Mercurial > hg > openjdk > jdk6 > jdk
changeset 1804:8072a355d3c0
8169080: Improve documentation examples for crypto applications
Reviewed-by: wetmore
Contributed-by: prasadarao.koppula@oracle.com
author | rpatil |
---|---|
date | Wed, 11 Oct 2017 15:47:39 +0530 |
parents | 7c5821691ba5 |
children | fe5bbc4baa28 |
files | src/share/classes/java/security/MessageDigest.java src/share/classes/java/security/Signature.java src/share/classes/java/security/SignedObject.java src/share/classes/javax/crypto/Cipher.java src/share/classes/javax/crypto/CipherSpi.java src/share/classes/javax/crypto/Mac.java src/share/classes/javax/crypto/SealedObject.java |
diffstat | 7 files changed, 45 insertions(+), 48 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/java/security/MessageDigest.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/java/security/MessageDigest.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -57,7 +57,7 @@ * and catching the CloneNotSupportedException: <p> * * <pre> -* MessageDigest md = MessageDigest.getInstance("SHA"); +* MessageDigest md = MessageDigest.getInstance("SHA-256"); * * try { * md.update(toChapter1); @@ -442,7 +442,7 @@ /** * Returns a string that identifies the algorithm, independent of * implementation details. The name should be a standard - * Java Security name (such as "SHA", "MD5", and so on). + * Java Security name (such as "SHA-256"). * See Appendix A in the <a href= * "../../../technotes/guides/security/crypto/CryptoSpec.html#AppA"> * Java Cryptography Architecture API Specification & Reference </a>
--- a/src/share/classes/java/security/Signature.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/java/security/Signature.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -52,11 +52,10 @@ * authentication and integrity assurance of digital data. * * <p> The signature algorithm can be, among others, the NIST standard - * DSA, using DSA and SHA-1. The DSA algorithm using the - * SHA-1 message digest algorithm can be specified as <tt>SHA1withDSA</tt>. - * In the case of RSA, there are multiple choices for the message digest - * algorithm, so the signing algorithm could be specified as, for example, - * <tt>MD2withRSA</tt>, <tt>MD5withRSA</tt>, or <tt>SHA1withRSA</tt>. + * DSA, using DSA and SHA-256. The DSA algorithm using the + * SHA-256 message digest algorithm can be specified as <tt>SHA256withDSA</tt>. + * In the case of RSA the signing algorithm could be specified as, for example, + * <tt>SHA256withRSA</tt>. * The algorithm name must be specified, as there is no default. * * <p> A Signature object can be used to generate and verify digital
--- a/src/share/classes/java/security/SignedObject.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/java/security/SignedObject.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -81,13 +81,12 @@ * verification in an attempt to bypass a security check. * * <p> The signature algorithm can be, among others, the NIST standard - * DSA, using DSA and SHA-1. The algorithm is specified using the + * DSA, using DSA and SHA-256. The algorithm is specified using the * same convention as that for signatures. The DSA algorithm using the - * SHA-1 message digest algorithm can be specified, for example, as - * "SHA/DSA" or "SHA-1/DSA" (they are equivalent). In the case of - * RSA, there are multiple choices for the message digest algorithm, - * so the signing algorithm could be specified as, for example, - * "MD2/RSA", "MD5/RSA" or "SHA-1/RSA". The algorithm name must be + * SHA-256 message digest algorithm can be specified, for example, as + * "SHA256withDSA". In the case of + * RSA the signing algorithm could be specified as, for example, + * "SHA256withRSA". The algorithm name must be * specified, as there is no default. * * <p> The name of the Cryptography Package Provider is designated
