Package com.google.crypto.tink.signature

Class SignatureKeyTemplates

  • public final class SignatureKeyTemplates
extends java.lang.Object
    Pre-generated KeyTemplate for PublicKeySign and PublicKeyVerify.

    We recommend to avoid this class in order to keep dependencies small.

    • Using this class adds a dependency on protobuf. We hope that eventually it is possible to use Tink without a dependency on protobuf.
    • Using this class adds a dependency on classes for all involved key types.
    These dependencies all come from static class member variables, which are initialized when the class is loaded. This implies that static analysis and code minimization tools (such as proguard) cannot remove the usages either.

    Instead, we recommend to use KeysetHandle.generateEntryFromParametersName or KeysetHandle.generateEntryFromParameters.

    One can use these templates to generate new Keyset with KeysetHandle. To generate a new keyset that contains a single EcdsaPrivateKey, one can do: 

    
 SignatureConfig.register();
 KeysetHandle handle = KeysetHandle.generateNew(SignatureKeyTemplates.ECDSA_P256);
 PublicKeySign signer = handle.getPrimitive(RegistryConfiguration.get(), PublicKeySign.class);
 PublicKeyVerify verifier =
     handle.getPublicKeyset().getPrimitive(RegistryConfiguration.get(), PublicKeyVerify.class);
    Since:
    1.0.0

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static com.google.crypto.tink.proto.KeyTemplate ECDSA_P256
      A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters: Hash function: SHA256 Curve: NIST P-256 Signature encoding: DER (this is the encoding that Java uses).
      static com.google.crypto.tink.proto.KeyTemplate ECDSA_P256_IEEE_P1363
      A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters: Hash function: SHA256 Curve: NIST P-256 Signature encoding: IEEE_P1363 (this is the encoding that JWS and WebCrypto use).
      static com.google.crypto.tink.proto.KeyTemplate ECDSA_P256_IEEE_P1363_WITHOUT_PREFIX
      A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters: Hash function: SHA256 Curve: NIST P-256 Signature encoding: DER (this is the encoding that Java uses).
      static com.google.crypto.tink.proto.KeyTemplate ECDSA_P384
      A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters: Hash function: SHA512 Curve: NIST P-384 Signature encoding: DER (this is the encoding that Java uses).
      static com.google.crypto.tink.proto.KeyTemplate ECDSA_P384_IEEE_P1363
      A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters: Hash function: SHA512 Curve: NIST P-384 Signature encoding: IEEE_P1363 (this is the encoding that JWS and WebCrypto use).
      static com.google.crypto.tink.proto.KeyTemplate ECDSA_P521
      A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters: Hash function: SHA512 Curve: NIST P-521 Signature encoding: DER (this is the encoding that Java uses).
      static com.google.crypto.tink.proto.KeyTemplate ECDSA_P521_IEEE_P1363
      A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters: Hash function: SHA512 Curve: NIST P-521 Signature encoding: IEEE_P1363 (this is the encoding that JWS and WebCrypto use).
      static com.google.crypto.tink.proto.KeyTemplate ED25519
      A KeyTemplate that generates new instances of Ed25519PrivateKey.
      static com.google.crypto.tink.proto.KeyTemplate ED25519WithRawOutput
      A KeyTemplate that generates new instances of com.google.crypto.tink.proto.ED25519PrivateKey.
      static com.google.crypto.tink.proto.KeyTemplate RSA_SSA_PKCS1_3072_SHA256_F4
      A KeyTemplate that generates new instances of RsaSsaPkcs1PrivateKey with the following parameters: Hash function: SHA256.
      static com.google.crypto.tink.proto.KeyTemplate RSA_SSA_PKCS1_3072_SHA256_F4_WITHOUT_PREFIX
      A KeyTemplate that generates new instances of RsaSsaPkcs1PrivateKey with the following parameters: Hash function: SHA256.
      static com.google.crypto.tink.proto.KeyTemplate RSA_SSA_PKCS1_4096_SHA512_F4
      A KeyTemplate that generates new instances of RsaSsaPkcs1PrivateKey with the following parameters: Hash function: SHA512.
      static com.google.crypto.tink.proto.KeyTemplate RSA_SSA_PSS_3072_SHA256_SHA256_32_F4
      A KeyTemplate that generates new instances of RsaSsaPssPrivateKey with the following parameters: Signature hash: SHA256.
      static com.google.crypto.tink.proto.KeyTemplate RSA_SSA_PSS_4096_SHA512_SHA512_64_F4
      A KeyTemplate that generates new instances of RsaSsaPssPrivateKey with the following parameters: Signature hash: SHA512.

