The package javax.microedition.securityservice consists
of the classes CMSMessageSignatureService and CMSMessageSignatureServiceException, which provide
signature services for cryptographic messages.
The class CMSMessageSignatureService provides
a high-level cryptographic interface that allows you to take use of the security
elements (such as a smart card) available on a device. Here signature generation
is defined for authentication and authorization purposes.
The class offers two methods for creating CMS-formatted signatures: sign and authenticate.
The sign method:
Generates a signed CMS message
Is meant for higher-value transactions and authorizations
Is associated with keys marked for digital signature and non-repudiation (signature cannot be taken back)
The authenticate method:
Generates a signature that may be used for authentication purposes, that is, identifying the user
Meant to be used when a digital signature is required to authenticate a user
Associated with keys marked for digital signatures only, or a digital signature and a key usage, apart from non-repudiation, (for example authentication)
When your application calls sign() or authenticate(),
the SATSA implementation automatically searches the device for appropriate
signing keys (certified by the CAs). To make the implementation look for specific
keys, you can pass additional parameters to the methods. If the implementation
cannot find appropriate keys, it displays a prompt to the user. In case more
than one appropriate signing key is found, the implementation interacts with
the user to select one of them.
The class CMSMessageSignatureServiceException is used for any error situations found when generating signatures,
for example when a certificate is not available or when certain types of signatures
are not supported.
For more information on security elements and the methods, see the class CMSMessageSignatureService.