Skip navigation links

Oracle Fusion Middleware Crypto FIPS Java API Reference for Oracle Security Developer Tools
11g Release 1 (11.1.1)

E10696-05


oracle.security.crypto.core
Class PrivateKeyPKCS8

java.lang.Object
  extended by oracle.security.crypto.core.PrivateKeyPKCS8

All Implemented Interfaces:
java.io.Externalizable, java.io.Serializable, java.lang.Cloneable, java.security.Key, java.security.PrivateKey, ASN1Object, Streamable

public class PrivateKeyPKCS8
extends java.lang.Object
implements ASN1Object, PrivateKey

A class for PKCS #5 and PKCS #12 password-encrypted RSA/DSA private keys in PKCS #8 format.

When a PrivateKeyPKCS8 is constructed from components, the private key is encrypted when any of the methods getContents(), getEncoded(), output(java.io.OutputStream) or length() are called.

When a PrivateKeyPKCS8 is instantiated by inputting its encoding from a stream or file, the private key is decrypted immediately if the password has been set or made available to the constructor. If the password has not been provided, the private key will not be decrypted until the getKey() method is called. Note that the getKey() method is invoked by the methods getAlgID(), getAlgorithm(), getFormat() and getBitLength().

See Also:
PBE, Serialized Form

Field Summary

 

Fields inherited from interface java.security.PrivateKey
serialVersionUID

 

Constructor Summary
PrivateKeyPKCS8()
          Creates a new instance with the default encryption mode for the PKCS5 class and the default random bits source.
PrivateKeyPKCS8(AlgorithmIdentifier algID)
          Creates a new PrivateKeyPKCS8 instance using the specified AlgorithmIdentifier.
PrivateKeyPKCS8(ASN1ObjectID oid)
          Creates a new PrivateKeyPKCS8 instance using the specified OID.
PrivateKeyPKCS8(ASN1ObjectID oid, RandomBitsSource rbs)
          Creates a new PrivateKeyPKCS8 instance using the specified OID.
PrivateKeyPKCS8(ASN1Sequence s)
          Deprecated.  
PrivateKeyPKCS8(java.io.InputStream is)
          Creates a new PrivateKeyPKCS8 instance from the specified input stream.
PrivateKeyPKCS8(int mode)
          Deprecated.  
PrivateKeyPKCS8(int mode, RandomBitsSource rbs)
          Deprecated.  
PrivateKeyPKCS8(PrivateKey key)
          Deprecated.  
PrivateKeyPKCS8(PrivateKey key, int mode)
          Deprecated.  
PrivateKeyPKCS8(PrivateKey key, int mode, RandomBitsSource rbs)
          Deprecated.  
PrivateKeyPKCS8(PrivateKey key, RandomBitsSource rbs)
          Deprecated.  
PrivateKeyPKCS8(PrivateKey key, java.lang.String password)
          Creates a new PrivateKeyPKCS8 instance with the specified parameters.
PrivateKeyPKCS8(PrivateKey key, java.lang.String password, AlgorithmIdentifier algID)
          Creates a new PrivateKeyPKCS8 instance using the specified AlgorithmIdentifier.
PrivateKeyPKCS8(PrivateKey key, java.lang.String password, ASN1ObjectID oid, RandomBitsSource rbs)
          Creates a new PrivateKeyPKCS8 instance using the specified OID.
PrivateKeyPKCS8(PrivateKey key, java.lang.String passwd, int mode)
          Deprecated.  
PrivateKeyPKCS8(PrivateKey key, java.lang.String passwd, int mode, RandomBitsSource rbs)
          Deprecated.  
PrivateKeyPKCS8(java.lang.String password, ASN1Sequence s)
          Deprecated.  
PrivateKeyPKCS8(java.lang.String password, java.io.File f)
          Deprecated.  
PrivateKeyPKCS8(java.lang.String password, java.io.InputStream is)
          Deprecated.  
PrivateKeyPKCS8(java.lang.String passwd, PrivateKey key)
          Deprecated.  
PrivateKeyPKCS8(java.lang.String passwd, PrivateKey key, RandomBitsSource rbs)
          Deprecated.  

