net.corda.core.crypto

Class Crypto

net.corda.core.crypto.Crypto

public class Crypto

This object controls and provides the available and supported signature schemes for Corda. Any implemented class SignatureScheme should be strictly defined here. However, only the schemes returned by {@link #listSupportedSignatureSchemes()} are supported. Note that Corda currently supports the following signature schemes by their code names:

See Also:

class SignatureScheme

Field Detail

RSA_SHA256

@JvmField
 @NotNull
public static SignatureScheme RSA_SHA256

RSA PKCS#1 signature scheme using SHA256 for message hashing. The actual algorithm id is 1.2.840.113549.1.1.1 Note: Recommended key size >= 3072 bits.

ECDSA_SECP256K1_SHA256

@JvmField
 @NotNull
public static SignatureScheme ECDSA_SECP256K1_SHA256

ECDSA signature scheme using the secp256k1 Koblitz curve and SHA256 for message hashing.

ECDSA_SECP256R1_SHA256

@JvmField
 @NotNull
public static SignatureScheme ECDSA_SECP256R1_SHA256

ECDSA signature scheme using the secp256r1 (NIST P-256) curve and SHA256 for message hashing.

EDDSA_ED25519_SHA512

@JvmField
 @NotNull
public static SignatureScheme EDDSA_ED25519_SHA512

EdDSA signature scheme using the ed25519 twisted Edwards curve and SHA512 for message hashing. The actual algorithm is PureEdDSA Ed25519 as defined in https://tools.ietf.org/html/rfc8032 Not to be confused with the EdDSA variants, Ed25519ctx and Ed25519ph.

SHA512_256

@JvmField
 @NotNull
public static org.bouncycastle.asn1.DLSequence SHA512_256

DLSequence (ASN1Sequence) for SHA512 truncated to 256 bits, used in SPHINCS-256 signature scheme.

SPHINCS256_SHA256

@JvmField
 @NotNull
public static SignatureScheme SPHINCS256_SHA256

SPHINCS-256 hash-based signature scheme using SHA512 for message hashing. It provides 128bit security against post-quantum attackers at the cost of larger key nd signature sizes and loss of compatibility.

COMPOSITE_KEY

@JvmField
 @NotNull
public static SignatureScheme COMPOSITE_KEY

Corda class CompositeKey signature type.

See Also:

class CompositeKey

DEFAULT_SIGNATURE_SCHEME

@JvmField
 @NotNull
public static SignatureScheme DEFAULT_SIGNATURE_SCHEME

Our default signature scheme if no algorithm is specified (e.g. for key generation).

INSTANCE

public static Crypto INSTANCE

This object controls and provides the available and supported signature schemes for Corda. Any implemented class SignatureScheme should be strictly defined here. However, only the schemes returned by {@link #listSupportedSignatureSchemes()} are supported. Note that Corda currently supports the following signature schemes by their code names:

See Also:

class SignatureScheme

Method Detail

supportedSignatureSchemes

@JvmStatic
 @NotNull
public static java.util.List<net.corda.core.crypto.SignatureScheme> supportedSignatureSchemes()

findProvider

@JvmStatic
 @NotNull
public static java.security.Provider findProvider(@NotNull
                                                                       java.lang.String name)

findSignatureScheme

@JvmStatic
 @NotNull
public static SignatureScheme findSignatureScheme(@NotNull
                                                                       org.bouncycastle.asn1.x509.AlgorithmIdentifier algorithm)

findSignatureScheme

@JvmStatic
 @NotNull
public static SignatureScheme findSignatureScheme(int schemeNumberID)

Find class SignatureScheme by platform specific schemeNumberID.

See Also:

class SignatureScheme

findSignatureScheme

@JvmStatic
 @NotNull
public static SignatureScheme findSignatureScheme(@NotNull
                                                                       java.lang.String schemeCodeName)

Factory pattern to retrieve the corresponding class SignatureScheme based on SignatureScheme.schemeCodeName. This function is usually called by key generators and verify signature functions. In case the input is not a key in the supportedSignatureSchemes map, null will be returned.

