public class CryptoUtils
@NotNull public static DigitalSignature sign(@NotNull java.security.PrivateKey $this$sign, @NotNull kotlin.Array[] bytesToSign)
Utility to simplify the act of signing a byte array.
bytesToSign
- the data/message to be signed in ByteArray form (usually the Merkle root).class DigitalSignature
object on the input message.IllegalArgumentException
- if the signature scheme is not supported for this private key.InvalidKeyException
- if the private key is invalid.SignatureException
- if signing is not possible due to malformed data or private key.@NotNull public static net.corda.core.crypto.DigitalSignature.WithKey sign(@NotNull java.security.PrivateKey $this$sign, @NotNull kotlin.Array[] bytesToSign, @NotNull java.security.PublicKey publicKey)
Utility to simplify the act of signing a byte array and return a class DigitalSignature.WithKey
object.
Note that there is no check if the public key matches with the signing private key.
bytesToSign
- the data/message to be signed in ByteArray form (usually the Merkle root).class DigitalSignature.WithKey
object on the input message bytesToSign
and publicKey
.IllegalArgumentException
- if the signature scheme is not supported for this private key.InvalidKeyException
- if the private key is invalid.SignatureException
- if signing is not possible due to malformed data or private key.class DigitalSignature.WithKey
@NotNull public static net.corda.core.crypto.DigitalSignature.WithKey sign(@NotNull java.security.KeyPair $this$sign, @NotNull kotlin.Array[] bytesToSign)
Helper function to sign with a key pair.
bytesToSign
- the data/message to be signed in ByteArray form (usually the Merkle root).IllegalArgumentException
- if the signature scheme is not supported for this private key.InvalidKeyException
- if the private key is invalid.SignatureException
- if signing is not possible due to malformed data or private key.@NotNull public static net.corda.core.crypto.DigitalSignature.WithKey sign(@NotNull java.security.KeyPair $this$sign, @NotNull OpaqueBytes bytesToSign)
Helper function to sign the bytes of bytesToSign
with a key pair.
bytesToSign
@NotNull public static TransactionSignature sign(@NotNull java.security.KeyPair $this$sign, @NotNull SignableData signableData)
Helper function for signing a class SignableData
object.
signableData
- the object to be signed.class TransactionSignature
object.IllegalArgumentException
- if the signature scheme is not supported for this private key.InvalidKeyException
- if the private key is invalid.SignatureException
- if signing is not possible due to malformed data or private key.class SignableData
public static boolean verify(@NotNull java.security.PublicKey $this$verify, @NotNull kotlin.Array[] content, @NotNull DigitalSignature signature)
Utility to simplify the act of verifying a signature.
InvalidKeyException
- if the key to verify the signature with is not valid (i.e. wrong key type for the
signature).SignatureException
- if the signature is invalid (i.e. damaged), or does not match the key (incorrect).IllegalArgumentException
- if the signature scheme is not supported or if any of the clear or signature data is empty.public static boolean isValid(@NotNull java.security.PublicKey $this$isValid, @NotNull kotlin.Array[] content, @NotNull DigitalSignature signature)
Utility to simplify the act of verifying a signature. In comparison to verify
if the key and signature
do not match it returns false rather than throwing an exception. Normally you should use the function which throws,
as it avoids the risk of failing to test the result, but this is for uses such as java.security.Signature.verify
implementations.
InvalidKeyException
- if the key to verify the signature with is not valid (i.e. wrong key type for the
signature).SignatureException
- if the signature is invalid (i.e. damaged).IllegalArgumentException
- if the signature scheme is not supported or if any of the clear or signature data is empty.IllegalStateException
- if this is a class CompositeKey
, because verification of composite key signatures is not supported.verify
,
java.security.Signature.verify@NotNull public static java.lang.String toStringShort(@NotNull java.security.PublicKey $this$toStringShort)
Render a public key to its hash (in Base58) of its serialised form using the DL prefix.
@NotNull public static java.util.Set<java.security.PublicKey> getKeys(@NotNull java.security.PublicKey $this$keys)
Return a Set of the contained leaf keys if this is a class CompositeKey
.
Otherwise, return a Set with a single element (this PublicKey).
Note that leaf keys cannot be of type class CompositeKey
.
class CompositeKey
,
Set,
PublicKey,
class CompositeKey
public static boolean isFulfilledBy(@NotNull java.security.PublicKey $this$isFulfilledBy, @NotNull java.security.PublicKey otherKey)
public static boolean isFulfilledBy(@NotNull java.security.PublicKey $this$isFulfilledBy, @NotNull java.lang.Iterable<? extends java.security.PublicKey> otherKeys)
public static boolean containsAny(@NotNull java.security.PublicKey $this$containsAny, @NotNull java.lang.Iterable<? extends java.security.PublicKey> otherKeys)
Checks whether any of the given keys
matches a leaf on the class CompositeKey
tree or a single PublicKey.
