- java.lang.Object
-
- com.ibm.crypto.hdwrCCA.provider.KDFParameterSpec
-
- All Implemented Interfaces:
java.security.spec.AlgorithmParameterSpec
public class KDFParameterSpec extends java.lang.Object implements java.security.spec.AlgorithmParameterSpec
This class specifies the set of parameters to be used during the key derivation step of the Diffie-Hellman key agreement algorithm.
-
-
Constructor Summary
Constructors Constructor Description KDFParameterSpec(int keySize, byte[] sharedInfo)
Constructs a parameter set to be used during the key derivation step of the Diffie-Hellman key agreement algorithm.KDFParameterSpec(int keySize, byte[] sharedInfo, SymmetricKeyConstants.KeyType keyType, java.lang.String ckdsLabel, SymmetricKeyConstants.KeyUsage keyUsage)
Constructs a parameter set to be used during the key derivation step of the Diffie-Hellman key agreement algorithm.KDFParameterSpec(int keySize, byte[] sharedInfo, SymmetricKeyConstants.KeyType keyType, java.lang.String ckdsLabel, SymmetricKeyConstants.KeyUsage keyUsage, boolean NoCvKEK)
Constructs a parameter set to be used during the key derivation step of the Diffie-Hellman key agreement algorithm.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
getCKDSLabel()
Returns the user provided CKDS label.int
getKeySize()
Return the size of the secret key to derive using Diffie-Hellman.SymmetricKeyConstants.KeyType
getKeyType()
Returns the type of key to derive using Diffie-Hellman.SymmetricKeyConstants.KeyUsage
getKeyUsage()
Returns the usage of key to derive using Diffie-Hellman.boolean
getNoCvKEK()
Returns the value of the NoCvKEK option for the key to derive using Diffie-Hellman.byte[]
getSharedInfo()
Return a clone of the information shared by the participants of the Diffie-Hellman key agreement.
-
-
-
Constructor Detail
-
KDFParameterSpec
public KDFParameterSpec(int keySize, byte[] sharedInfo)
Constructs a parameter set to be used during the key derivation step of the Diffie-Hellman key agreement algorithm.By default, keys will be derived as
SymmetricKeyConstants.KeyType.PROTECTED
keys. The default key usage of the derived keys depends on the key algorithm of the key to be derived.- Parameters:
keySize
- the size of the secret key to derive using Diffie-Hellman. It must be between 56 and 2048sharedInfo
- the information shared by the participants of the Diffie-Hellman key agreement. It must be between 8 and 64 bytes long. If no information will be shared by the participants, null may be specified- Throws:
java.lang.IllegalArgumentException
- ifkeySize
orsharedInfo
does not contain acceptable values.- See Also:
KDFParameterSpec(int, byte[], KeyType, String, KeyUsage)
-
KDFParameterSpec
public KDFParameterSpec(int keySize, byte[] sharedInfo, SymmetricKeyConstants.KeyType keyType, java.lang.String ckdsLabel, SymmetricKeyConstants.KeyUsage keyUsage)
Constructs a parameter set to be used during the key derivation step of the Diffie-Hellman key agreement algorithm.By default, keys will be derived as
SymmetricKeyConstants.KeyType.PROTECTED
keys if null is specified for thekeyType
parameter. If thekeyUsage
parameter is null, the default key usage of the key algorithm of the key to be derived will be used. The default key usage for the DES and Triple-DES key algorithms isSymmetricKeyConstants.KeyUsage.OP_CIPHER
, and the default key usage for the AES key algorithm isSymmetricKeyConstants.KeyUsage.OP_DATA
.- Parameters:
keySize
- the size of the secret key to derive using Diffie-Hellman. It must be between 56 and 2048sharedInfo
- the information shared by the participants of the Diffie-Hellman key agreement. It must be between 8 and 64 bytes long. If no information will be shared between the participants, null may be specifiedkeyType
- the type of key to derive, this must be eitherSymmetricKeyConstants.KeyType.PROTECTED
orSymmetricKeyConstants.KeyType.CKDS
.SymmetricKeyConstants.KeyType.CLEAR
bypasses key derivation and is currently not supported. To let the Diffie-Hellman key agreement service determine the default type of key to derive, a null may be specifiedckdsLabel
- an optional user provided CKDS label. This field will be ignored when deriving aPROTECTED
key. If this parameter is null and deriving aCKDS
key, a random CKDS label will be generated and usedkeyUsage
- the key usage attribute of the derived key, this must be a single operational key. To let the Diffie-Hellman key agreement service determine the default key usage attribute of the derived key based on the key algorithm, a null may be specified. Valid key usage attribute for DES keys isSymmetricKeyConstants.KeyUsage.OP_CIPHER
. Valid key usage attributes for Triple-DES keys areSymmetricKeyConstants.KeyUsage.OP_CIPHER
,SymmetricKeyConstants.KeyUsage.OP_EXPORTER
, andSymmetricKeyConstants.KeyUsage.OP_IMPORTER
. Valid key usage attributes for AES keys areSymmetricKeyConstants.KeyUsage.OP_DATA
,SymmetricKeyConstants.KeyUsage.OP_EXPORTER
, andSymmetricKeyConstants.KeyUsage.OP_IMPORTER
.- Throws:
java.lang.IllegalArgumentException
- ifkeySize
,sharedInfo
,keyType
,ckdsLabel
, orkeyUsage
does not contain acceptable values.