--- a/src/share/classes/javax/crypto/Cipher.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/javax/crypto/Cipher.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -59,7 +59,7 @@ * <p>A <i>transformation</i> is a string that describes the operation (or * set of operations) to be performed on the given input, to produce some * output. A transformation always includes the name of a cryptographic - * algorithm (e.g., <i>DES</i>), and may be followed by a feedback mode and + * algorithm (e.g., <i>AES</i>), and may be followed by a feedback mode and * padding scheme. * * <p> A transformation is of the form:<p> @@ -75,17 +75,16 @@ * For example, the following is a valid transformation:<p> * * <pre> - * Cipher c = Cipher.getInstance("<i>DES/CBC/PKCS5Padding</i>"); + * Cipher c = Cipher.getInstance("<i>AES/CBC/PKCS5Padding</i>"); * </pre> * * Using modes such as <code>CFB</code> and <code>OFB<code>, block * ciphers can encrypt data in units smaller than the cipher's actual * block size. When requesting such a mode, you may optionally specify * the number of bits to be processed at a time by appending this number - * to the mode name as shown in the "<code>DES/CFB8/NoPadding</code>" and - * "<code>DES/OFB32/PKCS5Padding</code>" transformations. If no such - * number is specified, a provider-specific default is used. (For - * example, the SunJCE provider uses a default of 64 bits for DES.) + * to the mode name as shown in the "{@code AES/CFB8/NoPadding}" and + * "{@code AES/OFB32/PKCS5Padding}" transformations. If no such + * number is specified, a provider-specific default is used. * Thus, block ciphers can be turned into byte-oriented stream ciphers by * using an 8 bit mode such as CFB8 or OFB8. * @@ -235,7 +234,7 @@ /* * array containing the components of a Cipher transformation: * - * index 0: algorithm component (e.g., DES) + * index 0: algorithm component (e.g., AES) * index 1: feedback component (e.g., CFB) * index 2: padding component (e.g., PKCS5Padding) */ @@ -281,8 +280,8 @@ // transform string to lookup in the provider final String transform; // the mode/padding suffix in upper case. for example, if the algorithm - // to lookup is "DES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING" - // if loopup is "DES", suffix is the empty string + // to lookup is "AES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING" + // if lookup is "AES", suffix is the empty string // needed because aliases prevent straight transform.equals() final String suffix; // value to pass to setMode() or null if no such call required @@ -367,11 +366,11 @@ } if ((mode == null) && (pad == null)) { - // DES + // AES Transform tr = new Transform(alg, "", null, null); return Collections.singletonList(tr); } else { // if ((mode != null) && (pad != null)) { - // DES/CBC/PKCS5Padding + // AES/CBC/PKCS5Padding List<Transform> list = new ArrayList<Transform>(4); list.add(new Transform(alg, "/" + mode + "/" + pad, null, null)); list.add(new Transform(alg, "/" + mode, null, pad)); @@ -407,7 +406,7 @@ * the {@link Security#getProviders() Security.getProviders()} method. * * @param transformation the name of the transformation, e.g., - * <i>DES/CBC/PKCS5Padding</i>. + * <i>AES/CBC/PKCS5Padding</i>. * See Appendix A in the * <a href= * "{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#AppA"> @@ -483,7 +482,7 @@ * the {@link Security#getProviders() Security.getProviders()} method. * * @param transformation the name of the transformation, - * e.g., <i>DES/CBC/PKCS5Padding</i>. + * e.g., <i>AES/CBC/PKCS5Padding</i>. * See Appendix A in the * <a href= * "{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#AppA"> @@ -536,7 +535,7 @@ * does not have to be registered in the provider list. * * @param transformation the name of the transformation, - * e.g., <i>DES/CBC/PKCS5Padding</i>. + * e.g., <i>AES/CBC/PKCS5Padding</i>. * See Appendix A in the * <a href= * "{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#AppA">