Parameters:

schemeCodeName - a String that should match a supported signature scheme code name (e.g. ECDSA_SECP256K1_SHA256), see class Crypto.

Returns:

a currently supported SignatureScheme.

Throws:

IllegalArgumentException - if the requested signature scheme is not supported.

See Also:

class SignatureScheme

findSignatureScheme

@JvmStatic
 @NotNull
public static SignatureScheme findSignatureScheme(@NotNull
                                                                       java.security.PublicKey key)

Retrieve the corresponding class SignatureScheme based on the type of the input Key. This function is usually called when requiring to verify signatures and the signing schemes must be defined. For the supported signature schemes see class Crypto.

Parameters:

key - either private or public.

Returns:

a currently supported SignatureScheme.

Throws:

IllegalArgumentException - if the requested key type is not supported.

See Also:

class SignatureScheme, Key, class Crypto

findSignatureScheme

@JvmStatic
 @NotNull
public static SignatureScheme findSignatureScheme(@NotNull
                                                                       java.security.PrivateKey key)

Retrieve the corresponding class SignatureScheme based on the type of the input Key. This function is usually called when requiring to verify signatures and the signing schemes must be defined. For the supported signature schemes see class Crypto.

Parameters:

key - either private or public.

Returns:

a currently supported SignatureScheme.

Throws:

IllegalArgumentException - if the requested key type is not supported.

See Also:

class SignatureScheme, Key, class Crypto

decodePrivateKey

@JvmStatic
 @NotNull
public static java.security.PrivateKey decodePrivateKey(@NotNull
                                                                             kotlin.Array[] encodedKey)

Decode a PKCS8 encoded key to its PrivateKey object. Use this method if the key type is a-priori unknown.

Parameters:

encodedKey - a PKCS8 encoded private key.

Throws:

IllegalArgumentException - on not supported scheme or if the given key specification is inappropriate for this key factory to produce a private key.

See Also:

PrivateKey

decodePrivateKey

@JvmStatic
 @NotNull
public static java.security.PrivateKey decodePrivateKey(@NotNull
                                                                             java.lang.String schemeCodeName,
                                                                             @NotNull
                                                                             kotlin.Array[] encodedKey)

Decode a PKCS8 encoded key to its PrivateKey object based on the input scheme code name. This should be used when the type key is known, e.g. during deserialisation or with key caches or key managers.

Parameters:

schemeCodeName - a String that should match a key in supportedSignatureSchemes map (e.g. ECDSA_SECP256K1_SHA256).

encodedKey - a PKCS8 encoded private key.

Throws:

IllegalArgumentException - on not supported scheme or if the given key specification is inappropriate for this key factory to produce a private key.

See Also:

PrivateKey

decodePrivateKey

@JvmStatic
 @NotNull
public static java.security.PrivateKey decodePrivateKey(@NotNull
                                                                             SignatureScheme signatureScheme,
                                                                             @NotNull
                                                                             kotlin.Array[] encodedKey)

Decode a PKCS8 encoded key to its PrivateKey object based on the input scheme code name. This should be used when the type key is known, e.g. during deserialisation or with key caches or key managers.

Parameters:

signatureScheme - a signature scheme (e.g. ECDSA_SECP256K1_SHA256).

encodedKey - a PKCS8 encoded private key.

Throws:

IllegalArgumentException - on not supported scheme or if the given key specification is inappropriate for this key factory to produce a private key.

See Also:

PrivateKey

decodePublicKey

@JvmStatic
 @NotNull
public static java.security.PublicKey decodePublicKey(@NotNull
                                                                           kotlin.Array[] encodedKey)

Decode an X509 encoded key to its PublicKey object. Use this method if the key type is a-priori unknown.

Parameters:

encodedKey - an X509 encoded public key.

