, and just accomodates the reset after * (blockSize + 2) bytes have been read. *

* For further info see RFC 2440. *

Basic constructor. @param cipher the block cipher to be used as the basis of the feedback mode. return the underlying block cipher that we are wrapping. @return the underlying block cipher that we are wrapping. return the algorithm name and mode. @return the name of the underlying algorithm followed by "/PGPCFB" and the block size in bits. return the block size we are operating at. @return the block size we are operating at (in bytes). Process one block of input from the array in and write it to the out array. @param in the array containing the input data. @param inOff offset into the in array the data starts at. @param out the array the output data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. reset the chaining vector back to the IV and reset the underlying cipher. Initialise the cipher and, possibly, the initialisation vector (IV). If an IV isn't passed as part of the parameter, the IV will be all zeros. An IV which is too short is handled in FIPS compliant fashion. @param forEncryption if true the cipher is initialised for encryption, if false for decryption. @param parameters the key and other data required by the cipher. @exception ArgumentException if the parameters argument is inappropriate. Encrypt one byte of data according to CFB mode. @param data the byte to encrypt @param blockOff offset in the current block @returns the encrypted byte Do the appropriate processing for CFB IV mode encryption. @param in the array containing the data to be encrypted. @param inOff offset into the in array the data starts at. @param out the array the encrypted data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. Do the appropriate processing for CFB IV mode decryption. @param in the array containing the data to be decrypted. @param inOff offset into the in array the data starts at. @param out the array the encrypted data will be copied into. @param outOff the offset into the out array the output will start at. @exception DataLengthException if there isn't enough data in in, or space in out. @exception InvalidOperationException if the cipher isn't initialised. @return the number of bytes processed and produced. Implements the Segmented Integer Counter (SIC) mode on top of a simple block cipher. Basic constructor. @param c the block cipher to be used. return the underlying block cipher that we are wrapping. @return the underlying block cipher that we are wrapping. Return the digest algorithm using one of the standard JCA string representations rather than the algorithm identifier (if possible). Calculator factory class for signature generation in ASN.1 based profiles that use an AlgorithmIdentifier to preserve signature algorithm details. Base constructor. The name of the signature algorithm to use. The private key to be used in the signing operation. Constructor which also specifies a source of randomness to be used if one is required. The name of the signature algorithm to use. The private key to be used in the signing operation. The source of randomness to be used in signature calculation. Allows enumeration of the signature names supported by the verifier provider. Verifier class for signature verification in ASN.1 based profiles that use an AlgorithmIdentifier to preserve signature algorithm details. Base constructor. The name of the signature algorithm to use. The public key to be used in the verification operation. Provider class which supports dynamic creation of signature verifiers. Base constructor - specify the public key to be used in verification. The public key to be used in creating verifiers provided by this object. Allows enumeration of the signature names supported by the verifier provider. Block cipher padders are expected to conform to this interface Initialise the padder. @param param parameters, if any required. Return the name of the algorithm the cipher implements. @return the name of the algorithm the cipher implements. add the pad bytes to the passed in block, returning the number of bytes added. return the number of pad bytes present in the block. @exception InvalidCipherTextException if the padding is badly formed or invalid. A padder that adds ISO10126-2 padding to a block. Initialise the padder. @param random a SecureRandom if available. Return the name of the algorithm the cipher implements. @return the name of the algorithm the cipher implements. add the pad bytes to the passed in block, returning the number of bytes added. return the number of pad bytes present in the block. A padder that adds the padding according to the scheme referenced in ISO 7814-4 - scheme 2 from ISO 9797-1. The first byte is 0x80, rest is 0x00 Initialise the padder. @param random - a SecureRandom if available. Return the name of the algorithm the padder implements. @return the name of the algorithm the padder implements. add the pad bytes to the passed in block, returning the number of bytes added. return the number of pad bytes present in the block. A wrapper class that allows block ciphers to be used to process data in a piecemeal fashion with padding. The PaddedBufferedBlockCipher outputs a block only when the buffer is full and more data is being added, or on a doFinal (unless the current block in the buffer is a pad block). The default padding mechanism used is the one outlined in Pkcs5/Pkcs7. Create a buffered block cipher with the desired padding. @param cipher the underlying block cipher this buffering object wraps. @param padding the padding type. Create a buffered block cipher Pkcs7 padding @param cipher the underlying block cipher this buffering object wraps. initialise the cipher. @param forEncryption if true the cipher is initialised for encryption, if false for decryption. @param param the key and other data required by the cipher. @exception ArgumentException if the parameters argument is inappropriate. return the minimum size of the output buffer required for an update plus a doFinal with an input of len bytes. @param len the length of the input. @return the space required to accommodate a call to update and doFinal with len bytes of input. return the size of the output buffer required for an update an input of len bytes. @param len the length of the input. @return the space required to accommodate a call to update with len bytes of input. process a single byte, producing an output block if necessary. @param in the input byte. @param out the space for any output that might be produced. @param outOff the offset from which the output will be copied. @return the number of output bytes copied to out. @exception DataLengthException if there isn't enough space in out. @exception InvalidOperationException if the cipher isn't initialised. process an array of bytes, producing output if necessary. @param in the input byte array. @param inOff the offset at which the input data starts. @param len the number of bytes to be copied out of the input array. @param out the space for any output that might be produced. @param outOff the offset from which the output will be copied. @return the number of output bytes copied to out. @exception DataLengthException if there isn't enough space in out. @exception InvalidOperationException if the cipher isn't initialised. Process the last block in the buffer. If the buffer is currently full and padding needs to be added a call to doFinal will produce 2 * GetBlockSize() bytes. @param out the array the block currently being held is copied into. @param outOff the offset at which the copying starts. @return the number of output bytes copied to out. @exception DataLengthException if there is insufficient space in out for the output or we are decrypting and the input is not block size aligned. @exception InvalidOperationException if the underlying cipher is not initialised. @exception InvalidCipherTextException if padding is expected and not found. A padder that adds Pkcs7/Pkcs5 padding to a block. Initialise the padder. @param random - a SecureRandom if available. Return the name of the algorithm the cipher implements. @return the name of the algorithm the cipher implements. add the pad bytes to the passed in block, returning the number of bytes added. return the number of pad bytes present in the block. A padder that adds Trailing-Bit-Compliment padding to a block.

This padding pads the block out compliment of the last bit of the plain text.

Return the name of the algorithm the cipher implements. the name of the algorithm the cipher implements. Initialise the padder. - a SecureRandom if available. add the pad bytes to the passed in block, returning the number of bytes added.

Note: this assumes that the last block of plain text is always passed to it inside in. i.e. if inOff is zero, indicating the entire block is to be overwritten with padding the value of in should be the same as the last block of plain text.

return the number of pad bytes present in the block. A padder that adds X9.23 padding to a block - if a SecureRandom is passed in random padding is assumed, otherwise padding with zeros is used. Initialise the padder. @param random a SecureRandom if one is available. Return the name of the algorithm the cipher implements. @return the name of the algorithm the cipher implements. add the pad bytes to the passed in block, returning the number of bytes added. return the number of pad bytes present in the block. A padder that adds Null byte padding to a block. Return the name of the algorithm the cipher implements. the name of the algorithm the cipher implements. Initialise the padder. - a SecureRandom if available. add the pad bytes to the passed in block, returning the number of bytes added. return the number of pad bytes present in the block. Base constructor. @param key key to be used by underlying cipher @param macSize macSize in bits @param nonce nonce to be used Base constructor. @param key key to be used by underlying cipher @param macSize macSize in bits @param nonce nonce to be used @param associatedText associated text, if any Base constructor. @param key key to be used by underlying cipher @param macSize macSize in bits @param nonce nonce to be used @param associatedText associated text, if any return true if the passed in key is a DES-EDE weak key. @param key bytes making up the key @param offset offset into the byte array the key starts at @param length number of bytes making up the key return true if the passed in key is a DES-EDE weak key. @param key bytes making up the key @param offset offset into the byte array the key starts at return true if the passed in key is a real 2/3 part DES-EDE key. @param key bytes making up the key @param offset offset into the byte array the key starts at return true if the passed in key is a real 2 part DES-EDE key. @param key bytes making up the key @param offset offset into the byte array the key starts at return true if the passed in key is a real 3 part DES-EDE key. @param key bytes making up the key @param offset offset into the byte array the key starts at DES has 16 weak keys. This method will check if the given DES key material is weak or semi-weak. Key material that is too short is regarded as weak.

See "Applied Cryptography" by Bruce Schneier for more information.

@return true if the given DES key material is weak or semi-weak, false otherwise.
DES Keys use the LSB as the odd parity bit. This can be used to check for corrupt keys. @param bytes the byte array to set the parity on. The minimum bitlength of the private value. The bitlength of the private value. Construct without a usage index, this will do a random construction of G. @param L desired length of prime P in bits (the effective key size). @param N desired length of prime Q in bits. @param certainty certainty level for prime number generation. @param random the source of randomness to use. Construct for a specific usage index - this has the effect of using verifiable canonical generation of G. @param L desired length of prime P in bits (the effective key size). @param N desired length of prime Q in bits. @param certainty certainty level for prime number generation. @param random the source of randomness to use. @param usageIndex a valid usage index. return the generator - g return private value limit - l Parameter class for the HkdfBytesGenerator class. Generates parameters for HKDF, specifying both the optional salt and optional info. Step 1: Extract won't be skipped. @param ikm the input keying material or seed @param salt the salt to use, may be null for a salt for hashLen zeros @param info the info to use, may be null for an info field of zero bytes Factory method that makes the HKDF skip the extract part of the key derivation function. @param ikm the input keying material or seed, directly used for step 2: Expand @param info the info to use, may be null for an info field of zero bytes @return HKDFParameters that makes the implementation skip step 1 Returns the input keying material or seed. @return the keying material Returns if step 1: extract has to be skipped or not @return true for skipping, false for no skipping of step 1 Returns the salt, or null if the salt should be generated as a byte array of HashLen zeros. @return the salt, or null Returns the info field, which may be empty (null is converted to empty). @return the info field, never null parameters for using an integrated cipher in stream mode. @param derivation the derivation parameter for the KDF function. @param encoding the encoding parameter for the KDF function. @param macKeySize the size of the MAC key (in bits). @param derivation the derivation parameter for the KDF function. @param encoding the encoding parameter for the KDF function. @param macKeySize the size of the MAC key (in bits). @param cipherKeySize the size of the associated Cipher key (in bits). parameters for Key derivation functions for ISO-18033 parameters for Key derivation functions for IEEE P1363a Parameters for mask derivation functions. Parameters for NaccacheStern public private key generation. For details on this cipher, please see http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf Parameters for generating a NaccacheStern KeyPair. @param random The source of randomness @param strength The desired strength of the Key in Bits @param certainty the probability that the generated primes are not really prime as integer: 2^(-certainty) is then the probability @param countSmallPrimes How many small key factors are desired * Parameters for a NaccacheStern KeyPair. * * @param random * The source of randomness * @param strength * The desired strength of the Key in Bits * @param certainty * the probability that the generated primes are not really prime * as integer: 2^(-certainty) is then the probability * @param cntSmallPrimes * How many small key factors are desired * @param debug * Ignored @return Returns the certainty. @return Returns the countSmallPrimes. Public key parameters for NaccacheStern cipher. For details on this cipher, please see http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf @param privateKey @return Returns the g. @return Returns the lowerSigmaBound. @return Returns the n. Private key parameters for NaccacheStern cipher. For details on this cipher, please see http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf Constructs a NaccacheSternPrivateKey @param g the public enryption parameter g @param n the public modulus n = p*q @param lowerSigmaBound the public lower sigma bound up to which data can be encrypted @param smallPrimes the small primes, of which sigma is constructed in the right order @param phi_n the private modulus phi(n) = (p-1)(q-1) Cipher parameters with a fixed salt value associated with them. Parameters for the Skein hash function - a series of byte[] strings identified by integer tags. Parameterised Skein can be used for:
  • MAC generation, by providing a key.
  • Randomised hashing, by providing a nonce.
  • A hash function for digital signatures, associating a public key with the message digest.
  • A key derivation function, by providing a key identifier.
  • Personalised hashing, by providing a recommended format or arbitrary personalisation string.
The parameter type for a secret key, supporting MAC or KDF functions: 0 The parameter type for the Skein configuration block: 4 The parameter type for a personalisation string: 8 The parameter type for a public key: 12 The parameter type for a key identifier string: 16 The parameter type for a nonce: 20 The parameter type for the message: 48 The parameter type for the output transformation: 63 Obtains a map of type (int) to value (byte[]) for the parameters tracked in this object. Obtains the value of the key parameter, or null if not set. The key. Obtains the value of the personalisation parameter, or null if not set. Obtains the value of the public key parameter, or null if not set. Obtains the value of the key identifier parameter, or null if not set. Obtains the value of the nonce parameter, or null if not set. A builder for . Sets a parameters to apply to the Skein hash function. Parameter types must be in the range 0,5..62, and cannot use the value 48 (reserved for message body).

Parameters with type < 48 are processed before the message content, parameters with type > 48 are processed after the message and prior to output. the type of the parameter, in the range 5..62. the byte sequence of the parameter.

Sets the parameter.
Sets the parameter. Implements the recommended personalisation format for Skein defined in Section 4.11 of the Skein 1.3 specification. The format is YYYYMMDD email@address distinguisher, encoded to a byte sequence using UTF-8 encoding. the date the personalised application of the Skein was defined. the email address of the creation of the personalised application. an arbitrary personalisation string distinguishing the application. Sets the parameter. Sets the parameter. Sets the parameter. Constructs a new instance with the parameters provided to this builder. Private parameters for an SM2 key exchange. The ephemeralPrivateKey is used to calculate the random point used in the algorithm. Public parameters for an SM2 key exchange. In this case the ephemeralPublicKey provides the random point used in the algorithm. Parameters for tweakable block ciphers. Gets the key. the key to use, or null to use the current key. Gets the tweak value. The tweak to use, or null to use the current tweak. super class for all Password Based Encyrption (Pbe) parameter generator classes. base constructor. initialise the Pbe generator. @param password the password converted into bytes (see below). @param salt the salt to be mixed with the password. @param iterationCount the number of iterations the "mixing" function is to be applied for. return the password byte array. @return the password byte array. return the salt byte array. @return the salt byte array. return the iteration count. @return the iteration count. Generate derived parameters for a key of length keySize. @param keySize the length, in bits, of the key required. @return a parameters object representing a key. Generate derived parameters for a key of length keySize, and an initialisation vector (IV) of length ivSize. @param keySize the length, in bits, of the key required. @param ivSize the length, in bits, of the iv required. @return a parameters object representing a key and an IV. Generate derived parameters for a key of length keySize, specifically for use with a MAC. @param keySize the length, in bits, of the key required. @return a parameters object representing a key. converts a password to a byte array according to the scheme in Pkcs5 (ascii, no padding) @param password a character array representing the password. @return a byte array representing the password. converts a password to a byte array according to the scheme in PKCS5 (UTF-8, no padding) @param password a character array representing the password. @return a byte array representing the password. converts a password to a byte array according to the scheme in Pkcs12 (unicode, big endian, 2 zero pad bytes at the end). @param password a character array representing the password. @return a byte array representing the password. An EntropySourceProvider where entropy generation is based on a SecureRandom output using SecureRandom.generateSeed(). Create a entropy source provider based on the passed in SecureRandom. @param secureRandom the SecureRandom to base EntropySource construction on. @param isPredictionResistant boolean indicating if the SecureRandom is based on prediction resistant entropy or not (true if it is). Return an entropy source that will create bitsRequired bits of entropy on each invocation of getEntropy(). @param bitsRequired size (in bits) of entropy to be created by the provided source. @return an EntropySource that generates bitsRequired bits of entropy on each call to its getEntropy() method. Uses RandomNumberGenerator.Create() to get randomness generator Random generation based on the digest with counter. Calling AddSeedMaterial will always increase the entropy of the hash.

Internal access to the digest is synchronized so a single one of these can be shared.

A SP800-90A CTR DRBG. Construct a SP800-90A CTR DRBG.

Minimum entropy requirement is the security strength requested.

@param engine underlying block cipher to use to support DRBG @param keySizeInBits size of the key to use with the block cipher. @param securityStrength security strength required (in bits) @param entropySource source of entropy to use for seeding/reseeding. @param personalizationString personalization string to distinguish this DRBG (may be null). @param nonce nonce to further distinguish this DRBG (may be null).
Return the block size (in bits) of the DRBG. @return the number of bits produced on each internal round of the DRBG. Populate a passed in array with random data. @param output output array for generated bits. @param additionalInput additional input to be added to the DRBG in this step. @param predictionResistant true if a reseed should be forced, false otherwise. @return number of bits generated, -1 if a reseed required. Reseed the DRBG. @param additionalInput additional input to be added to the DRBG in this step. Pad out a key for TDEA, setting odd parity for each byte. @param keyMaster @param keyOff @param tmp @param tmpOff Used by both Dual EC and Hash. A SP800-90A Hash DRBG. Construct a SP800-90A Hash DRBG.

Minimum entropy requirement is the security strength requested.

@param digest source digest to use for DRB stream. @param securityStrength security strength required (in bits) @param entropySource source of entropy to use for seeding/reseeding. @param personalizationString personalization string to distinguish this DRBG (may be null). @param nonce nonce to further distinguish this DRBG (may be null).
Return the block size (in bits) of the DRBG. @return the number of bits produced on each internal round of the DRBG. Populate a passed in array with random data. @param output output array for generated bits. @param additionalInput additional input to be added to the DRBG in this step. @param predictionResistant true if a reseed should be forced, false otherwise. @return number of bits generated, -1 if a reseed required. Reseed the DRBG. @param additionalInput additional input to be added to the DRBG in this step. A SP800-90A HMAC DRBG. Construct a SP800-90A Hash DRBG.

Minimum entropy requirement is the security strength requested.

@param hMac Hash MAC to base the DRBG on. @param securityStrength security strength required (in bits) @param entropySource source of entropy to use for seeding/reseeding. @param personalizationString personalization string to distinguish this DRBG (may be null). @param nonce nonce to further distinguish this DRBG (may be null).
Return the block size (in bits) of the DRBG. @return the number of bits produced on each round of the DRBG. Populate a passed in array with random data. @param output output array for generated bits. @param additionalInput additional input to be added to the DRBG in this step. @param predictionResistant true if a reseed should be forced, false otherwise. @return number of bits generated, -1 if a reseed required. Reseed the DRBG. @param additionalInput additional input to be added to the DRBG in this step. Interface to SP800-90A deterministic random bit generators. Return the block size of the DRBG. @return the block size (in bits) produced by each round of the DRBG. Populate a passed in array with random data. @param output output array for generated bits. @param additionalInput additional input to be added to the DRBG in this step. @param predictionResistant true if a reseed should be forced, false otherwise. @return number of bits generated, -1 if a reseed required. Reseed the DRBG. @param additionalInput additional input to be added to the DRBG in this step. Generate numBytes worth of entropy from the passed in entropy source. @param entropySource the entropy source to request the data from. @param numBytes the number of bytes of entropy requested. @return a byte array populated with the random data. Generic interface for objects generating random bytes. Add more seed material to the generator. A byte array to be mixed into the generator's state. Add more seed material to the generator. A long value to be mixed into the generator's state. Fill byte array with random values. Array to be filled. Fill byte array with random values. Array to receive bytes. Index to start filling at. Length of segment to fill. Takes bytes generated by an underling RandomGenerator and reverses the order in each small window (of configurable size).

Access to internals is synchronized so a single one of these can be shared.

Add more seed material to the generator. A byte array to be mixed into the generator's state. Add more seed material to the generator. A long value to be mixed into the generator's state. Fill byte array with random values. Array to be filled. Fill byte array with random values. Array to receive bytes. Index to start filling at. Length of segment to fill. Force a reseed of the DRBG. optional additional input Builder class for making SecureRandom objects based on SP 800-90A Deterministic Random Bit Generators (DRBG). Basic constructor, creates a builder using an EntropySourceProvider based on the default SecureRandom with predictionResistant set to false.

