iaik.pkcs.pkcs11.objects

Class SecretKey

java.lang.Object

iaik.pkcs.pkcs11.objects.PKCS11Object

iaik.pkcs.pkcs11.objects.Storage

iaik.pkcs.pkcs11.objects.Key

iaik.pkcs.pkcs11.objects.SecretKey

Direct Known Subclasses:

ValuedSecretKey

public class SecretKey
extends Key

This is the base class for secret (symmetric) keys. Objects of this class represent secret keys as specified by PKCS#11 v2.11.

Version:

1.0

Author:

Karl Scheibelhofer

Nested Class Summary

Nested classes/interfaces inherited from class iaik.pkcs.pkcs11.objects.Key

Key.KeyType, Key.VendorDefinedKeyBuilder

Nested classes/interfaces inherited from class iaik.pkcs.pkcs11.objects.PKCS11Object

PKCS11Object.ObjectClass, PKCS11Object.VendorDefinedObjectBuilder

Field Summary

Fields

Modifier and Type	Field and Description
protected BooleanAttribute	alwaysSensitive True, if this key was always sensitive.
protected ByteArrayAttribute	checkValue Key checksum of this private key.
protected BooleanAttribute	decrypt True, if this key can be used for decryption.
protected BooleanAttribute	encrypt True, if this key can be used for encryption.
protected BooleanAttribute	extractable True, if this key is extractable from the token.
protected BooleanAttribute	neverExtractable True, if this key was never extractable.
protected BooleanAttribute	sensitive True, if this key is sensitive.
protected BooleanAttribute	sign True, if this key can be used for signing.
protected BooleanAttribute	trusted True, if this public key can be used for wrapping other keys.
protected BooleanAttribute	unwrap True, if this key can be used for unwrapping other keys.
protected AttributeArray	unwrapTemplate Template of the key, that can be unwrapped.
protected BooleanAttribute	verify True, if this key can be used for verification.
protected BooleanAttribute	wrap True, if this key can be used for wrapping other keys.
protected AttributeArray	wrapTemplate Template of the key, that can be wrapped.
protected BooleanAttribute	wrapWithTrusted True, if this private key can only be wrapped with a wrapping key having set the attribute trusted to true.

Fields inherited from class iaik.pkcs.pkcs11.objects.Key

allowedMechanisms, derive, endDate, id, keyGenMechanism, keyType, keyTypeNames, local, startDate

Fields inherited from class iaik.pkcs.pkcs11.objects.Storage

label, modifiable, private_, token

Fields inherited from class iaik.pkcs.pkcs11.objects.PKCS11Object

attributeTable, objectClass, objectClassNames, objectHandle, vendorObjectBuilder

Constructor Summary

Constructors

Modifier	Constructor and Description
	SecretKey() Default Constructor.
protected	SecretKey(Session session, long objectHandle) Called by sub-classes to create an instance of a PKCS#11 secret key.

Method Summary

Modifier and Type	Method and Description
protected void	allocateAttributes() Allocates the attribute objects for this class and adds them to the attribute table.
boolean	equals(Object otherObject) Compares all member variables of this object with the other object.
BooleanAttribute	getAlwaysSensitive() Gets the always sensitive attribute of this key.
ByteArrayAttribute	getCheckValue() Gets the check value attribute of this key.
BooleanAttribute	getDecrypt() Gets the decrypt attribute of this key.
BooleanAttribute	getEncrypt() Gets the encrypt attribute of this key.
BooleanAttribute	getExtractable() Gets the extractable attribute of this key.
static PKCS11Object	getInstance(Session session, long objectHandle) The getInstance method of the PKCS11Object class uses this method to create an instance of a PKCS#11 secret key.
BooleanAttribute	getNeverExtractable() Gets the never extractable attribute of this key.
BooleanAttribute	getSensitive() Gets the sensitive attribute of this key.
BooleanAttribute	getSign() Gets the sign attribute of this key.
BooleanAttribute	getTrusted() Gets the trusted attribute of this key.
protected static PKCS11Object	getUnknownSecretKey(Session session, long objectHandle) Try to create a key which has no or an unkown secret key type type attribute.
BooleanAttribute	getUnwrap() Gets the unwrap attribute of this key.
AttributeArray	getUnwrapTemplate() Gets the unwrap template attribute of this key.
BooleanAttribute	getVerify() Gets the verify attribute of this key.
BooleanAttribute	getWrap() Gets the wrap attribute of this key.
AttributeArray	getWrapTemplate() Gets the wrap template attribute of this key.
BooleanAttribute	getWrapWithTrusted() Gets the wrap with trusted attribute of this key.
protected static void	putAttributesInTable(SecretKey object) Put all attributes of the given object into the attributes table of this object.
void	readAttributes(Session session) Read the values of the attributes of this object from the token.
String	toString() Returns a string representation of the current object.