Throws:

IllegalArgumentException - on not supported scheme or if the given key specification is inappropriate for this key factory to produce a private key.

See Also:

PublicKey

decodePublicKey

@JvmStatic
 @NotNull
public static java.security.PublicKey decodePublicKey(@NotNull
                                                                           java.lang.String schemeCodeName,
                                                                           @NotNull
                                                                           kotlin.Array[] encodedKey)

Decode an X509 encoded key to its PrivateKey object based on the input scheme code name. This should be used when the type key is known, e.g. during deserialisation or with key caches or key managers.

Parameters:

schemeCodeName - a String that should match a key in supportedSignatureSchemes map (e.g. ECDSA_SECP256K1_SHA256).

encodedKey - an X509 encoded public key.

Throws:

IllegalArgumentException - if the requested scheme is not supported.

InvalidKeySpecException - if the given key specification is inappropriate for this key factory to produce a public key.

See Also:

PrivateKey

decodePublicKey

@JvmStatic
 @NotNull
public static java.security.PublicKey decodePublicKey(@NotNull
                                                                           SignatureScheme signatureScheme,
                                                                           @NotNull
                                                                           kotlin.Array[] encodedKey)

Decode an X509 encoded key to its PrivateKey object based on the input scheme code name. This should be used when the type key is known, e.g. during deserialisation or with key caches or key managers.

Parameters:

signatureScheme - a signature scheme (e.g. ECDSA_SECP256K1_SHA256).

encodedKey - an X509 encoded public key.

Throws:

IllegalArgumentException - if the requested scheme is not supported.

InvalidKeySpecException - if the given key specification is inappropriate for this key factory to produce a public key.

See Also:

PrivateKey

doSign

@JvmStatic
 @NotNull
public static kotlin.Array[] doSign(@NotNull
                                                         java.security.PrivateKey privateKey,
                                                         @NotNull
                                                         kotlin.Array[] clearData)

Generic way to sign ByteArray data with a PrivateKey. Strategy on on identifying the actual signing scheme is based on the PrivateKey type, but if the schemeCodeName is known, then better use doSign(signatureScheme: String, privateKey: PrivateKey, clearData: ByteArray).

Parameters:

privateKey - the signer's PrivateKey.

clearData - the data/message to be signed in ByteArray form (usually the Merkle root).

Returns:

the digital signature (in ByteArray) on the input message.

Throws:

IllegalArgumentException - if the signature scheme is not supported for this private key.

InvalidKeyException - if the private key is invalid.

SignatureException - if signing is not possible due to malformed data or private key.

See Also:

ByteArray, PrivateKey, PrivateKey

doSign

@JvmStatic
 @NotNull
public static kotlin.Array[] doSign(@NotNull
                                                         java.lang.String schemeCodeName,
                                                         @NotNull
                                                         java.security.PrivateKey privateKey,
                                                         @NotNull
                                                         kotlin.Array[] clearData)

Generic way to sign ByteArray data with a PrivateKey and a known schemeCodeName String.

Parameters:

schemeCodeName - a signature scheme's code name (e.g. ECDSA_SECP256K1_SHA256).

privateKey - the signer's PrivateKey.

clearData - the data/message to be signed in ByteArray form (usually the Merkle root).

Returns:

the digital signature (in ByteArray) on the input message.

Throws:

IllegalArgumentException - if the signature scheme is not supported.

InvalidKeyException - if the private key is invalid.

SignatureException - if signing is not possible due to malformed data or private key.

See Also:

ByteArray, PrivateKey, String

doSign

@JvmStatic
 @NotNull
public static kotlin.Array[] doSign(@NotNull
                                                         SignatureScheme signatureScheme,
                                                         @NotNull
                                                         java.security.PrivateKey privateKey,
                                                         @NotNull
                                                         kotlin.Array[] clearData)

Generic way to sign ByteArray data with a PrivateKey and a known Signature.