Any SecureRandom created from a builder constructed like this will make use of input passed to SecureRandom.setSeed() if the default SecureRandom does for its generateSeed() call.

Construct a builder with an EntropySourceProvider based on the passed in SecureRandom and the passed in value for prediction resistance.

Any SecureRandom created from a builder constructed like this will make use of input passed to SecureRandom.setSeed() if the passed in SecureRandom does for its generateSeed() call.

@param entropySource @param predictionResistant
Create a builder which makes creates the SecureRandom objects from a specified entropy source provider.

Note: If this constructor is used any calls to setSeed() in the resulting SecureRandom will be ignored.

@param entropySourceProvider a provider of EntropySource objects.
Set the personalization string for DRBG SecureRandoms created by this builder @param personalizationString the personalisation string for the underlying DRBG. @return the current builder. Set the security strength required for DRBGs used in building SecureRandom objects. @param securityStrength the security strength (in bits) @return the current builder. Set the amount of entropy bits required for seeding and reseeding DRBGs used in building SecureRandom objects. @param entropyBitsRequired the number of bits of entropy to be requested from the entropy source on each seed/reseed. @return the current builder. Build a SecureRandom based on a SP 800-90A Hash DRBG. @param digest digest algorithm to use in the DRBG underneath the SecureRandom. @param nonce nonce value to use in DRBG construction. @param predictionResistant specify whether the underlying DRBG in the resulting SecureRandom should reseed on each request for bytes. @return a SecureRandom supported by a Hash DRBG. Build a SecureRandom based on a SP 800-90A CTR DRBG. @param cipher the block cipher to base the DRBG on. @param keySizeInBits key size in bits to be used with the block cipher. @param nonce nonce value to use in DRBG construction. @param predictionResistant specify whether the underlying DRBG in the resulting SecureRandom should reseed on each request for bytes. @return a SecureRandom supported by a CTR DRBG. Build a SecureRandom based on a SP 800-90A HMAC DRBG. @param hMac HMAC algorithm to use in the DRBG underneath the SecureRandom. @param nonce nonce value to use in DRBG construction. @param predictionResistant specify whether the underlying DRBG in the resulting SecureRandom should reseed on each request for bytes. @return a SecureRandom supported by a HMAC DRBG. A thread based seed generator - one source of randomness.

Based on an idea from Marcus Lippert.

Generate seed bytes. Set fast to false for best quality.

If fast is set to true, the code should be round about 8 times faster when generating a long sequence of random bytes. 20 bytes of random values using the fast mode take less than half a second on a Nokia e70. If fast is set to false, it takes round about 2500 ms.

@param numBytes the number of bytes to generate @param fast true if fast mode should be used
Permutation generated by code: // First 1850 fractional digit of Pi number. byte[] key = new BigInteger("14159265358979323846...5068006422512520511").ToByteArray(); s = 0; P = new byte[256]; for (int i = 0; i < 256; i++) { P[i] = (byte) i; } for (int m = 0; m < 768; m++) { s = P[(s + P[m & 0xff] + key[m % key.length]) & 0xff]; byte temp = P[m & 0xff]; P[m & 0xff] = P[s & 0xff]; P[s & 0xff] = temp; } Value generated in the same way as P. @param engine @param entropySource Populate a passed in array with random data. @param output output array for generated bits. @param predictionResistant true if a reseed should be forced, false otherwise. @return number of bits generated, -1 if a reseed required. Reseed the RNG. Basic constructor, creates a builder using an EntropySourceProvider based on the default SecureRandom with predictionResistant set to false.

Any SecureRandom created from a builder constructed like this will make use of input passed to SecureRandom.setSeed() if the default SecureRandom does for its generateSeed() call.

Construct a builder with an EntropySourceProvider based on the passed in SecureRandom and the passed in value for prediction resistance.

Any SecureRandom created from a builder constructed like this will make use of input passed to SecureRandom.setSeed() if the passed in SecureRandom does for its generateSeed() call.

@param entropySource @param predictionResistant
Create a builder which makes creates the SecureRandom objects from a specified entropy source provider.

Note: If this constructor is used any calls to setSeed() in the resulting SecureRandom will be ignored.

@param entropySourceProvider a provider of EntropySource objects.
Construct a X9.31 secure random generator using the passed in engine and key. If predictionResistant is true the generator will be reseeded on each request. @param engine a block cipher to use as the operator. @param key the block cipher key to initialise engine with. @param predictionResistant true if engine to be reseeded on each use, false otherwise. @return a SecureRandom. update the internal digest with the byte b update the internal digest with the byte array in Generate a signature for the message we've been loaded with using the key we were initialised with. true if the internal state represents the signature described in the passed in array. Reset the internal state The Digital Signature Algorithm - as described in "Handbook of Applied Cryptography", pages 452 - 453. Default configuration, random K values. Configuration with an alternate, possibly deterministic calculator of K. @param kCalculator a K value calculator. Generate a signature for the given message using the key we were initialised with. For conventional DSA the message should be a SHA-1 hash of the message of interest. @param message the message that will be verified later. return true if the value r and s represent a DSA signature for the passed in message for standard DSA the message should be a SHA-1 hash of the real message to be verified. EC-DSA as described in X9.62 Default configuration, random K values. Configuration with an alternate, possibly deterministic calculator of K. @param kCalculator a K value calculator. Generate a signature for the given message using the key we were initialised with. For conventional DSA the message should be a SHA-1 hash of the message of interest. @param message the message that will be verified later. return true if the value r and s represent a DSA signature for the passed in message (for standard DSA the message should be a SHA-1 hash of the real message to be verified). GOST R 34.10-2001 Signature Algorithm generate a signature for the given message using the key we were initialised with. For conventional GOST3410 the message should be a GOST3411 hash of the message of interest. @param message the message that will be verified later. return true if the value r and s represent a GOST3410 signature for the passed in message (for standard GOST3410 the message should be a GOST3411 hash of the real message to be verified). EC-NR as described in IEEE 1363-2000 generate a signature for the given message using the key we were initialised with. Generally, the order of the curve should be at least as long as the hash of the message of interest, and with ECNR it *must* be at least as long. @param digest the digest to be signed. @exception DataLengthException if the digest is longer than the key allows return true if the value r and s represent a signature for the message passed in. Generally, the order of the curve should be at least as long as the hash of the message of interest, and with ECNR, it *must* be at least as long. But just in case the signer applied mod(n) to the longer digest, this implementation will apply mod(n) during verification. @param digest the digest to be verified. @param r the r value of the signature. @param s the s value of the signature. @exception DataLengthException if the digest is longer than the key allows initialise the signer for signing or verification. @param forSigning true if for signing, false otherwise @param parameters necessary parameters. update the internal digest with the byte b update the internal digest with the byte array in Generate a signature for the message we've been loaded with using the key we were initialised with. return true if the internal state represents the signature described in the passed in array. update the internal digest with the byte b update the internal digest with the byte array in Generate a signature for the message we've been loaded with using the key we were initialised with. true if the internal state represents the signature described in the passed in array. Reset the internal state Gost R 34.10-94 Signature Algorithm generate a signature for the given message using the key we were initialised with. For conventional Gost3410 the message should be a Gost3411 hash of the message of interest. @param message the message that will be verified later. return true if the value r and s represent a Gost3410 signature for the passed in message for standard Gost3410 the message should be a Gost3411 hash of the real message to be verified. A deterministic K calculator based on the algorithm in section 3.2 of RFC 6979. Base constructor. @param digest digest to build the HMAC on. An interface for different encoding formats for DSA signatures. Decode the (r, s) pair of a DSA signature. The order of the group that r, s belong to. An encoding of the (r, s) pair of a DSA signature. The (r, s) of a DSA signature, stored in an array of exactly two elements, r followed by s. Encode the (r, s) pair of a DSA signature. The order of the group that r, s belong to. The r value of a DSA signature. The s value of a DSA signature. An encoding of the DSA signature given by the provided (r, s) pair. Interface define calculators of K values for DSA/ECDSA. Return true if this calculator is deterministic, false otherwise. @return true if deterministic, otherwise false. Non-deterministic initialiser. @param n the order of the DSA group. @param random a source of randomness. Deterministic initialiser. @param n the order of the DSA group. @param d the DSA private value. @param message the message being signed. Return the next valid value of K. @return a K value. ISO9796-2 - mechanism using a hash function with recovery (scheme 2 and 3).

Note: the usual length for the salt is the length of the hash function used in bytes.

Return a reference to the recoveredMessage message. The full/partial recoveredMessage message. Generate a signer with either implicit or explicit trailers for ISO9796-2, scheme 2 or 3. base cipher to use for signature creation/verification digest to use. length of salt in bytes. whether or not the trailer is implicit or gives the hash. Constructor for a signer with an explicit digest trailer. cipher to use. digest to sign with. length of salt in bytes. Initialise the signer. true if for signing, false if for verification. parameters for signature generation/verification. If the parameters are for generation they should be a ParametersWithRandom, a ParametersWithSalt, or just an RsaKeyParameters object. If RsaKeyParameters are passed in a SecureRandom will be created. if wrong parameter type or a fixed salt is passed in which is the wrong length. compare two byte arrays - constant time. clear possible sensitive data update the internal digest with the byte b update the internal digest with the byte array in reset the internal state Generate a signature for the loaded message using the key we were initialised with. return true if the signature represents a ISO9796-2 signature for the passed in message. Return true if the full message was recoveredMessage. true on full message recovery, false otherwise, or if not sure. int to octet string. int to octet string. long to octet string. mask generator function, as described in Pkcs1v2. ISO9796-2 - mechanism using a hash function with recovery (scheme 1) Return a reference to the recoveredMessage message. The full/partial recoveredMessage message. Generate a signer with either implicit or explicit trailers for ISO9796-2. base cipher to use for signature creation/verification digest to use. whether or not the trailer is implicit or gives the hash. Constructor for a signer with an explicit digest trailer. cipher to use. digest to sign with. compare two byte arrays - constant time. clear possible sensitive data update the internal digest with the byte b update the internal digest with the byte array in reset the internal state Generate a signature for the loaded message using the key we were initialised with. return true if the signature represents a ISO9796-2 signature for the passed in message. Return true if the full message was recoveredMessage. true on full message recovery, false otherwise. RSA-PSS as described in Pkcs# 1 v 2.1.

Note: the usual value for the salt length is the number of bytes in the hash function.

Basic constructor the asymmetric cipher to use. the digest to use. the length of the salt to use (in bytes). Basic constructor the asymmetric cipher to use. the digest to use. the fixed salt to be used. clear possible sensitive data update the internal digest with the byte b update the internal digest with the byte array in reset the internal state Generate a signature for the message we've been loaded with using the key we were initialised with. return true if the internal state represents the signature described in the passed in array. int to octet string. mask generator function, as described in Pkcs1v2. Load oid table. Initialise the signer for signing or verification. @param forSigning true if for signing, false otherwise @param param necessary parameters. update the internal digest with the byte b update the internal digest with the byte array in Generate a signature for the message we've been loaded with using the key we were initialised with. return true if the internal state represents the signature described in the passed in array. The SM2 Digital Signature algorithm. X9.31-1998 - signing using a hash.

The message digest hash, H, is encapsulated to form a byte string as follows

            EB = 06 || PS || 0xBA || H || TRAILER
            
where PS is a string of bytes all of value 0xBB of length such that |EB|=|n|, and TRAILER is the ISO/IEC 10118 part number† for the digest. The byte string, EB, is converted to an integer value, the message representative, f.
Generate a signer with either implicit or explicit trailers for X9.31. @param cipher base cipher to use for signature creation/verification @param digest digest to use. @param implicit whether or not the trailer is implicit or gives the hash. Constructor for a signer with an explicit digest trailer. @param cipher cipher to use. @param digest digest to sign with. clear possible sensitive data update the internal digest with the byte b update the internal digest with the byte array in reset the internal state generate a signature for the loaded message using the key we were initialised with. return true if the signature represents a ISO9796-2 signature for the passed in message. A simple block result object which just carries a byte array. Base constructor - a wrapper for the passed in byte array. The byte array to be wrapped. Return the number of bytes in the result The length of the result in bytes. Return the final result of the operation. A block of bytes, representing the result of an operation. Store the final result of the operation by copying it into the destination array. The number of bytes copied into destination. The byte array to copy the result into. The offset into destination to start copying the result at. a wrapper for block ciphers with a single byte block size, so that they can be treated like stream ciphers. basic constructor. @param cipher the block cipher to be wrapped. @exception ArgumentException if the cipher has a block size other than one. initialise the underlying cipher. @param forEncryption true if we are setting up for encryption, false otherwise. @param param the necessary parameters for the underlying cipher to be initialised. return the name of the algorithm we are wrapping. @return the name of the algorithm we are wrapping. encrypt/decrypt a single byte returning the result. @param in the byte to be processed. @return the result of processing the input byte. process a block of bytes from in putting the result into out. @param in the input byte array. @param inOff the offset into the in array where the data to be processed starts. @param len the number of bytes to be processed. @param out the output buffer the processed bytes go into. @param outOff the offset into the output byte array the processed data stars at. @exception DataLengthException if the output buffer is too small. reset the underlying cipher. This leaves it in the same state it was at after the last init (if there was one). RFC 5246 7.2 This message notifies the recipient that the sender will not send any more messages on this connection. Note that as of TLS 1.1, failure to properly close a connection no longer requires that a session not be resumed. This is a change from TLS 1.0 ("The session becomes unresumable if any connection is terminated without proper close_notify messages with level equal to warning.") to conform with widespread implementation practice. An inappropriate message was received. This alert is always fatal and should never be observed in communication between proper implementations. This alert is returned if a record is received with an incorrect MAC. This alert also MUST be returned if an alert is sent because a TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple of the block length, or its padding values, when checked, weren't correct. This message is always fatal and should never be observed in communication between proper implementations (except when messages were corrupted in the network). This alert was used in some earlier versions of TLS, and may have permitted certain attacks against the CBC mode [CBCATT]. It MUST NOT be sent by compliant implementations. A TLSCiphertext record was received that had a length more than 2^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than 2^14+1024 bytes. This message is always fatal and should never be observed in communication between proper implementations (except when messages were corrupted in the network). The decompression function received improper input (e.g., data that would expand to excessive length). This message is always fatal and should never be observed in communication between proper implementations. Reception of a handshake_failure alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. This is a fatal error. This alert was used in SSLv3 but not any version of TLS. It MUST NOT be sent by compliant implementations. A certificate was corrupt, contained signatures that did not verify correctly, etc. A certificate was of an unsupported type. A certificate was revoked by its signer. A certificate has expired or is not currently valid. Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable. A field in the handshake was out of range or inconsistent with other fields. This message is always fatal. A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal. A valid certificate was received, but when access control was applied, the sender decided not to proceed with negotiation. This message is always fatal. A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This message is always fatal and should never be observed in communication between proper implementations (except when messages were corrupted in the network). A handshake cryptographic operation failed, including being unable to correctly verify a signature or validate a Finished message. This message is always fatal. This alert was used in some earlier versions of TLS. It MUST NOT be sent by compliant implementations. The protocol version the client has attempted to negotiate is recognized but not supported. (For example, old protocol versions might be avoided for security reasons.) This message is always fatal. Returned instead of handshake_failure when a negotiation has failed specifically because the server requires ciphers more secure than those supported by the client. This message is always fatal. An internal error unrelated to the peer or the correctness of the protocol (such as a memory allocation failure) makes it impossible to continue. This message is always fatal. This handshake is being canceled for some reason unrelated to a protocol failure. If the user cancels an operation after the handshake is complete, just closing the connection by sending a close_notify is more appropriate. This alert should be followed by a close_notify. This message is generally a warning. Sent by the client in response to a hello request or by the server in response to a client hello after initial handshaking. Either of these would normally lead to renegotiation; when that is not appropriate, the recipient should respond with this alert. At that point, the original requester can decide whether to proceed with the connection. One case where this would be appropriate is where a server has spawned a process to satisfy a request; the process might receive security parameters (key length, authentication, etc.) at startup, and it might be difficult to communicate changes to these parameters after that point. This message is always a warning. Sent by clients that receive an extended server hello containing an extension that they did not put in the corresponding client hello. This message is always fatal. This alert is sent by servers who are unable to retrieve a certificate chain from the URL supplied by the client (see Section 3.3). This message MAY be fatal - for example if client authentication is required by the server for the handshake to continue and the server is unable to retrieve the certificate chain, it may send a fatal alert. This alert is sent by servers that receive a server_name extension request, but do not recognize the server name. This message MAY be fatal. This alert is sent by clients that receive an invalid certificate status response (see Section 3.6). This message is always fatal. This alert is sent by servers when a certificate hash does not match a client provided certificate_hash. This message is always fatal. If the server does not recognize the PSK identity, it MAY respond with an "unknown_psk_identity" alert message. If TLS_FALLBACK_SCSV appears in ClientHello.cipher_suites and the highest protocol version supported by the server is higher than the version indicated in ClientHello.client_version, the server MUST respond with a fatal inappropriate_fallback alert [..]. RFC 5246 7.2 RFC 2246 Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the particular values (e.g. serialization). A queue for bytes.

This file could be more optimized.

The smallest number which can be written as 2^x which is bigger than i. The initial size for our buffer. The buffer where we store our data. How many bytes at the beginning of the buffer are skipped. How many bytes in the buffer are valid data. Add some data to our buffer. A byte-array to read data from. How many bytes to skip at the beginning of the array. How many bytes to read from the array. The number of bytes which are available in this buffer. Copy some bytes from the beginning of the data to the provided Stream. The Stream to copy the bytes to. How many bytes to copy. If insufficient data is available. If there is a problem copying the data. Read data from the buffer. The buffer where the read data will be copied to. How many bytes to skip at the beginning of buf. How many bytes to read at all. How many bytes from our data to skip. Return a MemoryStream over some bytes at the beginning of the data. How many bytes will be readable. A MemoryStream over the data. If insufficient data is available. Remove some bytes from our data from the beginning. How many bytes to remove. Parsing and encoding of a Certificate struct from RFC 4346.

             opaque ASN.1Cert<2^24-1>;
            
             struct {
                 ASN.1Cert certificate_list<0..2^24-1>;
             } Certificate;
             
@see Org.BouncyCastle.Asn1.X509.X509CertificateStructure
The certificates. @return an array of {@link org.bouncycastle.asn1.x509.Certificate} representing a certificate chain. @return true if this certificate chain contains no certificates, or false otherwise. Encode this {@link Certificate} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link Certificate} from a {@link Stream}. @param input the {@link Stream} to parse from. @return a {@link Certificate} object. @throws IOException Parsing and encoding of a CertificateRequest struct from RFC 4346.

             struct {
                 ClientCertificateType certificate_types<1..2^8-1>;
                 DistinguishedName certificate_authorities<3..2^16-1>
             } CertificateRequest;
             