Note that this function checks against leaves, which cannot be of type class CompositeKey
. Due to that, if any of the
otherKeys
is a class CompositeKey
, this function will not find a match.
keys
,
class CompositeKey
,
PublicKey,
class CompositeKey
,
otherKeys
,
class CompositeKey
@NotNull public static java.util.Set<java.security.PublicKey> byKeys(@NotNull java.lang.Iterable<net.corda.core.crypto.TransactionSignature> $this$byKeys)
Returns the set of all PublicKeys of the signatures.
@NotNull public static java.security.PrivateKey component1(@NotNull java.security.KeyPair $this$component1)
@NotNull public static java.security.PublicKey component2(@NotNull java.security.KeyPair $this$component2)
@NotNull public static java.security.KeyPair generateKeyPair()
A simple wrapper that will make it easier to swap out the signature algorithm we use in future.
@NotNull public static java.security.KeyPair entropyToKeyPair(@NotNull java.math.BigInteger entropy)
Returns a key pair derived from the given private key entropy. This is useful for unit tests and other cases where you want hard-coded private keys.
entropy
- a BigInteger value.public static boolean verify(@NotNull java.security.PublicKey $this$verify, @NotNull kotlin.Array[] signatureData, @NotNull kotlin.Array[] clearData)
Helper function to verify a signature.
signatureData
- the signature on a message.clearData
- the clear data/message that was signed (usually the Merkle root).InvalidKeyException
- if the key is invalid.SignatureException
- if this signatureData object is not initialized properly,
the passed-in signatureData is improperly encoded or of the wrong type,
if this signatureData algorithm is unable to process the input data provided, etc.IllegalArgumentException
- if the signature scheme is not supported for this private key or if any of the clear or signature data is empty.public static boolean verify(@NotNull java.security.KeyPair $this$verify, @NotNull kotlin.Array[] signatureData, @NotNull kotlin.Array[] clearData)
Helper function for the signers to verify their own signature.
signatureData
- the signature on a message.clearData
- the clear data/message that was signed (usually the Merkle root).InvalidKeyException
- if the key is invalid.SignatureException
- if this signatureData object is not initialized properly,
the passed-in signatureData is improperly encoded or of the wrong type,
if this signatureData algorithm is unable to process the input data provided, etc.IllegalArgumentException
- if the signature scheme is not supported for this private key or if any of the clear or signature data is empty.@NotNull public static kotlin.Array[] secureRandomBytes(int numOfBytes)
Generate a securely random ByteArray of requested number of bytes. Usually used for seeds, nonces and keys.
numOfBytes
- how many random bytes to output.NoSuchAlgorithmException
- thrown if "NativePRNGNonBlocking" is not supported on the JVM
or if no strong SecureRandom implementations are available or if Security.getProperty("securerandom.strongAlgorithms") is null or empty,
which should never happen and suggests an unusual JVM or non-standard Java library.@NotNull public static java.security.SecureRandom newSecureRandom()
Get an instance of SecureRandom to avoid blocking, due to waiting for additional entropy, when possible. In this version, the NativePRNGNonBlocking is exclusively used on Linux OS to utilize dev/urandom because in high traffic /dev/random may wait for a certain amount of "noise" to be generated on the host machine before returning a result.
On Solaris, Linux, and OS X, if the entropy gathering device in java.security is set to file:/dev/urandom or file:/dev/random, then NativePRNG is preferred to SHA1PRNG. Otherwise, SHA1PRNG is preferred.
NoSuchAlgorithmException
- thrown if "NativePRNGNonBlocking" is not supported on the JVM
or if no strong SecureRandom implementations are available or if Security.getProperty("securerandom.strongAlgorithms") is null or empty,
which should never happen and suggests an unusual JVM or non-standard Java library.public static long random63BitValue()
Returns a random positive non-zero long generated using a secure RNG. This function sacrifies a bit of entropy in order to avoid potential bugs where the value is used in a context where negative numbers or zero are not expected.
@Deprecated @NotNull public static SecureHash componentHash(@NotNull OpaqueBytes opaqueBytes, @NotNull PrivacySalt privacySalt, int componentGroupIndex, int internalIndex)
Compute the hash of each serialised component so as to be used as Merkle tree leaf. The resultant output (leaf) is
calculated using the SHA256d algorithm, thus SHA256(SHA256(nonce || serializedComponent)), where nonce is computed
from computeNonce
.
computeNonce
@Deprecated @NotNull public static SecureHash componentHash(@NotNull SecureHash nonce, @NotNull OpaqueBytes opaqueBytes)
Return the SHA256(SHA256(nonce || serializedComponent)).
@Deprecated @NotNull public static <T> SecureHash serializedHash(@NotNull T x)
Serialise the object and return the hash of the serialized bytes. Note that the resulting hash may not be deterministic across platform versions: serialization can produce different values if any of the types being serialized have changed, or if the version of serialization specified by the context changes.
@Deprecated @NotNull public static net.corda.core.crypto.SecureHash.SHA256 computeNonce(@NotNull PrivacySalt privacySalt, int groupIndex, int internalIndex)
Method to compute a nonce based on privacySalt, component group index and component internal index. SHA256d (double SHA256) is used to prevent length extension attacks.
privacySalt
- a class PrivacySalt
.groupIndex
- the fixed index (ordinal) of this component group.internalIndex
- the internal index of this object in its corresponding components list.