com.rsa.jsafe.JSAFE_Object
com.rsa.jsafe.JSAFE_KeyPair
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
JSAFE_KeyPair defines low-level key management and generation
routines for a particular algorithm and can instantiate the classes that
hold and generate public/private key pairs.
Define the higher-level key management in external classes (such
as certification authorities).
See Overview of Crypto-J for background and reference material on using and understanding Crypto-J.
Copyright © RSA Security Inc., 1997-2005. All rights reserved.
| Constructor Summary | |
JSAFE_KeyPair()
|
|
| Method Summary | |
void |
clearSensitiveData()
This method clears sensitive data from an object. |
clone()
Overrides the default clone to produce a deep clone. |
|
void |
generate()
Generates the key pair. |
void |
generateInit(JSAFE_Parameters sharedParameters,
int[] keyPairGenParameters,
SecureRandom random)
Initializes this object to generate a key pair. |
void |
generateInit(JSAFE_Parameters sharedParameters,
int[] keyPairGenParameters,
SecureRandom random,
JSAFE_Session[] sessions)
Initializes this object to generate a key pair. |
byte[][] |
generateKeyPair(byte[] xp1,
byte[] xp2,
byte[] Xp,
byte[] xq1,
byte[] xq2,
byte[] Xq)
Generates a strong key pair for testing according to the RSA Validation System. |
void |
generateReInit()
Re-initializes this object to generate a key pair, using the
parameters and the random object passed in during a previous call
to |
void |
generateStrongInit(JSAFE_Parameters sharedParameters,
int[] keyPairGenParameters,
SecureRandom random)
Initializes this object to generate a key pair, using techniques to guarantee the use of only strong primes. |
abstract String |
getAlgorithm()
Returns the standard algorithm name. |
getDevice()
Returns the name of the device of record. |
|
String[] |
getDeviceList()
Returns a |
static JSAFE_KeyPair |
getInstance(String transformation,
String device)
Builds a |
getPrivateKey()
Returns a copy of the private key portion of a key pair as a
|
|
getPublicKey()
Returns a copy of the public key portion of a key pair as
a |
|
void |
setKeys(JSAFE_PublicKey pubKey,
JSAFE_PrivateKey priKey)
Copies the public and private keys into this object. |
void |
setPrivateKeyAttributes(JSAFE_KeyAttributes attributes)
Sets the in-token attributes of the private key. |
void |
setPublicKeyAttributes(JSAFE_KeyAttributes attributes)
Sets the in-token attributes of the public key. |
| Methods inherited from class com.rsa.jsafe.JSAFE_Object |
overwrite, overwrite |
| Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
public JSAFE_KeyPair()
| Method Detail |
public static JSAFE_KeyPair getInstance(String transformation, String device) throws JSAFE_UnimplementedException, JSAFE_InvalidParameterException
JSAFE_KeyPair object that holds and generates key
pairs of type transformation on the given device.
transformation - The representation of the desired operation.
The value of algorithm must be one of the following:
"RSA", "DH" (Diffie-Hellman),
or "DSA".device - A list of devices used to build the object. The device value
is as follows: "choice1[/choice2[...[/choicen]]]", where the choices for
device value are: Java, Native, name of the specified
hardware device.
Crypto-J tries to instantiate a class using the first choice; if it cannot,
it tries the other choices.
- Returns:
- A new
JSAFE_KeyPair object to use with objects
that perform the algorithm.
- Throws:
JSAFE_UnimplementedException - If the device or devices cannot
perform the designated algorithm.
JSAFE_InvalidParameterException - If the
transformation contains parameters that do not work.public void setPrivateKeyAttributes(JSAFE_KeyAttributes attributes)
attributes - A JSAFE_KeyAttributes instance.public void setPublicKeyAttributes(JSAFE_KeyAttributes attributes)
attributes - A JSAFE_KeyAttributes instance.public String getDevice()
public String[] getDeviceList()
String array that describes all the
devices used to execute the transformation. Because
a transformation often consists of component
algorithms, the implementation can consist of several component
objects. A device can perform one or more of the algorithms,
but it may let Java or another device perform one or more. For
example, because padding is not time-consuming, a device might
let the Crypto-J implementation perform padding. Returns the
names of the devices used by each component.
String array that
describes the device used for a specific component.public abstract String getAlgorithm()
String describing the algorithm.public void setKeys(JSAFE_PublicKey pubKey, JSAFE_PrivateKey priKey) throws JSAFE_InvalidKeyException
pubKey and priKey. Crypto-J stores
new copies of the keys in this JSAFE_keyPair object.
pubKey - The public key to copy.priKey - The private key to copy.
JSAFE_InvalidKeyException - If the keys do not match the
algorithm.public JSAFE_PublicKey getPublicKey()
JSAFE_PublicKey object. If this object does
not contain a public key, this method returns null.
JSAFE_PublicKey inside this object.public JSAFE_PrivateKey getPrivateKey()
JSAFE_PrivateKey object. If this object does not
contain a private key, this method returns null.
JSAFE_PrivateKey inside this object.public Object clone() throws CloneNotSupportedException
clone in class JSAFE_ObjectCloneNotSupportedException - If the object cannot be cloned.public void generateInit(JSAFE_Parameters sharedParameters, int[] keyPairGenParameters, SecureRandom random) throws JSAFE_InvalidParameterException, JSAFE_InvalidUseException
sharedParameters. If not,
that argument should be null. If the algorithm needs only
key-generating parameters, pass in the appropriate
keyPairGenParameters. If not, that argument should be
null.
Any random bytes the object needs will come from random.