@see ClientCertificateType @see X509Name
@param certificateTypes see {@link ClientCertificateType} for valid constants. @param certificateAuthorities an {@link IList} of {@link X509Name}. @return an array of certificate types @see {@link ClientCertificateType} @return an {@link IList} of {@link SignatureAndHashAlgorithm} (or null before TLS 1.2). @return an {@link IList} of {@link X509Name} Encode this {@link CertificateRequest} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link CertificateRequest} from a {@link Stream}. @param context the {@link TlsContext} of the current connection. @param input the {@link Stream} to parse from. @return a {@link CertificateRequest} object. @throws IOException Encode this {@link CertificateStatus} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link CertificateStatus} from a {@link Stream}. @param input the {@link Stream} to parse from. @return a {@link CertificateStatus} object. @throws IOException Encode this {@link CertificateStatusRequest} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link CertificateStatusRequest} from a {@link Stream}. @param input the {@link Stream} to parse from. @return a {@link CertificateStatusRequest} object. @throws IOException RFC 6091 @param type see {@link CertChainType} for valid constants. @param urlAndHashList a {@link IList} of {@link UrlAndHash}. @return {@link CertChainType} @return an {@link IList} of {@link UrlAndHash} Encode this {@link CertificateUrl} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link CertificateUrl} from a {@link Stream}. @param context the {@link TlsContext} of the current connection. @param input the {@link Stream} to parse from. @return a {@link CertificateUrl} object. @throws IOException draft-ietf-tls-chacha20-poly1305-04 RFC 2246 A.5 RFC 2246 Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the particular values (e.g. serialization). A combined hash, which implements md5(m) || sha1(m). @see org.bouncycastle.crypto.Digest#update(byte[], int, int) @see org.bouncycastle.crypto.Digest#doFinal(byte[], int) @see org.bouncycastle.crypto.Digest#reset() RFC 2246 6.1 RFC 2246 Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the particular values (e.g. serialization). RFC 2246 6.2.1 Accept various standard DH groups with 'P' at least DefaultMinimumPrimeBits bits. Accept various standard DH groups with 'P' at least the specified number of bits. Accept a custom set of group parameters, subject to a minimum bitlength for 'P'. An IList of acceptable DHParameters. The minimum acceptable bitlength of the 'P' parameter. Accept only the group parameters specified in RFC 5054 Appendix A. Specify a custom set of acceptable group parameters. @param groups a {@link Vector} of acceptable {@link SRP6GroupParameters} Buffers input until the hash algorithm is determined. @return a {@link SignatureAndHashAlgorithm} (or null before TLS 1.2). Encode this {@link DigitallySigned} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link DigitallySigned} from a {@link Stream}. @param context the {@link TlsContext} of the current connection. @param input the {@link Stream} to parse from. @return a {@link DigitallySigned} object. @throws IOException Check that there are no "extra" messages left in the current inbound flight RFC 4347 4.1.2.5 Anti-replay

Support fast rejection of duplicate records by maintaining a sliding receive window Check whether a received record with the given sequence number should be rejected as a duplicate. @param seq the 48-bit DTLSPlainText.sequence_number field of a received record. @return true if the record should be discarded without further processing. Report that a received record with the given sequence number passed authentication checks. @param seq the 48-bit DTLSPlainText.sequence_number field of an authenticated record. When a new epoch begins, sequence numbers begin again at 0

RFC 4492 5.4. (Errata ID: 2389)
RFC 4492 5.4 Indicates the elliptic curve domain parameters are conveyed verbosely, and the underlying finite field is a prime field. Indicates the elliptic curve domain parameters are conveyed verbosely, and the underlying finite field is a characteristic-2 field. Indicates that a named curve is used. This option SHOULD be used when applicable. RFC 4492 5.1.2 RFC 2246 Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the particular values (e.g. serialization). RFC 5705 RFC 5246 7.4.1.4.1 Encode this {@link HeartbeatExtension} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link HeartbeatExtension} from a {@link Stream}. @param input the {@link Stream} to parse from. @return a {@link HeartbeatExtension} object. @throws IOException Encode this {@link HeartbeatMessage} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link HeartbeatMessage} from a {@link Stream}. @param input the {@link Stream} to parse from. @return a {@link HeartbeatMessage} object. @throws IOException RFC 2246 Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the particular values (e.g. serialization). RFC 2246 Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the particular values (e.g. serialization). RFC 4492 5.1.1 The named curves defined here are those specified in SEC 2 [13]. Note that many of these curves are also recommended in ANSI X9.62 [7] and FIPS 186-2 [11]. Values 0xFE00 through 0xFEFF are reserved for private use. Values 0xFF01 and 0xFF02 indicate that the client supports arbitrary prime and characteristic-2 curves, respectively (the curve parameters must be encoded explicitly in ECParameters). Encode this {@link NewSessionTicket} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link NewSessionTicket} from a {@link Stream}. @param input the {@link Stream} to parse from. @return a {@link NewSessionTicket} object. @throws IOException RFC 3546 3.6 @param responderIDList an {@link IList} of {@link ResponderID}, specifying the list of trusted OCSP responders. An empty list has the special meaning that the responders are implicitly known to the server - e.g., by prior arrangement. @param requestExtensions OCSP request extensions. A null value means that there are no extensions. @return an {@link IList} of {@link ResponderID} @return OCSP request extensions Encode this {@link OcspStatusRequest} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link OcspStatusRequest} from a {@link Stream}. @param input the {@link Stream} to parse from. @return an {@link OcspStatusRequest} object. @throws IOException RFC 5246 Note that the values here are implementation-specific and arbitrary. It is recommended not to depend on the particular values (e.g. serialization). An implementation of the TLS 1.0/1.1/1.2 record layer, allowing downgrade to SSLv3. RFC 5246 E.1. "Earlier versions of the TLS specification were not fully clear on what the record layer version number (TLSPlaintext.version) should contain when sending ClientHello (i.e., before it is known which version of the protocol will be employed). Thus, TLS servers compliant with this specification MUST accept any value {03,XX} as the record layer version number for ClientHello." @return {@link ConnectionEnd} @return {@link CipherSuite} @return {@link CompressionMethod} @return {@link PRFAlgorithm} Encode this {@link ServerName} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link ServerName} from a {@link Stream}. @param input the {@link Stream} to parse from. @return a {@link ServerName} object. @throws IOException @param serverNameList an {@link IList} of {@link ServerName}. @return an {@link IList} of {@link ServerName}. Encode this {@link ServerNameList} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link ServerNameList} from a {@link Stream}. @param input the {@link Stream} to parse from. @return a {@link ServerNameList} object. @throws IOException Encode this {@link ServerSRPParams} to an {@link OutputStream}. @param output the {@link OutputStream} to encode to. @throws IOException Parse a {@link ServerSRPParams} from an {@link InputStream}. @param input the {@link InputStream} to parse from. @return a {@link ServerSRPParams} object. @throws IOException RFC 5246 7.4.1.4.1 (in RFC 2246, there were no specific values assigned) RFC 5246 7.4.1.4.1 @param hash {@link HashAlgorithm} @param signature {@link SignatureAlgorithm} @return {@link HashAlgorithm} @return {@link SignatureAlgorithm} Encode this {@link SignatureAndHashAlgorithm} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link SignatureAndHashAlgorithm} from a {@link Stream}. @param input the {@link Stream} to parse from. @return a {@link SignatureAndHashAlgorithm} object. @throws IOException An implementation of {@link TlsSRPIdentityManager} that simulates the existence of "unknown" identities to obscure the fact that there is no verifier for them. Create a {@link SimulatedTlsSRPIdentityManager} that implements the algorithm from RFC 5054 2.5.1.3 @param group the {@link SRP6GroupParameters} defining the group that SRP is operating in @param seedKey the secret "seed key" referred to in RFC 5054 2.5.1.3 @return an instance of {@link SimulatedTlsSRPIdentityManager} HMAC implementation based on original internet draft for HMAC (RFC 2104) The difference is that padding is concatentated versus XORed with the key H(K + opad, H(K + ipad, text)) Base constructor for one of the standard digest algorithms that the byteLength of the algorithm is know for. Behaviour is undefined for digests other than MD5 or SHA1. @param digest the digest. Reset the mac generator. RFC 4680 Called by the protocol handler to report the server certificate. This method is responsible for certificate verification and validation The server received Return client credentials in response to server's certificate request A containing server certificate request details A to be used for client authentication (or null for no client authentication) A generic TLS 1.0-1.2 / SSLv3 block cipher. This can be used for AES or 3DES for example. Called at the start of a new TLS session, before any other methods. A Return the session this client wants to resume, if any. Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated. A representing the resumable session to be used for this connection, or null to use a new session. Return the to use for the TLSPlaintext.version field prior to receiving the server version. NOTE: This method is not called for DTLS. See RFC 5246 E.1.: "TLS clients that wish to negotiate with older servers MAY send any value {03,XX} as the record layer version number. Typical values would be {03,00}, the lowest version number supported by the client, and the value of ClientHello.client_version. No single value will guarantee interoperability with all old servers, but this is a complex topic beyond the scope of this document." The to use. Get the list of cipher suites that this client supports. An array of values, each specifying a supported cipher suite. Get the list of compression methods that this client supports. An array of values, each specifying a supported compression method. Get the (optional) table of client extensions to be included in (extended) client hello. A (Int32 -> byte[]). May be null. Notifies the client of the session_id sent in the ServerHello. An array of Report the cipher suite that was selected by the server. The protocol handler validates this value against the offered cipher suites A Report the compression method that was selected by the server. The protocol handler validates this value against the offered compression methods A Report the extensions from an extended server hello. Will only be called if we returned a non-null result from . A (Int32 -> byte[]) A list of Return an implementation of to negotiate the key exchange part of the protocol. A Return an implementation of to handle authentication part of the protocol. A list of RFC 5077 3.3. NewSessionTicket Handshake Message This method will be called (only) when a NewSessionTicket handshake message is received. The ticket is opaque to the client and clients MUST NOT examine the ticket under the assumption that it complies with e.g. RFC 5077 4. Recommended Ticket Construction. The ticket Constructor for blocking mode. @param stream The bi-directional stream of data to/from the server @param secureRandom Random number generator for various cryptographic functions Constructor for blocking mode. @param input The stream of data from the server @param output The stream of data to the server @param secureRandom Random number generator for various cryptographic functions Constructor for non-blocking mode.

When data is received, use {@link #offerInput(java.nio.ByteBuffer)} to provide the received ciphertext, then use {@link #readInput(byte[], int, int)} to read the corresponding cleartext.

Similarly, when data needs to be sent, use {@link #offerOutput(byte[], int, int)} to provide the cleartext, then use {@link #readOutput(byte[], int, int)} to get the corresponding ciphertext. @param secureRandom Random number generator for various cryptographic functions
Initiates a TLS handshake in the role of client.

In blocking mode, this will not return until the handshake is complete. In non-blocking mode, use {@link TlsPeer#NotifyHandshakeComplete()} to receive a callback when the handshake is complete. @param tlsClient The {@link TlsClient} to use for the handshake. @throws IOException If in blocking mode and handshake was not successful.
Used to get the resumable session, if any, used by this connection. Only available after the handshake has successfully completed. @return A {@link TlsSession} representing the resumable session used by this connection, or null if no resumable session available. @see TlsPeer#NotifyHandshakeComplete() Export keying material according to RFC 5705: "Keying Material Exporters for TLS". @param asciiLabel indicates which application will use the exported keys. @param context_value allows the application using the exporter to mix its own data with the TLS PRF for the exporter output. @param length the number of bytes to generate @return a pseudorandom bit string of 'length' bytes generated from the master_secret. (D)TLS DH key exchange. An interface for verifying that Diffie-Hellman parameters are acceptable. Verify that the given DHParameters are acceptable. The DHParameters to verify. true if (and only if) the specified parameters are acceptable. (D)TLS ECDHE key exchange (see RFC 4492). (D)TLS ECDH key exchange (see RFC 4492). A generic interface for key exchange implementations in (D)TLS. A generic TLS MAC implementation, acting as an HMAC based on some underlying Digest. Generate a new instance of an TlsMac. @param context the TLS client context @param digest The digest to use. @param key A byte-array where the key for this MAC is located. @param keyOff The number of bytes to skip, before the key starts in the buffer. @param keyLen The length of the key. @return the MAC write secret @return The output length of this MAC. Calculate the MAC for some given data. @param type The message type of the message. @param message A byte-buffer containing the message. @param offset The number of bytes to skip, before the message starts. @param length The length of the message. @return A new byte-buffer containing the MAC value. This exception will be thrown(only) when the connection is closed by the peer without sending a close_notify warning alert. If this happens, the TLS protocol cannot rule out truncation of the connection data (potentially malicious). It may be possible to check for truncation via some property of a higher level protocol built upon TLS, e.g.the Content-Length header for HTTPS. A NULL CipherSuite, with optional MAC. This implementation supports RFC 7627 and will always negotiate the extended_master_secret extension where possible. When connecting to a peer that does not offer/accept this extension, it is recommended to abort the handshake. This option is provided for interoperability with legacy peers, although some TLS features will be disabled in that case (see RFC 7627 5.4). true if the handshake should be aborted when the peer does not negotiate the extended_master_secret extension, or false to support legacy interoperability. draft-mathewson-no-gmtunixtime-00 2. "If existing users of a TLS implementation may rely on gmt_unix_time containing the current time, we recommend that implementors MAY provide the ability to set gmt_unix_time as an option only, off by default." true if the current time should be used in the gmt_unix_time field of Random, or false if gmt_unix_time should contain a cryptographically random value. Report whether the server supports secure renegotiation The protocol handler automatically processes the relevant extensions A , true if the server supports secure renegotiation Return an implementation of to handle record compression. A Return an implementation of to use for encryption/decryption. A This method will be called when an alert is raised by the protocol. A human-readable message explaining what caused this alert. May be null. The Exception that caused this alert to be raised. May be null. This method will be called when an alert is received from the remote peer. Notifies the peer that the handshake has been successfully completed. This method is called, when a change cipher spec message is received. @throws IOException If the message has an invalid content or the handshake is not in the correct state. Read data from the network. The method will return immediately, if there is still some data left in the buffer, or block until some application data has been read from the network. @param buf The buffer where the data will be copied to. @param offset The position where the data will be placed in the buffer. @param len The maximum number of bytes to read. @return The number of bytes read. @throws IOException If something goes wrong during reading data. Send some application data to the remote system.

The method will handle fragmentation internally. @param buf The buffer with the data. @param offset The position in the buffer where the data is placed. @param len The length of the data. @throws IOException If something goes wrong during sending.

The secure bidirectional stream for this connection Only allowed in blocking mode.
Should be called in non-blocking mode when the input data reaches EOF. Offer input from an arbitrary source. Only allowed in non-blocking mode.

After this method returns, the input buffer is "owned" by this object. Other code must not attempt to do anything with it.

This method will decrypt and process all records that are fully available. If only part of a record is available, the buffer will be retained until the remainder of the record is offered.

If any records containing application data were processed, the decrypted data can be obtained using {@link #readInput(byte[], int, int)}. If any records containing protocol data were processed, a response may have been generated. You should always check to see if there is any available output after calling this method by calling {@link #getAvailableOutputBytes()}. @param input The input buffer to offer @throws IOException If an error occurs while decrypting or processing a record
Gets the amount of received application data. A call to {@link #readInput(byte[], int, int)} is guaranteed to be able to return at least this much data.

Only allowed in non-blocking mode. @return The number of bytes of available application data
Retrieves received application data. Use {@link #getAvailableInputBytes()} to check how much application data is currently available. This method functions similarly to {@link InputStream#read(byte[], int, int)}, except that it never blocks. If no data is available, nothing will be copied and zero will be returned.

Only allowed in non-blocking mode. @param buffer The buffer to hold the application data @param offset The start offset in the buffer at which the data is written @param length The maximum number of bytes to read @return The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.
Offer output from an arbitrary source. Only allowed in non-blocking mode.

After this method returns, the specified section of the buffer will have been processed. Use {@link #readOutput(byte[], int, int)} to get the bytes to transmit to the other peer.

This method must not be called until after the handshake is complete! Attempting to call it before the handshake is complete will result in an exception. @param buffer The buffer containing application data to encrypt @param offset The offset at which to begin reading data @param length The number of bytes of data to read @throws IOException If an error occurs encrypting the data, or the handshake is not complete
Gets the amount of encrypted data available to be sent. A call to {@link #readOutput(byte[], int, int)} is guaranteed to be able to return at least this much data.

Only allowed in non-blocking mode. @return The number of bytes of available encrypted data
Retrieves encrypted data to be sent. Use {@link #getAvailableOutputBytes()} to check how much encrypted data is currently available. This method functions similarly to {@link InputStream#read(byte[], int, int)}, except that it never blocks. If no data is available, nothing will be copied and zero will be returned.

Only allowed in non-blocking mode. @param buffer The buffer to hold the encrypted data @param offset The start offset in the buffer at which the data is written @param length The maximum number of bytes to read @return The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.
Closes this connection. @throws IOException If something goes wrong during closing. Make sure the InputStream 'buf' now empty. Fail otherwise. @param buf The InputStream to check. @throws IOException If 'buf' is not empty. 'sender' only relevant to SSLv3 Both streams can be the same object (D)TLS PSK key exchange (RFC 4279). (D)TLS and SSLv3 RSA key exchange. A (Int32 -> byte[]). Will never be null. Get the (optional) table of server extensions to be included in (extended) server hello. A (Int32 -> byte[]). May be null. A (). May be null. This method will be called (only) if the server included an extension of type "status_request" with empty "extension_data" in the extended server hello. See RFC 3546 3.6. Certificate Status Request. If a non-null is returned, it is sent to the client as a handshake message of type "certificate_status". A to be sent to the client (or null for none). () Called by the protocol handler to report the client certificate, only if GetCertificateRequest returned non-null. Note: this method is responsible for certificate verification and validation. the effective client certificate (may be an empty chain). RFC 5077 3.3. NewSessionTicket Handshake Message. This method will be called (only) if a NewSessionTicket extension was sent by the server. See RFC 5077 4. Recommended Ticket Construction for recommended format and protection. The ticket) Constructor for blocking mode. @param stream The bi-directional stream of data to/from the client @param output The stream of data to the client @param secureRandom Random number generator for various cryptographic functions Constructor for blocking mode. @param input The stream of data from the client @param output The stream of data to the client @param secureRandom Random number generator for various cryptographic functions Constructor for non-blocking mode.

When data is received, use {@link #offerInput(java.nio.ByteBuffer)} to provide the received ciphertext, then use {@link #readInput(byte[], int, int)} to read the corresponding cleartext.

Similarly, when data needs to be sent, use {@link #offerOutput(byte[], int, int)} to provide the cleartext, then use {@link #readOutput(byte[], int, int)} to get the corresponding ciphertext. @param secureRandom Random number generator for various cryptographic functions
Receives a TLS handshake in the role of server.

In blocking mode, this will not return until the handshake is complete. In non-blocking mode, use {@link TlsPeer#notifyHandshakeComplete()} to receive a callback when the handshake is complete. @param tlsServer @throws IOException If in blocking mode and handshake was not successful.
Check whether the given SRP group parameters are acceptable for use. @param group the {@link SRP6GroupParameters} to check @return true if (and only if) the specified group parameters are acceptable Lookup the {@link TlsSRPLoginParameters} corresponding to the specified identity. NOTE: To avoid "identity probing", unknown identities SHOULD be handled as recommended in RFC 5054 2.5.1.3. {@link SimulatedTlsSRPIdentityManager} is provided for this purpose. @param identity the SRP identity sent by the connecting client @return the {@link TlsSRPLoginParameters} for the specified identity, or else 'simulated' parameters if the identity is not recognized. A null value is also allowed, but not recommended. (D)TLS SRP key exchange (RFC 5054). RFC 5764 DTLS Extension to Establish Keys for SRTP. Some helper functions for MicroTLS. Add a 'signature_algorithms' extension to existing extensions. @param extensions A {@link Hashtable} to add the extension to. @param supportedSignatureAlgorithms {@link Vector} containing at least 1 {@link SignatureAndHashAlgorithm}. @throws IOException Get a 'signature_algorithms' extension from extensions. @param extensions A {@link Hashtable} to get the extension from, if it is present. @return A {@link Vector} containing at least 1 {@link SignatureAndHashAlgorithm}, or null. @throws IOException Create a 'signature_algorithms' extension value. @param supportedSignatureAlgorithms A {@link Vector} containing at least 1 {@link SignatureAndHashAlgorithm}. @return A byte array suitable for use as an extension value. @throws IOException Read 'signature_algorithms' extension data. @param extensionData The extension data. @return A {@link Vector} containing at least 1 {@link SignatureAndHashAlgorithm}. @throws IOException RFC 6066 5. Encode this {@link UrlAndHash} to a {@link Stream}. @param output the {@link Stream} to encode to. @throws IOException Parse a {@link UrlAndHash} from a {@link Stream}. @param context the {@link TlsContext} of the current connection. @param input the {@link Stream} to parse from. @return a {@link UrlAndHash} object. @throws IOException RFC 4681 RFC 5764 4.1.1 @param protectionProfiles see {@link SrtpProtectionProfile} for valid constants. @param mki valid lengths from 0 to 255. @return see {@link SrtpProtectionProfile} for valid constants. @return valid lengths from 0 to 255. Create an AlgorithmIdentifier for the passed in encryption algorithm. @param encryptionOID OID for the encryption algorithm @param keySize key size in bits (-1 if unknown) @param random SecureRandom to use for parameter generation. @return a full AlgorithmIdentifier including parameters @throws IllegalArgumentException if encryptionOID cannot be matched Create a key generator for the passed in Object Identifier. @param algorithm the Object Identifier indicating the algorithn the generator is for. @param random a source of random to initialise the generator with. @return an initialised CipherKeyGenerator. @throws IllegalArgumentException if the algorithm cannot be identified. return a = a + b - b preserved. unsigned comparison on two arrays - note the arrays may start with leading zeros. return z = x / y - done in place (z value preserved, x contains the remainder) return whether or not a BigInteger is probably prime with a probability of 1 - (1/2)**certainty.

