Package org.jpos.security

Class SecureKeySpec

  • All Implemented Interfaces:
    java.io.Serializable, Loggeable
    public class SecureKeySpec
extends java.lang.Object
implements java.io.Serializable, Loggeable
    This class contains a set of desirable key properties that can be passed to an HSM device for example to generate a key or import it.

    This class is not intended to use for key storage. It can contain confidentional data like key length. That is why they should not be kept persistently anywhere.

    See Also:
    Serialized Form

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected Algorithm algorithm
      The cryptographic algorithm with which the key contained in key block will be used.
      protected Exportability exportability
      The conditions under which the key can be exported outside the cryptographic domain.
      protected byte[] keyBlockMAC
      The key block MAC ensures the integrity of the key block, and is calculated over the Header, Optional Header Blocks and the encrypted Key Data.
      protected char keyBlockVersion
      Identifies the method by which the key block is cryptographically protected and the content layout of the block.
      protected byte[] keyBytes
      Secure Key Bytes.
      protected byte[] keyCheckValue
      The keyCheckValue allows identifying which clear key does this secure key represent.
      protected int keyLength
      The key length is expressed in bits and refers to clear key (before LMK protection).
      protected java.lang.String keyName
      Optional key name.
      protected java.lang.String keyType
      Key Type is useful for stating what this key can be used for.
      protected KeyUsage keyUsage
      The primary usage of the key contained in the key block.
      protected java.lang.String keyVersion
      Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.
      protected ModeOfUse modeOfUse
      The operation that the key contained in the key block can perform.
      protected java.util.Map<java.lang.String,​java.lang.String> optionalHeaders
      The TR-31 Key Block format allows a key block to contain up to 99 Optional Header Blocks which can be used to include additional (optional) data within the Key Block.
      protected java.lang.String reserved
      This element is not specified by TR-31 (should contain two ASCII zeros).
      protected KeyScheme scheme
      Key scheme indicates protection metchod appiled to this key by a security module.
      protected int variant
      Indicates key protection variant metchod appiled to this key by a security module.

    • Constructor Summary

      Constructors 
      Constructor Description
      SecureKeySpec()  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void dump​(java.io.PrintStream p, java.lang.String indent)
      Dumps SecureKeySpec information.
      protected java.lang.String formKeyHeader​(java.lang.String indent)  
      Algorithm getAlgorithm()
      The cryptographic algorithm with which the key contained in key block will be used.
      Exportability getExportability()
      The conditions under which the key can be exported outside the cryptographic domain.
      byte[] getKeyBlockMAC()
      The key block MAC ensures the integrity of the key block.
      char getKeyBlockVersion()
      Identifies the method by which the key block is cryptographically protected and the content layout of the block.
      byte[] getKeyBytes()  
      byte[] getKeyCheckValue()
      The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a block of zeros under the secure key when the secure key is clear.
      int getKeyLength()
      Gets the length of the key.
      java.lang.String getKeyName()
      Gets optional key name.
      java.lang.String getKeyType()
      Key Type is useful for stating what this key can be used for.
      KeyUsage getKeyUsage()
      The primary usage of the key contained in the key block.
      java.lang.String getKeyVersion()
      Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.
      ModeOfUse getModeOfUse()
      The operation that the key contained in the key block can perform.
      java.util.Map<java.lang.String,​java.lang.String> getOptionalHeaders()
      The key blok Optional Header Blocks.
      java.lang.String getReserved()
      This element is not specified by TR-31 (should contain two ASCII zeros).
      KeyScheme getScheme()
      Gets the key scheme used to protect this key.
      int getVariant()
      Gets the key variant method used to protect this key.
      void setAlgorithm​(Algorithm algorithm)  
      void setExportability​(Exportability exportability)  
      void setKeyBlockMAC​(byte[] keyBlockMAC)  
      void setKeyBlockVersion​(char keyBlockVersion)  
      void setKeyBytes​(byte[] keyBytes)
      Sets the secure key bytes.
      void setKeyCheckValue​(byte[] keyCheckValue)
      The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a block of zeros under the secure key when the secure key is clear.
      void setKeyLength​(int keyLength)
      Sets the length of the key.
      void setKeyName​(java.lang.String keyName)
      Sets optional key name.
      void setKeyType​(java.lang.String keyType)
      Key Type is useful for stating what this key can be used for.
      void setKeyUsage​(KeyUsage keyUsage)  
      void setKeyVersion​(java.lang.String keyVersion)  
      void setModeOfUse​(ModeOfUse modeOfUse)  
      void setReserved​(java.lang.String reserved)  
      void setScheme​(KeyScheme scheme)
      Key scheme indicates protection metchod appiled to this key by the security module.
      void setVariant​(int variant)
      Sets key protection variant metchod appiled to this key by the security module.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • scheme

