com.entrust.toolkit.pkcs11

Class SymmetricKeyType

java.lang.Object

com.entrust.toolkit.pkcs11.SymmetricKeyType

public class SymmetricKeyType
extends java.lang.Object

The class represents a PKCS#11 symmetric key type.

Currently, only the following symmetric key types are supported by the Toolkit on a PKCS#11 device.

• DES3
• AES
• SHA1_HMAC_NCIPHER NCipher Vendor defined KeyGen
• SHA224_HMAC_NCIPHER NCipher Vendor defined KeyGen
• SHA256_HMAC_NCIPHER NCipher Vendor defined KeyGen
• SHA384_HMAC_NCIPHER NCipher Vendor defined KeyGen
• SHA512_HMAC_NCIPHER NCipher Vendor defined KeyGen

Support for additional types can be added by using the registerSymmetricKeyType(int, SymmetricKeyType) method.

Since:

7.2 SP2 Patch

Field Summary

Fields

Modifier and Type	Field and Description
static SymmetricKeyType	AES Key type for AES secret keys (CKK_AES).
static int	CKK_AES The PKCS#11 key type indicator for AES secret keys.
static int	CKK_DES3 The PKCS#11 key type indicator for 3-key Triple DES secret keys.
static int	CKK_SHA_1_HMAC The PKCS#11 key type indicator for HMAC_224 Symmetric Keys.
static int	CKK_SHA224_HMAC The PKCS#11 key type indicator for HMAC_224 Symmetric Keys.
static int	CKK_SHA256_HMAC The PKCS#11 key type indicator for HMAC_256 Symmetric Keys.
static int	CKK_SHA384_HMAC The PKCS#11 key type indicator for HMAC_384 Symmetric Keys.
static int	CKK_SHA512_HMAC The PKCS#11 key type indicator for HMAC_512 Symmetric Keys.
static SymmetricKeyType	DES3 Key type for 3-key Triple DES secret keys (CKK_DES3).
static SymmetricKeyType	SHA1_HMAC_NCIPHER Key type for HMAC_SHA1 secret keys (CKK_SHA1_HMAC) Using NCIPHER vendor defined
static SymmetricKeyType	SHA224_HMAC_NCIPHER Key type for HMAC_224 secret keys (CKK_SHA224_HMAC) Using NCIPHER vendor defined
static SymmetricKeyType	SHA256_HMAC_NCIPHER Key type for HMAC_256 secret keys (CKK_SHA256_HMAC) Using NCIPHER vendor defined
static SymmetricKeyType	SHA384_HMAC_NCIPHER Key type for HMAC_224 secret keys (CKK_SHA384_HMAC) Using NCIPHER vendor defined
static SymmetricKeyType	SHA512_HMAC_NCIPHER Key type for HMAC_256 secret keys (CKK_SHA512_HMAC) Using NCIPHER vendor defined

Constructor Summary

Constructors

Constructor and Description
SymmetricKeyType(int p11KeyType, long p11KeyGenMechanism, java.lang.String algorithmName, int defaultLength, int[] keyLengths, boolean hasValueLenAttribute) The constructor; creates a new SymmetricKeyType instance.

Method Summary

Modifier and Type	Method and Description
java.lang.String	getAlgorithm() Returns the JCA name of the cipher algorithm this key is used with.
int	getDefaultLength() Return the default length, in bytes, of keys with this type.
static SymmetricKeyType	getInstance(int p11KeyType) Returns the SymmetricKeyType instance the the key type identified by the PKCS#11 key type indicator.
static java.util.Map<java.lang.Integer,SymmetricKeyType>	getRegisteredSymmetricKeyTypes() Get the underlying Map of RegisteredSymmetricKeyTypes.
boolean	hasValueLenAttribute() Indicates whether or not keys of this type have the CKA_VALUE_LEN attribute.
static void	registerSymmetricKeyType(int p11KeyType, SymmetricKeyType type) Convenience method to register a SymmetricKeyType for use with the toolkit.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CKK_DES3

public static final int CKK_DES3

The PKCS#11 key type indicator for 3-key Triple DES secret keys.

See Also:

Constant Field Values

CKK_AES

public static final int CKK_AES

The PKCS#11 key type indicator for AES secret keys.

See Also:

Constant Field Values

CKK_SHA_1_HMAC

public static final int CKK_SHA_1_HMAC

The PKCS#11 key type indicator for HMAC_224 Symmetric Keys.

See Also:

Constant Field Values

CKK_SHA224_HMAC

public static final int CKK_SHA224_HMAC

The PKCS#11 key type indicator for HMAC_224 Symmetric Keys.

See Also:

Constant Field Values

CKK_SHA256_HMAC

public static final int CKK_SHA256_HMAC

The PKCS#11 key type indicator for HMAC_256 Symmetric Keys.

See Also:

Constant Field Values

CKK_SHA384_HMAC

public static final int CKK_SHA384_HMAC

The PKCS#11 key type indicator for HMAC_384 Symmetric Keys.

See Also:

Constant Field Values

CKK_SHA512_HMAC

public static final int CKK_SHA512_HMAC

The PKCS#11 key type indicator for HMAC_512 Symmetric Keys.