From Knuth Vol 2, pg 395.

Calculate the numbers u1, u2, and u3 such that: u1 * a + u2 * b = u3 where u3 is the greatest common divider of a and b. a and b using the extended Euclid algorithm (refer p. 323 of The Art of Computer Programming vol 2, 2nd ed). This also seems to have the side effect of calculating some form of multiplicative inverse. @param a First number to calculate gcd for @param b Second number to calculate gcd for @param u1Out the return object for the u1 value @return The greatest common divisor of a and b return w with w = x * x - w is assumed to have enough space. return x with x = y * z - x is assumed to have enough space. Calculate mQuote = -m^(-1) mod b with b = 2^32 (32 = word size) Montgomery multiplication: a = x * y * R^(-1) mod m
Based algorithm 14.36 of Handbook of Applied Cryptography.
  • m, x, y should have length n
  • a should have length (n + 1)
  • b = 2^32, R = b^n

  • The result is put in x
    NOTE: the indices of x, y, m, a different in HAC and in Java
    return x = x % y - done in place (y value preserved) do a left shift - this returns a new array. do a right shift - this does it in place. do a right shift by one - this does it in place. returns x = x - y - we assume x is >= y Class representing a simple version of a big decimal. A SimpleBigDecimal is basically a {@link java.math.BigInteger BigInteger} with a few digits on the right of the decimal point. The number of (binary) digits on the right of the decimal point is called the scale of the SimpleBigDecimal. Unlike in {@link java.math.BigDecimal BigDecimal}, the scale is not adjusted automatically, but must be set manually. All SimpleBigDecimals taking part in the same arithmetic operation must have equal scale. The result of a multiplication of two SimpleBigDecimals returns a SimpleBigDecimal with double scale. Returns a SimpleBigDecimal representing the same numerical value as value. @param value The value of the SimpleBigDecimal to be created. @param scale The scale of the SimpleBigDecimal to be created. @return The such created SimpleBigDecimal. Constructor for SimpleBigDecimal. The value of the constructed SimpleBigDecimal Equals bigInt / 2scale. @param bigInt The bigInt value parameter. @param scale The scale of the constructed SimpleBigDecimal. Class holding methods for point multiplication based on the window τ-adic nonadjacent form (WTNAF). The algorithms are based on the paper "Improved Algorithms for Arithmetic on Anomalous Binary Curves" by Jerome A. Solinas. The paper first appeared in the Proceedings of Crypto 1997. The window width of WTNAF. The standard value of 4 is slightly less than optimal for running time, but keeps space requirements for precomputation low. For typical curves, a value of 5 or 6 results in a better running time. When changing this value, the αu's must be computed differently, see e.g. "Guide to Elliptic Curve Cryptography", Darrel Hankerson, Alfred Menezes, Scott Vanstone, Springer-Verlag New York Inc., 2004, p. 121-122 24 The αu's for a=0 as an array of ZTauElements. The αu's for a=0 as an array of TNAFs. The αu's for a=1 as an array of ZTauElements. The αu's for a=1 as an array of TNAFs. Computes the norm of an element λ of Z[τ]. @param mu The parameter μ of the elliptic curve. @param lambda The element λ of Z[τ]. @return The norm of λ. Computes the norm of an element λ of R[τ], where λ = u + vτ and u and u are real numbers (elements of R). @param mu The parameter μ of the elliptic curve. @param u The real part of the element λ of R[τ]. @param v The τ-adic part of the element λ of R[τ]. @return The norm of λ. Rounds an element λ of R[τ] to an element of Z[τ], such that their difference has minimal norm. λ is given as λ = λ0 + λ1τ. @param lambda0 The component λ0. @param lambda1 The component λ1. @param mu The parameter μ of the elliptic curve. Must equal 1 or -1. @return The rounded element of Z[τ]. @throws ArgumentException if lambda0 and lambda1 do not have same scale. Approximate division by n. For an integer k, the value λ = s k / n is computed to c bits of accuracy. @param k The parameter k. @param s The curve parameter s0 or s1. @param vm The Lucas Sequence element Vm. @param a The parameter a of the elliptic curve. @param m The bit length of the finite field Fm. @param c The number of bits of accuracy, i.e. the scale of the returned SimpleBigDecimal. @return The value λ = s k / n computed to c bits of accuracy. Computes the τ-adic NAF (non-adjacent form) of an element λ of Z[τ]. @param mu The parameter μ of the elliptic curve. @param lambda The element λ of Z[τ]. @return The τ-adic NAF of λ. Applies the operation τ() to an AbstractF2mPoint. @param p The AbstractF2mPoint to which τ() is applied. @return τ(p) Returns the parameter μ of the elliptic curve. @param curve The elliptic curve from which to obtain μ. The curve must be a Koblitz curve, i.e. a Equals 0 or 1 and b Equals 1. @return μ of the elliptic curve. @throws ArgumentException if the given ECCurve is not a Koblitz curve. Calculates the Lucas Sequence elements Uk-1 and Uk or Vk-1 and Vk. @param mu The parameter μ of the elliptic curve. @param k The index of the second element of the Lucas Sequence to be returned. @param doV If set to true, computes Vk-1 and Vk, otherwise Uk-1 and Uk. @return An array with 2 elements, containing Uk-1 and Uk or Vk-1 and Vk. Computes the auxiliary value tw. If the width is 4, then for mu = 1, tw = 6 and for mu = -1, tw = 10 @param mu The parameter μ of the elliptic curve. @param w The window width of the WTNAF. @return the auxiliary value tw Computes the auxiliary values s0 and s1 used for partial modular reduction. @param curve The elliptic curve for which to compute s0 and s1. @throws ArgumentException if curve is not a Koblitz curve (Anomalous Binary Curve, ABC). Partial modular reduction modulo m - 1)/(τ - 1). @param k The integer to be reduced. @param m The bitlength of the underlying finite field. @param a The parameter a of the elliptic curve. @param s The auxiliary values s0 and s1. @param mu The parameter μ of the elliptic curve. @param c The precision (number of bits of accuracy) of the partial modular reduction. @return ρ := k partmod (τm - 1)/(τ - 1) Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint} by a BigInteger using the reduced τ-adic NAF (RTNAF) method. @param p The AbstractF2mPoint to Multiply. @param k The BigInteger by which to Multiply p. @return k * p Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint} by an element λ of Z[τ] using the τ-adic NAF (TNAF) method. @param p The AbstractF2mPoint to Multiply. @param lambda The element λ of Z[τ]. @return λ * p Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint} by an element λ of Z[τ] using the τ-adic NAF (TNAF) method, given the TNAF of λ. @param p The AbstractF2mPoint to Multiply. @param u The the TNAF of λ.. @return λ * p Computes the [τ]-adic window NAF of an element λ of Z[τ]. @param mu The parameter μ of the elliptic curve. @param lambda The element λ of Z[τ] of which to compute the [τ]-adic NAF. @param width The window width of the resulting WNAF. @param pow2w 2width. @param tw The auxiliary value tw. @param alpha The αu's for the window width. @return The [τ]-adic window NAF of λ. Does the precomputation for WTNAF multiplication. @param p The ECPoint for which to do the precomputation. @param a The parameter a of the elliptic curve. @return The precomputation array for p. Class representing an element of Z[τ]. Let λ be an element of Z[τ]. Then λ is given as λ = u + vτ. The components u and v may be used directly, there are no accessor methods. Immutable class. The "real" part of λ. The "τ-adic" part of λ. Constructor for an element λ of Z[τ]. @param u The "real" part of λ. @param v The "τ-adic" part of λ. return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.CreatePoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.createPoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.createPoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(boolean)} Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.CreatePoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.CreatePoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.CreatePoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.createPoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.createPoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.createPoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.createPoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.createPoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.createPoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.createPoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Create a point which encodes with point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @deprecated Use ECCurve.createPoint to construct points Create a point that encodes with or without point compresion. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} @deprecated Use ECCurve.createPoint to construct points @deprecated per-point compression property will be removed, refer {@link #getEncoded(bool)} Simple shift-and-add multiplication. Serves as reference implementation to verify (possibly faster) implementations, and for very small scalars. @param p The point to multiply. @param k The multiplier. @return The result of the point multiplication kP. Base class for an elliptic curve. Compute a PreCompInfo for a point on this curve, under a given name. Used by ECMultipliers to save the precomputation for this ECPoint for use by subsequent multiplication. @param point The ECPoint to store precomputations for. @param name A String used to index precomputations of different types. @param callback Called to calculate the PreCompInfo. Normalization ensures that any projective coordinate is 1, and therefore that the x, y coordinates reflect those of the equivalent point in an affine coordinate system. Where more than one point is to be normalized, this method will generally be more efficient than normalizing each point separately. @param points An array of points that will be updated in place with their normalized versions, where necessary Normalization ensures that any projective coordinate is 1, and therefore that the x, y coordinates reflect those of the equivalent point in an affine coordinate system. Where more than one point is to be normalized, this method will generally be more efficient than normalizing each point separately. An (optional) z-scaling factor can be applied; effectively each z coordinate is scaled by this value prior to normalization (but only one actual multiplication is needed). @param points An array of points that will be updated in place with their normalized versions, where necessary @param off The start of the range of points to normalize @param len The length of the range of points to normalize @param iso The (optional) z-scaling factor - can be null Create a cache-safe lookup table for the specified sequence of points. All the points MUST belong to this ECCurve instance, and MUST already be normalized. Sets the default ECMultiplier, unless already set. Decode a point on this curve from its ASN.1 encoding. The different encodings are taken account of, including point compression for Fp (X9.62 s 4.2.1 pg 17). @return The decoded point. Elliptic curve over Fp The auxiliary values s0 and s1 used for partial modular reduction for Koblitz curves. Solves a quadratic equation z2 + z = beta(X9.62 D.1.6) The other solution is z + 1. @param beta The value to solve the quadratic equation for. @return the solution for z2 + z = beta or null if no solution exists. @return the auxiliary values s0 and s1 used for partial modular reduction for Koblitz curves. Returns true if this is a Koblitz curve (ABC curve). @return true if this is a Koblitz curve (ABC curve), false otherwise Elliptic curves over F2m. The Weierstrass equation is given by y2 + xy = x3 + ax2 + b. The exponent m of F2m. TPB: The integer k where xm + xk + 1 represents the reduction polynomial f(z).
    PPB: The integer k1 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z).
    TPB: Always set to 0
    PPB: The integer k2 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z).
    TPB: Always set to 0
    PPB: The integer k3 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z).
    The point at infinity on this curve. Constructor for Trinomial Polynomial Basis (TPB). @param m The exponent m of F2m. @param k The integer k where xm + xk + 1 represents the reduction polynomial f(z). @param a The coefficient a in the Weierstrass equation for non-supersingular elliptic curves over F2m. @param b The coefficient b in the Weierstrass equation for non-supersingular elliptic curves over F2m. Constructor for Trinomial Polynomial Basis (TPB). @param m The exponent m of F2m. @param k The integer k where xm + xk + 1 represents the reduction polynomial f(z). @param a The coefficient a in the Weierstrass equation for non-supersingular elliptic curves over F2m. @param b The coefficient b in the Weierstrass equation for non-supersingular elliptic curves over F2m. @param order The order of the main subgroup of the elliptic curve. @param cofactor The cofactor of the elliptic curve, i.e. #Ea(F2m) = h * n. Constructor for Pentanomial Polynomial Basis (PPB). @param m The exponent m of F2m. @param k1 The integer k1 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z). @param k2 The integer k2 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z). @param k3 The integer k3 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z). @param a The coefficient a in the Weierstrass equation for non-supersingular elliptic curves over F2m. @param b The coefficient b in the Weierstrass equation for non-supersingular elliptic curves over F2m. Constructor for Pentanomial Polynomial Basis (PPB). @param m The exponent m of F2m. @param k1 The integer k1 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z). @param k2 The integer k2 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z). @param k3 The integer k3 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z). @param a The coefficient a in the Weierstrass equation for non-supersingular elliptic curves over F2m. @param b The coefficient b in the Weierstrass equation for non-supersingular elliptic curves over F2m. @param order The order of the main subgroup of the elliptic curve. @param cofactor The cofactor of the elliptic curve, i.e. #Ea(F2m) = h * n. Return true if curve uses a Trinomial basis. @return true if curve Trinomial, false otherwise. return the field name for this field. @return the string "Fp". return a sqrt root - the routine verifies that the calculation returns the right value - if none exists it returns null. Class representing the Elements of the finite field F2m in polynomial basis (PB) representation. Both trinomial (Tpb) and pentanomial (Ppb) polynomial basis representations are supported. Gaussian normal basis (GNB) representation is not supported. Indicates gaussian normal basis representation (GNB). Number chosen according to X9.62. GNB is not implemented at present. Indicates trinomial basis representation (Tpb). Number chosen according to X9.62. Indicates pentanomial basis representation (Ppb). Number chosen according to X9.62. Tpb or Ppb. The exponent m of F2m. The LongArray holding the bits. Constructor for Ppb. @param m The exponent m of F2m. @param k1 The integer k1 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z). @param k2 The integer k2 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z). @param k3 The integer k3 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z). @param x The BigInteger representing the value of the field element. Constructor for Tpb. @param m The exponent m of F2m. @param k The integer k where xm + xk + 1 represents the reduction polynomial f(z). @param x The BigInteger representing the value of the field element. Checks, if the ECFieldElements a and b are elements of the same field F2m (having the same representation). @param a field element. @param b field element to be compared. @throws ArgumentException if a and b are not elements of the same field F2m (having the same representation). @return the representation of the field F2m, either of {@link F2mFieldElement.Tpb} (trinomial basis representation) or {@link F2mFieldElement.Ppb} (pentanomial basis representation). @return the degree m of the reduction polynomial f(z). @return Tpb: The integer k where xm + xk + 1 represents the reduction polynomial f(z).
    Ppb: The integer k1 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z).
    @return Tpb: Always returns 0
    Ppb: The integer k2 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z).
    @return Tpb: Always set to 0
    Ppb: The integer k3 where xm + xk3 + xk2 + xk1 + 1 represents the reduction polynomial f(z).
    base class for points on elliptic curves. Returns the affine x-coordinate after checking that this point is normalized. @return The affine x-coordinate of this point @throws IllegalStateException if the point is not normalized Returns the affine y-coordinate after checking that this point is normalized @return The affine y-coordinate of this point @throws IllegalStateException if the point is not normalized Returns the x-coordinate. Caution: depending on the curve's coordinate system, this may not be the same value as in an affine coordinate system; use Normalize() to get a point where the coordinates have their affine values, or use AffineXCoord if you expect the point to already have been normalized. @return the x-coordinate of this point Returns the y-coordinate. Caution: depending on the curve's coordinate system, this may not be the same value as in an affine coordinate system; use Normalize() to get a point where the coordinates have their affine values, or use AffineYCoord if you expect the point to already have been normalized. @return the y-coordinate of this point Normalization ensures that any projective coordinate is 1, and therefore that the x, y coordinates reflect those of the equivalent point in an affine coordinate system. @return a new ECPoint instance representing the same point, but with normalized coordinates return the field element encoded with point compression. (S 4.3.6) Multiplies this ECPoint by the given number. @param k The multiplicator. @return k * this. Elliptic curve points over Fp Create a point which encodes without point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate Create a point that encodes with or without point compression. @param curve the curve to use @param x affine x co-ordinate @param y affine y co-ordinate @param withCompression if true encode with point compression Elliptic curve points over F2m @param curve base curve @param x x point @param y y point @param curve base curve @param x x point @param y y point @param withCompression true if encode with point compression. Joye's double-add algorithm. Interface for classes encapsulating a point multiplication algorithm for ECPoints. Multiplies the ECPoint p by k, i.e. p is added k times to itself. @param p The ECPoint to be multiplied. @param k The factor by which p is multiplied. @return p multiplied by k. Class holding precomputation data for fixed-point multiplications. Lookup table for the precomputed ECPoints used for a fixed point multiplication. The width used for the precomputation. If a larger width precomputation is already available this may be larger than was requested, so calling code should refer to the actual width. Class implementing the NAF (Non-Adjacent Form) multiplication algorithm (right-to-left) using mixed coordinates. By default, addition will be done in Jacobian coordinates, and doubling will be done in Modified Jacobian coordinates (independent of the original coordinate system of each point). Montgomery ladder. Class implementing the NAF (Non-Adjacent Form) multiplication algorithm (left-to-right). Class implementing the NAF (Non-Adjacent Form) multiplication algorithm (right-to-left). Interface for classes storing precomputation data for multiplication algorithms. Used as a Memento (see GOF patterns) for WNafMultiplier. Class implementing the WNAF (Window Non-Adjacent Form) multiplication algorithm. Multiplies this by an integer k using the Window NAF method. @param k The integer by which this is multiplied. @return A new ECPoint which equals this multiplied by k. Determine window width to use for a scalar multiplication of the given size. @param bits the bit-length of the scalar to multiply by @return the window size to use Class holding precomputation data for the WNAF (Window Non-Adjacent Form) algorithm. Array holding the precomputed ECPoints used for a Window NAF multiplication. Array holding the negations of the precomputed ECPoints used for a Window NAF multiplication. Holds an ECPoint representing Twice(this). Used for the Window NAF multiplication to create or extend the precomputed values. Computes the Window NAF (non-adjacent Form) of an integer. @param width The width w of the Window NAF. The width is defined as the minimal number w, such that for any w consecutive digits in the resulting representation, at most one is non-zero. @param k The integer of which the Window NAF is computed. @return The Window NAF of the given width, such that the following holds: k = &sum;i=0l-1 ki2i , where the ki denote the elements of the returned byte[]. Determine window width to use for a scalar multiplication of the given size. @param bits the bit-length of the scalar to multiply by @return the window size to use Determine window width to use for a scalar multiplication of the given size. @param bits the bit-length of the scalar to multiply by @param windowSizeCutoffs a monotonically increasing list of bit sizes at which to increment the window width @return the window size to use Class implementing the WTNAF (Window τ-adic Non-Adjacent Form) algorithm. Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint} by k using the reduced τ-adic NAF (RTNAF) method. @param p The AbstractF2mPoint to multiply. @param k The integer by which to multiply k. @return p multiplied by k. Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint} by an element λ of Z[τ] using the τ-adic NAF (TNAF) method. @param p The AbstractF2mPoint to multiply. @param lambda The element λ of Z[τ] of which to compute the [τ]-adic NAF. @return p multiplied by λ. Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint} by an element λ of Z[τ] using the window τ-adic NAF (TNAF) method, given the WTNAF of λ. @param p The AbstractF2mPoint to multiply. @param u The the WTNAF of λ.. @return λ * p Class holding precomputation data for the WTNAF (Window τ-adic Non-Adjacent Form) algorithm. Array holding the precomputed AbstractF2mPoints used for the WTNAF multiplication in {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply() WTauNafMultiplier.multiply()}. 'Zeroless' Signed Digit Left-to-Right. 'Zeroless' Signed Digit Right-to-Left. Utility methods for generating primes and testing for primality. Used to return the output from the {@linkplain Primes#enhancedMRProbablePrimeTest(BigInteger, SecureRandom, int) Enhanced Miller-Rabin Probabilistic Primality Test} Used to return the output from the {@linkplain Primes#generateSTRandomPrime(Digest, int, byte[]) Shawe-Taylor Random_Prime Routine} FIPS 186-4 C.6 Shawe-Taylor Random_Prime Routine Construct a provable prime number using a hash function. @param hash the {@link Digest} instance to use (as "Hash()"). Cannot be null. @param length the length (in bits) of the prime to be generated. Must be at least 2. @param inputSeed the seed to be used for the generation of the requested prime. Cannot be null or empty. @return an {@link STOutput} instance containing the requested prime. FIPS 186-4 C.3.2 Enhanced Miller-Rabin Probabilistic Primality Test Run several iterations of the Miller-Rabin algorithm with randomly-chosen bases. This is an alternative to {@link #isMRProbablePrime(BigInteger, SecureRandom, int)} that provides more information about a composite candidate, which may be useful when generating or validating RSA moduli. @param candidate the {@link BigInteger} instance to test for primality. @param random the source of randomness to use to choose bases. @param iterations the number of randomly-chosen bases to perform the test for. @return an {@link MROutput} instance that can be further queried for details. A fast check for small divisors, up to some implementation-specific limit. @param candidate the {@link BigInteger} instance to test for division by small factors. @return true if the candidate is found to have any small factors, false otherwise. FIPS 186-4 C.3.1 Miller-Rabin Probabilistic Primality Test Run several iterations of the Miller-Rabin algorithm with randomly-chosen bases. @param candidate the {@link BigInteger} instance to test for primality. @param random the source of randomness to use to choose bases. @param iterations the number of randomly-chosen bases to perform the test for. @return false if any witness to compositeness is found amongst the chosen bases (so candidate is definitely NOT prime), or else true (indicating primality with some probability dependent on the number of iterations that were performed). FIPS 186-4 C.3.1 Miller-Rabin Probabilistic Primality Test (to a fixed base). Run a single iteration of the Miller-Rabin algorithm against the specified base. @param candidate the {@link BigInteger} instance to test for primality. @param baseValue the base value to use for this iteration. @return false if the specified base is a witness to compositeness (so candidate is definitely NOT prime), or else true. BasicOcspResponse ::= SEQUENCE { tbsResponseData ResponseData, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING, certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } The DER encoding of the tbsResponseData field. In the event of an encoding error. The certificates, if any, associated with the response. In the event of an encoding error. Verify the signature against the tbsResponseData object we contain. The ASN.1 encoded representation of this object. Generator for basic OCSP response objects. basic constructor construct with the responderID to be the SHA-1 keyHash of the passed in public key. Add a response for a particular Certificate ID. @param certID certificate ID details @param certStatus status of the certificate - null if okay Add a response for a particular Certificate ID. @param certID certificate ID details @param certStatus status of the certificate - null if okay @param singleExtensions optional extensions Add a response for a particular Certificate ID. @param certID certificate ID details @param nextUpdate date when next update should be requested @param certStatus status of the certificate - null if okay @param singleExtensions optional extensions Add a response for a particular Certificate ID. @param certID certificate ID details @param thisUpdate date this response was valid on @param nextUpdate date when next update should be requested @param certStatus status of the certificate - null if okay @param singleExtensions optional extensions Set the extensions for the response. @param responseExtensions the extension object to carry. Generate the signed response using the passed in signature calculator. Implementation of signing calculator factory. The certificate chain associated with the response signer. "produced at" date. Return an IEnumerable of the signature names supported by the generator. @return an IEnumerable containing recognised names. create from an issuer certificate and the serial number of the certificate it signed. @exception OcspException if any problems occur creating the id fields. return the serial number for the certificate associated with this request. Create a new CertificateID for a new serial number derived from a previous one calculated for the same CA certificate. @param original the previously calculated CertificateID for the CA. @param newSerialNumber the serial number for the new certificate of interest. @return a new CertificateID for newSerialNumber
                 OcspRequest     ::=     SEQUENCE {
                       tbsRequest                  TBSRequest,
                       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
                