 

Method Summary
protected  void assertAllowExport()
          If either this key's export flag or the global export flag is set to false, this method throws a KeyExportException.
 java.lang.Object clone()
          Creates a clone of the instance.
 void erase()
          Sets the encrypted and unencrypted private key to null.
 AlgorithmIdentifier getAlgID()
          Returns the AlgorithmIdentifier of the underlying PrivateKey, or null if the key has not been input or set, or the key cannot be decrypted.
 java.lang.String getAlgorithm()
          Returns the algorithm of the underlying PrivateKey, or null if the underlying key hasn't been input or set, or if the key cannot be decrypted.
 boolean getAllowExport()
          Returns false if plaintext export of this key's key material is not allowed; returns true if plaintext export is allowed.
 int getBitLength()
          Returns the bit length of the underlying PrivateKey or 0 if the underlying key hasn't been input or set or if the key cannot be decrypted.
 ASN1Object getContents()
          Returns the ASN1Object that is output to the output(OutputStream os) method.
 byte[] getEncoded()
          Returns the bytes that are output from the output(OutputStream os) method.
 java.lang.String getFormat()
          Returns the format of the underlying PrivateKey or null if the underlying key hasn't been input or set, or if the key cannot be decrypted.
 PrivateKey getKey()
          Get the private key.
 PrivateKey getKey(java.lang.String password)
          Get the private key.
 int getMode()
          Deprecated.  
 AlgorithmIdentifier getPBEAlgID()
          Returns the PBEAlgorithmIdentifier used in the PrivateKeyPKCS8 object.
 void initialize(AlgorithmIdentifier algID, ASN1Object contents)
          Deprecated. Use CryptoUtils.inputPrivateKey().
 void input(ASN1Sequence s)
          Deprecated.  
 void input(java.io.InputStream is)
          Inputs this object from the specified input stream.
 int length()
          Length of this object's encoding.
 void output(java.io.OutputStream os)
          Outputs this object to the specified output stream.
 void readExternal(java.io.ObjectInput is)
          Reads the input stream and initializes the PKCS#8 private key.
 void setAllowExport(boolean value)
          Set to false to disallow plaintext export of this key's key material; set to true to allow plaintext export if the global value in FIPS_140_2 is also set to true.
 void setCount(int c)
          Deprecated.  
 void setKey(PrivateKey key)
          Deprecated. Use setPrivateKey(oracle.security.crypto.core.PrivateKey) instead to preserve the ability to erase any previously set private key.
 void setMode(int m)
          Deprecated.  
 void setPassword(java.lang.String pw)
          Set the password for PKCS5/12.
 PrivateKey setPrivateKey(PrivateKey key)
          Sets the private key to be encrypted, and returns the previous private key, if any.
 void setSalt(byte[] salt)
          Deprecated.  
 java.lang.String toString()
          Returns a string representation of this object.
 void writeExternal(java.io.ObjectOutput os)
          Writes to the output stream the DER encoding of this object.

 

Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

 

Constructor Detail

PrivateKeyPKCS8

public PrivateKeyPKCS8()
Creates a new instance with the default encryption mode for the PKCS5 class and the default random bits source.

PrivateKeyPKCS8

public PrivateKeyPKCS8(PrivateKey key,
                       java.lang.String password)
                throws AlgorithmIdentifierException
Creates a new PrivateKeyPKCS8 instance with the specified parameters. The default algorithm used for PBE will be PBEAlgorithmIdentifier.pbeWithSHAAnd3_KeyTripleDES_CBC.
Parameters:
key - The plain key to encrypt.
password - The password to use to encrypt the key.
Throws:
AlgorithmIdentifierException

PrivateKeyPKCS8

public PrivateKeyPKCS8(ASN1ObjectID oid)
                throws AlgorithmIdentifierException
Creates a new PrivateKeyPKCS8 instance using the specified OID. The OID will be used to create a PBEAlgorithmIdentifier.
Throws:
AlgorithmIdentifierException

PrivateKeyPKCS8

public PrivateKeyPKCS8(ASN1ObjectID oid,
                       RandomBitsSource rbs)
                throws AlgorithmIdentifierException
Creates a new PrivateKeyPKCS8 instance using the specified OID. The OID will be used to create a PBEAlgorithmIdentifier.
Throws:
AlgorithmIdentifierException

PrivateKeyPKCS8

public PrivateKeyPKCS8(PrivateKey key,
                       java.lang.String password,
                       ASN1ObjectID oid,
                       RandomBitsSource rbs)
                throws AlgorithmIdentifierException
Creates a new PrivateKeyPKCS8 instance using the specified OID. The OID will be used to create a PBEAlgorithmIdentifier.
Throws:
AlgorithmIdentifierException

PrivateKeyPKCS8

public PrivateKeyPKCS8(AlgorithmIdentifier algID)
                throws AlgorithmIdentifierException
Creates a new PrivateKeyPKCS8 instance using the specified AlgorithmIdentifier.
Throws:
AlgorithmIdentifierException

PrivateKeyPKCS8

public PrivateKeyPKCS8(PrivateKey key,
                       java.lang.String password,
                       AlgorithmIdentifier algID)
                throws AlgorithmIdentifierException
Creates a new PrivateKeyPKCS8 instance using the specified AlgorithmIdentifier.
Throws:
AlgorithmIdentifierException

PrivateKeyPKCS8

public PrivateKeyPKCS8(java.io.InputStream is)
                throws java.io.IOException
Creates a new PrivateKeyPKCS8 instance from the specified input stream.
Throws:
java.io.IOException

PrivateKeyPKCS8

public PrivateKeyPKCS8(int mode,
                       RandomBitsSource rbs)
Deprecated. 
Creates a new instance with the given PKCS#5 encryption mode and random bits source.