Methods inherited from class iaik.pkcs.pkcs11.objects.Key

getAllowedMechanisms, getDerive, getEndDate, getId, getKeyGenMechanism, getKeyType, getKeyTypeName, getLocal, getStartDate, hashCode, putAttributesInTable

Methods inherited from class iaik.pkcs.pkcs11.objects.Storage

getLabel, getModifiable, getPrivate, getToken, putAttributesInTable

Methods inherited from class iaik.pkcs.pkcs11.objects.PKCS11Object

getAttribute, getAttributeTable, getAttributeValue, getAttributeValues, getObjectClass, getObjectClassName, getObjectHandle, getSetAttributes, getSetAttributes, getUnknownObject, getVendorDefinedObjectBuilder, putAttribute, putAttributesInTable, removeAttribute, setObjectHandle, setVendorDefinedObjectBuilder, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

sensitive

protected BooleanAttribute sensitive

True, if this key is sensitive.

encrypt

protected BooleanAttribute encrypt

True, if this key can be used for encryption.

decrypt

protected BooleanAttribute decrypt

True, if this key can be used for decryption.

sign

protected BooleanAttribute sign

True, if this key can be used for signing.

verify

protected BooleanAttribute verify

True, if this key can be used for verification.

wrap

protected BooleanAttribute wrap

True, if this key can be used for wrapping other keys.

unwrap

protected BooleanAttribute unwrap

True, if this key can be used for unwrapping other keys.

extractable

protected BooleanAttribute extractable

True, if this key is extractable from the token.

alwaysSensitive

protected BooleanAttribute alwaysSensitive

True, if this key was always sensitive.

neverExtractable

protected BooleanAttribute neverExtractable

True, if this key was never extractable.

checkValue

protected ByteArrayAttribute checkValue

Key checksum of this private key.

wrapWithTrusted

protected BooleanAttribute wrapWithTrusted

True, if this private key can only be wrapped with a wrapping key having set the attribute trusted to true.

trusted

protected BooleanAttribute trusted

True, if this public key can be used for wrapping other keys.

wrapTemplate

protected AttributeArray wrapTemplate

Template of the key, that can be wrapped.

unwrapTemplate

protected AttributeArray unwrapTemplate

Template of the key, that can be unwrapped.

Constructor Detail

SecretKey

public SecretKey()

Default Constructor.

SecretKey

protected SecretKey(Session session,
                    long objectHandle)
             throws TokenException

Called by sub-classes to create an instance of a PKCS#11 secret key.

Parameters:

session - The session to use for reading attributes. This session must have the appropriate rights; i.e. it must be a user-session, if it is a private object.

objectHandle - The object handle as given from the PKCS#111 module.

Throws:

TokenException - If getting the attributes failed.

Method Detail

getInstance

public static PKCS11Object getInstance(Session session,
                                       long objectHandle)
                                throws TokenException

The getInstance method of the PKCS11Object class uses this method to create an instance of a PKCS#11 secret key. This method reads the key type attribute and calls the getInstance method of the according sub-class. If the key type is a vendor defined it uses the VendorDefinedKeyBuilder set by the application. If no secret key could be constructed, Returns null.

Parameters:

session - The session to use for reading attributes. This session must have the appropriate rights; i.e. it must be a user-session, if it is a private object.

objectHandle - The object handle as given from the PKCS#111 module.

