Module ibm.crypto.hdwrcca

Package com.ibm.crypto.hdwrCCA.provider

Class KyberPrivateKey

java.lang.Object

com.ibm.crypto.hdwrCCA.provider.KyberPrivateKey

All Implemented Interfaces:

Serializable, Key, PrivateKey, Destroyable

@Deprecated(since="21.0.11.0",
            forRemoval=true)
public class KyberPrivateKey
extends Object
implements PrivateKey

Deprecated, for removal: This API element is subject to removal in a future version.

Replaced by ML-KEM implementation. This CRYSTALS-Kyber implementation is deprecated and will be removed in a future release, in alignment with NIST's latest recommendations for post-quantum cryptography modernization. Users should transition to the finalized ML-KEM standards.

A private key for the CRYSTALS-Kyber algorithm. This key contains a token (which can be either a tokenized representation of a CLEAR key or a label to the stored key) and attributes (KeyHWAttributeValues, which include the key type and key usage).

See Also:

• MLKEMPrivateKey
• Serialized Form

Field Summary

Fields inherited from interface java.security.PrivateKey

serialVersionUID

Constructor Summary

Constructors

Constructor	Description
KyberPrivateKey(byte[] keyToken, KyberKeyAttributes keyAttributes)	Deprecated, for removal: This API element is subject to removal in a future version. Creates a CRYSTALS-Kyber private hardware key from a keytoken and key attributes.

Method Summary

Modifier and Type	Method	Description
void	deletePKDSEntry()	Deprecated, for removal: This API element is subject to removal in a future version. This method is used to delete the PKDS information that is associated with this key object.
void	destroy()	Deprecated, for removal: This API element is subject to removal in a future version. Destroy or clear sensitive information contained in this private key.
String	getAlgorithm()	Deprecated, for removal: This API element is subject to removal in a future version. Returns the algorithm
byte[]	getEncoded()	Deprecated, for removal: This API element is subject to removal in a future version. Returns a clone of the label if the key is in format PKDS, a clone of the token if the key is in format TOKEN.
String	getFormat()	Deprecated, for removal: This API element is subject to removal in a future version. Return the format for this key.
String	getLabelString()	Deprecated, for removal: This API element is subject to removal in a future version. Returns the PKDS record label if the key object is a PKDS type of key.
byte[]	getToken()	Deprecated, for removal: This API element is subject to removal in a future version. Returns a clone of the private key token.
byte	getType()	Deprecated, for removal: This API element is subject to removal in a future version. Return the key Type.
byte	getUsage()	Deprecated, for removal: This API element is subject to removal in a future version. Return the key Usage.
boolean	isDestroyed()	Deprecated, for removal: This API element is subject to removal in a future version. This method is called to determine whether this key object still contains key material.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

KyberPrivateKey

public KyberPrivateKey(byte[] keyToken,
 KyberKeyAttributes keyAttributes)

Deprecated, for removal: This API element is subject to removal in a future version.

Creates a CRYSTALS-Kyber private hardware key from a keytoken and key attributes.

Parameters:

keyToken - IBM CCA hardware token for this key. The label must conform to the character restrictions imposed by the platform you are executing on. In addition, when passed to this method as a byte array, it must be encoded using the "8859_1" code page. For example, if the label is "MyLabel" then the correct form for this parameter is "MyLabel".getBytes("8859_1")

attribs - indicates the key attributes associated with this key.

Method Details

getAlgorithm

public String getAlgorithm()

Deprecated, for removal: This API element is subject to removal in a future version.

Returns the algorithm

Specified by:

getAlgorithm in interface Key

Returns:

the algorithm

getFormat

public String getFormat()

Deprecated, for removal: This API element is subject to removal in a future version.

Return the format for this key.

Specified by:

getFormat in interface Key

Returns:

one of "PKDSLabel", "ICSFToken"

Throws:

IllegalStateException - if destroy() has been called in this key object

getEncoded

public byte[] getEncoded()

Deprecated, for removal: This API element is subject to removal in a future version.

Returns a clone of the label if the key is in format PKDS, a clone of the token if the key is in format TOKEN.

Specified by:

getEncoded in interface Key

Returns:

PKDS record label or token. If a PKDS record label the bytes will be encoded in 8859_1 encoding.

Throws:

IllegalStateException - if destroy() has been called in this key object

getToken

public byte[] getToken()

Deprecated, for removal: This API element is subject to removal in a future version.

Returns a clone of the private key token.

Returns:

the value of keyLabel which is a token or a label. If a PKDS record label the bytes will be encoded in 8859_1 encoding.

Throws:

IllegalStateException - if destroy() has been called in this key object

getLabelString

public String getLabelString()
                      throws InvalidKeyException

Deprecated, for removal: This API element is subject to removal in a future version.

Returns the PKDS record label if the key object is a PKDS type of key.

Returns:

The PKDS label. This value will be exactly what is used within the CCA key repository as a label, including trailing blanks.

Throws:

InvalidKeyException - If the key is not a PKDS type of key.

getType

public byte getType()

Deprecated, for removal: This API element is subject to removal in a future version.

Return the key Type.

Returns:

byte the value of key Storage Type either KeyHWAttributeValues.PKDS KeyHWAttributeValues.MASTER or KeyHWAttributeValues.CLEAR.

Throws:

IllegalStateException - if destroy() has been called in this key object

getUsage

public byte getUsage()

Deprecated, for removal: This API element is subject to removal in a future version.

Return the key Usage.

Returns:

byte the value of key Storage Type

Throws:

IllegalStateException - if destroy() has been called in this key object

deletePKDSEntry

public void deletePKDSEntry()
                     throws InvalidKeyException

Deprecated, for removal: This API element is subject to removal in a future version.

This method is used to delete the PKDS information that is associated with this key object.

Throws:

InvalidKeyException - Key object is not PKDS type.

RuntimeException - PKDS label length is incorrect

RuntimeException - if the ICSF operation is not successful

IllegalStateException - if destroy() has been called in this key object

destroy

public void destroy()
             throws DestroyFailedException

Deprecated, for removal: This API element is subject to removal in a future version.

Destroy or clear sensitive information contained in this private key. This method destroys data stored in this java object. It does not delete key material from the PKDS.

Specified by:

destroy in interface Destroyable

Throws:

DestroyFailedException

isDestroyed

public boolean isDestroyed()

Deprecated, for removal: This API element is subject to removal in a future version.

This method is called to determine whether this key object still contains key material.

Specified by:

isDestroyed in interface Destroyable

Returns:

true if destroy() has been called, otherwise false.