PrivateKeyPKCS8

public PrivateKeyPKCS8(int mode)
Deprecated. 
Creates a new instance with the given PKCS#5 encryption mode and the default random bits source.

PrivateKeyPKCS8

public PrivateKeyPKCS8(PrivateKey key,
                       RandomBitsSource rbs)
Deprecated. 
Creates a new instance with the given private key and random bits source, using the default mode SHA_3DES.

PrivateKeyPKCS8

public PrivateKeyPKCS8(PrivateKey key)
Deprecated. 
Creates a new instance with the given private key and the default random bits source and mode SHA_3DES.

PrivateKeyPKCS8

public PrivateKeyPKCS8(PrivateKey key,
                       int mode,
                       RandomBitsSource rbs)
Deprecated. 

PrivateKeyPKCS8

public PrivateKeyPKCS8(PrivateKey key,
                       int mode)
Deprecated. 

PrivateKeyPKCS8

public PrivateKeyPKCS8(java.lang.String passwd,
                       PrivateKey key,
                       RandomBitsSource rbs)
Deprecated. 
Uses the default mode SHA_3DES.

PrivateKeyPKCS8

public PrivateKeyPKCS8(java.lang.String passwd,
                       PrivateKey key)
Deprecated. 
Uses the default mode SHA_3DES and the default RandomBitsSource.

PrivateKeyPKCS8

public PrivateKeyPKCS8(PrivateKey key,
                       java.lang.String passwd,
                       int mode,
                       RandomBitsSource rbs)
Deprecated. 
Creates a new instance with the given private key, password, PKCS#5 encryption mode and random bits source.

PrivateKeyPKCS8

public PrivateKeyPKCS8(PrivateKey key,
                       java.lang.String passwd,
                       int mode)
Deprecated. 
Creates a new instance with the given private key, password, and PKCS#5 encryption mode, and the default random bits source.

PrivateKeyPKCS8

public PrivateKeyPKCS8(java.lang.String password,
                       java.io.InputStream is)
                throws java.io.IOException
Deprecated. 
Read encrypted private key from a stream.
Throws:
java.io.IOException

PrivateKeyPKCS8

public PrivateKeyPKCS8(ASN1Sequence s)
                throws java.io.IOException
Deprecated. 
Throws:
java.io.IOException

PrivateKeyPKCS8

public PrivateKeyPKCS8(java.lang.String password,
                       java.io.File f)
                throws java.io.IOException,
                       java.io.FileNotFoundException
Deprecated. 
Read encrypted private key from a file.
Throws:
java.io.IOException
java.io.FileNotFoundException

PrivateKeyPKCS8

public PrivateKeyPKCS8(java.lang.String password,
                       ASN1Sequence s)
                throws java.io.IOException
Deprecated. 
Read encrypted private key from an ASN1 encoding.
Throws:
java.io.IOException

Method Detail

input

public void input(java.io.InputStream is)
           throws java.io.IOException
Description copied from interface: Streamable
Inputs this object from the specified input stream.
Specified by:
input in interface Streamable
Throws:
java.io.IOException

input

public void input(ASN1Sequence s)
           throws java.io.IOException
Deprecated. 
Throws:
java.io.IOException

output

public void output(java.io.OutputStream os)
            throws java.io.IOException
Description copied from interface: Streamable
Outputs this object to the specified output stream.
Specified by:
output in interface Streamable
Throws:
java.io.IOException

length

public int length()
Description copied from interface: Streamable
Length of this object's encoding.
Specified by:
length in interface Streamable

setPassword

public void setPassword(java.lang.String pw)
Set the password for PKCS5/12.

setMode

public void setMode(int m)
Deprecated. 
Set the mode for PKCS5/12.

getMode

public int getMode()
Deprecated. 
Returns the mode for PKCS5/12.

setCount

public void setCount(int c)
Deprecated. 
Set the count for PKCS5/12.

setSalt

public void setSalt(byte[] salt)
Deprecated. 
Set the salt for PKCS5/12.

getKey

public PrivateKey getKey()
Get the private key.
Throws:
java.lang.IllegalStateException - If an error occurs while decrypting the private key.

getKey

public PrivateKey getKey(java.lang.String password)
Get the private key.
Throws:
java.lang.IllegalStateException - If an error occurs while decrypting the private key.

setKey

public void setKey(PrivateKey key)
Deprecated. Use setPrivateKey(oracle.security.crypto.core.PrivateKey) instead to preserve the ability to erase any previously set private key.

