Class SecureKeySpec
- java.lang.Object
-
- org.jpos.security.SecureKeySpec
-
- All Implemented Interfaces:
java.io.Serializable
,Loggeable
public class SecureKeySpec extends java.lang.Object implements java.io.Serializable, Loggeable
This class contains a set of desirable key properties that can be passed to an HSM device for example to generate a key or import it.This class is not intended to use for key storage. It can contain confidentional data like key length. That is why they should not be kept persistently anywhere.
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description protected Algorithm
algorithm
The cryptographic algorithm with which the key contained in key block will be used.protected Exportability
exportability
The conditions under which the key can be exported outside the cryptographic domain.protected byte[]
keyBlockMAC
The key block MAC ensures the integrity of the key block, and is calculated over the Header, Optional Header Blocks and the encrypted Key Data.protected char
keyBlockVersion
Identifies the method by which the key block is cryptographically protected and the content layout of the block.protected byte[]
keyBytes
Secure Key Bytes.protected byte[]
keyCheckValue
The keyCheckValue allows identifying which clear key does this secure key represent.protected int
keyLength
The key length is expressed in bits and refers to clear key (before LMK protection).protected java.lang.String
keyName
Optional key name.protected java.lang.String
keyType
Key Type is useful for stating what this key can be used for.protected KeyUsage
keyUsage
The primary usage of the key contained in the key block.protected java.lang.String
keyVersion
Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.protected ModeOfUse
modeOfUse
The operation that the key contained in the key block can perform.protected java.util.Map<java.lang.String,java.lang.String>
optionalHeaders
The TR-31 Key Block format allows a key block to contain up to 99 Optional Header Blocks which can be used to include additional (optional) data within the Key Block.protected java.lang.String
reserved
This element is not specified by TR-31 (should contain two ASCII zeros).protected KeyScheme
scheme
Key scheme indicates protection metchod appiled to this key by a security module.protected int
variant
Indicates key protection variant metchod appiled to this key by a security module.
-
Constructor Summary
Constructors Constructor Description SecureKeySpec()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
dump(java.io.PrintStream p, java.lang.String indent)
Dumps SecureKeySpec information.protected java.lang.String
formKeyHeader(java.lang.String indent)
Algorithm
getAlgorithm()
The cryptographic algorithm with which the key contained in key block will be used.Exportability
getExportability()
The conditions under which the key can be exported outside the cryptographic domain.byte[]
getKeyBlockMAC()
The key block MAC ensures the integrity of the key block.char
getKeyBlockVersion()
Identifies the method by which the key block is cryptographically protected and the content layout of the block.byte[]
getKeyBytes()
byte[]
getKeyCheckValue()
The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a block of zeros under the secure key when the secure key is clear.int
getKeyLength()
Gets the length of the key.java.lang.String
getKeyName()
Gets optional key name.java.lang.String
getKeyType()
Key Type is useful for stating what this key can be used for.KeyUsage
getKeyUsage()
The primary usage of the key contained in the key block.java.lang.String
getKeyVersion()
Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.ModeOfUse
getModeOfUse()
The operation that the key contained in the key block can perform.java.util.Map<java.lang.String,java.lang.String>
getOptionalHeaders()
The key blok Optional Header Blocks.java.lang.String
getReserved()
This element is not specified by TR-31 (should contain two ASCII zeros).KeyScheme
getScheme()
Gets the key scheme used to protect this key.int
getVariant()
Gets the key variant method used to protect this key.void
setAlgorithm(Algorithm algorithm)
void
setExportability(Exportability exportability)
void
setKeyBlockMAC(byte[] keyBlockMAC)
void
setKeyBlockVersion(char keyBlockVersion)
void
setKeyBytes(byte[] keyBytes)
Sets the secure key bytes.void
setKeyCheckValue(byte[] keyCheckValue)
The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a block of zeros under the secure key when the secure key is clear.void
setKeyLength(int keyLength)
Sets the length of the key.void
setKeyName(java.lang.String keyName)
Sets optional key name.void
setKeyType(java.lang.String keyType)
Key Type is useful for stating what this key can be used for.void
setKeyUsage(KeyUsage keyUsage)
void
setKeyVersion(java.lang.String keyVersion)
void
setModeOfUse(ModeOfUse modeOfUse)
void
setReserved(java.lang.String reserved)
void
setScheme(KeyScheme scheme)
Key scheme indicates protection metchod appiled to this key by the security module.void
setVariant(int variant)
Sets key protection variant metchod appiled to this key by the security module.
