Differences between theory and practice

Rodrigo Sodre (rsodre@mymail.com.br)
Sat, 15 Aug 1998 13:15:53 -0300

Date: Sat, 15 Aug 1998 13:15:53 -0300
From: Rodrigo Sodre <rsodre@mymail.com.br>
To: java-security@java.sun.com
Subject: Differences between theory and practice

Greetings.

I'm having problems to understant the new RSA keys interface and classes
in jdk1.2beta4. There are above 2 texts. The first was extracted from
"Java Cryptography Architecture" (\docsguide\security\CriptoSpec.html)
and the former from "How to Implement a Provider fot the JCA"
(docs\guide\security\HowToImplAProvider.html):

- CriptoSpec.html
"An opaque key representation is one in which you have no direct access
to the key material that constitues a key. In other words: "opaque"
gives you limited access to the key - just the three methods defined by
the "Key" interface (see below): getAlgorithm, getFormat, and
getEncoded. This is in contrast to a transparent representation, in
which you can access each key material value individually, through one
of the "get" methods defined in the corresponding specification class.

...

A transparent representation <Spec class/interface> of keys means that
you can access each key material value individually, through one of the
"get" methods defined in the corresponding specification class. For
example, DSAPrivateKeySpec defines getX, getP, getQ, and getG methods,
to access the private key x, and the DSA algorithm parameters used to
calculate the key: the prime p, the sub-prime q, and the base g."

- HowToImplAProvider.html
"In order to implement the RSAPrivateKey, RSAPrivateCrtKey, and
RSAPublicKey interfaces, you must implement the methods they define as
well as those defined by interfaces they extend, directly or indirectly.

Thus, for RSA private keys, you need to supply a class that implements
.the getModulus and getPrivateExponent methods from the RSAPrivateKey
interface.
.the getAlgorithm, getEncoded, and getFormat methods from the
java.security.Key interface, since RSAPrivateKey extends
java.security.PrivateKey, and PrivateKey extends Key."

Well, in practice, there are two RSA private key classes (i'm not
considering crt nor public key classes since they're analogous):
.RSAPrivateKeySpec witch implement getModulus() and
getPrivateExponent() methods
.RSAPrivateKey witch implement the methods above plus those opaque
methods: getAlgorithm(), getEncoded() and getFormat().

So, my doubts:
Why the same class/interface has opaque and transparent methods?
Shouldn'd RSAPrivateKey have only opaque methods and use a RSAKeyFactory
to the translation? If not, Why should anyone use RSAPrivateKeySpec
since we have all the methods in RSAPrivateKey class?

Thanks in advance and best regards.

Rodrigo Sodre
System Developer
4Safe Team