Package org.mozilla.jss.pkcs11
Class PK11KeyGenerator
java.lang.Object
org.mozilla.jss.pkcs11.PK11KeyGenerator
- All Implemented Interfaces:
KeyGenerator
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.mozilla.jss.crypto.KeyGenerator
KeyGenerator.CharToByteConverter
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate KeyGenAlgorithm
private KeyGenerator.CharToByteConverter
private long
private AlgorithmParameterSpec
private int
private int
private boolean
private PK11Token
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprivate
(package private)
PK11KeyGenerator
(PK11Token token, KeyGenAlgorithm algorithm) -
Method Summary
Modifier and TypeMethodDescriptionclone
(SymmetricKey key) Allows a SymmetricKey to be cloned on a different token.static SymmetricKey
clone
(SymmetricKey key, PK11Token token) Allows a SymmetricKey to be cloned on a different token.generate()
Generates the key.private static SymmetricKey
generateKBKDF
(PK11Token token, PK11SymKey baseKeyObj, long algorithm, NativeProxy pointer, long pointer_size, long derivedKeyAlgorithm, int strength, int opFlags, boolean temporary, int sensitive) A native method to generate a key using KBKDF.private static SymmetricKey
generateNormal
(PK11Token token, KeyGenAlgorithm algorithm, int strength, int opFlags, boolean temporary, int sensitive) A native method to generate a non-PBE key.private static SymmetricKey
generatePBE
(PK11Token token, KeyGenAlgorithm algorithm, EncryptionAlgorithm encAlg, HMACAlgorithm hashAlg, byte[] pass, byte[] salt, int iterationCount) A native method to generate a PBE key.byte[]
Generates an Initialization Vector using a PBE algorithm.private static byte[]
generatePBE_IV
(KeyGenAlgorithm alg, byte[] password, byte[] salt, int iterations) A native method to generate an IV using a PBE algorithm.void
initialize
(int strength) void
initialize
(AlgorithmParameterSpec parameters) private static SymmetricKey
nativeClone
(PK11Token token, SymmetricKey toBeCloned) void
sensitiveKeys
(boolean sensitive) Tells the generator to generate sensitive or insensitive keys.void
Sets the character to byte converter for passwords.void
setKeyUsages
(long opFlags) void
setKeyUsages
(SymmetricKey.Usage[] usages) void
temporaryKeys
(boolean temp) Tells the generator to generate temporary or permanent keys.
-
Field Details
-
token
-
algorithm
-
strength
private int strength -
parameters
-
opFlags
private long opFlags -
temporaryKeyMode
private boolean temporaryKeyMode -
sensitiveKeyMode
private int sensitiveKeyMode -
charToByte
-
-
Constructor Details
-
PK11KeyGenerator
private PK11KeyGenerator() -
PK11KeyGenerator
PK11KeyGenerator(PK11Token token, KeyGenAlgorithm algorithm)
-
-
Method Details
-
setCharToByteConverter
Sets the character to byte converter for passwords. The default conversion is UTF8 with no null termination.- Specified by:
setCharToByteConverter
in interfaceKeyGenerator
- Parameters:
charToByte
- Character-to-byte converter.
-
initialize
- Specified by:
initialize
in interfaceKeyGenerator
- Parameters:
strength
- Key size in bits. Must be evenly divisible by 8.- Throws:
InvalidAlgorithmParameterException
- If parameter is invalid.
-
initialize
- Specified by:
initialize
in interfaceKeyGenerator
- Throws:
InvalidAlgorithmParameterException
-
setKeyUsages
- Specified by:
setKeyUsages
in interfaceKeyGenerator
- Parameters:
usages
- The operations the key will be used for after it is generated. You have to specify these so that the key can be properly marked with the operations it supports. Some PKCS #11 tokens require that a key be marked for an operation before it can perform that operation. The default is SymmetricKey.Usage.SIGN and SymmetricKey.Usage.ENCRYPT.
-
setKeyUsages
public void setKeyUsages(long opFlags) -
temporaryKeys
public void temporaryKeys(boolean temp) Description copied from interface:KeyGenerator
Tells the generator to generate temporary or permanent keys. Temporary keys are not written permanently to the token. They are destroyed by the garbage collector. If this method is not called, the default is temporary keys.- Specified by:
temporaryKeys
in interfaceKeyGenerator
- Parameters:
temp
- True to generate temporary key.
