public class Crypto
This object controls and provides the available and supported signature schemes for Corda.
Any implemented class SignatureScheme
should be strictly defined here.
However, only the schemes returned by {@link #listSupportedSignatureSchemes()} are supported.
Note that Corda currently supports the following signature schemes by their code names:
class SignatureScheme
Modifier and Type | Field and Description |
---|---|
static Crypto |
INSTANCE
This object controls and provides the available and supported signature schemes for Corda.
Any implemented
class SignatureScheme should be strictly defined here.
However, only the schemes returned by {@link #listSupportedSignatureSchemes()} are supported.
Note that Corda currently supports the following signature schemes by their code names: |
Modifier and Type | Method and Description |
---|---|
java.security.PrivateKey |
decodePrivateKey(byte[] encodedKey)
Decode a PKCS8 encoded key to its PrivateKey object.
|
java.security.PrivateKey |
decodePrivateKey(byte[] encodedKey,
java.lang.String schemeCodeName)
Decode a PKCS8 encoded key to its PrivateKey object based on the input scheme code name.
This will be used by Kryo deserialisation.
|
java.security.PublicKey |
decodePublicKey(byte[] encodedKey)
Decode an X509 encoded key to its PublicKey object.
|
java.security.PublicKey |
decodePublicKey(byte[] encodedKey,
java.lang.String schemeCodeName)
Decode an X509 encoded key to its PrivateKey object based on the input scheme code name.
This will be used by Kryo deserialisation.
|
byte[] |
doSign(java.security.PrivateKey privateKey,
byte[] clearData)
Generic way to sign ByteArray data with a PrivateKey. Strategy on on identifying the actual signing scheme is based
on the PrivateKey type, but if the schemeCodeName is known, then better use doSign(signatureScheme: String, privateKey: PrivateKey, clearData: ByteArray).
|
byte[] |
doSign(java.lang.String schemeCodeName,
java.security.PrivateKey privateKey,
byte[] clearData)
Generic way to sign ByteArray data with a PrivateKey and a known schemeCodeName String.
|
TransactionSignature |
doSign(java.security.PrivateKey privateKey,
MetaData metaData)
Generic way to sign
class MetaData objects with a PrivateKey.
class MetaData is a wrapper over the transaction's Merkle root in order to attach extra information, such as a timestamp or partial and blind signature indicators. |
boolean |
doVerify(java.lang.String schemeCodeName,
java.security.PublicKey publicKey,
byte[] signatureData,
byte[] clearData)
Utility to simplify the act of verifying a digital signature.
It returns true if it succeeds, but it always throws an exception if verification fails.
|
boolean |
doVerify(java.security.PublicKey publicKey,
byte[] signatureData,
byte[] clearData)
Utility to simplify the act of verifying a digital signature by identifying the signature scheme used from the input public key's type.
It returns true if it succeeds, but it always throws an exception if verification fails.
Strategy on identifying the actual signing scheme is based on the PublicKey type, but if the schemeCodeName is known,
then better use doVerify(schemeCodeName: String, publicKey: PublicKey, signatureData: ByteArray, clearData: ByteArray).
|
boolean |
doVerify(java.security.PublicKey publicKey,
TransactionSignature transactionSignature)
Utility to simplify the act of verifying a
class TransactionSignature .
It returns true if it succeeds, but it always throws an exception if verification fails. |
java.lang.String |
findSignatureSchemeCodeName(java.security.Key key)
Retrieve the corresponding signature scheme code name based on the type of the input Key.
See
class Crypto for the supported scheme code names. |
java.security.KeyPair |
generateKeyPair(java.lang.String schemeCodeName)
Utility to simplify the act of generating keys.
Normally, we don't expect other errors here, assuming that key generation parameters for every supported signature scheme have been unit-tested.
|
java.security.KeyPair |
generateKeyPair()
Generate a KeyPair using the default signature scheme.
|
java.lang.String |
getDefaultSignatureSchemeCodeName() |
boolean |
isSupportedSignatureScheme(java.lang.String schemeCodeName)
Check if the requested signature scheme is supported by the system.
|
java.util.List<java.lang.String> |
listSupportedSignatureSchemes() |
public static Crypto INSTANCE
This object controls and provides the available and supported signature schemes for Corda.
Any implemented class SignatureScheme
should be strictly defined here.
However, only the schemes returned by {@link #listSupportedSignatureSchemes()} are supported.
Note that Corda currently supports the following signature schemes by their code names:
class SignatureScheme
public java.lang.String findSignatureSchemeCodeName(java.security.Key key)
Retrieve the corresponding signature scheme code name based on the type of the input Key.
