com.entrust.toolkit.keychain

Class KeychainKey

java.lang.Object

com.entrust.toolkit.credentials.Handle

com.entrust.toolkit.keychain.KeychainHandle

com.entrust.toolkit.keychain.KeychainKey

public class KeychainKey
extends KeychainHandle

This class encapsulates information about a handle to a KeyChain Key object.

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

Since:

9.0

Field Summary

Fields inherited from class com.entrust.toolkit.credentials.Handle

m_handle

Method Summary

Modifier and Type	Method and Description
void	close() Close the handle to the native key object, releasing memory.
java.security.PublicKey	exportPublicKey() Exports the public key from the Keychain FIPS 140-2: FIPS Service: Key Input/Output (logical port) This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces: control input interface (API call) data output interface (return value) status output interface (exceptions)
static java.security.KeyPair	generateKeyPair(EntrustAsymKeyType keyType) Generates a key pair in the Keychain FIPS 140-2: FIPS Service: Key Generation This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 crypto officer role and accesses the following FIPS 140-2 logical interfaces: control input interface (API call, parameters) data input interface (parameters) data output interface (return value) status output interface (exceptions)
java.lang.String	getAlgorithmName() Returns the algorithm associated with this key, or null if the algorithm is not recognized.
static KeychainKey	getInstance(X509Certificate cert) Creates and returns a KeychainKey object associated with a public/private key pair that already exists in the Keychain FIPS 140-2: FIPS Service: Query Object This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces: control input interface (API call, parameters) status output interface (exceptions)
byte[]	getKeyChainAttributeTypeAndValue(KeychainAttribute attribute) Gets the value of a parameter associated with this key in the JniKeyChain.
java.security.spec.AlgorithmParameterSpec	getParams()
static KeychainKey	importPrivateKeyAndCert(java.security.PrivateKey key, java.lang.String keychainLabel, X509Certificate cert, java.lang.String certLabel, boolean exportable, java.lang.String keychainContainerName, SecureStringBuffer password) Import the private key and Certificate into the Keychain.
void	setKeyAttribute(KeychainAttributeTypeAndValue keychainAttrTypeAndValue) Sets the value of a parameter associated with this key in the KeyChain.

Methods inherited from class com.entrust.toolkit.keychain.KeychainHandle

debugInfo, debugInfo, equals, setExtendedDebugging

Methods inherited from class com.entrust.toolkit.credentials.Handle

clearHandle, finalize, getHandle, hashCode

Methods inherited from class java.lang.Object

clone, getClass, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static KeychainKey getInstance(X509Certificate cert)
                               throws KeychainException

Creates and returns a KeychainKey object associated with a public/private key pair that already exists in the Keychain

FIPS 140-2:

FIPS Service: Query Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• status output interface (exceptions)

Parameters:

cert - [FIPS 140-2 control input] the X509Certificate of the associated private key that resides in the Keychain

Returns:

[FIPS 140-2 status output] an initialized CryptKey object.

Throws:

KeychainException - [FIPS 140-2 status output] if the key could not be created.

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

See Also:

MSDN library documentation for CryptGetUserKey

importPrivateKeyAndCert

public static KeychainKey importPrivateKeyAndCert(java.security.PrivateKey key,
                                                  java.lang.String keychainLabel,
                                                  X509Certificate cert,
                                                  java.lang.String certLabel,
                                                  boolean exportable,
                                                  java.lang.String keychainContainerName,
                                                  SecureStringBuffer password)
                                           throws KeychainException

Import the private key and Certificate into the Keychain. Return a handle to the KeychainKey of the Private Key that is now in the Keychain.

Parameters:

key - The PrivateKey to add into the Keychain

keychainLabel - The label to add the Keychain key

cert - The certificate

certLabel - the label for the Certificate in the Keychain

exportable - A boolean value to indicate if it is exportable

keychainContainerName - A containerName to use to for Keychain key

password - A password used to store the key

Returns:

Throws:

KeychainException

generateKeyPair

public static java.security.KeyPair generateKeyPair(EntrustAsymKeyType keyType)
                                             throws KeychainException

Generates a key pair in the Keychain

FIPS 140-2:

FIPS Service: Key Generation

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 crypto officer role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• data input interface (parameters)
• data output interface (return value)
• status output interface (exceptions)

Parameters:

keyType - [FIPS 140-2 data input] the key type; identifies the type of key pair (e.g. RSA-1024) being generated

Returns:

[FIPS 140-2 data output] [FIPS 140-2 CSP] the key pair; contains a Keychain representation of the private key and a software-based representation of the public key

Throws:

KeychainException - [FIPS 140-2 status output] if the key pair generation operation fails

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

Since:

9.0

close

public void close()

Close the handle to the native key object, releasing memory. No further calls can be made to this object after calling this method.

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• status output interface (exceptions)

Specified by:

close in class Handle

getAlgorithmName

public java.lang.String getAlgorithmName()
                                  throws KeychainException

Returns the algorithm associated with this key, or null if the algorithm is not recognized.

FIPS 140-2:

FIPS Service: Query Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data output interface (return value)
• status output interface (exceptions)

Returns:

[FIPS 140-2 data output] the algorithm associated with this key.

Throws:

KeychainException - [FIPS 140-2 status output] if the call to CryptGetKeyParam to obtain the key algorithm id fails.

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

getParams

public java.security.spec.AlgorithmParameterSpec getParams()
                                                    throws KeychainException

Returns:

any parameters associated with this KeychainKey

Throws:

KeychainException

getKeyChainAttributeTypeAndValue

public byte[] getKeyChainAttributeTypeAndValue(KeychainAttribute attribute)
                                        throws KeychainException

Gets the value of a parameter associated with this key in the JniKeyChain.

FIPS 140-2:

FIPS Service: Query Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• data output interface (return value)
• status output interface (exceptions)

Parameters:

attribute - [FIPS 140-2 control input] The Keychain attribute to set with this key;

Returns:

[FIPS 140-2 data output] the value of the requested key parameter

Throws:

KeychainException - [FIPS 140-2 status output] if the key parameter get operation fails

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

Since:

9.0

exportPublicKey

public java.security.PublicKey exportPublicKey()
                                        throws KeychainException

Exports the public key from the Keychain

FIPS 140-2:

FIPS Service: Key Input/Output (logical port)

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data output interface (return value)
• status output interface (exceptions)

Returns:

[FIPS 140-2 data output] [FIPS 140-2 CSP] a software-based representation of the public key

Throws:

KeychainException - [FIPS 140-2 status output] if the public key export operation fails

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

Since:

9.0

setKeyAttribute

public void setKeyAttribute(KeychainAttributeTypeAndValue keychainAttrTypeAndValue)
                     throws KeychainException

Sets the value of a parameter associated with this key in the KeyChain.

FIPS 140-2:

FIPS Service: Query Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• data input interface (parameters)
• status output interface (exceptions)

Parameters:

keychainAttrTypeAndValue - [FIPS 140-2 control input] A keychain attribute type and value settings for this Key

keyParamValue - [FIPS 140-2 data input] the value of the key parameter being set

Throws:

KeychainException - [FIPS 140-2 status output]if the key parameter set operation fails

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

Since:

9.0