Class AESKey

  • All Implemented Interfaces:
    java.io.Serializable, java.security.Key, javax.crypto.SecretKey, javax.security.auth.Destroyable

    public class AESKey
    extends java.lang.Object
    implements javax.crypto.SecretKey
    This class represents an AES key.
    See Also:
    Serialized Form
    • Method Summary

      All Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      void deleteCKDSEntry()
      Delete the CKDS entry associated with this key object if this is a "CKDSLabel" key object.
      boolean equals​(java.lang.Object obj)
      Performs a deep compare to determine whether the given object represents a key identical to the key represented by this object.
      protected void finalize()
      Deprecated.
      java.lang.String getAlgorithm()
      Returns the encryption algorithm associated with this key object.
      protected boolean getCanBeStored()
      Returns whether this key object is eligible to be stored in a keystore.
      byte[] getEncoded()
      Returns a clone of the encoded key value for a "RAW" type key, or an ICSF token for an "ICSFToken" type key, or a CKDS label for a "CKDSLabel" type key.
      java.lang.String getFormat()
      Returns the key type or key format of this key object, either "RAW", "ICSFToken" or "CKDSLabel".
      byte[] getLabel()
      Deprecated.
      This method is being replaced by the method getLabelString()
      java.lang.String getLabelString()
      Returns a copy of the CKDS label associated with this key object if this is a "CKDSLabel" key object.
      byte[] getPairedExternalToken()
      Returns the paired ICSF token in an exported form, wrapped by an EXPORTER key.
      byte[] getToken()
      Returns a clone of the ICSF token associated with this key object if this is an "ICSFToken" key object.
      int hashCode()
      Calculates a hash code value for this key object.
      protected void setCanBeStored​(boolean value)
      Sets whether this key object is eligible to be stored in a keystore.
      • Methods inherited from class java.lang.Object

        clone, getClass, notify, notifyAll, toString, wait, wait, wait
      • Methods inherited from interface javax.security.auth.Destroyable

        destroy, isDestroyed
    • Method Detail

      • getEncoded

        public byte[] getEncoded()
        Returns a clone of the encoded key value for a "RAW" type key, or an ICSF token for an "ICSFToken" type key, or a CKDS label for a "CKDSLabel" type key.

        Note that this method returns a clone of sensitive information. It is the caller's responsibility to zero out the information after it is no longer needed.

        Specified by:
        getEncoded in interface java.security.Key
        Returns:
        a clone of the encoded key value if key type is "RAW". If the key type is "ICSFToken" or "CKDSLabel", then an ICSF token or a CKDS label will be returned, respectively. If a CKDS label is returned it will be returned in the IBM-1047 codepage. If an error is encountered, null is returned.
      • getToken

        public byte[] getToken()
                        throws java.security.InvalidKeyException
        Returns a clone of the ICSF token associated with this key object if this is an "ICSFToken" key object.

        Note that this method returns a clone of sensitive information. It is the caller's responsibility to zero out the information after it is no longer needed.

        Returns:
        a clone of the ICSF token if this is an "ICSFToken" key object.
        Throws:
        java.security.InvalidKeyException - if this is not an "ICSFToken" key object.
      • getLabel

        @Deprecated
        public byte[] getLabel()
                        throws java.security.InvalidKeyException
        Deprecated.
        This method is being replaced by the method getLabelString()
        Returns a clone of the CKDS label associated with this key object if this is a "CKDSLabel" key object.
        Returns:
        a clone of the CKDS label if this is a "CKDSLabel" key object. The label will be returned in the IBM-1047 codepage.
        Throws:
        java.security.InvalidKeyException - if this is not a "CKDSLabel" key object.
      • getLabelString

        public java.lang.String getLabelString()
                                        throws java.security.InvalidKeyException
        Returns a copy of the CKDS label associated with this key object if this is a "CKDSLabel" key object.
        Returns:
        a copy of the CKDS label if this is a "CKDSLabel" key object. This value will be exactly what is used within the CCA key repository as a label, including trailing blanks.
        Throws:
        java.security.InvalidKeyException - if this is not a "CKDSLabel" key object.
      • getPairedExternalToken

        public byte[] getPairedExternalToken()
        Returns the paired ICSF token in an exported form, wrapped by an EXPORTER key.

        ICSF may generate symmetric keys in pairs, such as Key Encrypting Keys (KEK). Key encrypting keys are always generated in either EXPORTER/IMPORTER or IMPORTER/EXPORTER key pairs.

        For keys that are generated in pairs, the key forms currently supported is OPEX. This means that the first key (or the primary key) is an operational key on the key generating system, and the second key (or the paired key) is a non-operational key in exportable form.

        This method returns the second (or the paired) key, which is in ICSF external symmetric key token format and is a non-operational key wrapped by an EXPORTER key.

        Returns:
        the paired ICSF token in an exported form, wrapped by an EXPORTER key.
      • getAlgorithm

        public java.lang.String getAlgorithm()
        Returns the encryption algorithm associated with this key object.
        Specified by:
        getAlgorithm in interface java.security.Key
        Returns:
        the String value "AES".
      • getFormat

        public java.lang.String getFormat()
        Returns the key type or key format of this key object, either "RAW", "ICSFToken" or "CKDSLabel".
        Specified by:
        getFormat in interface java.security.Key
        Returns:
        the key type of this key object. Either "RAW", "ICSFToken" or "CKDSLabel".
      • setCanBeStored

        protected void setCanBeStored​(boolean value)
        Sets whether this key object is eligible to be stored in a keystore.
        Parameters:
        value - true if this key can be stored in a keystore, false otherwise.
      • getCanBeStored

        protected boolean getCanBeStored()
        Returns whether this key object is eligible to be stored in a keystore. The default value is true unless set by setCanBeStored(boolean) to false.
        Returns:
        true if the key can be stored in a keystore, false otherwise.
      • deleteCKDSEntry

        public void deleteCKDSEntry()
                             throws java.security.InvalidKeyException
        Delete the CKDS entry associated with this key object if this is a "CKDSLabel" key object.
        Throws:
        java.security.InvalidKeyException - if this is not a "CKDSLabel" key object.
        java.lang.RuntimeException - if there is an error while deleting the CKDS entry.
      • hashCode

        public int hashCode()
        Calculates a hash code value for this key object. Objects that are equal will also have the same hash value.
        Overrides:
        hashCode in class java.lang.Object
        Returns:
        the hash code value for this key object.
      • equals

        public boolean equals​(java.lang.Object obj)
        Performs a deep compare to determine whether the given object represents a key identical to the key represented by this object.
        Overrides:
        equals in class java.lang.Object
        Parameters:
        obj - The object to compare to this key object
        Returns:
        true if the given object is equal to this key object, false otherwise.
      • finalize

        @Deprecated
        protected void finalize()
        Deprecated.
        Sets the bytes of this key, ICSF token, or CKDS label to zero when there are no more references to this key object. This method is called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
        Overrides:
        finalize in class java.lang.Object