Parameters:

signatureScheme - a class SignatureScheme object, retrieved from supported signature schemes, see class Crypto.

privateKey - the signer's PrivateKey.

clearData - the data/message to be signed in ByteArray form (usually the Merkle root).

Returns:

the digital signature (in ByteArray) on the input message.

Throws:

IllegalArgumentException - if the signature scheme is not supported for this private key.

InvalidKeyException - if the private key is invalid.

SignatureException - if signing is not possible due to malformed data or private key.

See Also:

ByteArray, PrivateKey, Signature

doSign

@JvmStatic
 @NotNull
public static TransactionSignature doSign(@NotNull
                                                               java.security.KeyPair keyPair,
                                                               @NotNull
                                                               SignableData signableData)

Generic way to sign class SignableData objects with a PrivateKey. class SignableData is a wrapper over the transaction's id (Merkle root) in order to attach extra information, such as a timestamp or partial and blind signature indicators.

Parameters:

keyPair - the signer's KeyPair.

signableData - a class SignableData object that adds extra information to a transaction.

Returns:

a class TransactionSignature object than contains the output of a successful signing, signer's public key and the signature metadata.

Throws:

IllegalArgumentException - if the signature scheme is not supported for this private key.

InvalidKeyException - if the private key is invalid.

SignatureException - if signing is not possible due to malformed data or private key.

See Also:

class SignableData, PrivateKey, class SignableData

doVerify

@JvmStatic
public static boolean doVerify(@NotNull
                                          java.lang.String schemeCodeName,
                                          @NotNull
                                          java.security.PublicKey publicKey,
                                          @NotNull
                                          kotlin.Array[] signatureData,
                                          @NotNull
                                          kotlin.Array[] clearData)

Utility to simplify the act of verifying a digital signature. It returns true if it succeeds, but it always throws an exception if verification fails.

Parameters:

schemeCodeName - a signature scheme's code name (e.g. ECDSA_SECP256K1_SHA256).

publicKey - the signer's PublicKey.

signatureData - the signatureData on a message.

clearData - the clear data/message that was signed (usually the Merkle root).

Returns:

true if verification passes or throws an exception if verification fails.

Throws:

InvalidKeyException - if the key is invalid.

SignatureException - if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

IllegalArgumentException - if the signature scheme is not supported or if any of the clear or signature data is empty.

doVerify

@JvmStatic
public static boolean doVerify(@NotNull
                                          java.security.PublicKey publicKey,
                                          @NotNull
                                          kotlin.Array[] signatureData,
                                          @NotNull
                                          kotlin.Array[] clearData)

Utility to simplify the act of verifying a digital signature by identifying the signature scheme used from the input public key's type. It returns true if it succeeds, but it always throws an exception if verification fails. Strategy on identifying the actual signing scheme is based on the PublicKey type, but if the schemeCodeName is known, then better use doVerify(schemeCodeName: String, publicKey: PublicKey, signatureData: ByteArray, clearData: ByteArray).

Parameters:

publicKey - the signer's PublicKey.

signatureData - the signatureData on a message.

clearData - the clear data/message that was signed (usually the Merkle root).

Returns:

true if verification passes or throws an exception if verification fails.

Throws:

InvalidKeyException - if the key is invalid.

SignatureException - if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

IllegalArgumentException - if the signature scheme is not supported or if any of the clear or signature data is empty.

See Also:

PublicKey

doVerify

@JvmStatic
public static boolean doVerify(@NotNull
                                          SignatureScheme signatureScheme,
                                          @NotNull
                                          java.security.PublicKey publicKey,
                                          @NotNull
                                          kotlin.Array[] signatureData,
                                          @NotNull
                                          kotlin.Array[] clearData)

Method to verify a digital signature. It returns true if it succeeds, but it always throws an exception if verification fails.

