Class DilithiumPrivateKey

  • All Implemented Interfaces:
    java.io.Serializable, java.security.Key, java.security.PrivateKey, javax.security.auth.Destroyable

    public class DilithiumPrivateKey
    extends java.lang.Object
    implements java.security.PrivateKey
    A private key for the CRYSTALS-Dilithium algorithm. This key contains a token (which can be either a tokenized representation of a CLEAR key or a label to the stored key) and attributes (KeyHWAttributeValues, which include the key type and key usage).
    See Also:
    Serialized Form
    • Field Summary

      • Fields inherited from interface java.security.PrivateKey

        serialVersionUID
    • Constructor Summary

      Constructors 
      Constructor Description
      DilithiumPrivateKey​(byte[] keyToken, DilithiumKeyAttributes keyAttributes)
      Creates a CRYSTALS-Dilithium private hardware key from a keytoken and key attributes.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void deletePKDSEntry()
      This method is used to delete the PKDS information that is associated with this key object.
      void destroy()
      Destroy or clear sensitive information contained in this private key.
      java.lang.String getAlgorithm()
      Returns the algorithm
      byte[] getEncoded()
      Returns a clone of the label if the key is in format PKDS, a clone of the token if the key is in format TOKEN.
      java.lang.String getFormat()
      Return the format for this key.
      java.lang.String getLabelString()
      Returns the PKDS record label if the key object is a PKDS type of key.
      byte[] getToken()
      Returns a clone of the private key token.
      byte getType()
      Return the key Type.
      byte getUsage()
      Return the key Usage.
      boolean isDestroyed()
      This method is called to determine whether this key object still contains key material.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • DilithiumPrivateKey

        public DilithiumPrivateKey​(byte[] keyToken,
                                   DilithiumKeyAttributes keyAttributes)
        Creates a CRYSTALS-Dilithium private hardware key from a keytoken and key attributes.
        Parameters:
        keyToken - IBM CCA hardware token for this key. The label must conform to the character restrictions imposed by the platform you are executing on. In addition, when passed to this method as a byte array, it must be encoded using the "8859_1" code page. For example, if the label is "MyLabel" then the correct form for this parameter is "MyLabel".getBytes("8859_1")
        attribs - indicates the key attributes associated with this key.
    • Method Detail

      • getAlgorithm

        public java.lang.String getAlgorithm()
        Returns the algorithm
        Specified by:
        getAlgorithm in interface java.security.Key
        Returns:
        the algorithm
      • getFormat

        public java.lang.String getFormat()
        Return the format for this key.
        Specified by:
        getFormat in interface java.security.Key
        Returns:
        one of "PKDSLabel", "ICSFToken"
        Throws:
        java.lang.IllegalStateException - if destroy() has been called in this key object
      • getEncoded

        public byte[] getEncoded()
        Returns a clone of the label if the key is in format PKDS, a clone of the token if the key is in format TOKEN.
        Specified by:
        getEncoded in interface java.security.Key
        Returns:
        PKDS record label or token. If a PKDS record label the bytes will be encoded in 8859_1 encoding.
        Throws:
        java.lang.IllegalStateException - if destroy() has been called in this key object
      • getToken

        public byte[] getToken()
        Returns a clone of the private key token.
        Returns:
        the value of keyLabel which is a token or a label. If a PKDS record label the bytes will be encoded in 8859_1 encoding.
        Throws:
        java.lang.IllegalStateException - if destroy() has been called in this key object
      • getLabelString

        public java.lang.String getLabelString()
                                        throws java.security.InvalidKeyException
        Returns the PKDS record label if the key object is a PKDS type of key.
        Returns:
        The PKDS label. This value will be exactly what is used within the CCA key repository as a label, including trailing blanks.
        Throws:
        java.security.InvalidKeyException - If the key is not a PKDS type of key.
      • getType

        public byte getType()
        Return the key Type.
        Returns:
        byte the value of key Storage Type either KeyHWAttributeValues.PKDS KeyHWAttributeValues.MASTER or KeyHWAttributeValues.CLEAR.
        Throws:
        java.lang.IllegalStateException - if destroy() has been called in this key object
      • getUsage

        public byte getUsage()
        Return the key Usage.
        Returns:
        byte the value of key Storage Type
        Throws:
        java.lang.IllegalStateException - if destroy() has been called in this key object
      • deletePKDSEntry

        public void deletePKDSEntry()
                             throws java.security.InvalidKeyException
        This method is used to delete the PKDS information that is associated with this key object.
        Throws:
        java.security.InvalidKeyException - Key object is not PKDS type.
        java.lang.RuntimeException - PKDS label length is incorrect
        java.lang.RuntimeException - if the ICSF operation is not successful
        java.lang.IllegalStateException - if destroy() has been called in this key object
      • destroy

        public void destroy()
                     throws javax.security.auth.DestroyFailedException
        Destroy or clear sensitive information contained in this private key. This method destroys data stored in this java object. It does not delete key material from the PKDS.
        Specified by:
        destroy in interface javax.security.auth.Destroyable
        Throws:
        javax.security.auth.DestroyFailedException
      • isDestroyed

        public boolean isDestroyed()
        This method is called to determine whether this key object still contains key material.
        Specified by:
        isDestroyed in interface javax.security.auth.Destroyable
        Returns:
        true if destroy() has been called, otherwise false.