Module ibm.crypto.hdwrcca
Package com.ibm.crypto.hdwrCCA.provider

Class AESKey

java.lang.Object
com.ibm.crypto.hdwrCCA.provider.AESKey
All Implemented Interfaces:
Serializable, Key, SecretKey, Destroyable
public class AESKey extends Object implements SecretKey
This class represents an AES key.
See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    cleaner()
    Call the class IBMJCECCACleaner to clean up the bytes of this key, ICSF token, or CKDS label.
    void
    deleteCKDSEntry()
    Delete the CKDS entry associated with this key object if this is a "CKDSLabel" key object.
    boolean
    equals(Object obj)
    Performs a deep compare to determine whether the given object represents a key identical to the key represented by this object.
    String
    getAlgorithm()
    Returns the encryption algorithm associated with this key object.
    protected boolean
    getCanBeStored()
    Returns whether this key object is eligible to be stored in a keystore.
    byte[]
    getEncoded()
    Returns a clone of the encoded key value for a "RAW" type key, or an ICSF token for an "ICSFToken" type key, or a CKDS label for a "CKDSLabel" type key.
    String
    getFormat()
    Returns the key type or key format of this key object, either "RAW", "ICSFToken" or "CKDSLabel".
    String
    getLabelString()
    Returns a copy of the CKDS label associated with this key object if this is a "CKDSLabel" key object.
    byte[]
    getPairedExternalToken()
    Returns the paired ICSF token in an exported form, wrapped by an EXPORTER key.
    byte[]
    getToken()
    Returns a clone of the ICSF token associated with this key object if this is an "ICSFToken" key object.
    int
    hashCode()
    Calculates a hash code value for this key object.
    protected void
    setCanBeStored(boolean value)
    Sets whether this key object is eligible to be stored in a keystore.

    Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface javax.security.auth.Destroyable

    destroy, isDestroyed

  • Method Details

    • getEncoded

      public byte[] getEncoded()
      Returns a clone of the encoded key value for a "RAW" type key, or an ICSF token for an "ICSFToken" type key, or a CKDS label for a "CKDSLabel" type key.

      Note that this method returns a clone of sensitive information. It is the caller's responsibility to zero out the information after it is no longer needed.

      Specified by:
      getEncoded in interface Key
      Returns:
      a clone of the encoded key value if key type is "RAW". If the key type is "ICSFToken" or "CKDSLabel", then an ICSF token or a CKDS label will be returned, respectively. If a CKDS label is returned it will be returned in the IBM-1047 codepage. If an error is encountered, null is returned.

    • getToken

      public byte[] getToken() throws InvalidKeyException
      Returns a clone of the ICSF token associated with this key object if this is an "ICSFToken" key object.

      Note that this method returns a clone of sensitive information. It is the caller's responsibility to zero out the information after it is no longer needed.

      Returns:
      a clone of the ICSF token if this is an "ICSFToken" key object.
      Throws:
      InvalidKeyException - if this is not an "ICSFToken" key object.

    • getLabelString

      public String getLabelString() throws InvalidKeyException
      Returns a copy of the CKDS label associated with this key object if this is a "CKDSLabel" key object.
      Returns:
      a copy of the CKDS label if this is a "CKDSLabel" key object. This value will be exactly what is used within the CCA key repository as a label, including trailing blanks.
      Throws:
      InvalidKeyException - if this is not a "CKDSLabel" key object.

    • getPairedExternalToken

      public byte[] getPairedExternalToken()
      Returns the paired ICSF token in an exported form, wrapped by an EXPORTER key.

      ICSF may generate symmetric keys in pairs, such as Key Encrypting Keys (KEK). Key encrypting keys are always generated in either EXPORTER/IMPORTER or IMPORTER/EXPORTER key pairs.

      For keys that are generated in pairs, the key forms currently supported is OPEX. This means that the first key (or the primary key) is an operational key on the key generating system, and the second key (or the paired key) is a non-operational key in exportable form.

      This method returns the second (or the paired) key, which is in ICSF external symmetric key token format and is a non-operational key wrapped by an EXPORTER key.

      Returns:
      the paired ICSF token in an exported form, wrapped by an EXPORTER key.

    • getAlgorithm

      public String getAlgorithm()
      Returns the encryption algorithm associated with this key object.
      Specified by:
      getAlgorithm in interface Key
      Returns:
      the String value "AES".

    • getFormat

      public String getFormat()
      Returns the key type or key format of this key object, either "RAW", "ICSFToken" or "CKDSLabel".
      Specified by:
      getFormat in interface Key
      Returns:
      the key type of this key object. Either "RAW", "ICSFToken" or "CKDSLabel".

    • setCanBeStored

      protected void setCanBeStored(boolean value)
      Sets whether this key object is eligible to be stored in a keystore.
      Parameters:
      value - true if this key can be stored in a keystore, false otherwise.

    • getCanBeStored

      protected boolean getCanBeStored()
      Returns whether this key object is eligible to be stored in a keystore. The default value is true unless set by setCanBeStored(boolean) to false.
      Returns:
      true if the key can be stored in a keystore, false otherwise.

    • deleteCKDSEntry

      public void deleteCKDSEntry() throws InvalidKeyException
      Delete the CKDS entry associated with this key object if this is a "CKDSLabel" key object.
      Throws:
      InvalidKeyException - if this is not a "CKDSLabel" key object.
      RuntimeException - if there is an error while deleting the CKDS entry.

    • hashCode

      public int hashCode()
      Calculates a hash code value for this key object. Objects that are equal will also have the same hash value.
      Overrides:
      hashCode in class Object
      Returns:
      the hash code value for this key object.

    • equals

      public boolean equals(Object obj)
      Performs a deep compare to determine whether the given object represents a key identical to the key represented by this object.
      Overrides:
      equals in class Object
      Parameters:
      obj - The object to compare to this key object
      Returns:
      true if the given object is equal to this key object, false otherwise.

    • cleaner

      protected void cleaner()
      Call the class IBMJCECCACleaner to clean up the bytes of this key, ICSF token, or CKDS label.