Re: latest on initialisation vectors...

Jan Luehe (luehe@laguna.eng.sun.com)
Thu, 13 Aug 1998 18:18:31 -0700 (PDT)

Date: Thu, 13 Aug 1998 18:18:31 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: latest on initialisation vectors...
To: java-security@java.Sun.COM, dgh@aba.net.au

David:

What you suggest seems like a nice idea.

> I've defined a class InlineIvParameterSpec, as follows:
>
> /**
> * specfies that the IV is in the encrypted stream, and how we calculate it.
> */
> public class InlineIvParameterSpec implements AlgorthmParameterSpec
> {
> private boolean encrypted;
>
> public InlineIvParameterSpec()
> {
> encrypted = false;
> }
>
> public InlineIvParameterSpec(
> boolean encrypted)
> {
> this.encrypted = encrypted;
> }
>
> public boolean isEncryptedIv()
> {
> return encrypted;
> }
> }
>
> The presence of the class in the algorithm parameters for the cipher tells the
cipher
> to swallow the first block and use it as an IV, possibly decrypting it first.
If the cipher
> is encrypting the IV gets written out before anything else, possibly being
encrypted.
> I use the new getParameters call when I have to propogate the information.

Let me walk through one example, to make sure I understood.

Assume I use SealedObject, with a Cipher that was initialized with
InlineIvParameterSpec.

The implementation of SealedObject calls

byte[] encoded = c.getParameters().getEncoded();
String alg = c.getParameters().getAlgorithm();

to store the parameters used (along with the encrypted object
contents). "alg" would be set to "DES" in your example.
What would be the contents of "encoded"? Probably some proprietary
format containing a boolean.

In the unseal operation, SealedObject uses "alg"
to determine which kind of AlgorithmParameters to instantiate
(in this case: "DES"),
and initializes it with "encoded". Your provider implementation
of AlgorithmParameters for "DES" would have to understand
this particular type of encoding, and know how to parse it.

When the underlying Cipher object (instantiated from your
provider) needs to retrieve the
parameter values from AlgorithmParameters, it first tries

getParameterSpec(javax.crypto.spec.IvParameterSpec.class)

which would raise an "InvalidParameterSpecException" exception.

Then it would try

getParameterSpec(InlineIvParameterSpec.class)

which would succeed. Now the Cipher object from your provider
would know that the IV was inlined, and whether or not it
was encrypted.

Did I get it right?

Thanks,

Jan