API and SPI

The methods in the cryptographic concept classes are divided into two groups. The first group of methods is the Application Programming Interface, or API. It consists of all public methods that you can use to work with an instance of a concept class. The second group of methods is the Service Provider Interface, or SPI. This is the set of methods that subclasses must implement. By convention, SPI method names all begin with engine.

In JDK 1.1, the SPI and API methods were mixed together in the cryptographic concept classes. The java.security.Signature class, for example, contained API methods like initSign() and verify() as well as SPI methods like engineInitSign() and engineVerify(). To implement a signature algorithm, you would create a subclass of Signature and define all the SPI methods.

In JDK 1.2, API methods and SPI methods are split into separate classes. Signature, for example, now contains only API methods. A separate class, java.security.SignatureSpi, contains all the SPI methods. To implement a signature algorithm now, create a subclass of SignatureSpi and define the SPI methods. Whenever you implement a cryptographic algorithm, you’ll need to follow a similar process. In Chapter 7, and Chapter 9, we’ll create implementations for KeyPairGenerator, Signature, and other concept classes by implementing the SPI of those classes.

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.