oracle.security.crypto.cryptoki.util

Class CkiParams

java.lang.Object

oracle.security.crypto.cryptoki.util.CkiParams

public class CkiParams
extends java.lang.Object

This class is used to set up the Cryptoki context with the CkiSlotManager class. By default, all the mapping are done (Message digests, ciphers....) except the ManagedState mapping.

An example of initialization of the Cryptoki layer is:

        CkiParams params = new CkiParams("PhaosLib", 0 , "1234");
        params.setMapMessageDigest(false);
        params.setMapSymmetricCipher(false);
        params.setManagedState(true);  // useful in case of a limited number of sessions.
        
        CkiSlotManager.initializeCryptoki(params);
        
        

Constructor Summary

Constructors

Constructor and Description
CkiParams(CkiSlot slot) Creates a CkiParams object with the specified CkiSlot object.
CkiParams(java.lang.String libName, int slotNum, java.lang.String pin) Creates a CkiParams object.

Method Summary

Modifier and Type	Method and Description
boolean	getMapDH() Returns true if the Cryptoki Diffie Hellman mechanisms will be used, false otherwise.
boolean	getMapDSA() Returns true if the Cryptoki DSA mechanisms will be used, false otherwise.
boolean	getMapMessageDigest() Returns true if the Cryptoki message digest mechanisms will be used, false otherwise.
boolean	getMapRBS() Returns true if the Cryptoki random number generation mechanisms will be used, false otherwise.
boolean	getMapRSA() Returns true if the Cryptoki RSA mechanisms will be used, false otherwise.
boolean	getMapSymmetricCipher() Returns true if the Cryptoki symmetric ciphers on the hardware.
boolean	getUseCloningMechanisms() Returns true if the Cryptoki layer is set to clone the CkiPublicKey and CkiPrivateKey objects when set with the CkiSignature, CkiRSApkcs1 objects.
boolean	getUseManagedState() Returns true if the Cryptoki toolkit will manage the operatin state of the token, false otherwise.
boolean	getUseSignatureMechanisms() Returns true if the Cryptoki layer is set to use all the signatures mechanisms available on the token (such as CKM_MD5_RSA_PKCS, CKM_SHA1_RSA_PKCS...).
void	setMapDH(boolean mapDH) Sets the Cryptoki toolkit to use Diffie Hellman mechanisms on the hardware.
void	setMapDSA(boolean mapDSA) Sets the Cryptoki toolkit to use DSA mechanisms on the hardware.
void	setMapMessageDigest(boolean mapMessageDigest) Sets the Cryptoki toolkit to use message digest mechanisms on the hardware.
void	setMapRBS(boolean mapRBS) Sets the Cryptoki toolkit to use random number generation mechanisms on the hardware.
void	setMapRSA(boolean mapRSA) Sets the Cryptoki toolkit to use RSA mechanisms on the hardware.
void	setMapSymmetricCipher(boolean mapSymmetricCipher) Sets the Cryptoki toolkit to use symmetric ciphers on the hardware.
void	setUseCloningMechanisms(boolean useCloningMechanisms) Sets the Cryptoki layer to use the cloning mechanisms for the CkiPublicKey and CkiPrivateKey objects when set with the CkiSignature, CkiRSApkcs1 objects.
void	setUseManagedState(boolean useManagedState) Sets the Cryptoki toolkit to manage the state of the token.
void	setUseSignatureMechanisms(boolean useSignatureMechanisms) Sets the Cryptoki layer to use the signatures mechanisms available on the token (such as CKM_MD5_RSA_PKCS, CKM_SHA1_RSA_PKCS...).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CkiParams

public CkiParams(java.lang.String libName,
                 int slotNum,
                 java.lang.String pin)

Creates a CkiParams object. When creating a CkiParams object, the toolkit will set up the default flag values corresponding to the library passed as a parameter. See the oracle.security.crypto.cryptoki.drivers package for information on these values.

Parameters:

libName - The name of the library to load.

slotNum - The slot number to use.

pin - The pin to log into the token.

CkiParams

public CkiParams(CkiSlot slot)

Creates a CkiParams object with the specified CkiSlot object. When creating a CkiParams object, the toolkit will set up the default flag values corresponding to the slot passed as a parameter. See the oracle.security.crypto.cryptoki.drivers package for information on these values.

Parameters:

slot - The slot that will be used for the Cryptoki initializaiton.