                   TBSRequest      ::=     SEQUENCE {
                       version             [0]     EXPLICIT Version DEFAULT v1,
                       requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
                       requestList                 SEQUENCE OF Request,
                       requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }
                
                   Signature       ::=     SEQUENCE {
                       signatureAlgorithm      AlgorithmIdentifier,
                       signature               BIT STRING,
                       certs               [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL}
                
                   Version         ::=             INTEGER  {  v1(0) }
                
                   Request         ::=     SEQUENCE {
                       reqCert                     CertID,
                       singleRequestExtensions     [0] EXPLICIT Extensions OPTIONAL }
                
                   CertID          ::=     SEQUENCE {
                       hashAlgorithm       AlgorithmIdentifier,
                       issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
                       issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
                       serialNumber        CertificateSerialNumber }
                 
    Return the DER encoding of the tbsRequest field. @return DER encoding of tbsRequest @throws OcspException in the event of an encoding error. return the object identifier representing the signature algorithm If the request is signed return a possibly empty CertStore containing the certificates in the request. If the request is not signed the method returns null. @return null if not signed, a CertStore otherwise @throws OcspException Return whether or not this request is signed. @return true if signed false otherwise. Verify the signature against the TBSRequest object we contain. return the ASN.1 encoded representation of this object. Add a request for the given CertificateID. @param certId certificate ID of interest Add a request with extensions @param certId certificate ID of interest @param singleRequestExtensions the extensions to attach to the request Set the requestor name to the passed in X509Principal @param requestorName a X509Principal representing the requestor name. Generate an unsigned request @return the OcspReq @throws OcspException Return an IEnumerable of the signature names supported by the generator. @return an IEnumerable containing recognised names. return the ASN.1 encoded representation of this object. base generator for an OCSP response - at the moment this only supports the generation of responses containing BasicOCSP responses. note 4 is not used. Carrier for a ResponderID. wrapper for the RevokedInfo object return the revocation reason. Note: this field is optional, test for it with hasRevocationReason() first. @exception InvalidOperationException if a reason is asked for and none is avaliable Return the status object for the response - null indicates good. @return the status object for the response, null if it is good. return the NextUpdate value - note: this is an optional field so may be returned as null. @return nextUpdate, or null if not present. wrapper for the UnknownInfo object Utility class for creating IBasicAgreement objects from their names/Oids Cipher Utility class contains methods that can not be specifically grouped into other classes. Returns a ObjectIdentifier for a give encoding. A string representation of the encoding. A DerObjectIdentifier, null if the Oid is not available. Utility class for creating IDigest objects from their names/Oids Returns a ObjectIdentifier for a given digest mechanism. A string representation of the digest meanism. A DerObjectIdentifier, null if the Oid is not available. A class containing methods to interface the BouncyCastle world to the .NET Crypto world. Create an System.Security.Cryptography.X509Certificate from an X509Certificate Structure. A System.Security.Cryptography.X509Certificate. Utility class for creating HMac object from their names/Oids Returns a ObjectIdentifier for a give encoding. A string representation of the encoding. A DerObjectIdentifier, null if the Oid is not available. Create and auto-seed an instance based on the given algorithm. Equivalent to GetInstance(algorithm, true) e.g. "SHA256PRNG" Create an instance based on the given algorithm, with optional auto-seeding e.g. "SHA256PRNG" If true, the instance will be auto-seeded. To replicate existing predictable output, replace with GetInstance("SHA1PRNG", false), followed by SetSeed(seed) Use the specified instance of IRandomGenerator as random source. This constructor performs no seeding of either the IRandomGenerator or the constructed SecureRandom. It is the responsibility of the client to provide proper seed material as necessary/appropriate for the given IRandomGenerator implementation. The source to generate all random bytes from. base constructor. create a SecurityUtilityException with the given message. @param message the message to be carried with the exception. Signer Utility class contains methods that can not be specifically grouped into other classes. Returns an ObjectIdentifier for a given encoding. A string representation of the encoding. A DerObjectIdentifier, null if the OID is not available. Utility class for creating IWrapper objects from their names/Oids PEM generator for the original set of PEM objects used in Open SSL. Class for reading OpenSSL PEM encoded streams containing X509 certificates, PKCS8 encoded keys and PKCS7 objects.

    In the case of PKCS7 objects the reader will return a CMS ContentInfo object. Keys and Certificates will be returned using the appropriate java.security type.

    Create a new PemReader @param reader the Reader Create a new PemReader with a password finder @param reader the Reader @param pFinder the password finder Reads in a X509Certificate. @return the X509Certificate @throws IOException if an I/O error occured Reads in a X509CRL. @return the X509Certificate @throws IOException if an I/O error occured Reads in a PKCS10 certification request. @return the certificate request. @throws IOException if an I/O error occured Reads in a X509 Attribute Certificate. @return the X509 Attribute Certificate @throws IOException if an I/O error occured Reads in a PKCS7 object. This returns a ContentInfo object suitable for use with the CMS API. @return the X509Certificate @throws IOException if an I/O error occured Read a Key Pair General purpose writer for OpenSSL PEM objects. The TextWriter object to write the output to. Constructor for an unencrypted private key PEM object. @param key private key to be encoded. Constructor for an encrypted private key PEM object. @param key private key to be encoded @param algorithm encryption algorithm to use @param provider provider to use @throws NoSuchAlgorithmException if algorithm/mode cannot be found A class for verifying and creating Pkcs10 Certification requests. CertificationRequest ::= Sequence { certificationRequestInfo CertificationRequestInfo, signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, signature BIT STRING } CertificationRequestInfo ::= Sequence { version Integer { v1(0) } (v1,...), subject Name, subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, attributes [0] Attributes{{ CRIAttributes }} } Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }} Attr { ATTRIBUTE:IOSet } ::= Sequence { type ATTRIBUTE.&id({IOSet}), values Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type}) } see Instantiate a Pkcs10CertificationRequest object with the necessary credentials. Name of Sig Alg. X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" Public Key to be included in cert reqest. ASN1Set of Attributes. Matching Private key for nominated (above) public key to be used to sign the request. Instantiate a Pkcs10CertificationRequest object with the necessary credentials. The factory for signature calculators to sign the PKCS#10 request with. X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" Public Key to be included in cert reqest. ASN1Set of Attributes. Ignored. Instantiate a Pkcs10CertificationRequest object with the necessary credentials. The factory for signature calculators to sign the PKCS#10 request with. X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" Public Key to be included in cert reqest. ASN1Set of Attributes. Get the public key. The public key. Verify Pkcs10 Cert Request is valid. true = valid. A class for creating and verifying Pkcs10 Certification requests (this is an extension on ). The requests are made using delay signing. This is useful for situations where the private key is in another environment and not directly accessible (e.g. HSM) So the first step creates the request, then the signing is done outside this object and the signature is then used to complete the request. CertificationRequest ::= Sequence { certificationRequestInfo CertificationRequestInfo, signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, signature BIT STRING } CertificationRequestInfo ::= Sequence { version Integer { v1(0) } (v1,...), subject Name, subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, attributes [0] Attributes{{ CRIAttributes }} } Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }} Attr { ATTRIBUTE:IOSet } ::= Sequence { type ATTRIBUTE.&id({IOSet}), values Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type}) } see Instantiate a Pkcs10CertificationRequest object with the necessary credentials. Name of Sig Alg. X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" Public Key to be included in cert reqest. ASN1Set of Attributes. After the object is constructed use the and finally the SignRequest methods to finalize the request. simply return the cert entry for the private key Utility class for reencoding PKCS#12 files to definite length. Just re-encode the outer layer of the PKCS#12 file to definite length encoding. @param berPKCS12File - original PKCS#12 file @return a byte array representing the DER encoding of the PFX structure @throws IOException Re-encode the PKCS#12 structure to definite length encoding at the inner layer as well, recomputing the MAC accordingly. @param berPKCS12File - original PKCS12 file. @param provider - provider to use for MAC calculation. @return a byte array representing the DER encoding of the PFX structure. @throws IOException on parsing, encoding errors. A holding class for a PKCS#8 encrypted private key info object that allows for its decryption. Base constructor from a PKCS#8 EncryptedPrivateKeyInfo object. A PKCS#8 EncryptedPrivateKeyInfo object. Base constructor from a BER encoding of a PKCS#8 EncryptedPrivateKeyInfo object. A BER encoding of a PKCS#8 EncryptedPrivateKeyInfo objects. Returns the underlying ASN.1 structure inside this object. Return the EncryptedPrivateKeyInfo structure in this object. Returns a copy of the encrypted data in this structure. Return a copy of the encrypted data in this object. Return a binary ASN.1 encoding of the EncryptedPrivateKeyInfo structure in this object. A byte array containing the encoded object. Get a decryptor from the passed in provider and decrypt the encrypted private key info, returning the result. A provider to query for decryptors for the object. The decrypted private key info structure. Create the encrypted private key info using the passed in encryptor. The encryptor to use. An encrypted private key info containing the original private key info. Base exception for PKCS related issues. Base exception for parsing related issues in the PKCS namespace. Create a PrivateKeyInfo representation of a private key with attributes. @param privateKey the key to be encoded into the info object. @param attributes the set of attributes to be included. @return the appropriate PrivateKeyInfo @throws java.io.IOException on an error encoding the key Returns the revocationDate. Returns the certStatus. Returns an immutable Set of X.509 attribute certificate extensions that this PkixAttrCertChecker supports or null if no extensions are supported.

    Each element of the set is a String representing the Object Identifier (OID) of the X.509 extension that is supported.

    All X.509 attribute certificate extensions that a PkixAttrCertChecker might possibly be able to process should be included in the set.

    @return an immutable Set of X.509 extension OIDs (in String format) supported by this PkixAttrCertChecker, or null if no extensions are supported
    Performs checks on the specified attribute certificate. Every handled extension is rmeoved from the unresolvedCritExts collection. @param attrCert The attribute certificate to be checked. @param certPath The certificate path which belongs to the attribute certificate issuer public key certificate. @param holderCertPath The certificate path which belongs to the holder certificate. @param unresolvedCritExts a Collection of OID strings representing the current set of unresolved critical extensions @throws CertPathValidatorException if the specified attribute certificate does not pass the check. Returns a clone of this object. @return a copy of this PkixAttrCertChecker Build and validate a CertPath using the given parameter. @param params PKIXBuilderParameters object containing all information to build the CertPath CertPathValidatorSpi implementation for X.509 Attribute Certificates la RFC 3281. @see org.bouncycastle.x509.ExtendedPkixParameters Validates an attribute certificate with the given certificate path.

    params must be an instance of ExtendedPkixParameters.

    The target constraints in the params must be an X509AttrCertStoreSelector with at least the attribute certificate criterion set. Obey that also target informations may be necessary to correctly validate this attribute certificate.

    The attribute certificate issuer must be added to the trusted attribute issuers with {@link ExtendedPkixParameters#setTrustedACIssuers(Set)}.

    @param certPath The certificate path which belongs to the attribute certificate issuer public key certificate. @param params The PKIX parameters. @return A PKIXCertPathValidatorResult of the result of validating the certPath. @throws InvalidAlgorithmParameterException if params is inappropriate for this validator. @throws CertPathValidatorException if the verification fails.
    Summary description for PkixBuilderParameters. Returns an instance of PkixBuilderParameters.

    This method can be used to get a copy from other PKIXBuilderParameters, PKIXParameters, and ExtendedPKIXParameters instances.

    @param pkixParams The PKIX parameters to create a copy of. @return An PkixBuilderParameters instance.
    Excluded certificates are not used for building a certification path. the excluded certificates. Sets the excluded certificates which are not used for building a certification path. If the ISet is null an empty set is assumed. The given set is cloned to protect it against subsequent modifications. The excluded certificates to set. Can alse handle ExtendedPKIXBuilderParameters and PKIXBuilderParameters. @param params Parameters to set. @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters) Makes a copy of this PKIXParameters object. Changes to the copy will not affect the original and vice versa. @return a copy of this PKIXParameters object An immutable sequence of certificates (a certification path).

    This is an abstract class that defines the methods common to all CertPaths. Subclasses can handle different kinds of certificates (X.509, PGP, etc.).

    All CertPath objects have a type, a list of Certificates, and one or more supported encodings. Because the CertPath class is immutable, a CertPath cannot change in any externally visible way after being constructed. This stipulation applies to all public fields and methods of this class and any added or overridden by subclasses.

    The type is a string that identifies the type of Certificates in the certification path. For each certificate cert in a certification path certPath, cert.getType().equals(certPath.getType()) must be true.

    The list of Certificates is an ordered List of zero or more Certificates. This List and all of the Certificates contained in it must be immutable.

    Each CertPath object must support one or more encodings so that the object can be translated into a byte array for storage or transmission to other parties. Preferably, these encodings should be well-documented standards (such as PKCS#7). One of the encodings supported by a CertPath is considered the default encoding. This encoding is used if no encoding is explicitly requested (for the {@link #getEncoded()} method, for instance).

    All CertPath objects are also Serializable. CertPath objects are resolved into an alternate {@link CertPathRep} object during serialization. This allows a CertPath object to be serialized into an equivalent representation regardless of its underlying implementation.

    CertPath objects can be created with a CertificateFactory or they can be returned by other classes, such as a CertPathBuilder.

    By convention, X.509 CertPaths (consisting of X509Certificates), are ordered starting with the target certificate and ending with a certificate issued by the trust anchor. That is, the issuer of one certificate is the subject of the following one. The certificate representing the {@link TrustAnchor TrustAnchor} should not be included in the certification path. Unvalidated X.509 CertPaths may not follow these conventions. PKIX CertPathValidators will detect any departure from these conventions that cause the certification path to be invalid and throw a CertPathValidatorException.

    Concurrent Access

    All CertPath objects must be thread-safe. That is, multiple threads may concurrently invoke the methods defined in this class on a single CertPath object (or more than one) with no ill effects. This is also true for the List returned by CertPath.getCertificates.

    Requiring CertPath objects to be immutable and thread-safe allows them to be passed around to various pieces of code without worrying about coordinating access. Providing this thread-safety is generally not difficult, since the CertPath and List objects in question are immutable. @see CertificateFactory @see CertPathBuilder CertPath implementation for X.509 certificates.
    @param certs Creates a CertPath of the specified type. This constructor is protected because most users should use a CertificateFactory to create CertPaths. @param type the standard name of the type of Certificatesin this path Creates a CertPath of the specified type. This constructor is protected because most users should use a CertificateFactory to create CertPaths. @param type the standard name of the type of Certificatesin this path Returns an iteration of the encodings supported by this certification path, with the default encoding first. Attempts to modify the returned Iterator via its remove method result in an UnsupportedOperationException. @return an Iterator over the names of the supported encodings (as Strings) Compares this certification path for equality with the specified object. Two CertPaths are equal if and only if their types are equal and their certificate Lists (and by implication the Certificates in those Lists) are equal. A CertPath is never equal to an object that is not a CertPath.