See Also:

Constant Field Values

DES3

public static final SymmetricKeyType DES3

Key type for 3-key Triple DES secret keys (CKK_DES3).

AES

public static final SymmetricKeyType AES

Key type for AES secret keys (CKK_AES).

SHA1_HMAC_NCIPHER

public static final SymmetricKeyType SHA1_HMAC_NCIPHER

Key type for HMAC_SHA1 secret keys (CKK_SHA1_HMAC) Using NCIPHER vendor defined

SHA224_HMAC_NCIPHER

public static final SymmetricKeyType SHA224_HMAC_NCIPHER

Key type for HMAC_224 secret keys (CKK_SHA224_HMAC) Using NCIPHER vendor defined

SHA256_HMAC_NCIPHER

public static final SymmetricKeyType SHA256_HMAC_NCIPHER

Key type for HMAC_256 secret keys (CKK_SHA256_HMAC) Using NCIPHER vendor defined

SHA384_HMAC_NCIPHER

public static final SymmetricKeyType SHA384_HMAC_NCIPHER

Key type for HMAC_224 secret keys (CKK_SHA384_HMAC) Using NCIPHER vendor defined

SHA512_HMAC_NCIPHER

public static final SymmetricKeyType SHA512_HMAC_NCIPHER

Key type for HMAC_256 secret keys (CKK_SHA512_HMAC) Using NCIPHER vendor defined

Constructor Detail

SymmetricKeyType

public SymmetricKeyType(int p11KeyType,
                        long p11KeyGenMechanism,
                        java.lang.String algorithmName,
                        int defaultLength,
                        int[] keyLengths,
                        boolean hasValueLenAttribute)

The constructor; creates a new SymmetricKeyType instance.

Parameters:

p11KeyType - the PKCS#11 key type indicator

p11KeyGenMechanism - the PKCS11 key generation mechanism indicator

algorithmName - the JCA name of the cipher algorithm this key is used with

defaultLength - default length of the key, in bytes

keyLengths - the possible key lengths, in bytes, allowed for this key type

hasValueLenAttribute - indicates whether or not keys of this type have the CKA_VALUE_LEN attribute

Method Detail

getInstance

public static SymmetricKeyType getInstance(int p11KeyType)

Returns the SymmetricKeyType instance the the key type identified by the PKCS#11 key type indicator.

Parameters:

p11KeyType - the PKCS#11 key type indicator

Throws:

java.lang.IllegalArgumentException - if the identified key type is not supported

getRegisteredSymmetricKeyTypes

public static java.util.Map<java.lang.Integer,SymmetricKeyType> getRegisteredSymmetricKeyTypes()

Get the underlying Map of RegisteredSymmetricKeyTypes. This allows an application to inspect and modify the Map directly if required.

Returns:

the static Map of registered SymmetricKeyType objects.

registerSymmetricKeyType

public static void registerSymmetricKeyType(int p11KeyType,
                                            SymmetricKeyType type)

Convenience method to register a SymmetricKeyType for use with the toolkit. Calling this method is equivalent to calling SymmetricKeyType.getRegisteredSymmetricKeyTypes().put(Integer.valueOf(p11KeyType, type).

For example to register a vendor defined mechanism such as one defined by NCIPHER, you would do the following:

 //set vendor mechanism values
 long NFCK_VENDOR_NCIPHER = 0xde436972L;
 long CKM_NCIPHER = MechanismList.CKM_VENDOR_DEFINED | NFCK_VENDOR_NCIPHER;
 int CKK_SHA_1_HMAC = 0x00000028; 
 long CKM_NC_SHA1_HMAC_KEY_GEN = CKM_NCIPHER + 0x03L;
 //add the Mechanism into the toolkit 
 MechanismList.addMechanism(CKM_NC_SHA1_HMAC_KEY_GEN, "CKM_NC_SHA1_HMAC_KEY_GEN");
 //define the symmetricKeyType
 SymmetricKeyType SHA1_HMAC_NCIPHER = new SymmetricKeyType(CKK_SHA_1_HMAC, CKM_NC_SHA1_HMAC_KEY_GEN, "HMACSHA1NC", 20,
            new int[] { 20 }, true);
       //register the symmetric key type    
       SymmetricKeyType.registerSymmetricKeyType(CKK_SHA_1_HMAC, SHA1_HMAC_NCIPHER);     
 

If an existing registration already exists, it will be overwritten with the new registration.

Parameters:

p11KeyType - The PKCS11 Key Type specified by PKCS11

type - The Symmetric Key Type, which binds the PKCS11 type to the vendor defined key generation mechanism

getDefaultLength

public int getDefaultLength()

Return the default length, in bytes, of keys with this type.

When keys for the same algorithm can be of different lengths, e.g with AES, and PKCS#11 does not specify a default length, then the default length is the longest length supported by this key type.

Returns:

the default length, in bytes, of keys with this type

getAlgorithm

public java.lang.String getAlgorithm()

Returns the JCA name of the cipher algorithm this key is used with.

Returns:

the JCA algorithm name (e.g. AES)

hasValueLenAttribute

public boolean hasValueLenAttribute()

Indicates whether or not keys of this type have the CKA_VALUE_LEN attribute.

Returns:

true if the key has the CKA_VALUE_LEN attribute; false otherwise