Returns:

The object representing the PKCS#11 object. The returned object can be casted to the according sub-class.

Throws:

TokenException - If getting the attributes failed.

getUnknownSecretKey

protected static PKCS11Object getUnknownSecretKey(Session session,
                                                  long objectHandle)
                                           throws TokenException

Try to create a key which has no or an unkown secret key type type attribute. This implementation will try to use a vendor defined key builder, if such has been set. If this is impossible or fails, it will create just a simple SecretKey .

Parameters:

session - The session to use.

objectHandle - The handle of the object

Returns:

A new PKCS11Object.

Throws:

TokenException - If no object could be created.

putAttributesInTable

protected static void putAttributesInTable(SecretKey object)

Put all attributes of the given object into the attributes table of this object. This method is only static to be able to access invoke the implementation of this method for each class separately.

Parameters:

object - The object to handle.

allocateAttributes

protected void allocateAttributes()

Allocates the attribute objects for this class and adds them to the attribute table.

Overrides:

allocateAttributes in class Key

equals

public boolean equals(Object otherObject)

Compares all member variables of this object with the other object. Returns only true, if all are equal in both objects.

Overrides:

equals in class Key

Parameters:

otherObject - The other object to compare to.

Returns:

True, if other is an instance of this class and all member variables of both objects are equal. False, otherwise.

getSensitive

public BooleanAttribute getSensitive()

Gets the sensitive attribute of this key.

Returns:

The sensitive attribute.

getEncrypt

public BooleanAttribute getEncrypt()

Gets the encrypt attribute of this key.

Returns:

The encrypt attribute.

getVerify

public BooleanAttribute getVerify()

Gets the verify attribute of this key.

Returns:

The verify attribute.

getDecrypt

public BooleanAttribute getDecrypt()

Gets the decrypt attribute of this key.

Returns:

The decrypt attribute.

getSign

public BooleanAttribute getSign()

Gets the sign attribute of this key.

Returns:

The sign attribute.

getWrap

public BooleanAttribute getWrap()

Gets the wrap attribute of this key.

Returns:

The wrap attribute.

getUnwrap

public BooleanAttribute getUnwrap()

Gets the unwrap attribute of this key.

Returns:

The unwrap attribute.

getExtractable

public BooleanAttribute getExtractable()

Gets the extractable attribute of this key.

Returns:

The extractable attribute.

getAlwaysSensitive

public BooleanAttribute getAlwaysSensitive()

Gets the always sensitive attribute of this key.

Returns:

The always sensitive attribute.

getNeverExtractable

public BooleanAttribute getNeverExtractable()

Gets the never extractable attribute of this key.

Returns:

The never extractable attribute.

getCheckValue

public ByteArrayAttribute getCheckValue()

Gets the check value attribute of this key.

Returns:

The check value attribute.

getWrapWithTrusted

public BooleanAttribute getWrapWithTrusted()

Gets the wrap with trusted attribute of this key.

Returns:

The wrap with trusted attribute.

getTrusted

public BooleanAttribute getTrusted()

Gets the trusted attribute of this key.

Returns:

The trusted attribute.

getWrapTemplate

public AttributeArray getWrapTemplate()

Gets the wrap template attribute of this key. This attribute can only be used with PKCS#11 modules supporting cryptoki version 2.20 or higher.

Returns:

The wrap template attribute.

getUnwrapTemplate

public AttributeArray getUnwrapTemplate()

Gets the unwrap template attribute of this key. This attribute can only be used with PKCS#11 modules supporting cryptoki version 2.20 or higher.

Returns:

The unwrap template attribute.

readAttributes

public void readAttributes(Session session)
                    throws TokenException

Read the values of the attributes of this object from the token.

Overrides:

readAttributes in class Key

Parameters:

session - The session to use for reading attributes. This session must have the appropriate rights; i.e. it must be a user-session, if it is a private object.

Throws:

TokenException - If getting the attributes failed.

toString

public String toString()

Returns a string representation of the current object. The output is only for debugging purposes and should not be used for other purposes.

Overrides:

toString in class Key

Returns:

A string presentation of this object for debugging output.