public abstract class CMPSoftwareCredentialReader extends CMPCredentialReader
Its purpose is to provide the common functionality required by its sub-classes.
DSASignature, ECDSASignature, PKIX4Version, PKIX5Version, RSASignature| Modifier and Type | Method and Description |
|---|---|
void |
setClientKeyGenerationUtil(KeyGenerationUtil keyGenerationUtil)
Sets a custom key generation utility that will be used for generating the
client generated asymmetric key pairs required during a create/recover
operation.
|
setClientKeyGenParams, setForceV1KeyPaircheckPwd, getTypepublic final void setClientKeyGenerationUtil(KeyGenerationUtil keyGenerationUtil)
This API allows the caller to replace the default software-based key generation utility with their own custom key generation utility. For example, to increase performance, a hardware accelerator based key generation utility can be supplied. Alternatively, a software-based key generation utility that pre-generates and caches key pairs could be employed.
The key generation utility must be capable of generating all client
generated keys required in the user's digital identity. The types of keys
are controlled by policy (role policy settings and certificate definition
policy settings). The keys produced by the key generation utility must
provide access to the key material through the getEncoded()
API. Additionally, the primary encoding format for generated public keys
must be "X.509", while the primary encoding format for generated private
keys must be "PKCS#8".
By default, a software-based key generation utility is used when a custom key generation utility is not provided via this API.
The key generation utility is used to generate the following keys during the create/recover operation:
Note: The key pair generation utility provided by this API is only used during the digital identity create/recover operation; it is not used during subsequent digital identity management operations.
keyGenerationUtil - a custom key generation utility