TripleDESKeyWrap ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- javax.crypto.CipherSpi
- - iaik.security.cipher.TripleDESKeyWrap

```
public class TripleDESKeyWrap
extends javax.crypto.CipherSpi
```
This class implements the CMS TripleDES key wrap algorithm.
RFC 2630 (Cryptographic Message Syntax) (Section 12.6.2, 12.6.3) specifies the TripleDES key wrap algorithm for wrapping TripleDES content encryption keys with TripleDES key encryption keys when using the KeyAgreeRecipientInfo or KEKRecipientInfo choice for providing recipient specific information when encrypting data using the EnvelopedData type.
Since this class only can be used for wrapping/unwrapping secret content encryption keys an application only can call methods wrap and unwrap of the corresponding Cipher object. Any attempt to call a update or doFinal method will cause a RuntimeException to be thrown. A CMS key wrap (unwrap) procedure involves two encryption (decryption) operations, both run in CBC mode. The first encryption step uses a random IV and the second encryption step uses a fixed IV of 0x4adda22c79e82105. Correspondingly the first decryption step uses a fixed IV (0x4adda22c79e82105) and the second decryption step uses the random IV recovered from the first decryption. When calling an engineInit method any parameters supplied are ignored; this CMS TripleDes key wrap cipher implementation itself takes care for using the right IV for the right en/decryption step. When calling method getIV or getParameters this class always returns null since a TripleDES CMS key wrap cipher does not include parameters in its algorithm id.
When creating a new CMS TripleDES key wrap Cipher object you only may provide the name of the key wrap cipher ("DESedeWrapDESede"). Any cipher mode (always uses CBC) or padding (does the padding itself) specification is ignored.
For example, wrapping a Triple-DES content encryption key using a Triple-DES key encryption key typically may be done as follows:
```
 // the content encryption key to be wrapped:
 SecretKey cek = ...;
 // the key encryption key to be used:
 SecretKey kek = ...;
 // get a TripleDES key wrap cipher:
 Cipher c = Cipher.getInstance("DESedeWrapDESede");
 // init with the key encryption key
 c.init(Cipher.WRAP_MODE, kek);
 // wrap the content encryption key:
 byte[] wrappedCek = c.wrap(cek);
 
```
For unwrapping the key init the Cipher in unwrap mode:
```
 Cipher c = Cipher.getInstance("DESedeWrapDESede");
 // init with the key encryption key
 c.init(Cipher.UNWRAP_MODE, kek);
 // unwrap the wrapped content encryption key:
 Key unwrappedCek = c.unwrap(wrappedCek, "DESede", Cipher.SECRET_KEY);
 
```
This class SHOULD NOT be used directly; it should only be used through the JCA/JCE.

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

Field Summary

Fields
Modifier and Type Field and Description

static byte[] CMS_KEY_WRAP_IV
The IV for the last encryption step of CMS key wrap.

Fields
Modifier and Type	Field and Description
`static byte[]`	`CMS_KEY_WRAP_IV` The IV for the last encryption step of CMS key wrap.

Constructor Summary

Constructors
Constructor and Description

TripleDESKeyWrap()
The constructor; creates a new instance of the DESedeWrapDESede symmetric cipher algorithm.

Constructors
Constructor and Description
`TripleDESKeyWrap()` The constructor; creates a new instance of the DESedeWrapDESede symmetric cipher algorithm.

Method Summary

Methods
Modifier and Type	Method and Description
`byte[]`	`engineDoFinal(byte[] input, int inputOffset, int inputLen)` Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
`int`	`engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)` Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
`int`	`engineGetBlockSize()` Returns the block size (in bytes).
`byte[]`	`engineGetIV()` Returns the initialization vector (IV) in a new buffer.
`protected int`	`engineGetKeySize(java.security.Key key)` Returns the key size of the given key object in bits.
`int`	`engineGetOutputSize(int inputLen)` Returns the length in bytes that an output buffer would need to be in order to hold the result of the next `update` or `doFinal` operation, given the input length `inputLen` (in bytes).
`java.security.AlgorithmParameters`	`engineGetParameters()` Returns the parameters used with this cipher.
`void`	`engineInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)` Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
`void`	`engineInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)` Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
`void`	`engineInit(int opmode, java.security.Key key, java.security.SecureRandom random)` Initializes this cipher with a key and a source of randomness.
`void`	`engineSetMode(java.lang.String mode)` Sets the block mode of this cipher.
`void`	`engineSetPadding(java.lang.String paddingName)` Sets the padding type of this cipher.
`protected java.security.Key`	`engineUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)` Unwrap a previously wrapped key.
`byte[]`	`engineUpdate(byte[] input, int inputOffset, int inputLen)` Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
`int`	`engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)` Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
`protected byte[]`	`engineWrap(java.security.Key key)` Wrap a key.
`java.lang.String`	`toString()` Returns a string representation of this Cipher.