JSAFE_SecureRandom is a subclass of
java.security.SecureRandom, so an object of that class is
valid input for random.
The following table summarizes the JSAFE_KeyPair parameters
that are used for the RSA, Diffie-Hellman, and DSA algorithms:
sharedParameters and keyPairGenParameters for RSA, DH, and DSA.
| Algorithm | sharedParameters | keyPairGenParameters |
| "RSA" | null | int[] KeyPairGenParams = {modulusBits, publicExponent }; |
modulusBits is the length of the modulus in bits, a value from 256 to 4096. | ||
publicExponent is generally a Fermat number: for example, 3,17, or 65537. | ||
| "RSA" (MultiPrime) | null | int[] KeyPairGenParams = {modulusBits, numberOfPrimes, publicExponent }; |
modulusBits is the length of the modulus in bits, a value from 256 to 4096, if numberOfPrimes is 2, or
from 1024 to 4096, if numberOfPrimes is 3. | ||
| numberOfPrimes describes how many primes make up the modulus, a value of 2 or 3. | ||
publicExponent is generally a Fermat number: for example, 3,17, or 65537. | ||
| Diffie-Hellman | JSAFE_Parameters object | null |
| DSA | JSAFE_Parameters object | null |
sharedParameters - System parameters, if needed.keyPairGenParameters - The key-pair generating parameters (such
as key size), if needed.random - A SecureRandom object from which this object
draws random bytes.
JSAFE_InvalidParameterException - If the system or key-pair
generating parameters are inappropriate (such as a key size that is too
small or too large).
JSAFE_InvalidUseException - If required system parameters are
not passed in.public void generateInit(JSAFE_Parameters sharedParameters, int[] keyPairGenParameters, SecureRandom random, JSAFE_Session[] sessions) throws JSAFE_InvalidParameterException, JSAFE_InvalidUseException
sharedParameters. If not,
that argument should be null. If the algorithm needs only
key-generating parameters, pass in the appropriate
keyPairGenParameters. If not, that argument should be
null.
Any random bytes the object needs will come from random.
The JSAFE_SecureRandom object is a subclass of
java.security.SecureRandom, so an object of that class is
valid input for random.
The sessions argument is an array of hardware sessions.
Crypto-J passes these sessions on to the devices specified in the
getInstance() call.
The devices use or ignore the sessions as necessary.
sharedParameters - System parameters, if needed.keyPairGenParameters - The key-pair generating parameters (such
as key size), if needed.random - A SecureRandom object from which this object
draws random bytes.sessions - An array of JSAFE_Session objects from which
this object will draw its implementation.
JSAFE_InvalidParameterException - If the system or key-pair
generating parameters are inappropriate (such as a key size that is too
small or too large).
JSAFE_InvalidUseException - If required system parameters are
not passed in.public void generateStrongInit(JSAFE_Parameters sharedParameters, int[] keyPairGenParameters, SecureRandom random) throws JSAFE_InvalidParameterException, JSAFE_InvalidUseException
sharedParameters. If not,
that argument should be null. If the algorithm needs
key-generating parameters, pass in the appropriate
keyPairGenParameters. If not, that argument should be
null.
Any random bytes the object needs will come from random.
JSAFE_SecureRandom is a subclass of
java.security.SecureRandom, so an object of that class is
valid input for random.
If the algorithm does not support strong key-pair generation, this method will throw an exception. Currently, Crypto-J supports strong key-pair generation only with the RSA algorithm.
After initializing with this method, generation will utilize prime-finding techniques that guarantee strong primes. The other key-pair generation code is faster, but it may produce weak primes. Note that the probability of producing weak primes is extremely low.
The key pairs generated from this method conform to the X9.31 standard.
This method requires a hardware random number generator or a
JSAFE_SecureRandom set to perform X931Random.
If any other PRNG (SecureRandom or
JSAFE_SecureRandom set to MD5Random or
SHA1Random) is passed in, this method will throw an exception.
sharedParameters - System parameters, if needed (none are needed
for RSA).keyPairGenParameters - The key-pair generating parameters
(such as key size), if needed. For RSA there should be either one parameter
(modulusLen), two parameters (modulusLen and public exponent)
or three parameters (modulusLen, numberOfPrimes and publicExponent).random - A SecureRandom object from which this object
will draw random bytes.
JSAFE_InvalidParameterException - If the system or key-pair
generating parameters are inappropriate (such as a key size that is
too small or too large).
JSAFE_InvalidUseException - If required system parameters are
not passed in.
public void generateReInit()
throws JSAFE_InvalidUseException
generateInit().
JSAFE_InvalidUseException - If the object is not
initialized for key-pair generation.
public byte[][] generateKeyPair(byte[] xp1,
byte[] xp2,
byte[] Xp,
byte[] xq1,
byte[] xq2,
byte[] Xq)
throws JSAFE_InvalidUseException
xp1 - starting point for finding subprime p1, a factor of p-1xp2 - starting point for finding subprime p2, a factor of p+1Xp - starting point for finding prime p, a factor of n=p*qxq1 - starting point for finding subprime q1, a factor of q-1xq2 - starting point for finding subprime q2, a factor of q+1Xq - starting point for finding prime q, a factor of n=p*q
JSAFE_InvalidUseException - If the object is not
initialized for key-pair generation, the library is not
in FIPS mode or the user is not the CRYPTO officer.
public void generate()
throws JSAFE_InvalidUseException
JSAFE_InvalidUseException - If the object is not
initialized for key-pair generation.public void clearSensitiveData()
clearSensitiveData(),
an Init (not a ReInit) method is
called to perform other operations with the object.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||