Package org.mozilla.jss.pkcs11
Class PK11KeyPairGenerator
java.lang.Object
org.mozilla.jss.crypto.KeyPairGeneratorSpi
org.mozilla.jss.pkcs11.PK11KeyPairGenerator
A Key Pair Generator implemented using PKCS #11.
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static enum
The ECCurve_Code enum defines a code for each EC curve based on the position of the curve in the enum.Nested classes/interfaces inherited from class org.mozilla.jss.crypto.KeyPairGeneratorSpi
KeyPairGeneratorSpi.Usage
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate KeyPairAlgorithm
private static final int
private static final int
private static final int
private static final int
private static final BigInteger
private static boolean
private int
private static final String
private static final String
private static final String
private static final String
private static final String
private static final String
static org.slf4j.Logger
private boolean
private long
private long
private static final String
private static final String
private static final String
private AlgorithmParameterSpec
static final PQGParams
Pre-cooked PQG values for 1024-bit keypairs, along with the seed, counter, and H values needed to verify them.static final PQGParams
Pre-cooked PQG values for 512-bit keypairs, along with the seed, counter, and H values needed to verify them.static final PQGParams
Pre-cooked PQG values for 768-bit keypairs, along with the seed, counter, and H values needed to verify them.private static final String
private static final String
private static final String
private static final String
private static final String
private static final String
private int
private boolean
private PK11Token
-
Constructor Summary
ConstructorsConstructorDescriptionPK11KeyPairGenerator
(PK11Token token, KeyPairAlgorithm algorithm) Constructor for PK11KeyPairGenerator. -
Method Summary
Modifier and TypeMethodDescriptionvoid
extractablePairs
(boolean extractable) private KeyPair
generateDSAKeyPair
(PK11Token token, byte[] P, byte[] Q, byte[] G, boolean temporary, int sensitive, int extractable) Generates a DSA key pair with the given P, Q, and G values.private KeyPair
generateDSAKeyPairWithOpFlags
(PK11Token token, byte[] P, byte[] Q, byte[] G, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) Generates a DSA key pair with the given P, Q, and G values.private KeyPair
generateECKeyPair
(PK11Token token, byte[] Curve, boolean temporary, int sensitive, int extractable) Generates a EC key pair with the given a curve.private KeyPair
generateECKeyPairWithOpFlags
(PK11Token token, byte[] Curve, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) Generates a EC key pair with the given a curve.Generates a key pair on a token.private KeyPair
generateRSAKeyPair
(PK11Token token, int keySize, long publicExponent, boolean temporary, int sensitive, int extractable) Generates an RSA key pair with the given size and public exponent.private KeyPair
generateRSAKeyPairWithOpFlags
(PK11Token token, int keySize, long publicExponent, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) Generates an RSA key pair with the given size and public exponent.private AlgorithmParameterSpec
getCurve
(int strength) int
getCurveCodeByName
(String curveName) private AlgorithmParameterSpec
getECCurve
(int curvecode) void
initialize
(int strength, SecureRandom random) Initializes this KeyPairGenerator with the given key strength.void
initialize
(AlgorithmParameterSpec params, SecureRandom random) Initializes this KeyPairGenerator with the given algorithm-specific parameters.boolean
void
sensitivePairs
(boolean sensitive) void
setKeyPairUsages
(KeyPairGeneratorSpi.Usage[] usages, KeyPairGeneratorSpi.Usage[] usages_mask) Sets the requested key usages desired for the generated key pair.void
temporaryPairs
(boolean temp) private static void
-
Field Details
-
logger
public static org.slf4j.Logger logger -
opFlags
private long opFlags -
opFlagsMask
private long opFlagsMask -
DEFAULT_RSA_KEY_SIZE
private static final int DEFAULT_RSA_KEY_SIZE- See Also:
-
DEFAULT_RSA_PUBLIC_EXPONENT
-
p1024
- See Also:
-
q1024
- See Also:
-
g1024
- See Also:
-
h1024
- See Also:
-
seed1024
- See Also:
-
counter1024
private static final int counter1024- See Also:
-
PQG1024
Pre-cooked PQG values for 1024-bit keypairs, along with the seed, counter, and H values needed to verify them. -
p768
- See Also:
-
q768
- See Also:
-
g768
- See Also:
-
seed768
- See Also:
-
counter768
private static final int counter768- See Also:
-
h768
- See Also:
-
PQG768
Pre-cooked PQG values for 768-bit keypairs, along with the seed, counter, and H values needed to verify them. -
p512
- See Also:
-
q512
- See Also:
-
g512
- See Also:
-
h512
- See Also:
-
seed512
- See Also:
-
counter512
private static final int counter512- See Also:
-
PQG512
Pre-cooked PQG values for 512-bit keypairs, along with the seed, counter, and H values needed to verify them. -
defaultsTested
private static boolean defaultsTested -
token
-
params
-
algorithm
-
mKeygenOnInternalToken
private boolean mKeygenOnInternalToken -
temporaryPairMode
private boolean temporaryPairMode -
sensitivePairMode
private int sensitivePairMode -
extractablePairMode
private int extractablePairMode
-
-
Constructor Details
-
PK11KeyPairGenerator
public PK11KeyPairGenerator(PK11Token token, KeyPairAlgorithm algorithm) throws NoSuchAlgorithmException, TokenException Constructor for PK11KeyPairGenerator.- Parameters:
token
- The PKCS #11 token that the keypair will be generated on.algorithm
- The type of key that will be generated. Currently,KeyPairAlgorithm.RSA
,KeyPairAlgorithm.DSA
andKeyPairAlgorithm.EC
are supported.- Throws:
NoSuchAlgorithmException
TokenException
-
-
Method Details
-
initialize
Initializes this KeyPairGenerator with the given key strength.For DSA key generation, pre-cooked PQG values will be used be used if the key size is 512, 768, or 1024. Otherwise, an InvalidParameterException will be thrown.
