javacard.security

Interface HMACKey

All Superinterfaces:

Key, SecretKey

public interface HMACKey
extends SecretKey

HMACKey contains a key for HMAC operations. This key can be of any length, but it is strongly recommended that the key is not shorter than the byte length of the hash output used in the HMAC implementation. Keys with length greater than the hash block length are first hashed with the hash algorithm used for the HMAC implementation.

Implementations must support an HMAC key length equal to the length of the supported hash algorithm block size (e.g 64 bytes for SHA-1)

When the key data is set, the key is initialized and ready for use.

Since:

2.2.2

See Also:

KeyBuilder, Signature, javacardx.crypto.Cipher, javacardx.crypto.KeyEncryption

Method Summary

Methods

Modifier and Type	Method and Description
byte	getKey(byte[] keyData, short kOff) Returns the Key data in plain text.
void	setKey(byte[] keyData, short kOff, short kLen) Sets the Key data.

Methods inherited from interface javacard.security.Key

clearKey, getSize, getType, isInitialized

Method Detail

setKey

void setKey(byte[] keyData,
          short kOff,
          short kLen)
            throws CryptoException,
                   NullPointerException,
                   ArrayIndexOutOfBoundsException

Sets the Key data. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of last byte). Input key data is copied into the internal representation.

Note:

• If the key object implements the javacardx.crypto.KeyEncryption interface and the Cipher object specified via setKeyCipher() is not null, keyData is decrypted using the Cipher object.

Parameters:

keyData - byte array containing key initialization data

kOff - offset within keyData to start

kLen - the byte length of the key initialization data

Throws:

CryptoException - with the following reason code:

• CryptoException.ILLEGAL_VALUE if the kLen parameter is 0 or invalid or if the keyData parameter is inconsistent with the key length or if input data decryption is required and fails.

ArrayIndexOutOfBoundsException - if kOff is negative or the keyData array is too short

NullPointerException - if the keyData parameter is null

getKey

byte getKey(byte[] keyData,
          short kOff)

Returns the Key data in plain text. The key can be any length, but should be longer than the byte length of the hash algorithm output used. The data format is big-endian and right-aligned (the least significant bit is the least significant bit of last byte).

Note:

• If the byte length of the key data exceeds 127, this method returns -1. The data is nevertheless placed in the keyData buffer if it fits. Please use the getSize() method to obtain the actual key length in bits.

Parameters:

keyData - byte array to return key data

kOff - offset within keyData to start

Returns:

the byte length of the key data returned

Throws:

CryptoException - with the following reason code:

• CryptoException.UNINITIALIZED_KEY if the key data has not been successfully initialized since the time the initialized state of the key was set to false.

See Also:

Key