- java.lang.Object
-
- com.ibm.crypto.hdwrCCA.provider.DilithiumPrivateKey
-
- All Implemented Interfaces:
java.io.Serializable
,java.security.Key
,java.security.PrivateKey
,javax.security.auth.Destroyable
public class DilithiumPrivateKey extends java.lang.Object implements java.security.PrivateKey
A private key for the CRYSTALS-Dilithium algorithm. This key contains a token (which can be either a tokenized representation of a CLEAR key or a label to the stored key) and attributes (KeyHWAttributeValues, which include the key type and key usage).- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description DilithiumPrivateKey(byte[] keyToken, DilithiumKeyAttributes keyAttributes)
Creates a CRYSTALS-Dilithium private hardware key from a keytoken and key attributes.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
deletePKDSEntry()
This method is used to delete the PKDS information that is associated with this key object.void
destroy()
Destroy or clear sensitive information contained in this private key.java.lang.String
getAlgorithm()
Returns the algorithmbyte[]
getEncoded()
Returns a clone of the label if the key is in format PKDS, a clone of the token if the key is in format TOKEN.java.lang.String
getFormat()
Return the format for this key.java.lang.String
getLabelString()
Returns the PKDS record label if the key object is a PKDS type of key.byte[]
getToken()
Returns a clone of the private key token.byte
getType()
Return the key Type.byte
getUsage()
Return the key Usage.boolean
isDestroyed()
This method is called to determine whether this key object still contains key material.
-
-
-
Constructor Detail
-
DilithiumPrivateKey
public DilithiumPrivateKey(byte[] keyToken, DilithiumKeyAttributes keyAttributes)
Creates a CRYSTALS-Dilithium private hardware key from a keytoken and key attributes.- Parameters:
keyToken
- IBM CCA hardware token for this key. The label must conform to the character restrictions imposed by the platform you are executing on. In addition, when passed to this method as a byte array, it must be encoded using the "8859_1" code page. For example, if the label is "MyLabel" then the correct form for this parameter is "MyLabel".getBytes("8859_1")attribs
- indicates the key attributes associated with this key.
-
-
Method Detail
-
getAlgorithm
public java.lang.String getAlgorithm()
Returns the algorithm- Specified by:
getAlgorithm
in interfacejava.security.Key
- Returns:
- the algorithm
-
getFormat
public java.lang.String getFormat()
Return the format for this key.- Specified by:
getFormat
in interfacejava.security.Key
- Returns:
- one of "PKDSLabel", "ICSFToken"
- Throws:
java.lang.IllegalStateException
- if destroy() has been called in this key object
-
getEncoded
public byte[] getEncoded()
Returns a clone of the label if the key is in format PKDS, a clone of the token if the key is in format TOKEN.- Specified by:
getEncoded
in interfacejava.security.Key
- Returns:
- PKDS record label or token. If a PKDS record label the bytes will be encoded in 8859_1 encoding.
- Throws:
java.lang.IllegalStateException
- if destroy() has been called in this key object
-
getToken
public byte[] getToken()
Returns a clone of the private key token.- Returns:
- the value of keyLabel which is a token or a label. If a PKDS record label the bytes will be encoded in 8859_1 encoding.
- Throws:
java.lang.IllegalStateException
- if destroy() has been called in this key object
-
getLabelString
public java.lang.String getLabelString() throws java.security.InvalidKeyException
Returns the PKDS record label if the key object is a PKDS type of key.- Returns:
- The PKDS label. This value will be exactly what is used within the CCA key repository as a label, including trailing blanks.
- Throws:
java.security.InvalidKeyException
- If the key is not a PKDS type of key.
-
getType
public byte getType()
Return the key Type.- Returns:
- byte the value of key Storage Type either KeyHWAttributeValues.PKDS KeyHWAttributeValues.MASTER or KeyHWAttributeValues.CLEAR.
- Throws:
java.lang.IllegalStateException
- if destroy() has been called in this key object
-
getUsage
public byte getUsage()
Return the key Usage.- Returns:
- byte the value of key Storage Type
- Throws:
java.lang.IllegalStateException
- if destroy() has been called in this key object
-
deletePKDSEntry
public void deletePKDSEntry() throws java.security.InvalidKeyException
This method is used to delete the PKDS information that is associated with this key object.- Throws:
java.security.InvalidKeyException
- Key object is not PKDS type.java.lang.RuntimeException
- PKDS label length is incorrectjava.lang.RuntimeException
- if the ICSF operation is not successfuljava.lang.IllegalStateException
- if destroy() has been called in this key object
-
destroy
public void destroy() throws javax.security.auth.DestroyFailedException
Destroy or clear sensitive information contained in this private key. This method destroys data stored in this java object. It does not delete key material from the PKDS.- Specified by:
destroy
in interfacejavax.security.auth.Destroyable
- Throws:
javax.security.auth.DestroyFailedException
-
isDestroyed
public boolean isDestroyed()
This method is called to determine whether this key object still contains key material.- Specified by:
isDestroyed
in interfacejavax.security.auth.Destroyable
- Returns:
- true if destroy() has been called, otherwise false.
-
-