See class Crypto
for the supported scheme code names.
key
- either private or public.class Crypto
public java.security.PrivateKey decodePrivateKey(byte[] encodedKey)
Decode a PKCS8 encoded key to its PrivateKey object.
encodedKey
- a PKCS8 encoded private key.public java.security.PrivateKey decodePrivateKey(byte[] encodedKey, java.lang.String schemeCodeName)
Decode a PKCS8 encoded key to its PrivateKey object based on the input scheme code name. This will be used by Kryo deserialisation.
encodedKey
- a PKCS8 encoded private key.schemeCodeName
- a String that should match a key in supportedSignatureSchemes map (e.g. ECDSA_SECP256K1_SHA256).public java.security.PublicKey decodePublicKey(byte[] encodedKey)
Decode an X509 encoded key to its PublicKey object.
encodedKey
- an X509 encoded public key.public java.security.PublicKey decodePublicKey(byte[] encodedKey, java.lang.String schemeCodeName)
Decode an X509 encoded key to its PrivateKey object based on the input scheme code name. This will be used by Kryo deserialisation.
encodedKey
- an X509 encoded public key.schemeCodeName
- a String that should match a key in supportedSignatureSchemes map (e.g. ECDSA_SECP256K1_SHA256).public java.security.KeyPair generateKeyPair(java.lang.String schemeCodeName)
Utility to simplify the act of generating keys. Normally, we don't expect other errors here, assuming that key generation parameters for every supported signature scheme have been unit-tested.
schemeCodeName
- a signature scheme's code name (e.g. ECDSA_SECP256K1_SHA256).public java.security.KeyPair generateKeyPair()
Generate a KeyPair using the default signature scheme.
public byte[] doSign(java.security.PrivateKey privateKey, byte[] clearData)
Generic way to sign ByteArray data with a PrivateKey. Strategy on on identifying the actual signing scheme is based on the PrivateKey type, but if the schemeCodeName is known, then better use doSign(signatureScheme: String, privateKey: PrivateKey, clearData: ByteArray).
privateKey
- the signer's PrivateKey.clearData
- the data/message to be signed in ByteArray form (usually the Merkle root).public byte[] doSign(java.lang.String schemeCodeName, java.security.PrivateKey privateKey, byte[] clearData)
Generic way to sign ByteArray data with a PrivateKey and a known schemeCodeName String.
schemeCodeName
- a signature scheme's code name (e.g. ECDSA_SECP256K1_SHA256).privateKey
- the signer's PrivateKey.clearData
- the data/message to be signed in ByteArray form (usually the Merkle root).public TransactionSignature doSign(java.security.PrivateKey privateKey, MetaData metaData)
Generic way to sign class MetaData
objects with a PrivateKey.
class MetaData
is a wrapper over the transaction's Merkle root in order to attach extra information, such as a timestamp or partial and blind signature indicators.
privateKey
- the signer's PrivateKey.metaData
- a class MetaData
object that adds extra information to a transaction.class TransactionSignature
object than contains the output of a successful signing and the metaData.class MetaData
,
PrivateKey,
class MetaData
public boolean doVerify(java.lang.String schemeCodeName, java.security.PublicKey publicKey, byte[] signatureData, byte[] clearData)
Utility to simplify the act of verifying a digital signature. It returns true if it succeeds, but it always throws an exception if verification fails.
publicKey
- the signer's PublicKey.signatureData
- the signatureData on a message.clearData
- the clear data/message that was signed (usually the Merkle root).public boolean doVerify(java.security.PublicKey publicKey, byte[] signatureData, byte[] clearData)
Utility to simplify the act of verifying a digital signature by identifying the signature scheme used from the input public key's type. It returns true if it succeeds, but it always throws an exception if verification fails. Strategy on identifying the actual signing scheme is based on the PublicKey type, but if the schemeCodeName is known, then better use doVerify(schemeCodeName: String, publicKey: PublicKey, signatureData: ByteArray, clearData: ByteArray).
publicKey
- the signer's PublicKey.signatureData
- the signatureData on a message.clearData
- the clear data/message that was signed (usually the Merkle root).public boolean doVerify(java.security.PublicKey publicKey, TransactionSignature transactionSignature)
Utility to simplify the act of verifying a class TransactionSignature
.
It returns true if it succeeds, but it always throws an exception if verification fails.
publicKey
- the signer's PublicKey.transactionSignature
- the signatureData on a message.class TransactionSignature
public boolean isSupportedSignatureScheme(java.lang.String schemeCodeName)
Check if the requested signature scheme is supported by the system.
schemeCodeName
- a signature scheme's code name (e.g. ECDSA_SECP256K1_SHA256).public java.lang.String getDefaultSignatureSchemeCodeName()
public java.util.List<java.lang.String> listSupportedSignatureSchemes()
class SignatureScheme
for all of our supported signature schemes, see class Crypto
.