Parameters:

signatureScheme - a class SignatureScheme object, retrieved from supported signature schemes, see class Crypto.

publicKey - the signer's PublicKey.

signatureData - the signatureData on a message.

clearData - the clear data/message that was signed (usually the Merkle root).

Returns:

true if verification passes or throws an exception if verification fails.

Throws:

InvalidKeyException - if the key is invalid.

SignatureException - if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

IllegalArgumentException - if the signature scheme is not supported or if any of the clear or signature data is empty.

doVerify

@JvmStatic
public static boolean doVerify(@NotNull
                                          SecureHash txId,
                                          @NotNull
                                          TransactionSignature transactionSignature)

Utility to simplify the act of verifying a class TransactionSignature. It returns true if it succeeds, but it always throws an exception if verification fails.

Parameters:

txId - transaction's id.

transactionSignature - the signature on the transaction.

Returns:

true if verification passes or throw exception if verification fails.

Throws:

InvalidKeyException - if the key is invalid.

SignatureException - if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

IllegalArgumentException - if the signature scheme is not supported or if any of the clear or signature data is empty.

See Also:

class TransactionSignature

isValid

@JvmStatic
public static boolean isValid(@NotNull
                                         SecureHash txId,
                                         @NotNull
                                         TransactionSignature transactionSignature)

Utility to simplify the act of verifying a digital signature by identifying the signature scheme used from the input public key's type. It returns true if it succeeds and false if not. In comparison to doVerify if the key and signature do not match it returns false rather than throwing an exception. Normally you should use the function which throws, as it avoids the risk of failing to test the result.

Parameters:

txId - transaction's id.

transactionSignature - the signature on the transaction.

Throws:

SignatureException - if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

See Also:

doVerify

isValid

@JvmStatic
public static boolean isValid(@NotNull
                                         java.security.PublicKey publicKey,
                                         @NotNull
                                         kotlin.Array[] signatureData,
                                         @NotNull
                                         kotlin.Array[] clearData)

Utility to simplify the act of verifying a digital signature by identifying the signature scheme used from the input public key's type. It returns true if it succeeds and false if not. In comparison to doVerify if the key and signature do not match it returns false rather than throwing an exception. Normally you should use the function which throws, as it avoids the risk of failing to test the result. Use this method if the signature scheme is not a-priori known.

Parameters:

publicKey - the signer's PublicKey.

signatureData - the signatureData on a message.

clearData - the clear data/message that was signed (usually the Merkle root).

Returns:

true if verification passes or false if verification fails.

Throws:

SignatureException - if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

See Also:

doVerify

isValid

@JvmStatic
public static boolean isValid(@NotNull
                                         SignatureScheme signatureScheme,
                                         @NotNull
                                         java.security.PublicKey publicKey,
                                         @NotNull
                                         kotlin.Array[] signatureData,
                                         @NotNull
                                         kotlin.Array[] clearData)

Method to verify a digital signature. In comparison to doVerify if the key and signature do not match it returns false rather than throwing an exception. Use this method if the signature scheme type is a-priori unknown.

Parameters:

signatureScheme - a class SignatureScheme object, retrieved from supported signature schemes, see class Crypto.

publicKey - the signer's PublicKey.

signatureData - the signatureData on a message.

clearData - the clear data/message that was signed (usually the Merkle root).

Returns:

true if verification passes or false if verification fails.

Throws:

SignatureException - if this signatureData object is not initialized properly, the passed-in signatureData is improperly encoded or of the wrong type, if this signatureData scheme is unable to process the input data provided, if the verification is not possible.

IllegalArgumentException - if the requested signature scheme is not supported.

See Also:

doVerify

generateKeyPair

@JvmStatic
 @NotNull
public static java.security.KeyPair generateKeyPair(@NotNull
                                                                         java.lang.String schemeCodeName)

Utility to simplify the act of generating keys. Normally, we don't expect other errors here, assuming that key generation parameters for every supported signature scheme have been unit-tested.