        protected KeyScheme scheme
        Key scheme indicates protection metchod appiled to this key by a security module.

      • keyLength

        protected int keyLength
        The key length is expressed in bits and refers to clear key (before LMK protection).

      • keyType

        protected java.lang.String keyType
        Key Type is useful for stating what this key can be used for.

        The value of Key Type specifies whether this encryped key is a

      • variant

        protected int variant
        Indicates key protection variant metchod appiled to this key by a security module.

      • keyBytes

        protected byte[] keyBytes
        Secure Key Bytes.

      • keyCheckValue

        protected byte[] keyCheckValue
        The keyCheckValue allows identifying which clear key does this secure key represent.

      • keyBlockVersion

        protected char keyBlockVersion
        Identifies the method by which the key block is cryptographically protected and the content layout of the block.

      • keyUsage

        protected KeyUsage keyUsage
        The primary usage of the key contained in the key block.

      • algorithm

        protected Algorithm algorithm
        The cryptographic algorithm with which the key contained in key block will be used.

      • modeOfUse

        protected ModeOfUse modeOfUse
        The operation that the key contained in the key block can perform.

      • keyVersion

        protected java.lang.String keyVersion
        Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.

      • exportability

        protected Exportability exportability
        The conditions under which the key can be exported outside the cryptographic domain.

      • reserved

        protected java.lang.String reserved
        This element is not specified by TR-31 (should contain two ASCII zeros).

        In proprietary derivatives can be used as e.g: LMK identifier.

      • optionalHeaders

        protected final java.util.Map<java.lang.String,​java.lang.String> optionalHeaders
        The TR-31 Key Block format allows a key block to contain up to 99 Optional Header Blocks which can be used to include additional (optional) data within the Key Block.

      • keyBlockMAC

        protected byte[] keyBlockMAC
        The key block MAC ensures the integrity of the key block, and is calculated over the Header, Optional Header Blocks and the encrypted Key Data.

      • keyName

        protected java.lang.String keyName
        Optional key name.

    • Method Detail

      • setScheme

        public void setScheme​(KeyScheme scheme)
        Key scheme indicates protection metchod appiled to this key by the security module.
        Parameters:
        scheme - key scheme used to protect this key.

      • getScheme

        public KeyScheme getScheme()
        Gets the key scheme used to protect this key.
        Returns:
        key scheme used to protect this key.

      • setKeyLength

        public void setKeyLength​(int keyLength)
        Sets the length of the key.

        The key length is expressed in bits and refers to clear key (before LMK protection) This might be different than the bit length of the secureKeyBytes.

        Parameters:
        keyLength -

      • getKeyLength

        public int getKeyLength()
        Gets the length of the key.

        The key length is expressed in bits and refers to clear key (before LMK protection)

        Returns:
        The length of the clear key

      • setKeyType

        public void setKeyType​(java.lang.String keyType)
        Key Type is useful for stating what this key can be used for.

        The value of Key Type specifies whether this secure key is a

        Parameters:
        keyType - type of the key

      • getKeyType

        public java.lang.String getKeyType()
        Key Type is useful for stating what this key can be used for.