    This algorithm is implemented by this method. If it is overridden, the behavior specified here must be maintained. @param other the object to test for equality with this certification path @return true if the specified object is equal to this certification path, false otherwise @see Object#hashCode() Object.hashCode()
    Returns the encoded form of this certification path, using the default encoding. @return the encoded bytes @exception CertificateEncodingException if an encoding error occurs Returns the encoded form of this certification path, using the specified encoding. @param encoding the name of the encoding to use @return the encoded bytes @exception CertificateEncodingException if an encoding error occurs or the encoding requested is not supported Returns the list of certificates in this certification path. Return a DERObject containing the encoded certificate. @param cert the X509Certificate object to be encoded @return the DERObject Implements the PKIX CertPathBuilding algorithm for BouncyCastle. @see CertPathBuilderSpi Build and validate a CertPath using the given parameter. @param params PKIXBuilderParameters object containing all information to build the CertPath Summary description for PkixCertPathBuilderException. Summary description for PkixCertPathBuilderResult. * Initializes the internal state of this PKIXCertPathChecker. *

    * The forward flag specifies the order that certificates * will be passed to the {@link #check check} method (forward or reverse). A * PKIXCertPathChecker must support reverse checking * and may support forward checking. *

    * * @param forward * the order that certificates are presented to the * check method. If true, * certificates are presented from target to most-trusted CA * (forward); if false, from most-trusted CA to * target (reverse). * @exception CertPathValidatorException * if this PKIXCertPathChecker is unable to * check certificates in the specified order; it should never * be thrown if the forward flag is false since reverse * checking must be supported
    Indicates if forward checking is supported. Forward checking refers to the ability of the PKIXCertPathChecker to perform its checks when certificates are presented to the check method in the forward direction (from target to most-trusted CA). @return true if forward checking is supported, false otherwise * Returns an immutable Set of X.509 certificate extensions * that this PKIXCertPathChecker supports (i.e. recognizes, * is able to process), or null if no extensions are * supported. *

    * Each element of the set is a String representing the * Object Identifier (OID) of the X.509 extension that is supported. The OID * is represented by a set of nonnegative integers separated by periods. *

    * All X.509 certificate extensions that a PKIXCertPathChecker * might possibly be able to process should be included in the set. *

    * * @return an immutable Set of X.509 extension OIDs (in * String format) supported by this * PKIXCertPathChecker, or null if no * extensions are supported
    Performs the check(s) on the specified certificate using its internal state and removes any critical extensions that it processes from the specified collection of OID strings that represent the unresolved critical extensions. The certificates are presented in the order specified by the init method. @param cert the Certificate to be checked @param unresolvedCritExts a Collection of OID strings representing the current set of unresolved critical extensions @exception CertPathValidatorException if the specified certificate does not pass the check Returns a clone of this object. Calls the Object.clone() method. All subclasses which maintain state must support and override this method, if necessary. @return a copy of this PKIXCertPathChecker The Service Provider Interface (SPI) for the {@link CertPathValidator CertPathValidator} class. All CertPathValidator implementations must include a class (the SPI class) that extends this class (CertPathValidatorSpi) and implements all of its methods. In general, instances of this class should only be accessed through the CertPathValidator class. For details, see the Java Cryptography Architecture.

    Concurrent Access

    Instances of this class need not be protected against concurrent access from multiple threads. Threads that need to access a single CertPathValidatorSpi instance concurrently should synchronize amongst themselves and provide the necessary locking before calling the wrapping CertPathValidator object.

    However, implementations of CertPathValidatorSpi may still encounter concurrency issues, since multiple threads each manipulating a different CertPathValidatorSpi instance need not synchronize. CertPathValidatorSpi implementation for X.509 Certificate validation a la RFC 3280.
    An exception indicating one of a variety of problems encountered when validating a certification path.

    A CertPathValidatorException provides support for wrapping exceptions. The {@link #getCause getCause} method returns the throwable, if any, that caused this exception to be thrown.

    A CertPathValidatorException may also include the certification path that was being validated when the exception was thrown and the index of the certificate in the certification path that caused the exception to be thrown. Use the {@link #getCertPath getCertPath} and {@link #getIndex getIndex} methods to retrieve this information.

    Concurrent Access

    Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize. @see CertPathValidator
    Creates a PkixCertPathValidatorException with the given detail message. A detail message is a String that describes this particular exception. the detail message Creates a PkixCertPathValidatorException with the specified detail message and cause. the detail message the cause (which is saved for later retrieval by the {@link #getCause getCause()} method). (A null value is permitted, and indicates that the cause is nonexistent or unknown.) Creates a PkixCertPathValidatorException with the specified detail message, cause, certification path, and index. the detail message (or null if none) the cause (or null if none) the certification path that was in the process of being validated when the error was encountered the index of the certificate in the certification path that * Returns the detail message for this CertPathValidatorException. the detail message, or null if neither the message nor cause were specified Returns the certification path that was being validated when the exception was thrown. @return the CertPath that was being validated when the exception was thrown (or null if not specified) Returns the index of the certificate in the certification path that caused the exception to be thrown. Note that the list of certificates in a CertPath is zero based. If no index has been set, -1 is returned. @return the index that has been set, or -1 if none has been set Summary description for PkixCertPathValidatorResult. Summary description for PkixCertPathValidatorUtilities. key usage bits Search the given Set of TrustAnchor's for one that is the issuer of the given X509 certificate. the X509 certificate a Set of TrustAnchor's the TrustAnchor object if found or null if not. @exception Returns the issuer of an attribute certificate or certificate. The attribute certificate or certificate. The issuer as X500Principal. Return the next working key inheriting DSA parameters if necessary.

    This methods inherits DSA parameters from the indexed certificate or previous certificates in the certificate chain to the returned PublicKey. The list is searched upwards, meaning the end certificate is at position 0 and previous certificates are following.

    If the indexed certificate does not contain a DSA key this method simply returns the public key. If the DSA key already contains DSA parameters the key is also only returned.

    @param certs The certification path. @param index The index of the certificate which contains the public key which should be extended with DSA parameters. @return The public key of the certificate in list position index extended with DSA parameters if applicable. @throws Exception if DSA parameters cannot be inherited.
    Return a Collection of all certificates or attribute certificates found in the X509Store's that are matching the certSelect criteriums. a {@link Selector} object that will be used to select the certificates a List containing only X509Store objects. These are used to search for certificates. a Collection of all found or objects. May be empty but never null. Add the CRL issuers from the cRLIssuer field of the distribution point or from the certificate if not given to the issuer criterion of the selector.

    The issuerPrincipals are a collection with a single X500Principal for X509Certificates. For {@link X509AttributeCertificate}s the issuer may contain more than one X500Principal.

    @param dp The distribution point. @param issuerPrincipals The issuers of the certificate or attribute certificate which contains the distribution point. @param selector The CRL selector. @param pkixParams The PKIX parameters containing the cert stores. @throws Exception if an exception occurs while processing. @throws ClassCastException if issuerPrincipals does not contain only X500Principals.
    Fetches complete CRLs according to RFC 3280. @param dp The distribution point for which the complete CRL @param cert The X509Certificate or {@link org.bouncycastle.x509.X509AttributeCertificate} for which the CRL should be searched. @param currentDate The date for which the delta CRLs must be valid. @param paramsPKIX The extended PKIX parameters. @return A Set of X509CRLs with complete CRLs. @throws Exception if an exception occurs while picking the CRLs or no CRLs are found. Fetches delta CRLs according to RFC 3280 section 5.2.4. @param currentDate The date for which the delta CRLs must be valid. @param paramsPKIX The extended PKIX parameters. @param completeCRL The complete CRL the delta CRL is for. @return A Set of X509CRLs with delta CRLs. @throws Exception if an exception occurs while picking the delta CRLs. Find the issuer certificates of a given certificate. @param cert The certificate for which an issuer should be found. @param pkixParams @return A Collection object containing the issuer X509Certificates. Never null. @exception Exception if an error occurs. Extract the value of the given extension, if it exists. The extension object. The object identifier to obtain. Asn1Object if the extension cannot be read. crl checking Return a Collection of all CRLs found in the X509Store's that are matching the crlSelect criteriums. a {@link X509CRLStoreSelector} object that will be used to select the CRLs a List containing only {@link org.bouncycastle.x509.X509Store X509Store} objects. These are used to search for CRLs a Collection of all found {@link X509CRL X509CRL} objects. May be empty but never null. Returns the intersection of the permitted IP ranges in permitted with ip. @param permitted A Set of permitted IP addresses with their subnet mask as byte arrays. @param ips The IP address with its subnet mask. @return The Set of permitted IP ranges intersected with ip. Returns the union of the excluded IP ranges in excluded with ip. @param excluded A Set of excluded IP addresses with their subnet mask as byte arrays. @param ip The IP address with its subnet mask. @return The Set of excluded IP ranges unified with ip as byte arrays. Calculates the union if two IP ranges. @param ipWithSubmask1 The first IP address with its subnet mask. @param ipWithSubmask2 The second IP address with its subnet mask. @return A Set with the union of both addresses. Calculates the interesction if two IP ranges. @param ipWithSubmask1 The first IP address with its subnet mask. @param ipWithSubmask2 The second IP address with its subnet mask. @return A Set with the single IP address with its subnet mask as a byte array or an empty Set. Concatenates the IP address with its subnet mask. @param ip The IP address. @param subnetMask Its subnet mask. @return The concatenated IP address with its subnet mask. Splits the IP addresses and their subnet mask. @param ipWithSubmask1 The first IP address with the subnet mask. @param ipWithSubmask2 The second IP address with the subnet mask. @return An array with two elements. Each element contains the IP address and the subnet mask in this order. Based on the two IP addresses and their subnet masks the IP range is computed for each IP address - subnet mask pair and returned as the minimum IP address and the maximum address of the range. @param ip1 The first IP address. @param subnetmask1 The subnet mask of the first IP address. @param ip2 The second IP address. @param subnetmask2 The subnet mask of the second IP address. @return A array with two elements. The first/second element contains the min and max IP address of the first/second IP address and its subnet mask. Checks if the IP ip is included in the permitted ISet permitted. @param permitted A Set of permitted IP addresses with their subnet mask as byte arrays. @param ip The IP address. @throws PkixNameConstraintValidatorException if the IP is not permitted. Checks if the IP ip is included in the excluded ISet excluded. @param excluded A Set of excluded IP addresses with their subnet mask as byte arrays. @param ip The IP address. @throws PkixNameConstraintValidatorException if the IP is excluded. Checks if the IP address ip is constrained by constraint. @param ip The IP address. @param constraint The constraint. This is an IP address concatenated with its subnetmask. @return true if constrained, false otherwise. The common part of email1 and email2 is added to the union union. If email1 and email2 have nothing in common they are added both. @param email1 Email address constraint 1. @param email2 Email address constraint 2. @param union The union. The most restricting part from email1 and email2 is added to the intersection intersect. @param email1 Email address constraint 1. @param email2 Email address constraint 2. @param intersect The intersection. Checks if the given GeneralName is in the permitted ISet. @param name The GeneralName @throws PkixNameConstraintValidatorException If the name Check if the given GeneralName is contained in the excluded ISet. @param name The GeneralName. @throws PkixNameConstraintValidatorException If the name is excluded. Updates the permitted ISet of these name constraints with the intersection with the given subtree. @param permitted The permitted subtrees Adds a subtree to the excluded ISet of these name constraints. @param subtree A subtree with an excluded GeneralName. Returns the maximum IP address. @param ip1 The first IP address. @param ip2 The second IP address. @return The maximum IP address. Returns the minimum IP address. @param ip1 The first IP address. @param ip2 The second IP address. @return The minimum IP address. Compares IP address ip1 with ip2. If ip1 is equal to ip2 0 is returned. If ip1 is bigger 1 is returned, -1 otherwise. @param ip1 The first IP address. @param ip2 The second IP address. @return 0 if ip1 is equal to ip2, 1 if ip1 is bigger, -1 otherwise. Returns the logical OR of the IP addresses ip1 and ip2. @param ip1 The first IP address. @param ip2 The second IP address. @return The OR of ip1 and ip2. Stringifies an IPv4 or v6 address with subnet mask. @param ip The IP with subnet mask. @return The stringified IP address. Summary description for PkixParameters. This is the default PKIX validity model. Actually there are two variants of this: The PKIX model and the modified PKIX model. The PKIX model verifies that all involved certificates must have been valid at the current time. The modified PKIX model verifies that all involved certificates were valid at the signing time. Both are indirectly choosen with the {@link PKIXParameters#setDate(java.util.Date)} method, so this methods sets the Date when all certificates must have been valid. This model uses the following validity model. Each certificate must have been valid at the moment where is was used. That means the end certificate must have been valid at the time the signature was done. The CA certificate which signed the end certificate must have been valid, when the end certificate was signed. The CA (or Root CA) certificate must have been valid, when the CA certificate was signed and so on. So the {@link PKIXParameters#setDate(java.util.Date)} method sets the time, when the end certificate must have been valid.

    It is used e.g. in the German signature law. Creates an instance of PKIXParameters with the specified Set of most-trusted CAs. Each element of the set is a TrustAnchor.

    Note that the Set is copied to protect against subsequent modifications. @param trustAnchors a Set of TrustAnchors @exception InvalidAlgorithmParameterException if the specified Set is empty (trustAnchors.isEmpty() == true) @exception NullPointerException if the specified Set is null @exception ClassCastException if any of the elements in the Set are not of type java.security.cert.TrustAnchor
    Returns the required constraints on the target certificate. The constraints are returned as an instance of CertSelector. If null, no constraints are defined.

    Note that the CertSelector returned is cloned to protect against subsequent modifications. @return a CertSelector specifying the constraints on the target certificate (or null) @see #setTargetCertConstraints(CertSelector)
    Sets the required constraints on the target certificate. The constraints are specified as an instance of CertSelector. If null, no constraints are defined.

    Note that the CertSelector specified is cloned to protect against subsequent modifications. @param selector a CertSelector specifying the constraints on the target certificate (or null) @see #getTargetCertConstraints()
    Returns an immutable Set of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing. The default return value is an empty Set, which is interpreted as meaning that any policy would be acceptable. @return an immutable Set of initial policy OIDs in String format, or an empty Set (implying any policy is acceptable). Never returns null. @see #setInitialPolicies(java.util.Set) Sets the Set of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing. By default, any policy is acceptable (i.e. all policies), so a user that wants to allow any policy as acceptable does not need to call this method, or can call it with an empty Set (or null).

    Note that the Set is copied to protect against subsequent modifications.

    @param initialPolicies a Set of initial policy OIDs in String format (or null) @exception ClassCastException if any of the elements in the set are not of type String @see #getInitialPolicies()
    Sets a List of additional certification path checkers. If the specified List contains an object that is not a PKIXCertPathChecker, it is ignored.

    Each PKIXCertPathChecker specified implements additional checks on a certificate. Typically, these are checks to process and verify private extensions contained in certificates. Each PKIXCertPathChecker should be instantiated with any initialization parameters needed to execute the check.

    This method allows sophisticated applications to extend a PKIX CertPathValidator or CertPathBuilder. Each of the specified PKIXCertPathCheckers will be called, in turn, by a PKIX CertPathValidator or CertPathBuilder for each certificate processed or validated.

    Regardless of whether these additional PKIXCertPathCheckers are set, a PKIX CertPathValidator or CertPathBuilder must perform all of the required PKIX checks on each certificate. The one exception to this rule is if the RevocationEnabled flag is set to false (see the {@link #setRevocationEnabled(boolean) setRevocationEnabled} method).

    Note that the List supplied here is copied and each PKIXCertPathChecker in the list is cloned to protect against subsequent modifications. @param checkers a List of PKIXCertPathCheckers. May be null, in which case no additional checkers will be used. @exception ClassCastException if any of the elements in the list are not of type java.security.cert.PKIXCertPathChecker @see #getCertPathCheckers()
    Returns the List of certification path checkers. Each PKIXCertPathChecker in the returned IList is cloned to protect against subsequent modifications. @return an immutable List of PKIXCertPathCheckers (may be empty, but not null) @see #setCertPathCheckers(java.util.List) Adds a PKIXCertPathChecker to the list of certification path checkers. See the {@link #setCertPathCheckers setCertPathCheckers} method for more details.

    Note that the PKIXCertPathChecker is cloned to protect against subsequent modifications.

    @param checker a PKIXCertPathChecker to add to the list of checks. If null, the checker is ignored (not added to list).
    Method to support Clone() under J2ME. super.Clone() does not exist and fields are not copied. @param params Parameters to set. If this are ExtendedPkixParameters they are copied to. Whether delta CRLs should be used for checking the revocation status. Defaults to false. The validity model. @see #CHAIN_VALIDITY_MODEL @see #PKIX_VALIDITY_MODEL Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute certificates or cross certificates.

    The IList is cloned.

    @param stores A list of stores to use. @see #getStores @throws ClassCastException if an element of stores is not a {@link Store}.
    Adds a Bouncy Castle {@link Store} to find CRLs, certificates, attribute certificates or cross certificates.

    This method should be used to add local stores, like collection based X.509 stores, if available. Local stores should be considered first, before trying to use additional (remote) locations, because they do not need possible additional network traffic.

    If store is null it is ignored.

    @param store The store to add. @see #getStores
    Adds an additional Bouncy Castle {@link Store} to find CRLs, certificates, attribute certificates or cross certificates.

    You should not use this method. This method is used for adding additional X.509 stores, which are used to add (remote) locations, e.g. LDAP, found during X.509 object processing, e.g. in certificates or CRLs. This method is used in PKIX certification path processing.

    If store is null it is ignored.

    @param store The store to add. @see #getStores()
    Returns an IList of additional Bouncy Castle Stores used for finding CRLs, certificates, attribute certificates or cross certificates. @return an immutable IList of additional Bouncy Castle Stores. Never null. @see #addAddionalStore(Store) Returns an IList of Bouncy Castle Stores used for finding CRLs, certificates, attribute certificates or cross certificates. @return an immutable IList of Bouncy Castle Stores. Never null. @see #setStores(IList) Returns if additional {@link X509Store}s for locations like LDAP found in certificates or CRLs should be used. @return Returns true if additional stores are used. Sets if additional {@link X509Store}s for locations like LDAP found in certificates or CRLs should be used. @param enabled true if additional stores are used. Returns the required constraints on the target certificate or attribute certificate. The constraints are returned as an instance of IX509Selector. If null, no constraints are defined.

    The target certificate in a PKIX path may be a certificate or an attribute certificate.

    Note that the IX509Selector returned is cloned to protect against subsequent modifications.

    @return a IX509Selector specifying the constraints on the target certificate or attribute certificate (or null) @see #setTargetConstraints @see X509CertStoreSelector @see X509AttributeCertStoreSelector
    Sets the required constraints on the target certificate or attribute certificate. The constraints are specified as an instance of IX509Selector. If null, no constraints are defined.

    The target certificate in a PKIX path may be a certificate or an attribute certificate.

    Note that the IX509Selector specified is cloned to protect against subsequent modifications.

    @param selector a IX509Selector specifying the constraints on the target certificate or attribute certificate (or null) @see #getTargetConstraints @see X509CertStoreSelector @see X509AttributeCertStoreSelector
    Returns the trusted attribute certificate issuers. If attribute certificates is verified the trusted AC issuers must be set.

    The returned ISet consists of TrustAnchors.

    The returned ISet is immutable. Never null

    @return Returns an immutable set of the trusted AC issuers.
    Sets the trusted attribute certificate issuers. If attribute certificates is verified the trusted AC issuers must be set.

    The trustedACIssuers must be a ISet of TrustAnchor

    The given set is cloned.

    @param trustedACIssuers The trusted AC issuers to set. Is never null. @throws ClassCastException if an element of stores is not a TrustAnchor.
    Returns the necessary attributes which must be contained in an attribute certificate.

    The returned ISet is immutable and contains Strings with the OIDs.

    @return Returns the necessary AC attributes.
    Sets the necessary which must be contained in an attribute certificate.

    The ISet must contain Strings with the OIDs.

    The set is cloned.

    @param necessaryACAttributes The necessary AC attributes to set. @throws ClassCastException if an element of necessaryACAttributes is not a String.
    Returns the attribute certificates which are not allowed.

    The returned ISet is immutable and contains Strings with the OIDs.

    @return Returns the prohibited AC attributes. Is never null.
    Sets the attribute certificates which are not allowed.

    The ISet must contain Strings with the OIDs.

    The set is cloned.

    @param prohibitedACAttributes The prohibited AC attributes to set. @throws ClassCastException if an element of prohibitedACAttributes is not a String.
    Returns the attribute certificate checker. The returned set contains {@link PKIXAttrCertChecker}s and is immutable. @return Returns the attribute certificate checker. Is never null. Sets the attribute certificate checkers.

    All elements in the ISet must a {@link PKIXAttrCertChecker}.

    The given set is cloned.

    @param attrCertCheckers The attribute certificate checkers to set. Is never null. @throws ClassCastException if an element of attrCertCheckers is not a PKIXAttrCertChecker.
    Summary description for PkixPolicyNode. Constructors This class helps to handle CRL revocation reasons mask. Each CRL handles a certain set of revocation reasons. Constructs are reason mask with the reasons. The reasons. A reason mask with no reason. A mask with all revocation reasons. Adds all reasons from the reasons mask to this mask. @param mask The reasons mask to add. Returns true if this reasons mask contains all possible reasons. true if this reasons mask contains all possible reasons. Intersects this mask with the given reasons mask. mask The mask to intersect with. The intersection of this and teh given mask. Returns true if the passed reasons mask has new reasons. The reasons mask which should be tested for new reasons. true if the passed reasons mask has new reasons. Returns the reasons in this mask. If the complete CRL includes an issuing distribution point (IDP) CRL extension check the following:

    (i) If the distribution point name is present in the IDP CRL extension and the distribution field is present in the DP, then verify that one of the names in the IDP matches one of the names in the DP. If the distribution point name is present in the IDP CRL extension and the distribution field is omitted from the DP, then verify that one of the names in the IDP matches one of the names in the cRLIssuer field of the DP.

