Class KeyPair
- java.lang.Object
-
- javacard.security.KeyPair
-
public final class KeyPair extends Object
This class is a container for a key pair (a public key and a private key). It does not enforce any security, and, when initialized, should be treated like a PrivateKey.In addition, this class features a key generation method.
- See Also:
PublicKey
,PrivateKey
-
-
Field Summary
Fields Modifier and Type Field Description static byte
ALG_DH
KeyPair
object containing an DH key pair for modular exponentiation based Diffie HellmanKeyAgreement
operations.static byte
ALG_DSA
KeyPair
object containing a DSA key pair.static byte
ALG_EC_F2M
KeyPair
object containing an EC key pair for EC operations over fields of characteristic 2 with polynomial basis.static byte
ALG_EC_FP
KeyPair
object containing an EC key pair for EC operations over large prime fieldsstatic byte
ALG_RSA
KeyPair
object containing a RSA key pair.static byte
ALG_RSA_CRT
KeyPair
object containing a RSA key pair with private key in its Chinese Remainder Theorem form.
-
Constructor Summary
Constructors Constructor Description KeyPair(byte algorithm, short keyLength)
Constructs aKeyPair
instance for the specified algorithm and keylength; the encapsulated keys are uninitialized.KeyPair(PublicKey publicKey, PrivateKey privateKey)
Constructs a newKeyPair
object containing the specified public key and private key.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
genKeyPair()
(Re)Initializes the key objects encapsulated in thisKeyPair
instance with new key values.void
genKeyPair(AlgorithmParameterSpec params)
(Re)Initializes the key objects encapsulated in thisKeyPair
instance with new key values.PrivateKey
getPrivate()
Returns a reference to the private key component of thisKeyPair
object.PublicKey
getPublic()
Returns a reference to the public key component of thisKeyPair
object.
-
-
-
Field Detail
-
ALG_RSA
public static final byte ALG_RSA
KeyPair
object containing a RSA key pair.- See Also:
- Constant Field Values
-
ALG_RSA_CRT
public static final byte ALG_RSA_CRT
KeyPair
object containing a RSA key pair with private key in its Chinese Remainder Theorem form.- See Also:
- Constant Field Values
-
ALG_DSA
public static final byte ALG_DSA
KeyPair
object containing a DSA key pair.- See Also:
- Constant Field Values
-
ALG_EC_F2M
public static final byte ALG_EC_F2M
KeyPair
object containing an EC key pair for EC operations over fields of characteristic 2 with polynomial basis.- See Also:
- Constant Field Values
-
ALG_EC_FP
public static final byte ALG_EC_FP
KeyPair
object containing an EC key pair for EC operations over large prime fields- See Also:
- Constant Field Values
-
ALG_DH
public static final byte ALG_DH
KeyPair
object containing an DH key pair for modular exponentiation based Diffie HellmanKeyAgreement
operations.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
KeyPair
public KeyPair(byte algorithm, short keyLength) throws CryptoException
Constructs aKeyPair
instance for the specified algorithm and keylength; the encapsulated keys are uninitialized. To initialize theKeyPair
instance use thegenKeyPair()
method.The encapsulated key objects are of the specified
keyLength
size and implement the appropriateKey
interface associated with the specified algorithm (example -RSAPublicKey
interface for the public key andRSAPrivateKey
interface for the private key within anALG_RSA
key pair).Notes:
- The key objects encapsulated in the generated
KeyPair
object need not support theKeyEncryption
interface.
- Parameters:
algorithm
- the type of algorithm whose key pair needs to be generated. Valid codes listed inALG_*
constants above, for exampleALG_RSA
.keyLength
- the key size in bits. The valid key bit lengths are key type dependent. See theKeyBuilder
class.- Throws:
CryptoException
- with the following reason codes:CryptoException.NO_SUCH_ALGORITHM
if:- the requested algorithm associated with the specified type, size of key is not supported.
- See Also:
KeyBuilder
,Signature
,KeyAgreement
,javacardx.crypto.Cipher
,javacardx.crypto.KeyEncryption
- The key objects encapsulated in the generated
-
KeyPair
public KeyPair(PublicKey publicKey, PrivateKey privateKey) throws CryptoException
Constructs a newKeyPair
object containing the specified public key and private key.Note that this constructor only stores references to the public and private key components in the generated
KeyPair
object. It does not throw an exception if the key parameter objects are uninitialized.It may be used to construct a
KeyPair
object for named curves of any type as defined inNamedParameterSpec
.Example:
NamedParameterSpec x25519 = NamedParameterSpec.getInstance(X25519); XECPublicKey pub = KeyBuilder.buildXECKey(x25519, (short)(MEMORY_TYPE_PERSISTENT|ATTR_PUBLIC), false); XECPrivateKey priv = KeyBuilder.buildXECKey(x25519, (short)(MEMORY_TYPE_PERSISTENT|ATTR_PRIVATE), false); KeyPair kp = new KeyPair(pub,priv); kp.genKeyPair();
- Parameters:
publicKey
- the public key.privateKey
- the private key.- Throws:
CryptoException
- with the following reason codes:CryptoException.ILLEGAL_VALUE
if the input parameter key objects are mismatched - different algorithms or different key sizes. Parameter values are not checked.CryptoException.NO_SUCH_ALGORITHM
if the algorithm associated with the specified type, size of key is not supported.