Methods inherited from class javax.crypto.CipherSpi
engineDoFinal, engineUpdate, engineUpdateAAD, engineUpdateAAD

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Field Detail
  - CMS_KEY_WRAP_IV
```
public static final byte[] CMS_KEY_WRAP_IV
```
    The IV for the last encryption step of CMS key wrap. See RFC 2630, section 12.6.2 - 12.6.5:
```
 IV = 0x4adda22c79e82105.
 
```
- Constructor Detail
  - TripleDESKeyWrap
```
public TripleDESKeyWrap()
```
    The constructor; creates a new instance of the DESedeWrapDESede symmetric cipher algorithm.
    Applications should never use this constructor, instead the symmetric cipher algorithm should be requested from the appropriate JCA/JCE cryptographic service provider as follows: Cipher.getInstance("DESedeWrapDESede", "IAIK").
    FIPS 140-2:
    
    FIPS Service: Modify Object
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    status output interface (exceptions)
- Method Detail
  - engineInit
```
public void engineInit(int opmode,
              java.security.Key key,
              java.security.spec.AlgorithmParameterSpec params,
              java.security.SecureRandom random)
                throws java.security.InvalidKeyException,
                       java.security.InvalidAlgorithmParameterException
```
    Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
    The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.
    
    If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise an InvalidAlgorithmParameterException if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved using engineGetParameters() or engineGetIV() (if the parameter is an IV).
    
    If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.
    
    Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.
    FIPS 140-2:
    
    FIPS Service: Initialization
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call, parameters)
    
    data input interface (parameters)
    
    status output interface (exceptions)
    Parameters:
    opmode - [FIPS 140-2 control input] the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
    key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the encryption key
    params - [FIPS 140-2 data input] the algorithm parameters
    random - [FIPS 140-2 control input] the source of randomness
    
    Throws:
    
    java.security.InvalidKeyException - [FIPS 140-2 status output] if the given key is inappropriate for initializing this cipher
    
    java.security.InvalidAlgorithmParameterException - [FIPS 140-2 status output] if the given algorithm parameters are inappropriate for this cipher, or if this cipher is being initialized for decryption and requires algorithm parameters and params is null
  - engineInit
```
public void engineInit(int opmode,
              java.security.Key key,
              java.security.AlgorithmParameters params,
              java.security.SecureRandom random)
                throws java.security.InvalidKeyException,
                       java.security.InvalidAlgorithmParameterException
```
    Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
    The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.
    
    If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise an InvalidAlgorithmParameterException if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved using engineGetParameters() or engineGetIV() (if the parameter is an IV).
    
    If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.
    
    Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.
    FIPS 140-2:
    
    FIPS Service: Initialization
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call, parameters)
    
    data input interface (parameters)
    
    status output interface (exceptions)
    Parameters:
    opmode - [FIPS 140-2 control input] the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
    key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the encryption key
    params - [FIPS 140-2 data input] the algorithm parameters
    random - [FIPS 140-2 control input] the source of randomness
    
    Throws:
    
    java.security.InvalidKeyException - [FIPS 140-2 status output] if the given key is inappropriate for initializing this cipher
    
    java.security.InvalidAlgorithmParameterException - [FIPS 140-2 status output] if the given algorithm parameters are inappropriate for this cipher, or if this cipher is being initialized for decryption and requires algorithm parameters and params is null
  - engineInit
```
public void engineInit(int opmode,
              java.security.Key key,
              java.security.SecureRandom random)
                throws java.security.InvalidKeyException
```
    Initializes this cipher with a key and a source of randomness.
    The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.
    
    If this cipher requires any algorithm parameters that cannot be derived from the given key, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise an InvalidKeyException if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved using engineGetParameters() or engineGetIV() (if the parameter is an IV).
    
    If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.
    
    Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.
    FIPS 140-2:
    
    FIPS Service: Initialization
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call, parameters)
    
    data input interface (parameters)
    
    status output interface (exceptions)
    Parameters:
    opmode - [FIPS 140-2 control input] the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
    key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the encryption key
    random - [FIPS 140-2 control input] the source of randomness
    
    Throws:
    
    java.security.InvalidKeyException - [FIPS 140-2 status output] if the given key is inappropriate for initializing this cipher, or if this cipher is being initialized for decryption and requires algorithm parameters that cannot be determined from the given key
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
  - engineSetPadding
```
public void engineSetPadding(java.lang.String paddingName)
                      throws javax.crypto.NoSuchPaddingException
```
    Sets the padding type of this cipher.
    Regardless of the input, the padding is always set to 'NoPadding'.
    FIPS 140-2:
    
    FIPS Service: Modify Object
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call, parameters)
    
    status output interface (exceptions)
    Parameters:
    padding - [FIPS 140-2 control input] the padding type; ignored
    
    Throws:
    
    javax.crypto.NoSuchPaddingException - [FIPS 140-2 status output] if the requested padding type does not exist
  - engineSetMode
```
public void engineSetMode(java.lang.String mode)
                   throws java.security.NoSuchAlgorithmException
```
    Sets the block mode of this cipher.
    Regardless of the input, the mode is always set to 'CBC'.
    FIPS 140-2:
    
    FIPS Service: Modify Object
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call, parameters)
    
    status output interface (exceptions)
    Parameters:
    mode - [FIPS 140-2 control input] the cipher block mode
    
    Throws:
    
    java.security.NoSuchAlgorithmException - [FIPS 140-2 status output] if the requested cipher block mode is not supported
  - engineUpdate
```
public byte[] engineUpdate(byte[] input,
                  int inputOffset,
                  int inputLen)
```
    Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
    This engine API is not supported; a RuntimeException is always thrown indicating this.
    FIPS 140-2:
    
    FIPS Service: Symmetric Cipher Encryption/Decryption
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data input interface (parameters)
    
    data output interface (return value)
    
    status output interface (exceptions)
    Parameters:
    input - [FIPS 140-2 data input] the input buffer
    inputOffset - [FIPS 140-2 data input] the offset in input where the input starts
    inputLen - [FIPS 140-2 data input] the input length
    
    Returns:
    [FIPS 140-2 data output] the new buffer with the result, or null if the underlying cipher is a block cipher and the input data is too short to result in a new block
    
    Throws:
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
    
    java.lang.RuntimeException - [FIPS 140-2 status output] always thrown; indicates that this API is not supported
  - engineUpdate
```
public int engineUpdate(byte[] input,
               int inputOffset,
               int inputLen,
               byte[] output,
               int outputOffset)
                 throws javax.crypto.ShortBufferException
```
    Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
    This engine API is not supported; a RuntimeException is always thrown indicating this.
    FIPS 140-2:
    
    FIPS Service: Symmetric Cipher Encryption/Decryption
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data input interface (parameters)
    
    data output interface (parameters, return value)
    
    status output interface (exceptions)
    Parameters:
    input - [FIPS 140-2 data input] the input buffer
    inputOffset - [FIPS 140-2 data input] the offset in input where the input starts
    inputLen - [FIPS 140-2 data input] the input length
    output - [FIPS 140-2 data output] the buffer for the result
    outputOffset - [FIPS 140-2 data input] the offset in output where the result is stored
    
    Returns:
    [FIPS 140-2 data output] the number of bytes stored in output
    
    Throws:
    
    javax.crypto.ShortBufferException - [FIPS 140-2 status output] if the given output buffer is too small to hold the result
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
    
    java.lang.RuntimeException - [FIPS 140-2 status output] always thrown; indicates that this API is not supported
  - engineDoFinal
```
public int engineDoFinal(byte[] input,
                int inputOffset,
                int inputLen,
                byte[] output,
                int outputOffset)
                  throws javax.crypto.ShortBufferException,
                         javax.crypto.IllegalBlockSizeException,
                         javax.crypto.BadPaddingException
```
    Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.
    This engine API is not supported; a RuntimeException is always thrown indicating this.
    FIPS 140-2:
    
    FIPS Service: Symmetric Cipher Encryption/Decryption
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data input interface (parameters)
    
    data output interface (parameters, return value)
    
    status output interface (exceptions)
    Parameters:
    input - [FIPS 140-2 data input] the input buffer
    inputOffset - [FIPS 140-2 data input] the offset in input where the input starts
    inputLen - [FIPS 140-2 data input] the input length
    output - [FIPS 140-2 data output] the buffer for the result
    outputOffset - [FIPS 140-2 data input] the offset in output where the result is stored
    