    (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL extension, verify that the certificate does not include the basic constraints extension with the cA boolean asserted.

    (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL extension, verify that the certificate includes the basic constraints extension with the cA boolean asserted.

    (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted.

    @param dp The distribution point. @param cert The certificate. @param crl The CRL. @throws AnnotatedException if one of the conditions is not met or an error occurs.
    If the DP includes cRLIssuer, then verify that the issuer field in the complete CRL matches cRLIssuer in the DP and that the complete CRL contains an g distribution point extension with the indirectCRL boolean asserted. Otherwise, verify that the CRL issuer matches the certificate issuer. @param dp The distribution point. @param cert The certificate ot attribute certificate. @param crl The CRL for cert. @throws AnnotatedException if one of the above conditions does not apply or an error occurs. Obtain and validate the certification path for the complete CRL issuer. If a key usage extension is present in the CRL issuer's certificate, verify that the cRLSign bit is set. @param crl CRL which contains revocation information for the certificate cert. @param cert The attribute certificate or certificate to check if it is revoked. @param defaultCRLSignCert The issuer certificate of the certificate cert. @param defaultCRLSignKey The public key of the issuer certificate defaultCRLSignCert. @param paramsPKIX paramsPKIX PKIX parameters. @param certPathCerts The certificates on the certification path. @return A Set with all keys of possible CRL issuer certificates. @throws AnnotatedException if the CRL is not valid or the status cannot be checked or some error occurs. Checks a distribution point for revocation information for the certificate cert. @param dp The distribution point to consider. @param paramsPKIX PKIX parameters. @param cert Certificate to check if it is revoked. @param validDate The date when the certificate revocation status should be checked. @param defaultCRLSignCert The issuer certificate of the certificate cert. @param defaultCRLSignKey The public key of the issuer certificate defaultCRLSignCert. @param certStatus The current certificate revocation status. @param reasonMask The reasons mask which is already checked. @param certPathCerts The certificates of the certification path. @throws AnnotatedException if the certificate is revoked or the status cannot be checked or some error occurs. Checks a certificate if it is revoked. @param paramsPKIX PKIX parameters. @param cert Certificate to check if it is revoked. @param validDate The date when the certificate revocation status should be checked. @param sign The issuer certificate of the certificate cert. @param workingPublicKey The public key of the issuer certificate sign. @param certPathCerts The certificates of the certification path. @throws AnnotatedException if the certificate is revoked or the status cannot be checked or some error occurs. If use-deltas is set, verify the issuer and scope of the delta CRL. @param deltaCRL The delta CRL. @param completeCRL The complete CRL. @param pkixParams The PKIX paramaters. @throws AnnotatedException if an exception occurs. Checks if an attribute certificate is revoked. @param attrCert Attribute certificate to check if it is revoked. @param paramsPKIX PKIX parameters. @param issuerCert The issuer certificate of the attribute certificate attrCert. @param validDate The date when the certificate revocation status should be checked. @param certPathCerts The certificates of the certification path to be checked. @throws CertPathValidatorException if the certificate is revoked or the status cannot be checked or some error occurs. Searches for a holder public key certificate and verifies its certification path. @param attrCert the attribute certificate. @param pkixParams The PKIX parameters. @return The certificate path of the holder certificate. @throws Exception if
    • no public key certificate can be found although holder information is given by an entity name or a base certificate ID
    • support classes cannot be created
    • no certification path for the public key certificate can be built
    Checks a distribution point for revocation information for the certificate attrCert. @param dp The distribution point to consider. @param attrCert The attribute certificate which should be checked. @param paramsPKIX PKIX parameters. @param validDate The date when the certificate revocation status should be checked. @param issuerCert Certificate to check if it is revoked. @param reasonMask The reasons mask which is already checked. @param certPathCerts The certificates of the certification path to be checked. @throws Exception if the certificate is revoked or the status cannot be checked or some error occurs. A trust anchor or most-trusted Certification Authority (CA). This class represents a "most-trusted CA", which is used as a trust anchor for validating X.509 certification paths. A most-trusted CA includes the public key of the CA, the CA's name, and any constraints upon the set of paths which may be validated using this key. These parameters can be specified in the form of a trusted X509Certificate or as individual parameters. Creates an instance of TrustAnchor with the specified X509Certificate and optional name constraints, which are intended to be used as additional constraints when validating an X.509 certification path. The name constraints are specified as a byte array. This byte array should contain the DER encoded form of the name constraints, as they would appear in the NameConstraints structure defined in RFC 2459 and X.509. The ASN.1 definition of this structure appears below.
                	NameConstraints ::= SEQUENCE {
                		permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
                		excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
                	   
                 GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
                 
                		GeneralSubtree ::= SEQUENCE {
                		base                    GeneralName,
                		minimum         [0]     BaseDistance DEFAULT 0,
                		maximum         [1]     BaseDistance OPTIONAL }
                		
                		BaseDistance ::= INTEGER (0..MAX)
                
                		GeneralName ::= CHOICE {
                		otherName                       [0]     OtherName,
                		rfc822Name                      [1]     IA5String,
                		dNSName                         [2]     IA5String,
                		x400Address                     [3]     ORAddress,
                		directoryName                   [4]     Name,
                		ediPartyName                    [5]     EDIPartyName,
                		uniformResourceIdentifier       [6]     IA5String,
                		iPAddress                       [7]     OCTET STRING,
                		registeredID                    [8]     OBJECT IDENTIFIER}
                	
    Note that the name constraints byte array supplied is cloned to protect against subsequent modifications.
    a trusted X509Certificate a byte array containing the ASN.1 DER encoding of a NameConstraints extension to be used for checking name constraints. Only the value of the extension is included, not the OID or criticality flag. Specify null to omit the parameter. if the specified X509Certificate is null
    Creates an instance of TrustAnchor where the most-trusted CA is specified as an X500Principal and public key.

    Name constraints are an optional parameter, and are intended to be used as additional constraints when validating an X.509 certification path.

    The name constraints are specified as a byte array. This byte array contains the DER encoded form of the name constraints, as they would appear in the NameConstraints structure defined in RFC 2459 and X.509. The ASN.1 notation for this structure is supplied in the documentation for the other constructors.

    Note that the name constraints byte array supplied here is cloned to protect against subsequent modifications.

    the name of the most-trusted CA as X509Name the public key of the most-trusted CA a byte array containing the ASN.1 DER encoding of a NameConstraints extension to be used for checking name constraints. Only the value of the extension is included, not the OID or criticality flag. Specify null to omit the parameter. if caPrincipal or pubKey is null
    Creates an instance of TrustAnchor where the most-trusted CA is specified as a distinguished name and public key. Name constraints are an optional parameter, and are intended to be used as additional constraints when validating an X.509 certification path.
    The name constraints are specified as a byte array. This byte array contains the DER encoded form of the name constraints, as they would appear in the NameConstraints structure defined in RFC 2459 and X.509.
    the X.500 distinguished name of the most-trusted CA in RFC 2253 string format the public key of the most-trusted CA a byte array containing the ASN.1 DER encoding of a NameConstraints extension to be used for checking name constraints. Only the value of the extension is included, not the OID or criticality flag. Specify null to omit the parameter. throws NullPointerException, IllegalArgumentException
    Returns the most-trusted CA certificate. Returns the name of the most-trusted CA as an X509Name. Returns the name of the most-trusted CA in RFC 2253 string format. Returns the public key of the most-trusted CA. Decode the name constraints and clone them if not null. Returns a formatted string describing the TrustAnchor. a formatted string describing the TrustAnchor Base class for an RFC 3161 Time Stamp Request. Create a TimeStampRequest from the past in byte array. @param req byte array containing the request. @throws IOException if the request is malformed. Create a TimeStampRequest from the past in input stream. @param in input stream containing the request. @throws IOException if the request is malformed. Validate the timestamp request, checking the digest to see if it is of an accepted type and whether it is of the correct length for the algorithm specified. @param algorithms a set of string OIDS giving accepted algorithms. @param policies if non-null a set of policies we are willing to sign under. @param extensions if non-null a set of extensions we are willing to accept. @throws TspException if the request is invalid, or processing fails. return the ASN.1 encoded representation of this object. Generator for RFC 3161 Time Stamp Request objects. add a given extension field for the standard extensions tag (tag 3) @throws IOException add a given extension field for the standard extensions tag The value parameter becomes the contents of the octet string associated with the extension. add a given extension field for the standard extensions tag (tag 3) @throws IOException add a given extension field for the standard extensions tag The value parameter becomes the contents of the octet string associated with the extension. Base class for an RFC 3161 Time Stamp Response object. Create a TimeStampResponse from a byte array containing an ASN.1 encoding. @param resp the byte array containing the encoded response. @throws TspException if the response is malformed. @throws IOException if the byte array doesn't represent an ASN.1 encoding. Create a TimeStampResponse from an input stream containing an ASN.1 encoding. @param input the input stream containing the encoded response. @throws TspException if the response is malformed. @throws IOException if the stream doesn't represent an ASN.1 encoding. Check this response against to see if it a well formed response for the passed in request. Validation will include checking the time stamp token if the response status is GRANTED or GRANTED_WITH_MODS. @param request the request to be checked against @throws TspException if the request can not match this response. return the ASN.1 encoded representation of this object. Generator for RFC 3161 Time Stamp Responses. Return an appropriate TimeStampResponse.

    If genTime is null a timeNotAvailable error response will be returned. @param request the request this response is for. @param serialNumber serial number for the response token. @param genTime generation time for the response token. @param provider provider to use for signature calculation. @return @throws NoSuchAlgorithmException @throws NoSuchProviderException @throws TSPException

    Generate a TimeStampResponse with chosen status and FailInfoField. @param status the PKIStatus to set. @param failInfoField the FailInfoField to set. @param statusString an optional string describing the failure. @return a TimeStampResponse with a failInfoField and optional statusString @throws TSPException in case the response could not be created Validate the time stamp token.

    To be valid the token must be signed by the passed in certificate and the certificate must be the one referred to by the SigningCertificate attribute included in the hashed attributes of the token. The certificate must also have the ExtendedKeyUsageExtension with only KeyPurposeID.IdKPTimeStamping and have been valid at the time the timestamp was created.

    A successful call to validate means all the above are true.

    Return the underlying CmsSignedData object. @return the underlying CMS structure. Return a ASN.1 encoded byte stream representing the encoded object. @throws IOException if encoding fails. basic creation - only the default attributes will be included here. create with a signer with extra signed/unsigned attributes. @return the nonce value, null if there isn't one. Recognised hash algorithms for the time stamp protocol. Fetches the signature time-stamp attributes from a SignerInformation object. Checks that the MessageImprint for each time-stamp matches the signature field. (see RFC 3161 Appendix A). @param signerInfo a SignerInformation to search for time-stamps @return a collection of TimeStampToken objects @throws TSPValidationException Validate the passed in certificate as being of the correct type to be used for time stamping. To be valid it must have an ExtendedKeyUsage extension which has a key purpose identifier of id-kp-timeStamping. @param cert the certificate of interest. @throws TspValidationException if the certicate fails on one of the check points. Return the digest algorithm using one of the standard JCA string representations rather than the algorithm identifier (if possible). Exception thrown if a TSP request or response fails to validate.

    If a failure code is associated with the exception it can be retrieved using the getFailureCode() method.

    Return the failure code associated with this exception - if one is set. @return the failure code if set, -1 otherwise. General array utilities. Are two arrays equal. Left side. Right side. True if equal. A constant time equals comparison - does not terminate early if test will fail. first array second array true if arrays equal, false otherwise. Make a copy of a range of bytes from the passed in data array. The range can extend beyond the end of the input array, in which case the return array will be padded with zeroes. @param data the array from which the data is to be copied. @param from the start index at which the copying should take place. @param to the final index of the range (exclusive). @return a new byte array containing the range given. BigInteger utilities. Return the passed in value as an unsigned byte array. @param value value to be converted. @return a byte array without a leading zero byte if present in the signed encoding. Return the passed in value as an unsigned byte array of specified length, zero-extended as necessary. @param length desired length of result array. @param n value to be converted. @return a byte array of specified length, with leading zeroes as necessary given the size of n. Creates a Random BigInteger from the secure random of a given bit length. Return a random BigInteger not less than 'min' and not greater than 'max' @param min the least value that may be generated @param max the greatest value that may be generated @param random the source of randomness @return a random BigInteger value in the range [min,max] Return the number of milliseconds since the Unix epoch (1 Jan., 1970 UTC) for a given DateTime value. A UTC DateTime value not before epoch. Number of whole milliseconds after epoch. 'dateTime' is before epoch. Create a DateTime value from the number of milliseconds since the Unix epoch (1 Jan., 1970 UTC). Number of milliseconds since the epoch. A UTC DateTime value Return the current number of milliseconds since the Unix epoch (1 Jan., 1970 UTC). encode the input data producing a base 64 encoded byte array. @return a byte array containing the base 64 encoded data. encode the input data producing a base 64 encoded byte array. @return a byte array containing the base 64 encoded data. Encode the byte data to base 64 writing it to the given output stream. @return the number of bytes produced. Encode the byte data to base 64 writing it to the given output stream. @return the number of bytes produced. decode the base 64 encoded input data. It is assumed the input data is valid. @return a byte array representing the decoded data. decode the base 64 encoded string data - whitespace will be ignored. @return a byte array representing the decoded data. decode the base 64 encoded string data writing it to the given output stream, whitespace characters will be ignored. @return the number of bytes produced. encode the input data producing a base 64 output stream. @return the number of bytes produced. decode the base 64 encoded byte data writing it to the given output stream, whitespace characters will be ignored. @return the number of bytes produced. decode the base 64 encoded string data writing it to the given output stream, whitespace characters will be ignored. @return the number of bytes produced. A buffering class to allow translation from one format to another to be done in discrete chunks. Create a buffered Decoder. The translater to use. The size of the buffer. Process one byte of data. Data in. Byte array for the output. The offset in the output byte array to start writing from. The amount of output bytes. Process data from a byte array. The input data. Start position within input data array. Amount of data to process from input data array. Array to store output. Position in output array to start writing from. The amount of output bytes. A class that allows encoding of data using a specific encoder to be processed in chunks. Create. The translator to use. Size of the chunks. Process one byte of data. The byte. An array to store output in. Offset within output array to start writing from. Process data from a byte array. Input data Byte array containing data to be processed. Start position within input data array. Amount of input data to be processed. Output data array. Offset within output data array to start writing to. The amount of data written. Class to decode and encode Hex. encode the input data producing a Hex encoded byte array. @return a byte array containing the Hex encoded data. encode the input data producing a Hex encoded byte array. @return a byte array containing the Hex encoded data. Hex encode the byte data writing it to the given output stream. @return the number of bytes produced. Hex encode the byte data writing it to the given output stream. @return the number of bytes produced. decode the Hex encoded input data. It is assumed the input data is valid. @return a byte array representing the decoded data. decode the Hex encoded string data - whitespace will be ignored. @return a byte array representing the decoded data. decode the Hex encoded string data writing it to the given output stream, whitespace characters will be ignored. @return the number of bytes produced. encode the input data producing a Hex output stream. @return the number of bytes produced. decode the Hex encoded byte data writing it to the given output stream, whitespace characters will be ignored. @return the number of bytes produced. decode the Hex encoded string data writing it to the given output stream, whitespace characters will be ignored. @return the number of bytes produced. A hex translator. Return encoded block size. 2 Encode some data. Input data array. Start position within input data array. The amount of data to process. The output data array. The offset within the output data array to start writing from. Amount of data encoded. Returns the decoded block size. 1 Decode data from a byte array. The input data array. Start position within input data array. The amounty of data to process. The output data array. The position within the output data array to start writing from. The amount of data written. Encode and decode byte arrays (typically from binary to 7-bit ASCII encodings). Translator interface. Convert binary data to and from UrlBase64 encoding. This is identical to Base64 encoding, except that the padding character is "." and the other non-alphanumeric characters are "-" and "_" instead of "+" and "/".

    The purpose of UrlBase64 encoding is to provide a compact encoding of binary data that is safe for use as an URL parameter. Base64 encoding does not produce encoded values that are safe for use in URLs, since "/" can be interpreted as a path delimiter; "+" is the encoded form of a space; and "=" is used to separate a name from the corresponding value in an URL parameter.

    Encode the input data producing a URL safe base 64 encoded byte array. @return a byte array containing the URL safe base 64 encoded data. Encode the byte data writing it to the given output stream. @return the number of bytes produced. Decode the URL safe base 64 encoded input data - white space will be ignored. @return a byte array representing the decoded data. decode the URL safe base 64 encoded byte data writing it to the given output stream, whitespace characters will be ignored. @return the number of bytes produced. decode the URL safe base 64 encoded string data - whitespace will be ignored. @return a byte array representing the decoded data. Decode the URL safe base 64 encoded string data writing it to the given output stream, whitespace characters will be ignored. @return the number of bytes produced. Convert binary data to and from UrlBase64 encoding. This is identical to Base64 encoding, except that the padding character is "." and the other non-alphanumeric characters are "-" and "_" instead of "+" and "/".

    The purpose of UrlBase64 encoding is to provide a compact encoding of binary data that is safe for use as an URL parameter. Base64 encoding does not produce encoded values that are safe for use in URLs, since "/" can be interpreted as a path delimiter; "+" is the encoded form of a space; and "=" is used to separate a name from the corresponding value in an URL parameter.

    Produce a copy of this object with its configuration and in its current state. The returned object may be used simply to store the state, or may be used as a similar object starting from the copied state. Restore a copied object state into this object. Implementations of this method should try to avoid or minimise memory allocation to perform the reset. an object originally {@link #copy() copied} from an object of the same type as this instance. if the provided object is not of the correct type. if the other parameter is in some other way invalid. A A A A A generic PEM writer, based on RFC 1421 Base constructor. @param out output stream to use. Return the number of bytes or characters required to contain the passed in object if it is PEM encoded. @param obj pem object to be output @return an estimate of the number of bytes Pipe all bytes from inStr to outStr, throwing StreamFlowException if greater than limit bytes in inStr. A A A The number of bytes actually transferred, if not greater than limit Exception to be thrown on a failure to reset an object implementing Memoable.

    The exception extends InvalidCastException to enable users to have a single handling case, only introducing specific handling of this one if required.

    Basic Constructor. @param msg message to be associated with this exception. Validate the given IPv4 or IPv6 address. @param address the IP address as a string. @return true if a valid address, false otherwise Validate the given IPv4 or IPv6 address and netmask. @param address the IP address as a string. @return true if a valid address with netmask, false otherwise Validate the given IPv4 address. @param address the IP address as a string. @return true if a valid IPv4 address, false otherwise Validate the given IPv6 address. @param address the IP address as a string. @return true if a valid IPv4 address, false otherwise General string utilities. Summary description for DeflaterOutputStream. Summary description for DeflaterOutputStream. The Holder object.
                Holder ::= SEQUENCE {
                	baseCertificateID   [0] IssuerSerial OPTIONAL,
                		-- the issuer and serial number of
                		-- the holder's Public Key Certificate
                	entityName          [1] GeneralNames OPTIONAL,
                		-- the name of the claimant or role
                	objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                		-- used to directly authenticate the holder,
                		-- for example, an executable
                }
                
    Constructs a holder for v2 attribute certificates with a hash value for some type of object.

    digestedObjectType can be one of the following:

    • 0 - publicKey - A hash of the public key of the holder must be passed.
    • 1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
    • 2 - otherObjectDigest - A hash of some other object type must be passed. otherObjectTypeID must not be empty.

    This cannot be used if a v1 attribute certificate is used.