-
-
-
Field Detail
-
scheme
protected KeyScheme scheme
Key scheme indicates protection metchod appiled to this key by a security module.
-
keyLength
protected int keyLength
The key length is expressed in bits and refers to clear key (before LMK protection).
-
keyType
protected java.lang.String keyType
Key Type is useful for stating what this key can be used for.The value of Key Type specifies whether this encryped key is a
SMAdapter.TYPE_TMK
Terminal Master KeySMAdapter.TYPE_ZPK
Zone PIN Key- or others
-
variant
protected int variant
Indicates key protection variant metchod appiled to this key by a security module.
-
keyBytes
protected byte[] keyBytes
Secure Key Bytes.
-
keyCheckValue
protected byte[] keyCheckValue
The keyCheckValue allows identifying which clear key does this secure key represent.
-
keyBlockVersion
protected char keyBlockVersion
Identifies the method by which the key block is cryptographically protected and the content layout of the block.
-
algorithm
protected Algorithm algorithm
The cryptographic algorithm with which the key contained in key block will be used.
-
modeOfUse
protected ModeOfUse modeOfUse
The operation that the key contained in the key block can perform.
-
keyVersion
protected java.lang.String keyVersion
Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.
-
exportability
protected Exportability exportability
The conditions under which the key can be exported outside the cryptographic domain.
-
reserved
protected java.lang.String reserved
This element is not specified by TR-31 (should contain two ASCII zeros).In proprietary derivatives can be used as e.g: LMK identifier.
-
optionalHeaders
protected final java.util.Map<java.lang.String,java.lang.String> optionalHeaders
The TR-31 Key Block format allows a key block to contain up to 99 Optional Header Blocks which can be used to include additional (optional) data within the Key Block.
-
keyBlockMAC
protected byte[] keyBlockMAC
The key block MAC ensures the integrity of the key block, and is calculated over the Header, Optional Header Blocks and the encrypted Key Data.
-
keyName
protected java.lang.String keyName
Optional key name.
-
-
Constructor Detail
-
SecureKeySpec
public SecureKeySpec()
-
-
Method Detail
-
setScheme
public void setScheme(KeyScheme scheme)
Key scheme indicates protection metchod appiled to this key by the security module.- Parameters:
scheme
- key scheme used to protect this key.
-
getScheme
public KeyScheme getScheme()
Gets the key scheme used to protect this key.- Returns:
- key scheme used to protect this key.
-
setKeyLength
public void setKeyLength(int keyLength)
Sets the length of the key.The key length is expressed in bits and refers to clear key (before LMK protection) This might be different than the bit length of the secureKeyBytes.
- Parameters:
keyLength
-
-
getKeyLength
public int getKeyLength()
Gets the length of the key.The key length is expressed in bits and refers to clear key (before LMK protection)
- Returns:
- The length of the clear key
-
setKeyType
public void setKeyType(java.lang.String keyType)
Key Type is useful for stating what this key can be used for.The value of Key Type specifies whether this secure key is a
SMAdapter.TYPE_TMK
Terminal Master KeySMAdapter.TYPE_ZPK
Zone PIN Key- or others
- Parameters:
keyType
- type of the key
-
getKeyType
public java.lang.String getKeyType()
Key Type is useful for stating what this key can be used for.The value of Key Type specifies whether this secure key is a
SMAdapter.TYPE_TMK
Terminal Master KeySMAdapter.TYPE_ZPK
Zone PIN Key- or others
- Returns:
- keyType type of the key
-
setVariant
public void setVariant(int variant)
Sets key protection variant metchod appiled to this key by the security module.- Parameters:
variant
- key variant method used to protect this key.
