Class SecureKeyBlock
- java.lang.Object
-
- org.jpos.security.SecureKey
-
- org.jpos.security.SecureKeyBlock
-
- All Implemented Interfaces:
java.io.Serializable
,Loggeable
public class SecureKeyBlock extends SecureKey
The class represents a secure key in key block form (TR-31 or derivatives).In addition to standard Key Chcek Value and Key Schema, specifies the key block header, optional key block header, encrypted key and key block MAC.
The
SecureKeyBlock
instance can come from HSM (generate, import, translate) or from the key store. And this is an integral whole. Therefore, manipulation of key block values is not desirable. This is the reason why the key block setters methods are not available. Use theSecureKeyBlockBuilder
to create the key block structure.- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description protected Algorithm
algorithm
The cryptographic algorithm with which the key contained in key block will be used.protected Exportability
exportability
The conditions under which the key can be exported outside the cryptographic domain.protected int
keyBlockLength
Entire key block length after encoding (header, optional header, encrypted confidential data, and MAC).protected byte[]
keyBlockMAC
The key block MAC ensures the integrity of the key block, and is calculated over the Header, Optional Header Blocks and the encrypted Key Data.protected char
keyBlockVersion
Identifies the method by which the key block is cryptographically protected and the content layout of the block.protected KeyUsage
keyUsage
The primary usage of the key contained in the key block.protected java.lang.String
keyVersion
Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.protected ModeOfUse
modeOfUse
The operation that the key contained in the key block can perform.protected java.util.Map<java.lang.String,java.lang.String>
optionalHeaders
The TR-31 Key Block format allows a key block to contain up to 99 Optional Header Blocks which can be used to include additional (optional) data within the Key Block.protected java.lang.String
reserved
This element is not specified by TR-31 (should contain two ASCII zeros).
-
Constructor Summary
Constructors Modifier Constructor Description protected
SecureKeyBlock()
Constructs an SecureKeyBlock.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
dump(java.io.PrintStream p, java.lang.String indent)
Dumps SecureKeyBlock basic informationAlgorithm
getAlgorithm()
The cryptographic algorithm with which the key contained in key block will be used.Exportability
getExportability()
The conditions under which the key can be exported outside the cryptographic domain.int
getKeyBlockLength()
Entire key block length after encoding (header, optional header, encrypted confidential data, and MAC).byte[]
getKeyBlockMAC()
The key block MAC ensures the integrity of the key block.char
getKeyBlockVersion()
Identifies the method by which the key block is cryptographically protected and the content layout of the block.short
getKeyLength()
java.lang.String
getKeyType()
Key Type is useful for stating what this key can be used for.KeyUsage
getKeyUsage()
The primary usage of the key contained in the key block.java.lang.String
getKeyVersion()
Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.ModeOfUse
getModeOfUse()
The operation that the key contained in the key block can perform.java.util.Map<java.lang.String,java.lang.String>
getOptionalHeaders()
The key blok Optional Header Blocks.java.lang.String
getReserved()
This element is not specified by TR-31 (should contain two ASCII zeros).KeyScheme
getScheme()
Gets the key scheme used to protect this key.void
setKeyLength(short keyLength)
Sets the length of the key (in bits) (when it was still clear).void
setKeyType(java.lang.String keyType)
Key Type is useful for stating what this key can be used for.-
Methods inherited from class org.jpos.security.SecureKey
getKeyBytes, getKeyCheckValue, getKeyName, setKeyBytes, setKeyCheckValue, setKeyName, setScheme
-
-
-
-
Field Detail
-
keyBlockVersion
protected char keyBlockVersion
Identifies the method by which the key block is cryptographically protected and the content layout of the block.
-
keyBlockLength
protected int keyBlockLength
Entire key block length after encoding (header, optional header, encrypted confidential data, and MAC).
-
algorithm
protected Algorithm algorithm
The cryptographic algorithm with which the key contained in key block will be used.
-
modeOfUse
protected ModeOfUse modeOfUse
The operation that the key contained in the key block can perform.
-
keyVersion
protected java.lang.String keyVersion
Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.
-
exportability
protected Exportability exportability
The conditions under which the key can be exported outside the cryptographic domain.
-
reserved
protected java.lang.String reserved
This element is not specified by TR-31 (should contain two ASCII zeros).In proprietary derivatives can be used as e.g: LMK identifier.
