Package javacard.security

Class KeyPair

  • public final class KeyPair
extends Object
    This class is a container for a key pair (a public key and a private key). It does not enforce any security, and, when initialized, should be treated like a PrivateKey.

    In addition, this class features a key generation method.

    See Also:
    PublicKey, PrivateKey

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static byte ALG_DH
      KeyPair object containing an DH key pair for modular exponentiation based Diffie Hellman KeyAgreement operations.
      static byte ALG_DSA
      KeyPair object containing a DSA key pair.
      static byte ALG_EC_F2M
      KeyPair object containing an EC key pair for EC operations over fields of characteristic 2 with polynomial basis.
      static byte ALG_EC_FP
      KeyPair object containing an EC key pair for EC operations over large prime fields
      static byte ALG_RSA
      KeyPair object containing a RSA key pair.
      static byte ALG_RSA_CRT
      KeyPair object containing a RSA key pair with private key in its Chinese Remainder Theorem form.

    • Constructor Summary

      Constructors 
      Constructor Description
      KeyPair​(byte algorithm, short keyLength)
      Constructs a KeyPair instance for the specified algorithm and keylength; the encapsulated keys are uninitialized.
      KeyPair​(PublicKey publicKey, PrivateKey privateKey)
      Constructs a new KeyPair object containing the specified public key and private key.

    • Field Detail

      • ALG_RSA

        public static final byte ALG_RSA
        KeyPair object containing a RSA key pair.
        See Also:
        Constant Field Values

      • ALG_RSA_CRT

        public static final byte ALG_RSA_CRT
        KeyPair object containing a RSA key pair with private key in its Chinese Remainder Theorem form.
        See Also:
        Constant Field Values

      • ALG_DSA

        public static final byte ALG_DSA
        KeyPair object containing a DSA key pair.
        See Also:
        Constant Field Values

      • ALG_EC_F2M

        public static final byte ALG_EC_F2M
        KeyPair object containing an EC key pair for EC operations over fields of characteristic 2 with polynomial basis.
        See Also:
        Constant Field Values

      • ALG_EC_FP

        public static final byte ALG_EC_FP
        KeyPair object containing an EC key pair for EC operations over large prime fields
        See Also:
        Constant Field Values

      • ALG_DH

        public static final byte ALG_DH
        KeyPair object containing an DH key pair for modular exponentiation based Diffie Hellman KeyAgreement operations.
        See Also:
        Constant Field Values

    • Constructor Detail

      • KeyPair

        public KeyPair​(byte algorithm,
               short keyLength)
        throws CryptoException
        Constructs a KeyPair instance for the specified algorithm and keylength; the encapsulated keys are uninitialized. To initialize the KeyPair instance use the genKeyPair() method.

        The encapsulated key objects are of the specified keyLength size and implement the appropriate Key interface associated with the specified algorithm (example - RSAPublicKey interface for the public key and RSAPrivateKey interface for the private key within an ALG_RSA key pair).

        Notes:

        • The key objects encapsulated in the generated KeyPair object need not support the KeyEncryption interface.

        Parameters:
        algorithm - the type of algorithm whose key pair needs to be generated. Valid codes listed in ALG_* constants above, for example ALG_RSA.
        keyLength - the key size in bits. The valid key bit lengths are key type dependent. See the KeyBuilder class.
        Throws:
        CryptoException - with the following reason codes:
        • CryptoException.NO_SUCH_ALGORITHM if:
          • the requested algorithm associated with the specified type, size of key is not supported.
        See Also:
        KeyBuilder, Signature, KeyAgreement, javacardx.crypto.Cipher, javacardx.crypto.KeyEncryption

      • KeyPair

        public KeyPair​(PublicKey publicKey,
               PrivateKey privateKey)
        throws CryptoException
        Constructs a new KeyPair object containing the specified public key and private key.

        Note that this constructor only stores references to the public and private key components in the generated KeyPair object. It does not throw an exception if the key parameter objects are uninitialized.

        It may be used to construct a KeyPair object for named curves of any type as defined in NamedParameterSpec.

