Re: RSA and DSA key get methods returning BigInteger

Benjamin Renaud (Benjamin.Renaud@Eng)
Wed, 7 May 1997 11:09:49 -0700

Date: Wed, 7 May 1997 11:09:49 -0700
From: Benjamin.Renaud@Eng (Benjamin Renaud)
Message-Id: <199705071809.LAA08164@springbank.eng.sun.com>
To: java-security@web2.javasoft.com, burnettS@RSA.COM
Subject: Re: RSA and DSA key get methods returning BigInteger

Since the BigInteger class is the canonical representation of
arbitrary-size integers in Java, there should be a good reason not use
it. If the class was slow, for example, there might be a case for using
a less object-oriented API. In general using byte arrays is bad OO
design (one of the less fortunate aspect of the API is the value
returned by the Signature sign() method, for example).

If the provider doesn't use the BigInteger class internally, there is a
constructor which takes a byte array and a sign bit and makes a
BigInteger from those (as I am sure you know).

Cheers,
-- Benjamin Renaud
JavaSoft VM/Language Group

|From burnettS@RSA.COM Wed May 7 09:34:06 1997
|From: Steve Burnett <burnettS@RSA.COM>
|To: "'JavaSoft crypto questions'" <java-security@web2.javasoft.com>
|Subject: RSA and DSA key get methods returning BigInteger
|Date: Wed, 7 May 1997 09:37:03 -0700
|Mime-Version: 1.0
|Content-Transfer-Encoding: 7bit
|
| When extracting elements of keys (modulus and exponent of an RSA key
|or p, q, g, x or y of a DSA key) the Security methods return a
|BigInteger. But suppose the underlying provider does not use the
|BigInteger class to perform the multi-precision arithmatic.
|
| Maybe it would be better for these methods to return canonical
|integers in byte arrays. These numbers will never be negative, so there
|is no need to worry about the sign.
|
| --Steve Burnett
| burnetts@rsa.com
|