Date: Mon, 17 Aug 1998 10:19:02 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: Differences between theory and practice
To: java-security@java.Sun.COM, rsodre@mymail.com.br
Rodrigo:
> Well, in practice, there are two RSA private key classes (i'm not
> considering crt nor public key classes since they're analogous):
> .RSAPrivateKeySpec witch implement getModulus() and
> getPrivateExponent() methods
> .RSAPrivateKey witch implement the methods above plus those opaque
> methods: getAlgorithm(), getEncoded() and getFormat().
>
> So, my doubts:
> Why the same class/interface has opaque and transparent methods?
> Shouldn'd RSAPrivateKey have only opaque methods and use a RSAKeyFactory
> to the translation? If not, Why should anyone use RSAPrivateKeySpec
> since we have all the methods in RSAPrivateKey class?
RSAPrivateKey is a specialized key interface, which returns
algorithm specific details about the underlying key object
in addition to the "opaque" information (e.g., algorithm, encoding,
and format) available from any Key object.
RSAPrivateKeySpec allows you to instantiate an RSA key specification
from RSA private-key material in a provider-independent fashion.
You then pass this specification to a (provider-based) RSA
key factory and have it return a provider-based PrivateKey object
for RSA,
which you could then use to initialize a Signature object for
signing, etc.
Provider implementations of RSA PrivateKey objects are encouraged
to also implement the RSAPrivateKey interface (if possible), so that
different provider implementations of RSA PrivateKey objects can
interoperate more easily (without having to go through a KeyFactory).
For example, provider A may implement the "engineInitSign" method
(which takes a PrivateKey object) of java.security.SignatureSpi for
RSA signatures as follows:
1. Check if the PrivateKey object passed is an instance of
A's implementation of RSA PrivateKey objects. If yes, use
it directly. If no, goto 2.
2. Check if the PrivateKey object passed implements the
RSAPrivateKey interface. If yes, call its "get*" methods
to retrieve the underlying material. If no, goto 3.
3. Try to convert the PrivateKey object passed into an instance
of A's implementation of RSA PrivateKey objects. For example,
call the key's getEncoded() method, instantiate A's key factory
for RSA, and pass the encoding to the factory's generatePrivate()
method.
Jan