Package org.mozilla.jss.pkcs11
Class PK11KeyPairGenerator
- java.lang.Object
-
- org.mozilla.jss.crypto.KeyPairGeneratorSpi
-
- org.mozilla.jss.pkcs11.PK11KeyPairGenerator
-
public final class PK11KeyPairGenerator extends KeyPairGeneratorSpi
A Key Pair Generator implemented using PKCS #11.- See Also:
PQGParams
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.mozilla.jss.crypto.KeyPairGeneratorSpi
KeyPairGeneratorSpi.Usage
-
-
Field Summary
Fields Modifier and Type Field Description static org.slf4j.Logger
logger
static PQGParams
PQG1024
Pre-cooked PQG values for 1024-bit keypairs, along with the seed, counter, and H values needed to verify them.static PQGParams
PQG512
Pre-cooked PQG values for 512-bit keypairs, along with the seed, counter, and H values needed to verify them.static PQGParams
PQG768
Pre-cooked PQG values for 768-bit keypairs, along with the seed, counter, and H values needed to verify them.
-
Constructor Summary
Constructors Constructor Description PK11KeyPairGenerator(PK11Token token, KeyPairAlgorithm algorithm)
Constructor for PK11KeyPairGenerator.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
extractablePairs(boolean extractable)
java.security.KeyPair
generateKeyPair()
Generates a key pair on a token.int
getCurveCodeByName(java.lang.String curveName)
void
initialize(int strength, java.security.SecureRandom random)
Initializes this KeyPairGenerator with the given key strength.void
initialize(java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
Initializes this KeyPairGenerator with the given algorithm-specific parameters.boolean
keygenOnInternalToken()
void
sensitivePairs(boolean sensitive)
void
setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages, KeyPairGeneratorSpi.Usage[] usages_mask)
Sets the requested key usages desired for the generated key pair.void
temporaryPairs(boolean temp)
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
PQG1024
public static final PQGParams PQG1024
Pre-cooked PQG values for 1024-bit keypairs, along with the seed, counter, and H values needed to verify them.
-
PQG768
public static final PQGParams PQG768
Pre-cooked PQG values for 768-bit keypairs, along with the seed, counter, and H values needed to verify them.
-
PQG512
public static final PQGParams PQG512
Pre-cooked PQG values for 512-bit keypairs, along with the seed, counter, and H values needed to verify them.
-
-
Constructor Detail
-
PK11KeyPairGenerator
public PK11KeyPairGenerator(PK11Token token, KeyPairAlgorithm algorithm) throws java.security.NoSuchAlgorithmException, TokenException
Constructor for PK11KeyPairGenerator.- Parameters:
token
- The PKCS #11 token that the keypair will be generated on.algorithm
- The type of key that will be generated. Currently,KeyPairAlgorithm.RSA
,KeyPairAlgorithm.DSA
andKeyPairAlgorithm.EC
are supported.- Throws:
java.security.NoSuchAlgorithmException
TokenException
-
-
Method Detail
-
initialize
public void initialize(int strength, java.security.SecureRandom random) throws java.security.InvalidParameterException
Initializes this KeyPairGenerator with the given key strength.For DSA key generation, pre-cooked PQG values will be used be used if the key size is 512, 768, or 1024. Otherwise, an InvalidParameterException will be thrown.
- Specified by:
initialize
in classKeyPairGeneratorSpi
- Parameters:
strength
- The strength (size) of the keys that will be generated.random
- Ignored- Throws:
java.security.InvalidParameterException
- If the key strength is not supported by the algorithm or this implementation.
-
initialize
public void initialize(java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random) throws java.security.InvalidAlgorithmParameterException
Initializes this KeyPairGenerator with the given algorithm-specific parameters.- Specified by:
initialize
in classKeyPairGeneratorSpi
- Parameters:
params
- The algorithm-specific parameters that will govern key pair generation.random
- Ignored- Throws:
java.security.InvalidAlgorithmParameterException
- If the parameters are inappropriate for the key type or are not supported by this implementation.
-
generateKeyPair
public java.security.KeyPair generateKeyPair() throws TokenException
Generates a key pair on a token. Uses parameters if they were passed in through a call toinitialize
, otherwise uses defaults.- Specified by:
generateKeyPair
in classKeyPairGeneratorSpi
- Returns:
- Throws:
TokenException
-
keygenOnInternalToken
public boolean keygenOnInternalToken()
- Specified by:
keygenOnInternalToken
in classKeyPairGeneratorSpi
- Returns:
- true if the keypair generation will be done on the internal token and then moved to this token.
-
temporaryPairs
public void temporaryPairs(boolean temp)
- Specified by:
temporaryPairs
in classKeyPairGeneratorSpi
-
sensitivePairs
public void sensitivePairs(boolean sensitive)
- Specified by:
sensitivePairs
in classKeyPairGeneratorSpi
-
extractablePairs
public void extractablePairs(boolean extractable)
- Specified by:
extractablePairs
in classKeyPairGeneratorSpi
-
setKeyPairUsages
public void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages, KeyPairGeneratorSpi.Usage[] usages_mask)
Sets the requested key usages desired for the generated key pair. This allows the caller to suggest how NSS generates the key pair.- Specified by:
setKeyPairUsages
in classKeyPairGeneratorSpi
- Parameters:
usages
- List of desired key usages.usages_mask
- Corresponding mask for the key usages. if a usages is desired, make sure it is in the mask as well.
-
getCurveCodeByName
public int getCurveCodeByName(java.lang.String curveName) throws java.security.InvalidParameterException
- Specified by:
getCurveCodeByName
in classKeyPairGeneratorSpi
- Throws:
java.security.InvalidParameterException
-
-