Module ibm.crypto.hdwrcca

Package com.ibm.crypto.hdwrCCA.provider

Class DSAPrivateHWKey

java.lang.Object

com.ibm.security.pkcsutil.PKCSDerObject

com.ibm.security.pkcs8.PrivateKeyInfo

com.ibm.crypto.hdwrCCA.provider.DSAPrivateHWKey

All Implemented Interfaces:

Serializable, Cloneable, Key, PrivateKey, Destroyable

public final class DSAPrivateHWKey
extends com.ibm.security.pkcs8.PrivateKeyInfo
implements Serializable

A private hardware key for the DSA Algorithm. This key contains a label to the stored key and attributes (KeyHWAttributeValues, which include the key type and key usage).

See Also:

• Serialized Form

Field Summary

Fields inherited from class com.ibm.security.pkcs8.PrivateKeyInfo

algid, attributes, encodedKeyNoOptional, key, version

Fields inherited from class com.ibm.security.pkcsutil.PKCSDerObject

provider

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	DSAPrivateHWKey(byte[] encoded)	This function can not be used to create a hardware private DSA key.
protected	DSAPrivateHWKey(byte[] token, BigInteger p, BigInteger q, BigInteger g, DSAKeyHWAttributes attribs)	Creates a DSA private key from the following parameters.

Method Summary

Modifier and Type	Method	Description
void	deletePKDSEntry()	This method is used to delete the PKDS information that is associated with this key object.
void	destroy()	Destroy or clear sensitive information contained in this private key.
byte[]	getEncoded()	Return the label if the key is in format PKDS or RETAIN, the token if the key is in format TOKEN.
DSAParams	getParams()	Returns the DSA parameters associated with this key, or null if the parameters could not be parsed.
byte[]	getToken()	Returns the private key Token.
byte	getType()	Returns where the key is actually stored the card or the PKDS.
BigInteger	getX()	This function has no meaning for Hardware based keys, but is required by the interface.
boolean	isDestroyed()	This method is called to determine whether this key object still contains key material.
protected void	parseKeyBits()	This routine parses a PKCS8 encoded string and verifies it for IBM hardware private key.
String	toString()	Returns a string containing a concise, human-readable description of the receiver.

Methods inherited from class com.ibm.security.pkcs8.PrivateKeyInfo

addAttribute, addAttributes, clone, decode, encode, equals, finalize, getAlgorithm, getAlgorithmId, getAttribute, getAttributes, getEncodedKeyNoOptionalAttributes, getFormat, getKeyBytes, hasAttribute, hasAttributes, hashCode, parseKey, parseKey

Methods inherited from class com.ibm.security.pkcsutil.PKCSDerObject

decode, encode, getObjectIdentifier, read, readBASE64, write, write, writeBASE64

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Constructor Details

DSAPrivateHWKey

protected DSAPrivateHWKey(byte[] token,
 BigInteger p,
 BigInteger q,
 BigInteger g,
 DSAKeyHWAttributes attribs)
                   throws InvalidKeyException

Creates a DSA private key from the following parameters.

Parameters:

token - the byte array that represents the key in the hardware. Only PKDS keys can be created, so the token is the byte representation of the key label. It must conform to the character restrictions imposed by ICSF. In addition, when passed to this method as a byte array, it must be encoded using the "8859_1" code page. For example, if the label is "MyLabel" then the correct form for this parameter is "MyLabel".getBytes("8859_1").

p - is the modulus for this key.

q - is the prime Q for this key.

g - is the prime G for this key.

attribs - are the hardware key attributes to be associated with this key.

Throws:

InvalidKeyException - could not DER encode key. Made protected for use by KeyFactories

DSAPrivateHWKey

protected DSAPrivateHWKey(byte[] encoded)
                   throws InvalidKeyException

This function can not be used to create a hardware private DSA key. It is just here because it is required by the interface.

Parameters:

encoded - the encoded parameters.

Throws:

InvalidKeyException - the key could not decode the key. Made protected for use by KeyFactories

Method Details

getParams

public DSAParams getParams()

Returns the DSA parameters associated with this key, or null if the parameters could not be parsed.

Returns:

DSAParams the DSA parameter of this instance.

Throws:

IllegalStateException - if destroy() has been called in this key object

getX

public BigInteger getX()
                throws UnsupportedOperationException

This function has no meaning for Hardware based keys, but is required by the interface.

Returns:

This function only throws the exception UnsupportedOperationException.

Throws:

UnsupportedOperationException - is always thrown.

getEncoded

public byte[] getEncoded()

Return the label if the key is in format PKDS or RETAIN, the token if the key is in format TOKEN.

Specified by:

getEncoded in interface Key

Overrides:

getEncoded in class com.ibm.security.pkcs8.PrivateKeyInfo

Returns:

label or token. If a label is returned it will be in the 8859_1 encoding.

Throws:

IllegalStateException - if destroy() has been called in this key object

getToken

public byte[] getToken()

Returns the private key Token.

Returns:

byte [] the value of key token. If a label is returned it will be in the 8859_1 encoding.

Throws:

IllegalStateException - if destroy() has been called in this key object

getType

public byte getType()

Returns where the key is actually stored the card or the PKDS.

Returns:

byte the value of key Storage Type either KeyHWAttributeValues.PKDS or KeyHWAttributeValues.CLEAR.

Throws:

IllegalStateException - if destroy() has been called in this key object

parseKeyBits

protected void parseKeyBits()
                     throws IOException

This routine parses a PKCS8 encoded string and verifies it for IBM hardware private key. If the encoding is not correct an exception is thrown.

Overrides:

parseKeyBits in class com.ibm.security.pkcs8.PrivateKeyInfo

Throws:

IOException - the encoded key could not be parsed correctly.

IllegalStateException - if destroy() has been called in this key object

deletePKDSEntry

public void deletePKDSEntry()
                     throws InvalidKeyException

This method is used to delete the PKDS information that is associated with this key object.

Throws:

InvalidKeyException - Key object is not PKDS type.

RuntimeException - PKDS label length is incorrect

RuntimeException - if the ICSF operation is not successful

IllegalStateException - if destroy() has been called in this key object

toString

public String toString()

Returns a string containing a concise, human-readable description of the receiver.

Overrides:

toString in class com.ibm.security.pkcs8.PrivateKeyInfo

Returns:

String the private key in readable form.

Throws:

IllegalStateException - if destroy() has been called in this key object

destroy

public void destroy()
             throws DestroyFailedException

Destroy or clear sensitive information contained in this private key. This method is required because the class implements ECPrivateKey, which implements Destroyable. This method destroys data stored in this java object. It does not delete key material from the PKDS.

Specified by:

destroy in interface Destroyable

Throws:

DestroyFailedException

isDestroyed

public boolean isDestroyed()

This method is called to determine whether this key object still contains key material.

Specified by:

isDestroyed in interface Destroyable

Returns:

true if destroy() has been called, otherwise false.