The decryptor classes must be derived from the interface IDecryptorStore which has two methods getEncryptionCertificates() and decrypt(…). getEncryptionCertificates() gives the list of certificates of recipients whereas decrypt(…) performs the decryption operation. You can implement your own decryptor classes conforming to this interface. Currently there are decryptor classes using smartcard, memory and Microsoft store in ESYA CMS Envelope API.
To decrypt an EnvelopedData by using a private key in a smartcard the class SCDecryptor must be used. The class takes SmartCard object and session number as parameters. To perform decryption the samrtcard must be logged in.
For more information about smartcards, see SmartCard The example below demonstrates how to use smarcard decryptor class.
ByteArrayOutputStream decryptedOutputStream = new ByteArrayOutputStream(); SmartCard sc = new SmartCard(CardType.AKIS); long slot = sc.getSlotList()[0]; long session = sc.openSession(slot); sc.login(session, "123456"); IDecryptorStore decryptor = new SCDecryptor(sc, session);
MemoryStream decryptedOutputStream = new MemoryStream(); SmartCard sc = new SmartCard(CardType.AKIS); long slot = sc.getSlotList()[0]; long session = sc.openSession(slot); sc.login(session, "12345"); IDecryptorStore decryptor = new SCDecryptor(sc, session);
If the certificate and the private key are in memory then decryption can be performed in memory by using MemoryDecryptor. The certificate and private key pair must be given as parameter to the object at its creation.
ECertificate cert = getCertificate(); PrivateKey key = getPrivKey(); MemoryDecryptor md = new MemoryDecryptor(new Pair<ECertificate, PrivateKey>(cert,key));
ECertificate cert = getCertificate(); IPrivateKey key = getPrivKey(); MemoryDecryptor md = new MemoryDecryptor(new Pair<ECertificate, IPrivateKey>(cert,key));
This class tries to decrypt the document by using a certificate and private key in Microsoft Certificate Store. The user must have access right to the store to use this decryptor.