    • Method Summary

      All Methods Static Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      static com.google.crypto.tink.proto.KeyTemplate createEcdsaKeyTemplate​(com.google.crypto.tink.proto.HashType hashType, com.google.crypto.tink.proto.EllipticCurveType curve, com.google.crypto.tink.proto.EcdsaSignatureEncoding encoding, com.google.crypto.tink.proto.OutputPrefixType prefixType)
      Deprecated.
      Use a corresponding EcdsaParameters object instead.
      static com.google.crypto.tink.proto.KeyTemplate createRsaSsaPkcs1KeyTemplate​(com.google.crypto.tink.proto.HashType hashType, int modulusSize, java.math.BigInteger publicExponent, com.google.crypto.tink.proto.OutputPrefixType prefixType)
      Deprecated.
      Use a corresponding RsaSsaPkcs1Parameters object instead
      static com.google.crypto.tink.proto.KeyTemplate createRsaSsaPssKeyTemplate​(com.google.crypto.tink.proto.HashType sigHash, com.google.crypto.tink.proto.HashType mgf1Hash, int saltLength, int modulusSize, java.math.BigInteger publicExponent)
      Deprecated.
      Use a corresponding RsaSsaPssParameters object instead.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • ECDSA_P256

        public static final com.google.crypto.tink.proto.KeyTemplate ECDSA_P256
        A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters:
        • Hash function: SHA256
        • Curve: NIST P-256
        • Signature encoding: DER (this is the encoding that Java uses).
        • Prefix type: OutputPrefixType.TINK

      • ECDSA_P384

        public static final com.google.crypto.tink.proto.KeyTemplate ECDSA_P384
        A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters:
        • Hash function: SHA512
        • Curve: NIST P-384
        • Signature encoding: DER (this is the encoding that Java uses).
        • Prefix type: OutputPrefixType.TINK

      • ECDSA_P521

        public static final com.google.crypto.tink.proto.KeyTemplate ECDSA_P521
        A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters:
        • Hash function: SHA512
        • Curve: NIST P-521
        • Signature encoding: DER (this is the encoding that Java uses).
        • Prefix type: OutputPrefixType.TINK

      • ECDSA_P256_IEEE_P1363

        public static final com.google.crypto.tink.proto.KeyTemplate ECDSA_P256_IEEE_P1363
        A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters:
        • Hash function: SHA256
        • Curve: NIST P-256
        • Signature encoding: IEEE_P1363 (this is the encoding that JWS and WebCrypto use).
        • Prefix type: OutputPrefixType.TINK

      • ECDSA_P384_IEEE_P1363

        public static final com.google.crypto.tink.proto.KeyTemplate ECDSA_P384_IEEE_P1363
        A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters:
        • Hash function: SHA512
        • Curve: NIST P-384
        • Signature encoding: IEEE_P1363 (this is the encoding that JWS and WebCrypto use).
        • Prefix type: OutputPrefixType.TINK

      • ECDSA_P256_IEEE_P1363_WITHOUT_PREFIX

        public static final com.google.crypto.tink.proto.KeyTemplate ECDSA_P256_IEEE_P1363_WITHOUT_PREFIX
        A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters:
        • Hash function: SHA256
        • Curve: NIST P-256
        • Signature encoding: DER (this is the encoding that Java uses).
        • Prefix type: None
        The digital signature generated by this key would be 64 bytes exactly.

      • ECDSA_P521_IEEE_P1363

        public static final com.google.crypto.tink.proto.KeyTemplate ECDSA_P521_IEEE_P1363
        A KeyTemplate that generates new instances of EcdsaPrivateKey with the following parameters:
        • Hash function: SHA512
        • Curve: NIST P-521
        • Signature encoding: IEEE_P1363 (this is the encoding that JWS and WebCrypto use).
        • Prefix type: OutputPrefixType.TINK

      • ED25519

        public static final com.google.crypto.tink.proto.KeyTemplate ED25519
        A KeyTemplate that generates new instances of Ed25519PrivateKey.
        Since:
        1.1.0

      • ED25519WithRawOutput

        public static final com.google.crypto.tink.proto.KeyTemplate ED25519WithRawOutput
        A KeyTemplate that generates new instances of com.google.crypto.tink.proto.ED25519PrivateKey.

        The difference between ED25519WithRawOutput and ED25519 is the format of signatures generated. ED25519WithRawOutput generates signatures of OutputPrefixType.RAW format, which is 64 bytes long.