-
KDFParameterSpec
public KDFParameterSpec(int keySize, byte[] sharedInfo, SymmetricKeyConstants.KeyType keyType, java.lang.String ckdsLabel, SymmetricKeyConstants.KeyUsage keyUsage, boolean NoCvKEK)
Constructs a parameter set to be used during the key derivation step of the Diffie-Hellman key agreement algorithm.By default, keys will be derived as
SymmetricKeyConstants.KeyType.PROTECTED
keys if null is specified for thekeyType
parameter. If thekeyUsage
parameter is null, the default key usage of the key algorithm of the key to be derived will be used. The default key usage for the DES and Triple-DES key algorithms isSymmetricKeyConstants.KeyUsage.OP_CIPHER
, and the default key usage for the AES key algorithm isSymmetricKeyConstants.KeyUsage.OP_DATA
.- Parameters:
keySize
- the size of the secret key to derive using Diffie-Hellman. It must be between 56 and 2048sharedInfo
- the information shared by the participants of the Diffie-Hellman key agreement. It must be between 8 and 64 bytes long. If no information will be shared between the participants, null may be specifiedkeyType
- the type of key to derive, this must be eitherSymmetricKeyConstants.KeyType.PROTECTED
orSymmetricKeyConstants.KeyType.CKDS
.SymmetricKeyConstants.KeyType.CLEAR
bypasses key derivation and is currently not supported. To let the Diffie-Hellman key agreement service determine the default type of key to derive, a null may be specifiedckdsLabel
- an optional user provided CKDS label. This field will be ignored when deriving aPROTECTED
key. If this parameter is null and deriving aCKDS
key, a random CKDS label will be generated and usedkeyUsage
- the key usage attribute of the derived key, this must be a single operational key. To let the Diffie-Hellman key agreement service determine the default key usage attribute of the derived key based on the key algorithm, a null may be specified. Valid key usage attribute for DES keys isSymmetricKeyConstants.KeyUsage.OP_CIPHER
. Valid key usage attributes for Triple-DES keys areSymmetricKeyConstants.KeyUsage.OP_CIPHER
,SymmetricKeyConstants.KeyUsage.OP_EXPORTER
, andSymmetricKeyConstants.KeyUsage.OP_IMPORTER
. Valid key usage attributes for AES keys areSymmetricKeyConstants.KeyUsage.OP_DATA
,SymmetricKeyConstants.KeyUsage.OP_EXPORTER
, andSymmetricKeyConstants.KeyUsage.OP_IMPORTER
.NoCvKEK
- specifies whether the CKDS key encrypting key should be created with the NoCvKEK option. This is only valid for a DESede key encrypting key in the CKDS. It is usually true only if the derived key encrypting key will be used to export a key to an non-z/OS system or import a key from a non-z/OS system.- Throws:
java.lang.IllegalArgumentException
- ifkeySize
,sharedInfo
,keyType
,ckdsLabel
, orkeyUsage
does not contain acceptable values.java.lang.IllegalArgumentException
- ifNoCvKEK
istrue
andkeyUsage
orkeyType
does not contain acceptable values.
-
-
Method Detail
-
getKeySize
public int getKeySize()
Return the size of the secret key to derive using Diffie-Hellman.- Returns:
- the size of the secret key to derive using Diffie-Hellman
-
getSharedInfo
public byte[] getSharedInfo()
Return a clone of the information shared by the participants of the Diffie-Hellman key agreement.Note that this method returns a clone of sensitive information. It is the caller's responsibility to zero out the information after it is no longer needed.
- Returns:
- A clone of the information shared by the participants of the Diffie-Hellman key agreement
-
getKeyType
public SymmetricKeyConstants.KeyType getKeyType()
Returns the type of key to derive using Diffie-Hellman.- Returns:
- the type of key to derive using Diffie-Hellman.
-
getCKDSLabel
public java.lang.String getCKDSLabel()
Returns the user provided CKDS label.- Returns:
- the user provided CKDS label.
-
getKeyUsage
public SymmetricKeyConstants.KeyUsage getKeyUsage()
Returns the usage of key to derive using Diffie-Hellman.- Returns:
- the usage of key to derive using Diffie-Hellman.
-
getNoCvKEK
public boolean getNoCvKEK()
Returns the value of the NoCvKEK option for the key to derive using Diffie-Hellman.- Returns:
- the value of the NoCvKEK option for the key to derive using Diffie-Hellman.
-
-