- See Also:
KeyBuilder
,Signature
,KeyAgreement
,javacardx.crypto.Cipher
,javacardx.crypto.KeyEncryption
-
-
Method Detail
-
genKeyPair
public final void genKeyPair() throws CryptoException
(Re)Initializes the key objects encapsulated in thisKeyPair
instance with new key values. The initialized public and private key objects encapsulated in this instance will then be suitable for use with theSignature
,Cipher
andKeyAgreement
objects. An internal secure random number generator is used during new key pair generation.Notes:
- For the RSA algorithm, if the exponent value in the public key object is pre-initialized, it will be retained. Otherwise, a default value of 65537 will be used.
- For the DSA algorithm, if the p, q and g parameters of the public key object are pre-initialized, they will be retained. Otherwise, default precomputed parameter sets will be used. The required default precomputed values are listed in Appendix B of Java Cryptography Architecture API Specification & Reference document.
- For the EC case, if the Field, A, B, G and R parameters of the public key object are pre-initialized, then they will be retained. Otherwise default pre-specified values MAY be used.
- If the time taken to generate the key values is excessive, the implementation may automatically request additional APDU processing time from the CAD.
- Throws:
CryptoException
- with the following reason codes:CryptoException.ILLEGAL_VALUE
if the pre-initialized exponent value parameter in the RSA public key or the pre-initialized p, q, g parameter set in the DSA public key or the pre-initialized Field, A, B, G and R parameter set in public EC key is invalid.
- See Also:
Signature
,javacardx.crypto.Cipher
,RSAPublicKey
,ECKey
,DSAKey
-
genKeyPair
public final void genKeyPair(AlgorithmParameterSpec params) throws CryptoException
(Re)Initializes the key objects encapsulated in thisKeyPair
instance with new key values. The initialized public and private key objects encapsulated in this instance will then be suitable for use with theSignature
,Cipher
andKeyAgreement
objects.This method provides means for the caller to configure some parameters of the key generation algorithm by providing a class implementing the relevant sub-interfaces of
AlgorithmParameterSpec
.- The primality test can be customized using the
PrimalityTestParamSpec
interface. - The random number generator can be customized using one of the following
interfaces:
KDFCounterModeSpec
: the random number generator will internally use theDerivationFunction.ALG_KDF_COUNTER_MODE
algorithmKDFDoublePipelineIterationModeSpec
: the random number generator will internally use theDerivationFunction.ALG_KDF_DPI_MODE
algorithmKDFFeedbackModeSpec
: the random number generator will internally use theDerivationFunction.ALG_KDF_FEEDBACK_MODE
algorithm
- If
params
parameter isnull
then the behavior is the same as thegenKeyPair()
method.
Notes:
- For the RSA algorithm, if the exponent value in the public key object is pre-initialized, it will be retained. Otherwise, a default value of 65537 will be used.
- If the time taken to generate the key values is excessive, the implementation may automatically request additional APDU processing time from the CAD.
- Parameters:
params
- algorithm parameters to configure the key generation- Throws:
CryptoException
- with the following reason codes:CryptoException.NO_SUCH_ALGORITHM
if the algorithm parameters are not supported.CryptoException.ILLEGAL_VALUE
- if the pre-initialized exponent value parameter in the RSA public key is invalid
-
if the
params
parameter implements none or an invalid combination of valid interfaces (e.g implementing bothKDFCounterModeSpec
andKDFDoublePipelineIterationModeSpec
at the same time) -
if the values retrieved from the
params
parameters are invalid (e.g getRound() for Miller Rabin test returning a negative value}
- Since:
- 3.1
- See Also:
Signature
,javacardx.crypto.Cipher
,RSAPublicKey
- The primality test can be customized using the
-
getPublic
public PublicKey getPublic()
Returns a reference to the public key component of thisKeyPair
object.- Returns:
- a reference to the public key.
-
getPrivate
public PrivateKey getPrivate()
Returns a reference to the private key component of thisKeyPair
object.- Returns:
- a reference to the private key.
-
-