--- a/src/share/classes/javax/crypto/CipherSpi.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/javax/crypto/CipherSpi.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -59,7 +59,7 @@ * <p>A <i>transformation</i> is a string that describes the operation (or * set of operations) to be performed on the given input, to produce some * output. A transformation always includes the name of a cryptographic - * algorithm (e.g., <i>DES</i>), and may be followed by a feedback mode and + * algorithm (e.g., <i>AES</i>), and may be followed by a feedback mode and * padding scheme. * * <p> A transformation is of the form:<p> @@ -75,7 +75,7 @@ * For example, the following is a valid transformation:<p> * * <pre> - * Cipher c = Cipher.getInstance("<i>DES/CBC/PKCS5Padding</i>"); + * Cipher c = Cipher.getInstance("<i>AES/CBC/PKCS5Padding</i>"); * </pre> * * <p>A provider may supply a separate class for each combination @@ -125,32 +125,32 @@ * </ul> * * <p>For example, a provider may supply a subclass of <code>CipherSpi</code> - * that implements <i>DES/ECB/PKCS5Padding</i>, one that implements - * <i>DES/CBC/PKCS5Padding</i>, one that implements - * <i>DES/CFB/PKCS5Padding</i>, and yet another one that implements - * <i>DES/OFB/PKCS5Padding</i>. That provider would have the following + * that implements <i>AES/ECB/PKCS5Padding</i>, one that implements + * <i>AES/CBC/PKCS5Padding</i>, one that implements + * <i>AES/CFB/PKCS5Padding</i>, and yet another one that implements + * <i>AES/OFB/PKCS5Padding</i>. That provider would have the following * <code>Cipher</code> properties in its master class:<p> * * <ul> * * <li> * <pre> - * <code>Cipher.</code><i>DES/ECB/PKCS5Padding</i> + * <code>Cipher.</code><i>AES/ECB/PKCS5Padding</i> * </pre> * * <li> * <pre> - * <code>Cipher.</code><i>DES/CBC/PKCS5Padding</i> + * <code>Cipher.</code><i>AES/CBC/PKCS5Padding</i> * </pre> * * <li> * <pre> - * <code>Cipher.</code><i>DES/CFB/PKCS5Padding</i> + * <code>Cipher.</code><i>AES/CFB/PKCS5Padding</i> * </pre> * * <li> * <pre> - * <code>Cipher.</code><i>DES/OFB/PKCS5Padding</i> + * <code>Cipher.</code><i>AES/OFB/PKCS5Padding</i> * </pre> * * </ul> @@ -158,7 +158,7 @@ * <p>Another provider may implement a class for each of the above modes * (i.e., one class for <i>ECB</i>, one for <i>CBC</i>, one for <i>CFB</i>, * and one for <i>OFB</i>), one class for <i>PKCS5Padding</i>, - * and a generic <i>DES</i> class that subclasses from <code>CipherSpi</code>. + * and a generic <i>AES</i> class that subclasses from <code>CipherSpi</code>. * That provider would have the following * <code>Cipher</code> properties in its master class:<p> * @@ -166,7 +166,7 @@ * * <li> * <pre> - * <code>Cipher.</code><i>DES</i> + * <code>Cipher.</code><i>AES</i> * </pre> * * </ul>
--- a/src/share/classes/javax/crypto/Mac.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/javax/crypto/Mac.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -50,7 +50,7 @@ * * <p> A MAC mechanism that is based on cryptographic hash functions is * referred to as HMAC. HMAC can be used with any cryptographic hash function, - * e.g., MD5 or SHA-1, in combination with a secret shared key. HMAC is + * e.g., SHA256 or SHA384, in combination with a secret shared key. HMAC is * specified in RFC 2104. * * @author Jan Luehe
--- a/src/share/classes/javax/crypto/SealedObject.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/javax/crypto/SealedObject.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -40,7 +40,7 @@ * <p> Given any Serializable object, one can create a SealedObject * that encapsulates the original object, in serialized * format (i.e., a "deep copy"), and seals (encrypts) its serialized contents, - * using a cryptographic algorithm such as DES, to protect its + * using a cryptographic algorithm such as AES, to protect its * confidentiality. The encrypted content can later be decrypted (with * the corresponding algorithm using the correct decryption key) and * de-serialized, yielding the original object.