Module ibm.crypto.hdwrcca

Package com.ibm.crypto.hdwrCCA.provider

Class KyberPrivateKey

java.lang.Object

com.ibm.crypto.hdwrCCA.provider.KyberPrivateKey

All Implemented Interfaces:

java.io.Serializable, java.security.Key, java.security.PrivateKey, javax.security.auth.Destroyable

public class KyberPrivateKey
extends java.lang.Object
implements java.security.PrivateKey

A private key for the CRYSTALS-Kyber algorithm. This key contains a token (which can be either a tokenized representation of a CLEAR key or a label to the stored key) and attributes (KeyHWAttributeValues, which include the key type and key usage).

See Also:

Serialized Form

Field Summary

Fields inherited from interface java.security.PrivateKey

serialVersionUID

Constructor Summary

Constructors

Constructor	Description
KyberPrivateKey(byte[] keyToken, KyberKeyAttributes keyAttributes)	Creates a CRYSTALS-Kyber private hardware key from a keytoken and key attributes.

Method Summary

Modifier and Type	Method	Description
void	deletePKDSEntry()	This method is used to delete the PKDS information that is associated with this key object.
void	destroy()	Destroy or clear sensitive information contained in this private key.
java.lang.String	getAlgorithm()	Returns the algorithm
byte[]	getEncoded()	Returns a clone of the label if the key is in format PKDS, a clone of the token if the key is in format TOKEN.
java.lang.String	getFormat()	Return the format for this key.
java.lang.String	getLabelString()	Returns the PKDS record label if the key object is a PKDS type of key.
byte[]	getToken()	Returns a clone of the private key token.
byte	getType()	Return the key Type.
byte	getUsage()	Return the key Usage.
boolean	isDestroyed()	This method is called to determine whether this key object still contains key material.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KyberPrivateKey

public KyberPrivateKey(byte[] keyToken,
                       KyberKeyAttributes keyAttributes)

Creates a CRYSTALS-Kyber private hardware key from a keytoken and key attributes.

Parameters:

keyToken - IBM CCA hardware token for this key. The label must conform to the character restrictions imposed by the platform you are executing on. In addition, when passed to this method as a byte array, it must be encoded using the "8859_1" code page. For example, if the label is "MyLabel" then the correct form for this parameter is "MyLabel".getBytes("8859_1")

attribs - indicates the key attributes associated with this key.

Method Detail

getAlgorithm

public java.lang.String getAlgorithm()

Returns the algorithm

Specified by:

getAlgorithm in interface java.security.Key

Returns:

the algorithm

getFormat

public java.lang.String getFormat()

Return the format for this key.

Specified by:

getFormat in interface java.security.Key

Returns:

one of "PKDSLabel", "ICSFToken"

Throws:

java.lang.IllegalStateException - if destroy() has been called in this key object

getEncoded

public byte[] getEncoded()

Returns a clone of the label if the key is in format PKDS, a clone of the token if the key is in format TOKEN.

Specified by:

getEncoded in interface java.security.Key

Returns:

PKDS record label or token. If a PKDS record label the bytes will be encoded in 8859_1 encoding.

Throws:

java.lang.IllegalStateException - if destroy() has been called in this key object

getToken

public byte[] getToken()

Returns a clone of the private key token.

Returns:

the value of keyLabel which is a token or a label. If a PKDS record label the bytes will be encoded in 8859_1 encoding.

Throws:

java.lang.IllegalStateException - if destroy() has been called in this key object

getLabelString

public java.lang.String getLabelString()
                                throws java.security.InvalidKeyException

Returns the PKDS record label if the key object is a PKDS type of key.

Returns:

The PKDS label. This value will be exactly what is used within the CCA key repository as a label, including trailing blanks.

Throws:

java.security.InvalidKeyException - If the key is not a PKDS type of key.

getType

public byte getType()

Return the key Type.

Returns:

byte the value of key Storage Type either KeyHWAttributeValues.PKDS KeyHWAttributeValues.MASTER or KeyHWAttributeValues.CLEAR.

Throws:

java.lang.IllegalStateException - if destroy() has been called in this key object

getUsage

public byte getUsage()

Return the key Usage.

Returns:

byte the value of key Storage Type

Throws:

java.lang.IllegalStateException - if destroy() has been called in this key object

deletePKDSEntry

public void deletePKDSEntry()
                     throws java.security.InvalidKeyException

This method is used to delete the PKDS information that is associated with this key object.

Throws:

java.security.InvalidKeyException - Key object is not PKDS type.

java.lang.RuntimeException - PKDS label length is incorrect

java.lang.RuntimeException - if the ICSF operation is not successful

java.lang.IllegalStateException - if destroy() has been called in this key object

destroy

public void destroy()
             throws javax.security.auth.DestroyFailedException

Destroy or clear sensitive information contained in this private key. This method destroys data stored in this java object. It does not delete key material from the PKDS.

Specified by:

destroy in interface javax.security.auth.Destroyable

Throws:

javax.security.auth.DestroyFailedException

isDestroyed

public boolean isDestroyed()

This method is called to determine whether this key object still contains key material.

Specified by:

isDestroyed in interface javax.security.auth.Destroyable

Returns:

true if destroy() has been called, otherwise false.