        Example: 

         NamedParameterSpec x25519 = NamedParameterSpec.getInstance(X25519);
 XECPublicKey pub = KeyBuilder.buildXECKey(x25519, (short)(MEMORY_TYPE_PERSISTENT|ATTR_PUBLIC), false);
 XECPrivateKey priv = KeyBuilder.buildXECKey(x25519, (short)(MEMORY_TYPE_PERSISTENT|ATTR_PRIVATE), false);
 KeyPair kp = new KeyPair(pub,priv);
 kp.genKeyPair();

        Parameters:
        publicKey - the public key.
        privateKey - the private key.
        Throws:
        CryptoException - with the following reason codes:
        • CryptoException.ILLEGAL_VALUE if the input parameter key objects are mismatched - different algorithms or different key sizes. Parameter values are not checked.
        • CryptoException.NO_SUCH_ALGORITHM if the algorithm associated with the specified type, size of key is not supported.
        See Also:
        KeyBuilder, Signature, KeyAgreement, javacardx.crypto.Cipher, javacardx.crypto.KeyEncryption

    • Method Detail

      • genKeyPair

        public final void genKeyPair()
                      throws CryptoException
        (Re)Initializes the key objects encapsulated in this KeyPair instance with new key values. The initialized public and private key objects encapsulated in this instance will then be suitable for use with the Signature, Cipher and KeyAgreement objects. An internal secure random number generator is used during new key pair generation.

        Notes:

        • For the RSA algorithm, if the exponent value in the public key object is pre-initialized, it will be retained. Otherwise, a default value of 65537 will be used.
        • For the DSA algorithm, if the p, q and g parameters of the public key object are pre-initialized, they will be retained. Otherwise, default precomputed parameter sets will be used. The required default precomputed values are listed in Appendix B of Java Cryptography Architecture API Specification & Reference document.
        • For the EC case, if the Field, A, B, G and R parameters of the public key object are pre-initialized, then they will be retained. Otherwise default pre-specified values MAY be used.
        • If the time taken to generate the key values is excessive, the implementation may automatically request additional APDU processing time from the CAD.

        Throws:
        CryptoException - with the following reason codes:
        • CryptoException.ILLEGAL_VALUE if the pre-initialized exponent value parameter in the RSA public key or the pre-initialized p, q, g parameter set in the DSA public key or the pre-initialized Field, A, B, G and R parameter set in public EC key is invalid.
        See Also:
        Signature, javacardx.crypto.Cipher, RSAPublicKey, ECKey, DSAKey

      • genKeyPair

        public final void genKeyPair​(AlgorithmParameterSpec params)
                      throws CryptoException
        (Re)Initializes the key objects encapsulated in this KeyPair instance with new key values. The initialized public and private key objects encapsulated in this instance will then be suitable for use with the Signature, Cipher and KeyAgreement objects.

        This method provides means for the caller to configure some parameters of the key generation algorithm by providing a class implementing the relevant sub-interfaces of AlgorithmParameterSpec.

        Notes:

        • For the RSA algorithm, if the exponent value in the public key object is pre-initialized, it will be retained. Otherwise, a default value of 65537 will be used.
        • If the time taken to generate the key values is excessive, the implementation may automatically request additional APDU processing time from the CAD.

        Parameters:
        params - algorithm parameters to configure the key generation
        Throws:
        CryptoException - with the following reason codes:
        • CryptoException.NO_SUCH_ALGORITHM if the algorithm parameters are not supported.
        • CryptoException.ILLEGAL_VALUE
          • if the pre-initialized exponent value parameter in the RSA public key is invalid
          • if the params parameter implements none or an invalid combination of valid interfaces (e.g implementing both KDFCounterModeSpec and KDFDoublePipelineIterationModeSpec at the same time)
          • if the values retrieved from the params parameters are invalid (e.g getRound() for Miller Rabin test returning a negative value}
        Since:
        3.1
        See Also:
        Signature, javacardx.crypto.Cipher, RSAPublicKey

      • getPublic

        public PublicKey getPublic()
        Returns a reference to the public key component of this KeyPair object.
        Returns:
        a reference to the public key.

      • getPrivate

        public PrivateKey getPrivate()
        Returns a reference to the private key component of this KeyPair object.
        Returns:
        a reference to the private key.