    @param digestedObjectType The digest object type. @param digestAlgorithm The algorithm identifier for the hash. @param otherObjectTypeID The object type ID if digestedObjectType is otherObjectDigest. @param objectDigest The hash value.
    Returns the digest object type if an object digest info is used.

    • 0 - publicKey - A hash of the public key of the holder must be passed.
    • 1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
    • 2 - otherObjectDigest - A hash of some other object type must be passed. otherObjectTypeID must not be empty.

    @return The digest object type or -1 if no object digest info is set.
    Returns the other object type ID if an object digest info is used. @return The other object type ID or null if no object digest info is set. Returns the hash if an object digest info is used. @return The hash or null if no object digest info is set. Returns the digest algorithm ID if an object digest info is used. @return The digest algorithm ID or null if no object digest info is set. Return any principal objects inside the attribute certificate holder entity names field. @return an array of IPrincipal objects (usually X509Name), null if no entity names field is set. Return the principals associated with the issuer attached to this holder @return an array of principals, null if no BaseCertificateID is set. Return the serial number associated with the issuer attached to this holder. @return the certificate serial number, null if no BaseCertificateID is set. Carrying class for an attribute certificate issuer. Set the issuer directly with the ASN.1 structure. @param issuer The issuer Return any principal objects inside the attribute certificate issuer object. An array of IPrincipal objects (usually X509Principal). A high level authority key identifier. Constructor which will take the byte[] returned from getExtensionValue() @param encodedValue a DER octet encoded string with the extension structure in it. @throws IOException on parsing errors. Create an AuthorityKeyIdentifier using the passed in certificate's public key, issuer and serial number. @param certificate the certificate providing the information. @throws CertificateParsingException if there is a problem processing the certificate Create an AuthorityKeyIdentifier using just the hash of the public key. @param pubKey the key to generate the hash from. @throws InvalidKeyException if there is a problem using the key. A high level subject key identifier. Constructor which will take the byte[] returned from getExtensionValue() @param encodedValue a DER octet encoded string with the extension structure in it. @throws IOException on parsing errors. Interface for an X.509 Attribute Certificate. The version number for the certificate. The serial number for the certificate. The UTC DateTime before which the certificate is not valid. The UTC DateTime after which the certificate is not valid. The holder of the certificate. The issuer details for the certificate. Return the attributes contained in the attribute block in the certificate. An array of attributes. Return the attributes with the same type as the passed in oid. The object identifier we wish to match. An array of matched attributes, null if there is no match. Return an ASN.1 encoded byte array representing the attribute certificate. An ASN.1 encoded byte array. If the certificate cannot be encoded. Get all critical extension values, by oid IDictionary with string (OID) keys and Asn1OctetString values Get all non-critical extension values, by oid IDictionary with string (OID) keys and Asn1OctetString values A utility class that will extract X509Principal objects from X.509 certificates.

    Use this in preference to trying to recreate a principal from a string, not all DNs are what they should be, so it's best to leave them encoded where they can be.

    Return the issuer of the given cert as an X509Principal. Return the subject of the given cert as an X509Principal. Return the issuer of the given CRL as an X509Principal. This class is an Selector like implementation to select attribute certificates from a given set of criteria. @see org.bouncycastle.x509.X509AttributeCertificate @see org.bouncycastle.x509.X509Store Decides if the given attribute certificate should be selected. The attribute certificate to be checked. true if the object matches this selector. The attribute certificate which must be matched. If null is given, any will do. The criteria for validity If null is given any will do. The holder. If null is given any will do. The issuer. If null is given any will do. The serial number. If null is given any will do. Adds a target name criterion for the attribute certificate to the target information extension criteria. The X509AttributeCertificate must contain at least one of the specified target names.

    Each attribute certificate may contain a target information extension limiting the servers where this attribute certificate can be used. If this extension is not present, the attribute certificate is not targeted and may be accepted by any server.

    @param name The name as a GeneralName (not null)
    Adds a target name criterion for the attribute certificate to the target information extension criteria. The X509AttributeCertificate must contain at least one of the specified target names.

    Each attribute certificate may contain a target information extension limiting the servers where this attribute certificate can be used. If this extension is not present, the attribute certificate is not targeted and may be accepted by any server.

    @param name a byte array containing the name in ASN.1 DER encoded form of a GeneralName @throws IOException if a parsing error occurs.
    Adds a collection with target names criteria. If null is given any will do.

    The collection consists of either GeneralName objects or byte[] arrays representing DER encoded GeneralName structures.

    @param names A collection of target names. @throws IOException if a parsing error occurs. @see #AddTargetName(byte[]) @see #AddTargetName(GeneralName)
    Gets the target names. The collection consists of Lists made up of an Integer in the first entry and a DER encoded byte array or a String in the second entry.

    The returned collection is immutable.

    @return The collection of target names @see #setTargetNames(Collection)
    Adds a target group criterion for the attribute certificate to the target information extension criteria. The X509AttributeCertificate must contain at least one of the specified target groups.

    Each attribute certificate may contain a target information extension limiting the servers where this attribute certificate can be used. If this extension is not present, the attribute certificate is not targeted and may be accepted by any server.

    @param group The group as GeneralName form (not null)
    Adds a target group criterion for the attribute certificate to the target information extension criteria. The X509AttributeCertificate must contain at least one of the specified target groups.

    Each attribute certificate may contain a target information extension limiting the servers where this attribute certificate can be used. If this extension is not present, the attribute certificate is not targeted and may be accepted by any server.

    @param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName @throws IOException if a parsing error occurs.
    Adds a collection with target groups criteria. If null is given any will do.

    The collection consists of GeneralName objects or byte[] representing DER encoded GeneralNames.

    @param names A collection of target groups. @throws IOException if a parsing error occurs. @see #AddTargetGroup(byte[]) @see #AddTargetGroup(GeneralName)
    Gets the target groups. The collection consists of Lists made up of an Integer in the first entry and a DER encoded byte array or a String in the second entry.

    The returned collection is immutable.

    @return The collection of target groups. @see #setTargetGroups(Collection)
    This class is an IX509Selector implementation to select certificate pairs, which are e.g. used for cross certificates. The set of criteria is given from two X509CertStoreSelector objects, each of which, if present, must match the respective component of a pair. The certificate pair which is used for testing on equality. The certificate selector for the forward part. The certificate selector for the reverse part. Decides if the given certificate pair should be selected. If obj is not a X509CertificatePair, this method returns false. The X509CertificatePair to be tested. true if the object matches this selector. An ISet of DerObjectIdentifier objects. A simple collection backed store. Basic constructor. @param collection - initial contents for the store, this is copied. Return the matches in the collection for the passed in selector. @param selector the selector to match against. @return a possibly empty collection of matching objects. This class contains a collection for collection based X509Stores. Constructor.

    The collection is copied.

    The collection containing X.509 object types. If collection is null.
    Returns a copy of the ICollection. Returns a formatted string describing the parameters. An ICollection of X509Name objects The attribute certificate being checked. This is not a criterion. Rather, it is optional information that may help a {@link X509Store} find CRLs that would be relevant when checking revocation for the specified attribute certificate. If null is specified, then no such optional information is provided. @param attrCert the IX509AttributeCertificate being checked (or null) @see #getAttrCertificateChecking() If true only complete CRLs are returned. Defaults to false. @return true if only complete CRLs are returned. Returns if this selector must match CRLs with the delta CRL indicator extension set. Defaults to false. @return Returns true if only CRLs with the delta CRL indicator extension are selected. The issuing distribution point.

    The issuing distribution point extension is a CRL extension which identifies the scope and the distribution point of a CRL. The scope contains among others information about revocation reasons contained in the CRL. Delta CRLs and complete CRLs must have matching issuing distribution points.

    The byte array is cloned to protect against subsequent modifications.

    You must also enable or disable this criteria with {@link #setIssuingDistributionPointEnabled(bool)}.

    @param issuingDistributionPoint The issuing distribution point to set. This is the DER encoded OCTET STRING extension value. @see #getIssuingDistributionPoint()
    Whether the issuing distribution point criteria should be applied. Defaults to false.

    You may also set the issuing distribution point criteria if not a missing issuing distribution point should be assumed.

    @return Returns if the issuing distribution point check is enabled.
    The maximum base CRL number. Defaults to null. @return Returns the maximum base CRL number. @see #setMaxBaseCRLNumber(BigInteger) A factory to produce Public Key Info Objects. Create a Subject Public Key Info object for a given public key. One of ElGammalPublicKeyParameters, DSAPublicKeyParameter, DHPublicKeyParameters, RsaKeyParameters or ECPublicKeyParameters A subject public key info object. Throw exception if object provided is not one of the above. Create loading data from byte array. Create loading data from byte array. Generates a certificate object and initializes it with the data read from the input stream inStream. Returns a (possibly empty) collection view of the certificates read from the given input stream inStream. Class for carrying the values in an X.509 Attribute. @param at an object representing an attribute. Create an X.509 Attribute with the type given by the passed in oid and the value represented by an ASN.1 Set containing value. @param oid type of the attribute @param value value object to go into the atribute's value set. Create an X.59 Attribute with the type given by the passed in oid and the value represented by an ASN.1 Set containing the objects in value. @param oid type of the attribute @param value vector of values to go in the attribute's value set. An Object representing an X509 Certificate. Has static methods for loading Certificates encoded in many forms that return X509Certificate Objects. Return true if the current time is within the start and end times nominated on the certificate. true id certificate is valid for the current time. Return true if the nominated time is within the start and end times nominated on the certificate. The time to test validity against. True if certificate is valid for nominated time. Checks if the current date is within certificate's validity period. Checks if the given date is within certificate's validity period. if the certificate is expired by given date if the certificate is not yet valid on given date Return the certificate's version. An integer whose value Equals the version of the cerficate. Return a BigInteger containing the serial number. The Serial number. Get the Issuer Distinguished Name. (Who signed the certificate.) And X509Object containing name and value pairs. Get the subject of this certificate. An X509Name object containing name and value pairs. The time that this certificate is valid from. A DateTime object representing that time in the local time zone. The time that this certificate is valid up to. A DateTime object representing that time in the local time zone. Return the Der encoded TbsCertificate data. This is the certificate component less the signature. To Get the whole certificate call the GetEncoded() member. A byte array containing the Der encoded Certificate component. The signature. A byte array containg the signature of the certificate. A meaningful version of the Signature Algorithm. (EG SHA1WITHRSA) A sting representing the signature algorithm. Get the Signature Algorithms Object ID. A string containg a '.' separated object id. Get the signature algorithms parameters. (EG DSA Parameters) A byte array containing the Der encoded version of the parameters or null if there are none. Get the issuers UID. A DerBitString. Get the subjects UID. A DerBitString. Get a key usage guidlines. Get the public key of the subject of the certificate. The public key parameters. Return a Der encoded version of this certificate. A byte array. Verify the certificate's signature using the nominated public key. An appropriate public key parameter object, RsaPublicKeyParameters, DsaPublicKeyParameters or ECDsaPublicKeyParameters True if the signature is valid. If key submitted is not of the above nominated types. Verify the certificate's signature using a verifier created using the passed in verifier provider. An appropriate provider for verifying the certificate's signature. True if the signature is valid. If verifier provider is not appropriate or the certificate algorithm is invalid. This class contains a cross certificate pair. Cross certificates pairs may contain two cross signed certificates from two CAs. A certificate from the other CA to this CA is contained in the forward certificate, the certificate from this CA to the other CA is contained in the reverse certificate. Constructor Certificate from the other CA to this CA. Certificate from this CA to the other CA. Constructor from a ASN.1 CertificatePair structure. The CertificatePair ASN.1 object. Returns the certificate from the other CA to this CA. Returns the certificate from this CA to the other CA. class for dealing with X509 certificates.

    At the moment this will deal with "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----" base 64 encoded certs, as well as the BER binaries of certificates and some classes of PKCS#7 objects.

    Create loading data from byte array. Create loading data from byte array. Generates a certificate object and initializes it with the data read from the input stream inStream. Returns a (possibly empty) collection view of the certificates read from the given input stream inStream. Create loading data from byte array. Create loading data from byte array. The following extensions are listed in RFC 2459 as relevant to CRLs Authority Key Identifier Issuer Alternative Name CRL Number Delta CRL Indicator (critical) Issuing Distribution Point (critical) Verify the CRL's signature using a verifier created using the passed in verifier provider. An appropriate provider for verifying the CRL's signature. True if the signature is valid. If verifier provider is not appropriate or the CRL algorithm is invalid. Returns a string representation of this CRL. @return a string representation of this CRL. Checks whether the given certificate is on this CRL. @param cert the certificate to check for. @return true if the given certificate is on this CRL, false otherwise. The following extensions are listed in RFC 2459 as relevant to CRL Entries ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer (critical) Constructor for CRLEntries of indirect CRLs. If isIndirect is false {@link #getCertificateIssuer()} will always return null, previousCertificateIssuer is ignored. If this isIndirect is specified and this CrlEntry has no certificate issuer CRL entry extension previousCertificateIssuer is returned by {@link #getCertificateIssuer()}. @param c TbsCertificateList.CrlEntry object. @param isIndirect true if the corresponding CRL is a indirect CRL. @param previousCertificateIssuer Certificate issuer of the previous CrlEntry. Create loading data from byte array. Create loading data from byte array. Generates a certificate revocation list (CRL) object and initializes it with the data read from the input stream inStream. Returns a (possibly empty) collection view of the CRLs read from the given input stream inStream. The inStream may contain a sequence of DER-encoded CRLs, or a PKCS#7 CRL set. This is a PKCS#7 SignedData object, with the only significant field being crls. In particular the signature and the contents are ignored. Get non critical extensions. A set of non critical extension oids. Get any critical extensions. A sorted list of critical entension. Get the value of a given extension. The object ID of the extension. An Asn1OctetString object if that extension is found or null if not. A holding class for constructing an X509 Key Usage extension.
                    id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
                
                    KeyUsage ::= BIT STRING {
                         digitalSignature        (0),
                         nonRepudiation          (1),
                         keyEncipherment         (2),
                         dataEncipherment        (3),
                         keyAgreement            (4),
                         keyCertSign             (5),
                         cRLSign                 (6),
                         encipherOnly            (7),
                         decipherOnly            (8) }
                 
    Basic constructor. @param usage - the bitwise OR of the Key Usage flags giving the allowed uses for the key. e.g. (X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment) Return the digest algorithm using one of the standard JCA string representations rather than the algorithm identifier (if possible). Class to Generate X509V1 Certificates. Default Constructor. Reset the generator. Set the certificate's serial number. Make serial numbers long, if you have no serial number policy make sure the number is at least 16 bytes of secure random data. You will be surprised how ugly a serial number collision can get. The serial number. Set the issuer distinguished name. The issuer is the entity whose private key is used to sign the certificate. The issuers DN. Set the date that this certificate is to be valid from. Set the date after which this certificate will no longer be valid. Set the subject distinguished name. The subject describes the entity associated with the public key. Set the public key that this certificate identifies. Set the signature algorithm that will be used to sign this certificate. This can be either a name or an OID, names are treated as case insensitive. string representation of the algorithm name Generate a new X509Certificate. The private key of the issuer used to sign this certificate. An X509Certificate. Generate a new X509Certificate specifying a SecureRandom instance that you would like to use. The private key of the issuer used to sign this certificate. The Secure Random you want to use. An X509Certificate. Generate a new X509Certificate using the passed in SignatureCalculator. A signature calculator factory with the necessary algorithm details. An X509Certificate. Allows enumeration of the signature names supported by the generator. An implementation of a version 2 X.509 Attribute Certificate. Verify the certificate's signature using a verifier created using the passed in verifier provider. An appropriate provider for verifying the certificate's signature. True if the signature is valid. If verifier provider is not appropriate or the certificate algorithm is invalid. Class to produce an X.509 Version 2 AttributeCertificate. Reset the generator Set the Holder of this Attribute Certificate. Set the issuer. Set the serial number for the certificate. Set the signature algorithm. This can be either a name or an OID, names are treated as case insensitive. The algorithm name. Add an attribute. Add a given extension field for the standard extensions tag. Add a given extension field for the standard extensions tag. The value parameter becomes the contents of the octet string associated with the extension. Generate an X509 certificate, based on the current issuer and subject. Generate an X509 certificate, based on the current issuer and subject, using the supplied source of randomness, if required. Generate a new X.509 Attribute Certificate using the passed in SignatureCalculator. A signature calculator factory with the necessary algorithm details. An IX509AttributeCertificate. Allows enumeration of the signature names supported by the generator. class to produce an X.509 Version 2 CRL. reset the generator Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the certificate. Reason being as indicated by CrlReason, i.e. CrlReason.KeyCompromise or 0 if CrlReason is not to be used Add a CRL entry with an Invalidity Date extension as well as a CrlReason extension. Reason being as indicated by CrlReason, i.e. CrlReason.KeyCompromise or 0 if CrlReason is not to be used Add a CRL entry with extensions. Add the CRLEntry objects contained in a previous CRL. @param other the X509Crl to source the other entries from. Set the signature algorithm that will be used to sign this CRL. add a given extension field for the standard extensions tag (tag 0) add a given extension field for the standard extensions tag (tag 0) add a given extension field for the standard extensions tag (tag 0) add a given extension field for the standard extensions tag (tag 0) Generate an X.509 CRL, based on the current issuer and subject. The private key of the issuer that is signing this certificate. An X509Crl. Generate an X.509 CRL, based on the current issuer and subject using the specified secure random. The private key of the issuer that is signing this certificate. Your Secure Random instance. An X509Crl. Generate a new X509Crl using the passed in SignatureCalculator. A signature calculator factory with the necessary algorithm details. An X509Crl. Allows enumeration of the signature names supported by the generator. A class to Generate Version 3 X509Certificates. Reset the Generator. Set the certificate's serial number. Make serial numbers long, if you have no serial number policy make sure the number is at least 16 bytes of secure random data. You will be surprised how ugly a serial number collision can Get. The serial number. Set the distinguished name of the issuer. The issuer is the entity which is signing the certificate. The issuer's DN. Set the date that this certificate is to be valid from. Set the date after which this certificate will no longer be valid. Set the DN of the entity that this certificate is about. Set the public key that this certificate identifies. Set the signature algorithm that will be used to sign this certificate. Set the subject unique ID - note: it is very rare that it is correct to do this. Set the issuer unique ID - note: it is very rare that it is correct to do this. Add a given extension field for the standard extensions tag (tag 3). string containing a dotted decimal Object Identifier. Is it critical. The value. Add an extension to this certificate. Its Object Identifier. Is it critical. The value. Add an extension using a string with a dotted decimal OID. string containing a dotted decimal Object Identifier. Is it critical. byte[] containing the value of this extension. Add an extension to this certificate. Its Object Identifier. Is it critical. byte[] containing the value of this extension. Add a given extension field for the standard extensions tag (tag 3), copying the extension value from another certificate. add a given extension field for the standard extensions tag (tag 3) copying the extension value from another certificate. @throws CertificateParsingException if the extension cannot be extracted. Generate an X509Certificate. The private key of the issuer that is signing this certificate. An X509Certificate. Generate an X509Certificate using your own SecureRandom. The private key of the issuer that is signing this certificate. You Secure Random instance. An X509Certificate. Generate a new X509Certificate using the passed in SignatureCalculator. A signature calculator factory with the necessary algorithm details. An X509Certificate. Allows enumeration of the signature names supported by the generator. Base class for both the compress and decompress classes. Holds common arrays, and static data. @author
    Keiron Liddle An input stream that decompresses from the BZip2 format (with the file header chars) to be read as any other stream. @author Keiron Liddle NB: note this class has been modified to read the leading BZ from the start of the BZIP2 stream to make it compatible with other PGP programs. An output stream that compresses into the BZip2 format (with the file header chars) into another stream. @author Keiron Liddle TODO: Update to BZip2 1.0.1 NB: note this class has been modified to add a leading BZ to the start of the BZIP2 stream to make it compatible with other PGP programs. modified by Oliver Merkel, 010128 A simple class the hold and calculate the CRC for sanity checking of the data. @author Keiron Liddle Return a salted hash based on PBKDF2 for the UTF-8 encoding of the argument text. Provided key text Base64 encoded string representing the salt