setPrivateKey

public PrivateKey setPrivateKey(PrivateKey key)
Sets the private key to be encrypted, and returns the previous private key, if any. This ensures that a reference to any previous private key may be preserved by calling code for secure erasure.
Parameters:
key - The private key to be encrypted
Returns:
The previously set private key, or null if none was present.
Since:
3.0
See Also:
erase()

toString

public java.lang.String toString()
Returns a string representation of this object.
Overrides:
toString in class java.lang.Object
Returns:
A string representation of this object

getAlgID

public AlgorithmIdentifier getAlgID()
Returns the AlgorithmIdentifier of the underlying PrivateKey, or null if the key has not been input or set, or the key cannot be decrypted.

getPBEAlgID

public AlgorithmIdentifier getPBEAlgID()
Returns the PBEAlgorithmIdentifier used in the PrivateKeyPKCS8 object.

getContents

public ASN1Object getContents()
Returns the ASN1Object that is output to the output(OutputStream os) method.
Throws:
StreamableOutputException - If an error occurs generating the output (e.g., key encryption fails).

initialize

public void initialize(AlgorithmIdentifier algID,
                       ASN1Object contents)
                throws InvalidInputException,
                       AlgorithmIdentifierException
Deprecated. Use CryptoUtils.inputPrivateKey().
Initializes the underlying PrivateKey, creating a new instance if one does not already exist.
Parameters:
algID - The algorithm identifier of the enclosed private key.
contents - The ASN.1 DER-encoded bytes of the private key.
Throws:
InvalidInputException
AlgorithmIdentifierException

clone

public java.lang.Object clone()
Creates a clone of the instance. If a RandomBitsSource was specified for this instance, the new instance will use the same RandomBitsSource.
Overrides:
clone in class java.lang.Object
Returns:
A deep clone of the Key instance.

erase

public void erase()
Sets the encrypted and unencrypted private key to null.

getAlgorithm

public java.lang.String getAlgorithm()
Returns the algorithm of the underlying PrivateKey, or null if the underlying key hasn't been input or set, or if the key cannot be decrypted.
Specified by:
getAlgorithm in interface java.security.Key

getBitLength

public int getBitLength()
Returns the bit length of the underlying PrivateKey or 0 if the underlying key hasn't been input or set or if the key cannot be decrypted.

getEncoded

public byte[] getEncoded()
Returns the bytes that are output from the output(OutputStream os) method.
Specified by:
getEncoded in interface java.security.Key
Throws:
StreamableOutputException - If an error occurs generating the output bytes (e.g., key encryption fails).

getFormat

public java.lang.String getFormat()
Returns the format of the underlying PrivateKey or null if the underlying key hasn't been input or set, or if the key cannot be decrypted.
Specified by:
getFormat in interface java.security.Key

setAllowExport

public void setAllowExport(boolean value)
Set to false to disallow plaintext export of this key's key material; set to true to allow plaintext export if the global value in FIPS_140_2 is also set to true.

If either this value or the global value is false, the output(java.io.OutputStream), getContents() and getEncoded() methods will throw a KeyExportException.

Parameters:
value - false to disallow plaintext key material export, true to allow.
Since:
3.0
See Also:
FIPS_140_2.setAllowKeyExport(boolean), Cipher.wrapKey(PrivateKey key)

getAllowExport

public boolean getAllowExport()
Returns false if plaintext export of this key's key material is not allowed; returns true if plaintext export is allowed.

If either this value or the global value is false, the output(java.io.OutputStream), getContents() and getEncoded() methods will throw a KeyExportException.

Returns:
false if plaintext key material export is not allowed, true if allowed.
Since:
3.0
See Also:
FIPS_140_2.getAllowKeyExport(), Cipher.wrapKey(PrivateKey key)

assertAllowExport

protected void assertAllowExport()
If either this key's export flag or the global export flag is set to false, this method throws a KeyExportException.
Since:
3.0
See Also:
FIPS_140_2.getAllowKeyExport()

writeExternal

public void writeExternal(java.io.ObjectOutput os)
                   throws java.io.IOException
Writes to the output stream the DER encoding of this object.
Specified by:
writeExternal in interface java.io.Externalizable
Parameters:
os - The output stream to write the encoding to.
Throws:
java.io.IOException

readExternal

public void readExternal(java.io.ObjectInput is)
                  throws java.io.IOException,
                         java.lang.ClassNotFoundException
Reads the input stream and initializes the PKCS#8 private key.
Specified by:
readExternal in interface java.io.Externalizable
Parameters:
is - The stream to read from.
Throws:
java.io.IOException
java.lang.ClassNotFoundException

Skip navigation links

Oracle Fusion Middleware Crypto FIPS Java API Reference for Oracle Security Developer Tools
11g Release 1 (11.1.1)

E10696-05


Copyright © 2005, 2013, Oracle. All rights reserved.