Parameters:

schemeCodeName - a signature scheme's code name (e.g. ECDSA_SECP256K1_SHA256).

Returns:

a KeyPair for the requested signature scheme code name.

Throws:

IllegalArgumentException - if the requested signature scheme is not supported.

generateKeyPair

@JvmOverloads
 @JvmStatic
 @NotNull
public static java.security.KeyPair generateKeyPair(@NotNull
                                                                                        SignatureScheme signatureScheme)

Generate a KeyPair for the selected class SignatureScheme. Note that RSA is the sole algorithm initialized specifically by its supported keySize.

Parameters:

signatureScheme - a supported class SignatureScheme, see class Crypto, default to DEFAULT_SIGNATURE_SCHEME if not provided.

Returns:

a new KeyPair for the requested class SignatureScheme.

Throws:

IllegalArgumentException - if the requested signature scheme is not supported.

See Also:

KeyPair, class SignatureScheme

generateKeyPair

@JvmOverloads
 @JvmStatic
 @NotNull
public static java.security.KeyPair generateKeyPair()

Generate a KeyPair for the selected class SignatureScheme. Note that RSA is the sole algorithm initialized specifically by its supported keySize.

Returns:

a new KeyPair for the requested class SignatureScheme.

Throws:

IllegalArgumentException - if the requested signature scheme is not supported.

See Also:

KeyPair, class SignatureScheme

deriveKeyPair

@JvmStatic
 @NotNull
public static java.security.KeyPair deriveKeyPair(@NotNull
                                                                       SignatureScheme signatureScheme,
                                                                       @NotNull
                                                                       java.security.PrivateKey privateKey,
                                                                       @NotNull
                                                                       kotlin.Array[] seed)

Deterministically generate/derive a KeyPair using an existing private key and a seed as inputs. This operation is currently supported for ECDSA secp256r1 (NIST P-256), ECDSA secp256k1 and EdDSA ed25519.

Similarly to BIP32, the implemented algorithm uses an HMAC function based on SHA512 and it is actually an implementation the HKDF rfc - Step 1: Extract function,

Parameters:

signatureScheme - the class SignatureScheme of the private key input.

privateKey - the PrivateKey that will be used as key to the HMAC-ed DKG function.

seed - an extra seed that will be used as value to the underlying HMAC.

Returns:

a new deterministically generated KeyPair.

Throws:

IllegalArgumentException - if the requested signature scheme is not supported.

UnsupportedOperationException - if deterministic key generation is not supported for this particular scheme.

See Also:

KeyPair

deriveKeyPair

@JvmStatic
 @NotNull
public static java.security.KeyPair deriveKeyPair(@NotNull
                                                                       java.security.PrivateKey privateKey,
                                                                       @NotNull
                                                                       kotlin.Array[] seed)

Deterministically generate/derive a KeyPair using an existing private key and a seed as inputs. Use this method if the class SignatureScheme of the private key input is not known.

Parameters:

privateKey - the PrivateKey that will be used as key to the HMAC-ed DKG function.

seed - an extra seed that will be used as value to the underlying HMAC.

Returns:

a new deterministically generated KeyPair.

Throws:

IllegalArgumentException - if the requested signature scheme is not supported.

UnsupportedOperationException - if deterministic key generation is not supported for this particular scheme.

See Also:

KeyPair, class SignatureScheme

deriveKeyPairFromEntropy

@JvmStatic
 @NotNull
public static java.security.KeyPair deriveKeyPairFromEntropy(@NotNull
                                                                                  SignatureScheme signatureScheme,
                                                                                  @NotNull
                                                                                  java.math.BigInteger entropy)

Returns a key pair derived from the given BigInteger entropy. This is useful for unit tests and other cases where you want hard-coded private keys. Currently, the following schemes are supported: EDDSA_ED25519_SHA512, ECDSA_SECP256R1_SHA256 and ECDSA_SECP256K1_SHA256.

