High-level classes

The Toolkit's high-level API in the com.entrust.toolkit package and its sub-packages provides classes that implement frequently used cryptographic tasks. Because of their high abstraction level, these classes are generally more useful than their low-level IAIK or JCA counterparts. You will rarely need to use the raw JCA interfaces. The PKCS #7 classes extensively use streams to represent both sources and repositories of data.

The User class represents an entity, or end-user, in a PKI domain and is the primary class in the high-level API. By instantiating a user, you have access, through accessor methods, to:

• the User's public certificates,

• the User's private keys, a securely obtained copy of the Certification Authority's (CA) verification public certificate,

• methods that allow you to manage a User's credentials.

There is one User instance for each entity, but any number of end users can be logged in simultaneously without interfering with each other. If several threads run concurrently, each thread can access the single User instance. To ensure proper credentials management, only one thread has control of that User instance. See the following file for a threads sample:

The Toolkit provides the following custom cryptographic service providers (CSPs):

• the Entrust cryptographic service provider supports specialized implementations of the RSA, DSA, and ECDSA algorithms,

• the IAIK cryptographic service provider implements key generation, other utilities, and the most commonly used symmetric encryption algorithms and message digests (hash functions).