-
Notifications
You must be signed in to change notification settings - Fork 8
support for Eliptic Curve signatures
Eliptic Curves are supported by the libraries but there are some specialties to be considered when using Eliptic Curve signatures.
One of these specialities is related to the mapping of algorithm OIDs to algorithm names and curve names. The bar code contains the algorithm OIDs but the java security API usually works with (proprietary) names of curves and Algorithms.
Onother specialty is the behaviour of security providers who tend not to be interoperable with key objects from other providers.
It is therefore strongly recommendend to use the library functions with a specified provider only.
Some (many) security providers don't support a mapping of algorithm OIDs to algorithm names. The default mapping is to "EC". In case you use a security provider with a different algorithm name you can add your mapping by:
AlgorithmNameResolver.addMap(<algorithm type>,<oid>,<name>) The algorithm type can be separate for the key generator algorithm and the signature algorithm:
- AlgorithmNameResolver.TYPE_KEY_GENERATOR_ALG = "KeyPairGenerator"
- AlgorithmNameResolver.TYPE_SIGNATURE_ALG = "Signature"
The curve names are required to decode an X9.62 encoded public key and to validate whether a security provider supports the curve. The mapping of algorithm OIDs to curve names in included in ElipticCurveNames. You can add your own mapping in case you use a security provider that uses a different curve name:
EllipticCurveNames.addOidToNameMapping(<oid>, <curve name>)