The KeyFactory
class
The KeyFactory
class is an engine class that is designed to provide
opaque cryptographic keys (objects of type Key
) and key specifications (transparent
representations of the underlying key material).
AES
The IBMJCECCA provider supports a key type for AES keys that were stored previously in CCA key
storage areas such as the CKDS on z/OS®. The keys are objects
of type SecretKey
. The SecretKeyFactory
can be used to generate a
key of this type from a KeyLabelKeySpec
that contains the CCA label for the
key.
Other keySpec
classes that are supported by the AES KeyFactory
class include the
AESKeySpec
and the SecretKeySpec
.
DES
The IBMJCECCA provider supports a key type for DES keys that were stored previously in CCA key
storage areas such as the CKDS on z/OS. The keys are objects
of type SecretKey
. The SecretKeyFactory
can be used to generate a
key of this type from a KeyLabelKeySpec
containing the CCA label for the key.
Other keySpec
classes that are supported by the DES KeyFactory
include the DESKeySpec
and the SecretKeySpec
.
Triple DES (also known as DESede and 3DES)
The IBMJCECCA provider supports a key type for triple DES keys that were stored previously in CCA
key storage areas such as the CKDS on z/OS. The keys are
objects of type SecretKey
. The SecretKeyFactory
can be used to
generate a key of this type from a KeyLabelKeySpec
containing the CCA label for the
key.
Other keySpec
classes that are supported by the triple DES
KeyFactory
include the DESedeKeySpec
and the
SecretKeySpec
.
HMAC
The IBMJCECCA provider supports a key type for HMAC keys that were stored previously in CCA key
storage areas such as the CKDS on z/OS. The keys are objects
of type SecretKey
. The SecretKeyFactory
can be used to generate a
key of this type from a KeyLabelKeySpec
containing the CCA label for the key.
SecretKeyFactory
HMAC algorithms that are supported by the IBMJCECCA provider
are HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384, and HMACSHA512.
DSA
The IBMJCECCA provider supports a key type for DSA private hardware keys that is similar to the
DSA Private keys available in software providers. DSA private hardware keys are objects of type
DSAPrivateHWKey
. The corresponding DSA public keys are objects of type
DSAPublicKey
.
The KeyFactory
class can be used to generate a DSA Private hardware key from a
DSAPrivateKeyHWSpec
. The KeyFactory
can also be used to generate a
DSA public key from a DSAPublicKeySpec
or an
X509EncodedKeySpec
.
The KeyFactory
class can also derive a DSAPrivateKeyHWSpec
from
a DSA Private hardware key or a DSAPublicKeySpec
or
X509PublicKeySpec
from a DSA public key.
RSA
The IBMJCECCA provider adds a new key type for RSA private hardware keys that is similar to the
RSA Private keys available in software providers. RSA private hardware keys are objects of type
RSAPrivateHWKey
. The corresponding RSA public keys are objects of type
RSAPublicKey
.
The KeyFactory
class can be used to generate an RSA private hardware key from a
RSAPrivateHWKeySpec
, RSAPrivateCrtKeySpec
,
RSAPrivateKeySpec
, or KeyLabelKeySpec
. The
KeyFactory
can also be used to generate an RSA public key from an
RSAPublicKeySpec
, X509EncodedKeySpec
, or
KeyLabelKeySpec
. Keys that already in the CCA key storage area can also be created
by passing a KeyLabelKeySpec
to the RSA KeyFactory
.
The KeyFactory
class can also derive an RSAPrivateKeyHWSpec
from an RSA private hardware key or an RSAPublicKeySpec
or
X509PublicKeySpec
from an RSA public key.
EC
The IBMJCECCA provider adds a new key type for EC private hardware keys that is similar to the EC
Private keys available in software providers. EC private hardware keys are objects of type
ECPrivateHWKey
. The corresponding EC public keys are objects of type
ECPublicKey
.
The KeyFactory
class can be used to generate an EC private hardware key from an
ECPrivateHWKeySpec
, PKCS8EncodedKeySpec
,
ECPrivateKeySpec
, or KeyLabelKeySpec
. The
KeyFactory
class can also be used to generate an EC public key from an
ECPublicKeySpec
, X509EncodedKeySpec
, or
KeyLabelKeySpec
. Keys that are already in the CCA key storage area can be created
by passing a KeyLabelKeySpec
to the EC KeyFactory
class.
The KeyFactory
class can also derive an ECPrivateHWKeySpec
or
KeyLabelKeySpec
from an EC private hardware key, or an
ECPublicKeySpec
or X509EncodedKeySpec
from an EC public key.
Note that a RSAPrivateKeyHWSpec
, DSAPrivateKeyHWSpec
, and
ECPrivateHWKeySpec
are valid only on the system where the private key was
originally generated. Private hardware keys cannot be moved from the system on which they are
generated to another system. This is true for all private hardware keys, including clear private
keys, and is part of the security that is provided for them.