- Specified by:
initialize
in classKeyPairGeneratorSpi
- Parameters:
strength
- The strength (size) of the keys that will be generated.random
- Ignored- Throws:
InvalidParameterException
- If the key strength is not supported by the algorithm or this implementation.
-
initialize
public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException Initializes this KeyPairGenerator with the given algorithm-specific parameters.- Specified by:
initialize
in classKeyPairGeneratorSpi
- Parameters:
params
- The algorithm-specific parameters that will govern key pair generation.random
- Ignored- Throws:
InvalidAlgorithmParameterException
- If the parameters are inappropriate for the key type or are not supported by this implementation.
-
generateKeyPair
Generates a key pair on a token. Uses parameters if they were passed in through a call toinitialize
, otherwise uses defaults.- Specified by:
generateKeyPair
in classKeyPairGeneratorSpi
- Returns:
- Throws:
TokenException
-
keygenOnInternalToken
public boolean keygenOnInternalToken()- Specified by:
keygenOnInternalToken
in classKeyPairGeneratorSpi
- Returns:
- true if the keypair generation will be done on the internal token and then moved to this token.
-
generateRSAKeyPair
private KeyPair generateRSAKeyPair(PK11Token token, int keySize, long publicExponent, boolean temporary, int sensitive, int extractable) throws TokenException Generates an RSA key pair with the given size and public exponent.- Throws:
TokenException
-
generateRSAKeyPairWithOpFlags
private KeyPair generateRSAKeyPairWithOpFlags(PK11Token token, int keySize, long publicExponent, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) throws TokenException Generates an RSA key pair with the given size and public exponent. Adds the ability to specify a set of flags and masks to control how NSS generates the key pair.- Throws:
TokenException
-
generateDSAKeyPair
private KeyPair generateDSAKeyPair(PK11Token token, byte[] P, byte[] Q, byte[] G, boolean temporary, int sensitive, int extractable) throws TokenException Generates a DSA key pair with the given P, Q, and G values. P, Q, and G are stored as big-endian twos-complement octet strings.- Throws:
TokenException
-
generateDSAKeyPairWithOpFlags
private KeyPair generateDSAKeyPairWithOpFlags(PK11Token token, byte[] P, byte[] Q, byte[] G, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) throws TokenException Generates a DSA key pair with the given P, Q, and G values. P, Q, and G are stored as big-endian twos-complement octet strings. Adds the ability to specify a set of flags and masks to control how NSS generates the key pair.- Throws:
TokenException
-
generateECKeyPair
private KeyPair generateECKeyPair(PK11Token token, byte[] Curve, boolean temporary, int sensitive, int extractable) throws TokenException Generates a EC key pair with the given a curve. Curves are stored as DER Encoded Parameters.- Throws:
TokenException
-
generateECKeyPairWithOpFlags
private KeyPair generateECKeyPairWithOpFlags(PK11Token token, byte[] Curve, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) throws TokenException Generates a EC key pair with the given a curve. Curves are stored as DER Encoded Parameters. Adds the ability to specify a set of flags and masks to control how NSS generates the key pair.- Throws:
TokenException
-
testDefaults
private static void testDefaults() -
temporaryPairs
public void temporaryPairs(boolean temp) - Specified by:
temporaryPairs
in classKeyPairGeneratorSpi
-
sensitivePairs
public void sensitivePairs(boolean sensitive) - Specified by:
sensitivePairs
in classKeyPairGeneratorSpi
-
extractablePairs
public void extractablePairs(boolean extractable) - Specified by:
extractablePairs
in classKeyPairGeneratorSpi
-
setKeyPairUsages
public void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages, KeyPairGeneratorSpi.Usage[] usages_mask) Sets the requested key usages desired for the generated key pair. This allows the caller to suggest how NSS generates the key pair.- Specified by:
setKeyPairUsages
in classKeyPairGeneratorSpi
- Parameters:
usages
- List of desired key usages.usages_mask
- Corresponding mask for the key usages. if a usages is desired, make sure it is in the mask as well.
-
getCurveCodeByName
- Specified by:
getCurveCodeByName
in classKeyPairGeneratorSpi
- Throws:
InvalidParameterException
-
getECCurve
- Throws:
InvalidParameterException
-
getCurve
- Throws:
InvalidParameterException
-