-
sensitiveKeys
public void sensitiveKeys(boolean sensitive) Description copied from interface:KeyGenerator
Tells the generator to generate sensitive or insensitive keys. Certain attributes of a sensitive key cannot be revealed in plaintext outside the token. If this method is not called, the default is token dependent.- Specified by:
sensitiveKeys
in interfaceKeyGenerator
- Parameters:
sensitive
- True to generate sensitive.
-
generate
public SymmetricKey generate() throws IllegalStateException, TokenException, CharConversionExceptionGenerates the key. This is the public interface, the actual work is done by native methods.- Specified by:
generate
in interfaceKeyGenerator
- Returns:
- Symmetric key.
- Throws:
IllegalStateException
- If key generation failed.TokenException
- If an error occurred in the token.CharConversionException
- If an encoding error occurred.
-
generatePBE_IV
Generates an Initialization Vector using a PBE algorithm. In order to call this method, the algorithm must be a PBE algorithm, and the KeyGenerator must have been initialized with an instance ofPBEKeyGenParams
.- Specified by:
generatePBE_IV
in interfaceKeyGenerator
- Returns:
- The initialization vector derived from the password and salt using the PBE algorithm.
- Throws:
TokenException
- If an error occurs on the CryptoToken while generating the IV.CharConversionException
- If an encoding error occurred.
-
generatePBE_IV
private static byte[] generatePBE_IV(KeyGenAlgorithm alg, byte[] password, byte[] salt, int iterations) throws TokenException A native method to generate an IV using a PBE algorithm. None of the parameters should be NULL.- Throws:
TokenException
-
clone
public SymmetricKey clone(SymmetricKey key) throws SymmetricKey.NotExtractableException, InvalidKeyException, TokenException Allows a SymmetricKey to be cloned on a different token.- Specified by:
clone
in interfaceKeyGenerator
- Parameters:
key
- Symmetric key.- Returns:
- Cloned symmetric key.
- Throws:
SymmetricKey.NotExtractableException
- If the key material cannot be extracted from the current token.InvalidKeyException
- If the owning token cannot process the key to be cloned.TokenException
- If an error occurred in the token.
-
clone
public static SymmetricKey clone(SymmetricKey key, PK11Token token) throws SymmetricKey.NotExtractableException, InvalidKeyException, TokenException Allows a SymmetricKey to be cloned on a different token.- Parameters:
key
- The key to clone.token
- The token on which to clone the key.- Throws:
SymmetricKey.NotExtractableException
- If the key material cannot be extracted from the current token.InvalidKeyException
- If the owning token cannot process the key to be cloned.TokenException
-
nativeClone
private static SymmetricKey nativeClone(PK11Token token, SymmetricKey toBeCloned) throws SymmetricKey.NotExtractableException, TokenException -
generateNormal
private static SymmetricKey generateNormal(PK11Token token, KeyGenAlgorithm algorithm, int strength, int opFlags, boolean temporary, int sensitive) throws TokenException A native method to generate a non-PBE key.- Parameters:
token
- The token where the key generation happensalgorithm
- The algorithm to usestrength
- The key size in bits, should be 0 for fixed-length key algorithms.opFlags
- The crypto operations the key will supporttemporary
- Whether the key will be temporary or permanent- Throws:
TokenException
-
generatePBE
private static SymmetricKey generatePBE(PK11Token token, KeyGenAlgorithm algorithm, EncryptionAlgorithm encAlg, HMACAlgorithm hashAlg, byte[] pass, byte[] salt, int iterationCount) throws TokenException A native method to generate a PBE key. None of the parameters should be null.- Throws:
TokenException
-
generateKBKDF
private static SymmetricKey generateKBKDF(PK11Token token, PK11SymKey baseKeyObj, long algorithm, NativeProxy pointer, long pointer_size, long derivedKeyAlgorithm, int strength, int opFlags, boolean temporary, int sensitive) throws TokenException A native method to generate a key using KBKDF. None of the parameters should be null.- Throws:
TokenException
-