Method Detail

getMapSymmetricCipher

public boolean getMapSymmetricCipher()

Returns true if the Cryptoki symmetric ciphers on the hardware. false otherwise.
The default value is true.

setMapSymmetricCipher

public void setMapSymmetricCipher(boolean mapSymmetricCipher)

Sets the Cryptoki toolkit to use symmetric ciphers on the hardware.
The default value is true.

getMapRSA

public boolean getMapRSA()

Returns true if the Cryptoki RSA mechanisms will be used, false otherwise.
The default value is true.

setMapRSA

public void setMapRSA(boolean mapRSA)

Sets the Cryptoki toolkit to use RSA mechanisms on the hardware.
The default value is true.

getMapDSA

public boolean getMapDSA()

Returns true if the Cryptoki DSA mechanisms will be used, false otherwise.
The default value is true.

setMapDSA

public void setMapDSA(boolean mapDSA)

Sets the Cryptoki toolkit to use DSA mechanisms on the hardware.
The default value is true.

getMapDH

public boolean getMapDH()

Returns true if the Cryptoki Diffie Hellman mechanisms will be used, false otherwise.
The default value is true.

setMapDH

public void setMapDH(boolean mapDH)

Sets the Cryptoki toolkit to use Diffie Hellman mechanisms on the hardware.
The default value is true.

getMapRBS

public boolean getMapRBS()

Returns true if the Cryptoki random number generation mechanisms will be used, false otherwise.
The default value is true.

setMapRBS

public void setMapRBS(boolean mapRBS)

Sets the Cryptoki toolkit to use random number generation mechanisms on the hardware.
The default value is true.

getMapMessageDigest

public boolean getMapMessageDigest()

Returns true if the Cryptoki message digest mechanisms will be used, false otherwise. The mapping will be performed if the state management is set (setUseManagedState(true))
The default value is true.

setMapMessageDigest

public void setMapMessageDigest(boolean mapMessageDigest)

Sets the Cryptoki toolkit to use message digest mechanisms on the hardware. The mapping will be performed if the state management is set (setUseManagedState(true))
The default value is true.

getUseManagedState

public boolean getUseManagedState()

Returns true if the Cryptoki toolkit will manage the operatin state of the token, false otherwise.

Note: the state management by the toolkit is useful when the number of sessions on the token is limited.

See Also:


The default value is false.

setUseManagedState

public void setUseManagedState(boolean useManagedState)

Sets the Cryptoki toolkit to manage the state of the token.

The operation state denotes the state of a cryptographic operation. On a token and within a session, if an operation is initialized (such as message digest) there is a state containing all the secuirty parameters of that operation. Moreover it is impossible for another operation to be initialized on the token within the same session.
Therefore if the user wants to use the same session for different operations, he can set this flag to true. In this case, the Crypotki toolkit will save the operation state of the current cryptographic operation and finalize the operation, making the session free to be used for another operation. When a cryptographic operation will be performed, the toolkit will initialize the operation within the session, sets the operation state, performs the operation, saves the operation state and finalizes the operation.
This state management procedure is used in the CkiSignature, CkiSymmetricCipher and CkiCipher classes.

Note: the state management by the toolkit is useful when the number of sessions on the token is limited.
The default value is false.

getUseSignatureMechanisms

public boolean getUseSignatureMechanisms()

Returns true if the Cryptoki layer is set to use all the signatures mechanisms available on the token (such as CKM_MD5_RSA_PKCS, CKM_SHA1_RSA_PKCS...). If it returns false the Cryptoki layer will only use the generic signature mechanisms (such as CKM_RSA_PKCS).
The default value is true.

setUseSignatureMechanisms

public void setUseSignatureMechanisms(boolean useSignatureMechanisms)

Sets the Cryptoki layer to use the signatures mechanisms available on the token (such as CKM_MD5_RSA_PKCS, CKM_SHA1_RSA_PKCS...). If false the Cryptoki layer will only use the generic signature mechanisms (such as CKM_RSA_PKCS).
The default value is true.

getUseCloningMechanisms

public boolean getUseCloningMechanisms()

Returns true if the Cryptoki layer is set to clone the CkiPublicKey and CkiPrivateKey objects when set with the CkiSignature, CkiRSApkcs1 objects. By default, the keys are cloned (ie a new CkiPublicKey or CkiPrivateKey is created with the same CkiObject handle but with a new CkiSession object).

Note: not cloning the keys is useful when the number of sessions on the token is limited.
The default value is true.

setUseCloningMechanisms

public void setUseCloningMechanisms(boolean useCloningMechanisms)

Sets the Cryptoki layer to use the cloning mechanisms for the CkiPublicKey and CkiPrivateKey objects when set with the CkiSignature, CkiRSApkcs1 objects. By default, the keys are cloned (ie a new CkiPublicKey or CkiPrivateKey is created with the same CkiObject handle but with a new CkiSession object).

Note: not cloning the keys is useful when the number of sessions on the token is limited.
The default value is true.