The KeyFactory Class:

The KeyFactory class is an engine class that is designed to provide opaque cryptographic keys (of type Key) and key specifications (transparent representations of the underlying key material).

DSA

The keys generated by this provider are similar to the keys that are available in a software provider. However, the keys have more methods that relate to the PKCS#11 standard attributes.

The KeyFactory class can be used to generate a DSA Private PKCS#11 key from a DSAPrivateKeySpec or a PKCS11KeySpec. The KeyFactory can also be used to generate a DSA public key from a DSAPublicKeySpec, an X509EncodedKeySpec, or a PKCS11KeySpec.

The KeyFactory class can also derive a DSAPrivateKeySpec from a DSA Private PKCS#11 key or a DSAPublicKeySpec or X509PublicKeySpec from a DSA public key.

The KeyPairGenerator class requires the use of the class PKCS11DSAKeyPairParameterSpec if the defaults are not to be used. An application is not allowed to only specify the key size, or the key size and source of randomness. This class is required for all non-default key pair generations.

Note: That specifying a source of randomness is not required, because the device uses its own source to generate keys.

RSA

This provider handles RSA keys similar to the DSA keys listed previously.

RSA is similar to DSA in that the KeyFactory class can be used to generate a RSA Private PKCS#11 key from an RSAPrivateCrtKeySpec, RSAPrivateKeySpec or a PKCS11KeySpec. The KeyFactory can also be used to generate an RSA public key from an RSAPublicKeySpec, an X509EncodedKeySpec, or an PKCS11KeySpec. The opposite can also be done to generate an RSAPrivateCrtKeySpec or an RSAPrivateKeySpec from an RSA private PKCS#11 key and an RSAPublicKeySpec or X509EncodeKeySpec can be generated from an RSA public key.

The KeyPairGenerator class is also similar and if an application needs to create an RSA key pair that does not use the defaults, the PKCS11RSAKeyPairParameterSpec class must be used. An application is not allowed to only specify the key size, or the key size and source of randomness. This class is required for all non-default key pair generations.

Note: That specifying a source of randomness is not required, because the device uses its own source to generate keys.

EC

This provider handles EC keys similar to the DSA keys listed previously.

EC is similar to DSA in that the KeyFactory class can be used to generate a EC Private PKCS#11 key from an ECPrivateKeySpec or a PKCS11KeySpec. The KeyFactory can also be used to generate an EC public key from an ECPublicKeySpec, an X509EncodedKeySpec, or an PKCS11KeySpec. The opposite can also be done to generate an ECPrivateKeySpec from an EC private PKCS#11 key and an ECPublicKeySpec or X509EncodeKeySpec can be generated from an EC public key.

The KeyPairGenerator class is also similar, the ECParameterSpec class can be used to generate key pair or an application can only specify the key size, or the key size and source of randomness to generate key pair.

Note: That specifying a source of randomness is not required, because the device uses its own source to generate keys.