Parameters:

signatureScheme - a supported class SignatureScheme, see class Crypto.

entropy - a BigInteger value.

Returns:

a new KeyPair from an entropy input.

Throws:

IllegalArgumentException - if the requested signature scheme is not supported for KeyPair generation using an entropy input.

See Also:

BigInteger

deriveKeyPairFromEntropy

@JvmStatic
 @NotNull
public static java.security.KeyPair deriveKeyPairFromEntropy(@NotNull
                                                                                  java.math.BigInteger entropy)

Returns a DEFAULT_SIGNATURE_SCHEME key pair derived from the given BigInteger entropy.

Parameters:

entropy - a BigInteger value.

Returns:

a new KeyPair from an entropy input.

See Also:

BigInteger

publicKeyOnCurve

@JvmStatic
public static boolean publicKeyOnCurve(@NotNull
                                                  SignatureScheme signatureScheme,
                                                  @NotNull
                                                  java.security.PublicKey publicKey)

Check if a point's coordinates are on the expected curve to avoid certain types of ECC attacks. Point-at-infinity is not permitted as well.

Parameters:

signatureScheme - a class SignatureScheme object, retrieved from supported signature schemes, see class Crypto.

publicKey - a PublicKey, usually used to validate a signer's public key in on the Curve.

Returns:

true if the point lies on the curve or false if it doesn't.

Throws:

IllegalArgumentException - if the requested signature scheme or the key type is not supported.

isSupportedSignatureScheme

@JvmStatic
public static boolean isSupportedSignatureScheme(@NotNull
                                                            SignatureScheme signatureScheme)

Check if the requested class SignatureScheme is supported by the system.

See Also:

class SignatureScheme

validatePublicKey

@JvmStatic
public static boolean validatePublicKey(@NotNull
                                                   java.security.PublicKey key)

Check if a public key satisfies algorithm specs. For instance, an ECC key should lie on the curve and not being point-at-infinity.

toSupportedPublicKey

@JvmStatic
 @NotNull
public static java.security.PublicKey toSupportedPublicKey(@NotNull
                                                                                org.bouncycastle.asn1.x509.SubjectPublicKeyInfo key)

Convert a public key to a supported implementation.

Parameters:

key - a public key.

Returns:

a supported implementation of the input public key.

Throws:

IllegalArgumentException - on not supported scheme or if the given key specification is inappropriate for a supported key factory to produce a private key.

toSupportedPublicKey

@JvmStatic
 @NotNull
public static java.security.PublicKey toSupportedPublicKey(@NotNull
                                                                                java.security.PublicKey key)

Convert a public key to a supported implementation. This can be used to convert a SUN's EC key to an BC key. This method is usually required to retrieve a key (via its corresponding cert) from JKS keystores that by default return SUN implementations.

Parameters:

key - a public key.

Returns:

a supported implementation of the input public key.

Throws:

IllegalArgumentException - on not supported scheme or if the given key specification is inappropriate for a supported key factory to produce a private key.

toSupportedPrivateKey

@JvmStatic
 @NotNull
public static java.security.PrivateKey toSupportedPrivateKey(@NotNull
                                                                                  java.security.PrivateKey key)

Convert a private key to a supported implementation. This can be used to convert a SUN's EC key to an BC key. This method is usually required to retrieve keys from JKS keystores that by default return SUN implementations.

Parameters:

key - a private key.

Returns:

a supported implementation of the input private key.

Throws:

IllegalArgumentException - on not supported scheme or if the given key specification is inappropriate for a supported key factory to produce a private key.

registerProviders

@JvmStatic
public static void registerProviders()

Method to force registering all class Crypto-related cryptography Providers. It is recommended that it is invoked first thing on main functions, so the Providers are in place before any cryptographic operation is requested outside class Crypto (i.e., SecureRandom, KeyStore, cert-path validation, CRL & CSR checks etc.).

See Also:

class Crypto, Provider, Provider, class Crypto