Class KeyManager


  • public class KeyManager
    extends java.lang.Object
    Creates, finds, and deletes keys for SecretDecoderRing.
    • Constructor Summary

      Constructors 
      Constructor Description
      KeyManager​(CryptoToken token)
      Creates a new KeyManager using the given CryptoToken.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void deleteKey​(byte[] keyID)
      Deletes the key with the given keyID from this token.
      void deleteKey​(javax.crypto.SecretKey key)
      Deletes this key from this token.
      void deleteUniqueNamedKey​(java.lang.String nickname)
      If it exists, delete the key with the specified nickname from this token.
      byte[] generateKey()
      Generates an SDR key with the default algorithm and key size.
      byte[] generateKey​(KeyGenAlgorithm alg, int keySize)
      Generates an SDR key with the given algorithm and key size.
      byte[] generateUniqueNamedKey​(java.lang.String nickname)
      Generates an SDR key with the default algorithm and key size.
      byte[] generateUniqueNamedKey​(KeyGenAlgorithm alg, int keySize, java.lang.String nickname)
      Generates an SDR key with the given algorithm, key size, and nickname.
      javax.crypto.SecretKey lookupKey​(EncryptionAlgorithm alg, byte[] keyid)
      Looks up the key on this token with the given algorithm and key ID.
      javax.crypto.SecretKey lookupUniqueNamedKey​(EncryptionAlgorithm alg, java.lang.String nickname)
      Looks up the key on this token with the given algorithm and nickname.
      boolean uniqueNamedKeyExists​(java.lang.String nickname)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • DEFAULT_KEYGEN_ALG

        public static final KeyGenAlgorithm DEFAULT_KEYGEN_ALG
        The default key generation algorithm, currently DES3.
      • DEFAULT_KEYSIZE

        public static final int DEFAULT_KEYSIZE
        The default key size (in bytes). This is only relevant for algorithms with variable-length keys, such as AES.
        See Also:
        Constant Field Values
    • Constructor Detail

      • KeyManager

        public KeyManager​(CryptoToken token)
        Creates a new KeyManager using the given CryptoToken.
        Parameters:
        token - The token on which this KeyManager operates.
    • Method Detail

      • generateKey

        public byte[] generateKey()
                           throws TokenException
        Generates an SDR key with the default algorithm and key size. The default algorithm is stored in the constant DEFAULT_KEYGEN_ALG. The default key size is stored in the constant DEFAULT_KEYSIZE.
        Returns:
        The keyID of the generated key. A random keyID will be chosen that is not currently used on the token. The keyID must be stored by the application in order to use this key for encryption in the future.
        Throws:
        TokenException
      • generateKey

        public byte[] generateKey​(KeyGenAlgorithm alg,
                                  int keySize)
                           throws TokenException
        Generates an SDR key with the given algorithm and key size.
        Parameters:
        keySize - Length of key in bytes. This is only relevant for algorithms that take more than one key size. Otherwise it can just be set to 0.
        Returns:
        The keyID of the generated key. A random keyID will be chosen that is not currently used on the token. The keyID must be stored by the application in order to use this key for encryption in the future.
        Throws:
        TokenException
      • generateUniqueNamedKey

        public byte[] generateUniqueNamedKey​(java.lang.String nickname)
                                      throws TokenException
        Generates an SDR key with the default algorithm and key size. and names it with the specified nickname. The default algorithm is stored in the constant DEFAULT_KEYGEN_ALG. The default key size is stored in the constant DEFAULT_KEYSIZE.
        Parameters:
        nickname - the name of the symmetric key. Duplicate keynames will be checked for, and are not allowed.
        Returns:
        The keyID of the generated key. A random keyID will be chosen that is not currently used on the token. The keyID must be stored by the application in order to use this key for encryption in the future.
        Throws:
        TokenException
      • generateUniqueNamedKey

        public byte[] generateUniqueNamedKey​(KeyGenAlgorithm alg,
                                             int keySize,
                                             java.lang.String nickname)
                                      throws TokenException
        Generates an SDR key with the given algorithm, key size, and nickname.
        Parameters:
        alg - The algorithm that this key will be used for. This is necessary because it will be stored along with the key for later use by the security library.
        keySize - Length of key in bytes. This is only relevant for algorithms that take more than one key size. Otherwise it can just be set to 0.
        nickname - the name of the symmetric key. Duplicate keynames will be checked for, and are not allowed.
        Returns:
        The keyID of the generated key. A random keyID will be chosen that is not currently used on the token. The keyID must be stored by the application in order to use this key for encryption in the future.
        Throws:
        TokenException
      • lookupKey

        public javax.crypto.SecretKey lookupKey​(EncryptionAlgorithm alg,
                                                byte[] keyid)
                                         throws TokenException
        Looks up the key on this token with the given algorithm and key ID.
        Parameters:
        alg - The algorithm that this key will be used for. This is necessary because it will be stored along with the key for later use by the security library. It should match the actual algorithm of the key you are looking for. If you pass in a different algorithm and try to use the key that is returned, the results are undefined.
        Returns:
        The key, or null if the key is not found.
        Throws:
        TokenException
      • lookupUniqueNamedKey

        public javax.crypto.SecretKey lookupUniqueNamedKey​(EncryptionAlgorithm alg,
                                                           java.lang.String nickname)
                                                    throws TokenException
        Looks up the key on this token with the given algorithm and nickname.
        Parameters:
        alg - The algorithm that this key will be used for. This is necessary because it will be stored along with the key for later use by the security library. It should match the actual algorithm of the key you are looking for. If you pass in a different algorithm and try to use the key that is returned, the results are undefined.
        nickname - the name of the symmetric key. Duplicate keynames will be checked for, and are not allowed.
        Returns:
        The key, or null if the key is not found.
        Throws:
        TokenException
      • deleteKey

        public void deleteKey​(byte[] keyID)
                       throws TokenException,
                              java.security.InvalidKeyException
        Deletes the key with the given keyID from this token.
        Throws:
        java.security.InvalidKeyException - If the key does not exist on this token.
        TokenException
      • deleteUniqueNamedKey

        public void deleteUniqueNamedKey​(java.lang.String nickname)
                                  throws TokenException,
                                         java.security.InvalidKeyException
        If it exists, delete the key with the specified nickname from this token.
        Throws:
        TokenException
        java.security.InvalidKeyException
      • deleteKey

        public void deleteKey​(javax.crypto.SecretKey key)
                       throws TokenException,
                              java.security.InvalidKeyException
        Deletes this key from this token.
        Throws:
        java.security.InvalidKeyException - If the key does not reside on this token, or is not a JSS key.
        TokenException