-
getVariant
public int getVariant()
Gets the key variant method used to protect this key.- Returns:
- key variant method used to protect this key.
-
getKeyBlockVersion
public char getKeyBlockVersion()
Identifies the method by which the key block is cryptographically protected and the content layout of the block.- Returns:
- The key block version that corresponds to byte 0 of the key block.
-
setKeyBlockVersion
public void setKeyBlockVersion(char keyBlockVersion)
-
getKeyUsage
public KeyUsage getKeyUsage()
The primary usage of the key contained in the key block.- Returns:
- The key usage that corresponds to bytes 5-6 of the key block.
-
setKeyUsage
public void setKeyUsage(KeyUsage keyUsage)
-
getAlgorithm
public Algorithm getAlgorithm()
The cryptographic algorithm with which the key contained in key block will be used.- Returns:
- The key algorithm that corresponds to byte 7 of the key block.
-
setAlgorithm
public void setAlgorithm(Algorithm algorithm)
-
getModeOfUse
public ModeOfUse getModeOfUse()
The operation that the key contained in the key block can perform.- Returns:
- The mode of use that corresponds to byte 8 of the key block.
-
setModeOfUse
public void setModeOfUse(ModeOfUse modeOfUse)
-
getKeyVersion
public java.lang.String getKeyVersion()
Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.- Returns:
- The key version that corresponds to bytes 9-10 of the key block.
-
setKeyVersion
public void setKeyVersion(java.lang.String keyVersion)
-
getExportability
public Exportability getExportability()
The conditions under which the key can be exported outside the cryptographic domain.- Returns:
- The key exportability that corresponds to byte 11 of the key block.
-
setExportability
public void setExportability(Exportability exportability)
-
getReserved
public java.lang.String getReserved()
This element is not specified by TR-31 (should contain two ASCII zeros).In proprietary derivatives can be used as e.g: LMK identifier.
- Returns:
- The reserved that corresponds to bytes 14-15 of the key block.
-
setReserved
public void setReserved(java.lang.String reserved)
-
getOptionalHeaders
public java.util.Map<java.lang.String,java.lang.String> getOptionalHeaders()
The key blok Optional Header Blocks.The number of optional heders corresponds to bytes 12-13 of the key block.
The order of the elements in the map is preserved by
LinkedHashMap
- Returns:
- map of Optional Key Blok Heders.
-
getKeyBlockMAC
public byte[] getKeyBlockMAC()
The key block MAC ensures the integrity of the key block.It is calculated over the Header, Optional Header Blocks and the encrypted Key Data. The length of the MAC depends on the type of LMK key:
- 4 bytes for DES Key Block LMK
- 8 bytes for AES Key Block LMK
- Returns:
- calculated key block MAC value.
-
setKeyBlockMAC
public void setKeyBlockMAC(byte[] keyBlockMAC)
-
setKeyBytes
public void setKeyBytes(byte[] keyBytes)
Sets the secure key bytes.- Parameters:
keyBytes
- bytes representing the secured key
-
getKeyBytes
public byte[] getKeyBytes()
- Returns:
- The bytes representing the secured key
-
setKeyCheckValue
public void setKeyCheckValue(byte[] keyCheckValue)
The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a block of zeros under the secure key when the secure key is clear.This check value allows identifying if two secure keys map to the same clear key.
- Parameters:
keyCheckValue
- the Key Check Value
-
getKeyCheckValue
public byte[] getKeyCheckValue()
The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a block of zeros under the secure key when the secure key is clear.- Returns:
- the Key Check Value
-
getKeyName
public java.lang.String getKeyName()
Gets optional key name.- Returns:
- name of the key
-
setKeyName
public void setKeyName(java.lang.String keyName)
Sets optional key name.- Parameters:
keyName
- name of the key
-
dump
public void dump(java.io.PrintStream p, java.lang.String indent)
Dumps SecureKeySpec information.
-
formKeyHeader
protected java.lang.String formKeyHeader(java.lang.String indent)
-
-