        The value of Key Type specifies whether this secure key is a

        Returns:
        keyType type of the key

      • setVariant

        public void setVariant​(int variant)
        Sets key protection variant metchod appiled to this key by the security module.
        Parameters:
        variant - key variant method used to protect this key.

      • getVariant

        public int getVariant()
        Gets the key variant method used to protect this key.
        Returns:
        key variant method used to protect this key.

      • getKeyBlockVersion

        public char getKeyBlockVersion()
        Identifies the method by which the key block is cryptographically protected and the content layout of the block.
        Returns:
        The key block version that corresponds to byte 0 of the key block.

      • getKeyUsage

        public KeyUsage getKeyUsage()
        The primary usage of the key contained in the key block.
        Returns:
        The key usage that corresponds to bytes 5-6 of the key block.

      • getAlgorithm

        public Algorithm getAlgorithm()
        The cryptographic algorithm with which the key contained in key block will be used.
        Returns:
        The key algorithm that corresponds to byte 7 of the key block.

      • getModeOfUse

        public ModeOfUse getModeOfUse()
        The operation that the key contained in the key block can perform.
        Returns:
        The mode of use that corresponds to byte 8 of the key block.

      • getKeyVersion

        public java.lang.String getKeyVersion()
        Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.
        Returns:
        The key version that corresponds to bytes 9-10 of the key block.

      • setKeyVersion

        public void setKeyVersion​(java.lang.String keyVersion)

      • getExportability

        public Exportability getExportability()
        The conditions under which the key can be exported outside the cryptographic domain.
        Returns:
        The key exportability that corresponds to byte 11 of the key block.

      • getReserved

        public java.lang.String getReserved()
        This element is not specified by TR-31 (should contain two ASCII zeros).

        In proprietary derivatives can be used as e.g: LMK identifier.

        Returns:
        The reserved that corresponds to bytes 14-15 of the key block.

      • setReserved

        public void setReserved​(java.lang.String reserved)

      • getOptionalHeaders

        public java.util.Map<java.lang.String,​java.lang.String> getOptionalHeaders()
        The key blok Optional Header Blocks.

        The number of optional heders corresponds to bytes 12-13 of the key block.

        The order of the elements in the map is preserved by LinkedHashMap

        Returns:
        map of Optional Key Blok Heders.

      • getKeyBlockMAC

        public byte[] getKeyBlockMAC()
        The key block MAC ensures the integrity of the key block.

        It is calculated over the Header, Optional Header Blocks and the encrypted Key Data. The length of the MAC depends on the type of LMK key:

        • 4 bytes for DES Key Block LMK
        • 8 bytes for AES Key Block LMK
        Returns:
        calculated key block MAC value.

      • setKeyBytes

        public void setKeyBytes​(byte[] keyBytes)
        Sets the secure key bytes.
        Parameters:
        keyBytes - bytes representing the secured key

      • getKeyBytes

        public byte[] getKeyBytes()
        Returns:
        The bytes representing the secured key

      • setKeyCheckValue

        public void setKeyCheckValue​(byte[] keyCheckValue)
        The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a block of zeros under the secure key when the secure key is clear.

        This check value allows identifying if two secure keys map to the same clear key.

        Parameters:
        keyCheckValue - the Key Check Value

      • getKeyCheckValue

        public byte[] getKeyCheckValue()
        The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a block of zeros under the secure key when the secure key is clear.
        Returns:
        the Key Check Value

      • getKeyName

        public java.lang.String getKeyName()
        Gets optional key name.
        Returns:
        name of the key

      • setKeyName

        public void setKeyName​(java.lang.String keyName)
        Sets optional key name.
        Parameters:
        keyName - name of the key

      • dump

        public void dump​(java.io.PrintStream p,
                 java.lang.String indent)
        Dumps SecureKeySpec information.
        Specified by:
        dump in interface Loggeable
        Parameters:
        p - a print stream usually supplied by Logger
        indent - indention string, usually suppiled by Logger
        See Also:
        Loggeable

      • formKeyHeader

        protected java.lang.String formKeyHeader​(java.lang.String indent)