Module ibm.crypto.hdwrcca
Package com.ibm.crypto.hdwrCCA.provider

Class KyberPrivateKey

java.lang.Object
com.ibm.crypto.hdwrCCA.provider.KyberPrivateKey
All Implemented Interfaces:
Serializable, Key, PrivateKey, Destroyable
public class KyberPrivateKey extends Object implements PrivateKey
A private key for the CRYSTALS-Kyber algorithm. This key contains a token (which can be either a tokenized representation of a CLEAR key or a label to the stored key) and attributes (KeyHWAttributeValues, which include the key type and key usage).
See Also:

  • Field Summary

    Fields inherited from interface java.security.PrivateKey

    serialVersionUID

  • Constructor Summary

    Constructors
    Constructor
    Description
    KyberPrivateKey(byte[] keyToken, KyberKeyAttributes keyAttributes)
    Creates a CRYSTALS-Kyber private hardware key from a keytoken and key attributes.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    deletePKDSEntry()
    This method is used to delete the PKDS information that is associated with this key object.
    void
    destroy()
    Destroy or clear sensitive information contained in this private key.
    String
    getAlgorithm()
    Returns the algorithm
    byte[]
    getEncoded()
    Returns a clone of the label if the key is in format PKDS, a clone of the token if the key is in format TOKEN.
    String
    getFormat()
    Return the format for this key.
    String
    getLabelString()
    Returns the PKDS record label if the key object is a PKDS type of key.
    byte[]
    getToken()
    Returns a clone of the private key token.
    byte
    getType()
    Return the key Type.
    byte
    getUsage()
    Return the key Usage.
    boolean
    isDestroyed()
    This method is called to determine whether this key object still contains key material.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • KyberPrivateKey

      public KyberPrivateKey(byte[] keyToken, KyberKeyAttributes keyAttributes)
      Creates a CRYSTALS-Kyber private hardware key from a keytoken and key attributes.
      Parameters:
      keyToken - IBM CCA hardware token for this key. The label must conform to the character restrictions imposed by the platform you are executing on. In addition, when passed to this method as a byte array, it must be encoded using the "8859_1" code page. For example, if the label is "MyLabel" then the correct form for this parameter is "MyLabel".getBytes("8859_1")
      attribs - indicates the key attributes associated with this key.

  • Method Details

    • getAlgorithm

      public String getAlgorithm()
      Returns the algorithm
      Specified by:
      getAlgorithm in interface Key
      Returns:
      the algorithm

    • getFormat

      public String getFormat()
      Return the format for this key.
      Specified by:
      getFormat in interface Key
      Returns:
      one of "PKDSLabel", "ICSFToken"
      Throws:
      IllegalStateException - if destroy() has been called in this key object

    • getEncoded

      public byte[] getEncoded()
      Returns a clone of the label if the key is in format PKDS, a clone of the token if the key is in format TOKEN.
      Specified by:
      getEncoded in interface Key
      Returns:
      PKDS record label or token. If a PKDS record label the bytes will be encoded in 8859_1 encoding.
      Throws:
      IllegalStateException - if destroy() has been called in this key object

    • getToken

      public byte[] getToken()
      Returns a clone of the private key token.
      Returns:
      the value of keyLabel which is a token or a label. If a PKDS record label the bytes will be encoded in 8859_1 encoding.
      Throws:
      IllegalStateException - if destroy() has been called in this key object

    • getLabelString

      public String getLabelString() throws InvalidKeyException
      Returns the PKDS record label if the key object is a PKDS type of key.
      Returns:
      The PKDS label. This value will be exactly what is used within the CCA key repository as a label, including trailing blanks.
      Throws:
      InvalidKeyException - If the key is not a PKDS type of key.

    • getType

      public byte getType()
      Return the key Type.
      Returns:
      byte the value of key Storage Type either KeyHWAttributeValues.PKDS KeyHWAttributeValues.MASTER or KeyHWAttributeValues.CLEAR.
      Throws:
      IllegalStateException - if destroy() has been called in this key object

    • getUsage

      public byte getUsage()
      Return the key Usage.
      Returns:
      byte the value of key Storage Type
      Throws:
      IllegalStateException - if destroy() has been called in this key object

    • deletePKDSEntry

      public void deletePKDSEntry() throws InvalidKeyException
      This method is used to delete the PKDS information that is associated with this key object.
      Throws:
      InvalidKeyException - Key object is not PKDS type.
      RuntimeException - PKDS label length is incorrect
      RuntimeException - if the ICSF operation is not successful
      IllegalStateException - if destroy() has been called in this key object

    • destroy

      public void destroy() throws DestroyFailedException
      Destroy or clear sensitive information contained in this private key. This method destroys data stored in this java object. It does not delete key material from the PKDS.
      Specified by:
      destroy in interface Destroyable
      Throws:
      DestroyFailedException

    • isDestroyed

      public boolean isDestroyed()
      This method is called to determine whether this key object still contains key material.
      Specified by:
      isDestroyed in interface Destroyable
      Returns:
      true if destroy() has been called, otherwise false.