GordianKnot
Parent Project
Modules
Project Documentation
Signatures are supported via the GordianSignatureFactory interface.
Algorithms are represented by GordianSignatureSpec. A GordianSignature is obtained via the signatureSpec, and then signatures are generated or verified by the signer.
The LMS and XMSS signature schemes are stateful signature schemes and as such their keyPairs support the GordianStateAwareKeyPair interface which allows sharding of the privateKey
/* Access factory */
final GordianFactory myBaseFactory = GordianGenerator.createFactory();
final GordianKeyPairFactory myKeyPairFactory = myBase.getKeyPairFactory();
final GordianSignatureFactory mySignatureFactory = myKeyPairFactory.getSignatureFactory();
/* Access keyPairGenerator */
final GordianKeyPairSpec mySpec = GordianKeyPairSpec.rsa(GordianRSAModulus.MOD2048);
final GordianKeyPairGenerator myGenerator = myKeyPairFactory.getKeyPairGenerator(mySpec);
final GordianKeyPair myKeyPair = myGenerator.generateKeyPair();
GordianKeyPair mySigningPair = myKeyPair;
/* If the pair is StateAware */
if (myKeyPair instanceof GordianStateAwareKeyPair) {
/* Extract a shard that can sign a single entity */
final GordianKeyPair mySigningPair = ((GordianStateAwareKeyPair) myKeyPair).getKeyPairShard(1);
/* Store updated keyPair back to store BEFORE signing to ensure this shard is not reused */
}
/* Access signer */
final GordianSignatureSpec mySignSpec = GordianSignatureSpec.rsa(GordianSignatureType.PSSMGF1,
GordianDigestSpec.sha2(GordianLength.LEN_256));
final GordianSignature mySigner = mySignatureFactory.createSigner(mySignSpec);
/* Sign message */
final byte[] message = ....;
mySigner.initForSigning(mySigningPair);
mySigner.update(message);
final byte[] mySignature = mySigner.sign();
/* Verify signature */
mySigner.initForVerify(myKeyPair);
mySigner.update(message);
final boolean verified = mySigner.verify(mySignature);
Composite signatures may be created by a composite keyPair, as long as each element of the composite keyPair is assigned a valid signatureSpec. The resulting signatures are encoded as an ASN1Sequence.
/* Access factory */
final GordianFactory myBaseFactory = GordianGenerator.createFactory();
final GordianKeyPairFactory myKeyPairFactory = myBase.getKeyPairFactory();
final GordianSignatureFactory mySignatureFactory = myKeyPairFactory.getSignatureFactory();
/* Access keyPairGenerator */
final GordianKeyPairSpec mySpec = GordianKeyPairSpec.composite(GordianKeyPairSpec.rsa(GordianRSAModulus.MOD2048),
GordianKeyPairSpec.ed25519());
final GordianKeyPairGenerator myGenerator = myKeyPairFactory.getKeyPairGenerator(mySpec);
final GordianKeyPair myKeyPair = myGenerator.generateKeyPair();
GordianKeyPair mySigningPair = myKeyPair;
/* Access signer */
final GordianSignatureSpec mySignSpec = GordianSignatureSpec.composite(GordianSignatureSpec.rsa(GordianSignatureType.PSSMGF1,
GordianDigestSpec.sha2(GordianLength.LEN_256)),
GordianSignatureSpec.edDSA());
final GordianSignature mySigner = mySignatureFactory.createSigner(mySignSpec);
/* Sign message */
final byte[] message = ....;
mySigner.initForSigning(mySigningPair);
mySigner.update(message);
final byte[] mySignature = mySigner.sign();
/* Verify signature */
mySigner.initForVerify(myKeyPair);
mySigner.update(message);
final boolean verified = mySigner.verify(mySignature);
The following signature algorithms are supported.
| Algorithm | Variants |
|---|---|
| RSA | PSSMGF1, PSS128, PSS256, X931, ISO9796D2, PreHash |
| DSA | DSA, DetDSA |
| EC | ECDSA, ECDetDSA, ECNR |
| DSTU4145 | Native |
| GOST2012 | Native |
| SM2 | Native |
| EdDSA | Native |
| SPHINCSPLUS | Native |
| DILITHIUM | Native |
| FALCON | Native |
| PICNIC | Native |
| XMSS | Native, PreHash |
| LMS | Native |