-
optionalHeaders
protected java.util.Map<java.lang.String,java.lang.String> optionalHeaders
The TR-31 Key Block format allows a key block to contain up to 99 Optional Header Blocks which can be used to include additional (optional) data within the Key Block.
-
keyBlockMAC
protected byte[] keyBlockMAC
The key block MAC ensures the integrity of the key block, and is calculated over the Header, Optional Header Blocks and the encrypted Key Data.
-
-
Constructor Detail
-
SecureKeyBlock
protected SecureKeyBlock()
Constructs an SecureKeyBlock.It can be used internally by e.g:
SecureKeyBlockBuilder
.
-
-
Method Detail
-
setKeyType
public void setKeyType(java.lang.String keyType)
Description copied from class:SecureKey
Key Type is useful for stating what this key can be used for. The value of Key Type specifies whether this secure key is a TYPE_TMK (Terminal Master Key), TYPE_ZPK (Zone PIN Key)....- Overrides:
setKeyType
in classSecureKey
-
getKeyType
public java.lang.String getKeyType()
Description copied from class:SecureKey
Key Type is useful for stating what this key can be used for. The value of Key Type specifies whether this secure key is a TYPE_TMK (Terminal Master Key), TYPE_ZPK (Zone PIN Key)....- Overrides:
getKeyType
in classSecureKey
- Returns:
- keyType
-
setKeyLength
public void setKeyLength(short keyLength)
Description copied from class:SecureKey
Sets the length of the key (in bits) (when it was still clear). This might be different than the bit length of the secureKeyBytes.- Overrides:
setKeyLength
in classSecureKey
-
getKeyLength
public short getKeyLength()
- Overrides:
getKeyLength
in classSecureKey
- Returns:
- The Length of the secure key (when it was still clear)
-
getScheme
public KeyScheme getScheme()
Description copied from class:SecureKey
Gets the key scheme used to protect this key.
-
getKeyBlockVersion
public char getKeyBlockVersion()
Identifies the method by which the key block is cryptographically protected and the content layout of the block.- Returns:
- The key block version that corresponds to byte 0 of the key block.
-
getKeyBlockLength
public int getKeyBlockLength()
Entire key block length after encoding (header, optional header, encrypted confidential data, and MAC).- Returns:
- The key block length that corresponds to bytes 1-4 of the key block.
-
getKeyUsage
public KeyUsage getKeyUsage()
The primary usage of the key contained in the key block.- Returns:
- The key usage that corresponds to bytes 5-6 of the key block.
-
getAlgorithm
public Algorithm getAlgorithm()
The cryptographic algorithm with which the key contained in key block will be used.- Returns:
- The key algorithm that corresponds to byte 7 of the key block.
-
getModeOfUse
public ModeOfUse getModeOfUse()
The operation that the key contained in the key block can perform.- Returns:
- The mode of use that corresponds to byte 8 of the key block.
-
getKeyVersion
public java.lang.String getKeyVersion()
Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.- Returns:
- The key version that corresponds to bytes 9-10 of the key block.
-
getExportability
public Exportability getExportability()
The conditions under which the key can be exported outside the cryptographic domain.- Returns:
- The key exportability that corresponds to byte 11 of the key block.
-
getReserved
public java.lang.String getReserved()
This element is not specified by TR-31 (should contain two ASCII zeros).In proprietary derivatives can be used as e.g: LMK identifier.
- Returns:
- The reserved that corresponds to bytes 14-15 of the key block.
-
getOptionalHeaders
public java.util.Map<java.lang.String,java.lang.String> getOptionalHeaders()
The key blok Optional Header Blocks.The number of optional heders corresponds to bytes 12-13 of the key block.
The order of the elements in the map is preserved by
LinkedHashMap
- Returns:
- Read only map of Optional Key Blok Heders.
-
getKeyBlockMAC
public byte[] getKeyBlockMAC()
The key block MAC ensures the integrity of the key block.It is calculated over the Header, Optional Header Blocks and the encrypted Key Data. The length of the MAC depends on the type of LMK key:
- 4 bytes for DES Key Block LMK
- 8 bytes for AES Key Block LMK
- Returns:
- calculated key block MAC value.
-
-