com.entrust.toolkit.roaming.speke

Class SPEKEKeyAgreement

java.lang.Object

javax.crypto.KeyAgreementSpi

iaik.security.dh.DHKeyAgreement

com.entrust.toolkit.roaming.speke.SPEKEKeyAgreement

public class SPEKEKeyAgreement
extends DHKeyAgreement

A software based implementation of the Simple Password Exponential Key Exchange (SPEKE) key agreement algorithm.

This class SHOULD NOT be used directly; it should only be used through the JCA/JCE.

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

See Also:

SPEKEParameterSpec, SPEKEKeyPairGenerator, SPEKEPrivateKey, SPEKEPublicKey

Constructor Summary

Constructors

Constructor and Description
SPEKEKeyAgreement() The constructor; creates a new instance of the SPEKE key agreement algorithm.

Method Summary

Methods

Modifier and Type	Method and Description
protected java.security.Key	engineDoPhase(java.security.Key key, boolean lastPhase) Executes the next phase of this key agreement with the given key that was received from one of the other parties involved in this key agreement.
protected byte[]	engineGenerateSecret() Generates the shared secret and returns it in a new buffer.
protected void	engineInit(java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random) Initializes this key agreement with the given key, set of algorithm parameters, and source of randomness.
protected void	engineInit(java.security.Key key, java.security.SecureRandom random) Initializes this key agreement with the given key and source of randomness.

Methods inherited from class iaik.security.dh.DHKeyAgreement

engineGenerateSecret, engineGenerateSecret

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SPEKEKeyAgreement

public SPEKEKeyAgreement()

The constructor; creates a new instance of the SPEKE key agreement algorithm.

Applications should never use this constructor, instead the key agreement algorithm should be requested from the appropriate JCA/JCE cryptographic service provider as follows: KeyAgreement.getInstance("SPEKE", "Entrust").

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• status output interface (exceptions)

Method Detail

engineInit

protected void engineInit(java.security.Key key,
              java.security.SecureRandom random)
                   throws java.security.InvalidKeyException

Description copied from class: DHKeyAgreement

Initializes this key agreement with the given key and source of randomness. The given key is required to contain all the algorithm parameters required for this key agreement.

If the key agreement algorithm requires random bytes, it gets them from the given source of randomness, random. However, if the underlying algorithm implementation does not require any random bytes, random is ignored.

FIPS 140-2:

FIPS Service: Initialization

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• data input interface (parameters)
• status output interface (exceptions)

Overrides:

engineInit in class DHKeyAgreement

Parameters:

key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the party's private information. For example, in the case of the Diffie-Hellman key agreement, this would be the party's own Diffie-Hellman private key.

random - [FIPS 140-2 control input] the source of randomness

Throws:

java.security.InvalidKeyException - [FIPS 140-2 status output] if the given key is inappropriate for this key agreement, e.g., is of the wrong type or has an incompatible algorithm type.

engineInit

protected void engineInit(java.security.Key key,
              java.security.spec.AlgorithmParameterSpec params,
              java.security.SecureRandom random)
                   throws java.security.InvalidKeyException

Description copied from class: DHKeyAgreement

Initializes this key agreement with the given key, set of algorithm parameters, and source of randomness.

FIPS 140-2:

FIPS Service: Initialization

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• data input interface (parameters)
• status output interface (exceptions)

Overrides:

engineInit in class DHKeyAgreement

Parameters:

key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the party's private information. For example, in the case of the Diffie-Hellman key agreement, this would be the party's own Diffie-Hellman private key.

params - [FIPS 140-2 data input] the key agreement parameters

random - [FIPS 140-2 control input] the source of randomness

Throws:

java.security.InvalidKeyException - [FIPS 140-2 status output] if the given key is inappropriate for this key agreement, e.g., is of the wrong type or has an incompatible algorithm type.

engineDoPhase

protected java.security.Key engineDoPhase(java.security.Key key,
                              boolean lastPhase)
                                   throws java.security.InvalidKeyException,
                                          java.lang.SecurityException

Description copied from class: DHKeyAgreement

Executes the next phase of this key agreement with the given key that was received from one of the other parties involved in this key agreement.

FIPS 140-2:

FIPS Service: Key Agreement (scheme/primitive)

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• data input interface (parameters)
• data output interface (return value)
• status output interface (exceptions)

Overrides:

engineDoPhase in class DHKeyAgreement

Parameters:

key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the key for this phase. For example, in the case of Diffie-Hellman between 2 parties, this would be the other party's Diffie-Hellman public key.

lastPhase - [FIPS 140-2 control input] flag which indicates whether or not this is the last phase of this key agreement.

Returns:

[FIPS 140-2 data output] [FIPS 140-2 CSP] the (intermediate) key resulting from this phase, or null if this phase does not yield a key

Throws:

java.security.InvalidKeyException - [FIPS 140-2 status output] if the given key is inappropriate for this phase.

java.lang.SecurityException

engineGenerateSecret

protected byte[] engineGenerateSecret()

Description copied from class: DHKeyAgreement

Generates the shared secret and returns it in a new buffer.

This method resets this KeyAgreementSpi object, so that it can be reused for further key agreements. Unless this key agreement is reinitialized with one of the engineInit methods, the same private information and algorithm parameters will be used for subsequent key agreements.

FIPS 140-2:

FIPS Service: Key Agreement (scheme/primitive)

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data output interface (return value)
• status output interface (exceptions)

Overrides:

engineGenerateSecret in class DHKeyAgreement

Returns:

[FIPS 140-2 data output] [FIPS 140-2 CSP] the new buffer with the shared secret