        Since:
        1.3.0

      • RSA_SSA_PKCS1_3072_SHA256_F4

        public static final com.google.crypto.tink.proto.KeyTemplate RSA_SSA_PKCS1_3072_SHA256_F4
        A KeyTemplate that generates new instances of RsaSsaPkcs1PrivateKey with the following parameters:
        • Hash function: SHA256.
        • Modulus size: 3072 bit.
        • Public exponent: 65537 (aka F4).
        • Prefix type: OutputPrefixType.TINK

      • RSA_SSA_PKCS1_3072_SHA256_F4_WITHOUT_PREFIX

        public static final com.google.crypto.tink.proto.KeyTemplate RSA_SSA_PKCS1_3072_SHA256_F4_WITHOUT_PREFIX
        A KeyTemplate that generates new instances of RsaSsaPkcs1PrivateKey with the following parameters:
        • Hash function: SHA256.
        • Modulus size: 3072 bit.
        • Public exponent: 65537 (aka F4).
        • Prefix type: None

      • RSA_SSA_PKCS1_4096_SHA512_F4

        public static final com.google.crypto.tink.proto.KeyTemplate RSA_SSA_PKCS1_4096_SHA512_F4
        A KeyTemplate that generates new instances of RsaSsaPkcs1PrivateKey with the following parameters:
        • Hash function: SHA512.
        • Modulus size: 4096 bit.
        • Public exponent: 65537 (aka F4).
        • Prefix type: OutputPrefixType.TINK

      • RSA_SSA_PSS_3072_SHA256_SHA256_32_F4

        public static final com.google.crypto.tink.proto.KeyTemplate RSA_SSA_PSS_3072_SHA256_SHA256_32_F4
        A KeyTemplate that generates new instances of RsaSsaPssPrivateKey with the following parameters:
        • Signature hash: SHA256.
        • MGF1 hash: SHA256.
        • Salt length: 32 (i.e., SHA256's output length).
        • Modulus size: 3072 bit.
        • Public exponent: 65537 (aka F4).

      • RSA_SSA_PSS_4096_SHA512_SHA512_64_F4

        public static final com.google.crypto.tink.proto.KeyTemplate RSA_SSA_PSS_4096_SHA512_SHA512_64_F4
        A KeyTemplate that generates new instances of RsaSsaPssPrivateKey with the following parameters:
        • Signature hash: SHA512.
        • MGF1 hash: SHA512.
        • Salt length: 64 (i.e., SHA512's output length).
        • Modulus size: 4096 bit.
        • Public exponent: 65537 (aka F4).

    • Method Detail

      • createEcdsaKeyTemplate

        @Deprecated
public static com.google.crypto.tink.proto.KeyTemplate createEcdsaKeyTemplate​(com.google.crypto.tink.proto.HashType hashType,
                                                                              com.google.crypto.tink.proto.EllipticCurveType curve,
                                                                              com.google.crypto.tink.proto.EcdsaSignatureEncoding encoding,
                                                                              com.google.crypto.tink.proto.OutputPrefixType prefixType)
        Deprecated.
        Use a corresponding EcdsaParameters object instead.
        Returns:
        a KeyTemplate containing a EcdsaKeyFormat with some specified parameters.

      • createRsaSsaPkcs1KeyTemplate

        @Deprecated
public static com.google.crypto.tink.proto.KeyTemplate createRsaSsaPkcs1KeyTemplate​(com.google.crypto.tink.proto.HashType hashType,
                                                                                    int modulusSize,
                                                                                    java.math.BigInteger publicExponent,
                                                                                    com.google.crypto.tink.proto.OutputPrefixType prefixType)
        Deprecated.
        Use a corresponding RsaSsaPkcs1Parameters object instead
        Returns:
        a KeyTemplate containing a RsaSsaPkcs1KeyFormat with some specified parameters.

      • createRsaSsaPssKeyTemplate

        @Deprecated
public static com.google.crypto.tink.proto.KeyTemplate createRsaSsaPssKeyTemplate​(com.google.crypto.tink.proto.HashType sigHash,
                                                                                  com.google.crypto.tink.proto.HashType mgf1Hash,
                                                                                  int saltLength,
                                                                                  int modulusSize,
                                                                                  java.math.BigInteger publicExponent)
        Deprecated.
        Use a corresponding RsaSsaPssParameters object instead.
        Returns:
        a KeyTemplate containing a RsaSsaPssKeyFormat with some specified parameters.