    Returns:
    [FIPS 140-2 data output] the number of bytes stored in output
    
    Throws:
    
    javax.crypto.IllegalBlockSizeException - [FIPS 140-2 status output] if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data provided
    
    javax.crypto.ShortBufferException - [FIPS 140-2 status output] if the given output buffer is too small to hold the result
    
    javax.crypto.BadPaddingException - [FIPS 140-2 status output] if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
    
    java.lang.RuntimeException - [FIPS 140-2 status output] always thrown; indicates that this API is not supported
  - engineDoFinal
```
public byte[] engineDoFinal(byte[] input,
                   int inputOffset,
                   int inputLen)
                     throws javax.crypto.IllegalBlockSizeException,
                            javax.crypto.BadPaddingException
```
    Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.
    This engine API is not supported; a RuntimeException is always thrown indicating this.
    FIPS 140-2:
    
    FIPS Service: Symmetric Cipher Encryption/Decryption
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data input interface (parameters)
    
    data output interface (return value)
    
    status output interface (exceptions)
    Parameters:
    input - [FIPS 140-2 data input] the input buffer
    inputOffset - [FIPS 140-2 data input] the offset in input where the input starts
    inputLen - [FIPS 140-2 data input] the input length
    
    Returns:
    [FIPS 140-2 data output] the new buffer with the result
    
    Throws:
    
    javax.crypto.IllegalBlockSizeException - [FIPS 140-2 status output] if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data provided
    
    javax.crypto.BadPaddingException - [FIPS 140-2 status output] if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
    
    java.lang.RuntimeException - [FIPS 140-2 status output] always thrown; indicates that this API is not supported
  - engineGetParameters
```
public java.security.AlgorithmParameters engineGetParameters()
```
    Returns the parameters used with this cipher.
    The returned parameters may be the same that were used to initialize this cipher, or may contain a combination of default and random parameter values used by the underlying cipher implementation if this cipher requires algorithm parameters but was not initialized with any.
    FIPS 140-2:
    
    FIPS Service: Query Object
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data output interface (return value)
    
    status output interface (exceptions)
    Returns:
    [FIPS 140-2 data output] the parameters used with this cipher, or null if this cipher does not use any parameters
    
    Throws:
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
  - engineGetIV
```
public byte[] engineGetIV()
```
    Returns the initialization vector (IV) in a new buffer.
    This is useful in the context of password-based encryption or decryption, where the IV is derived from a user-provided passphrase.
    FIPS 140-2:
    
    FIPS Service: Query Object
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data output interface (return value)
    
    status output interface (exceptions)
    Returns:
    [FIPS 140-2 data output] the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set
    
    Throws:
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
  - toString
```
public java.lang.String toString()
```
    Returns a string representation of this Cipher.
    FIPS 140-2:
    
    FIPS Service: Non-Cryptographic Operation
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    status output interface (exceptions, return value)
    Returns:
    [FIPS 140-2 status output] a string representation (algorithm name)
  - engineWrap
```
protected byte[] engineWrap(java.security.Key key)
                     throws javax.crypto.IllegalBlockSizeException,
                            java.security.InvalidKeyException
```
    Wrap a key.
    FIPS 140-2:
    
    FIPS Service: Key Transport (primitive)
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data input interface (parameters)
    
    data output interface (return value)
    
    status output interface (exceptions)
    Parameters:
    key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the key to be wrapped
    
    Returns:
    [FIPS 140-2 data output] [FIPS 140-2 CSP] the wrapped key
    
    Throws:
    
    javax.crypto.IllegalBlockSizeException - [FIPS 140-2 status output] if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size
    
    java.security.InvalidKeyException - [FIPS 140-2 status output] if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software-only cipher)
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
  - engineUnwrap
```
protected java.security.Key engineUnwrap(byte[] wrappedKey,
                             java.lang.String wrappedKeyAlgorithm,
                             int wrappedKeyType)
                                  throws java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException
```
    Unwrap a previously wrapped key.
    FIPS 140-2:
    
    FIPS Service: Key Transport (primitive)
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call, parameters)
    
    data input interface (parameters)
    
    data output interface (return value)
    
    status output interface (exceptions)
    Parameters:
    wrappedKey - [FIPS 140-2 data input] [FIPS 140-2 CSP] the key to be unwrapped
    wrappedKeyAlgorithm - [FIPS 140-2 control input] the algorithm associated with the wrapped key
    wrappedKeyType - [FIPS 140-2 control input] the type of the wrapped key. This is one of SECRET_KEY, PRIVATE_KEY, or PUBLIC_KEY.
    
    Returns:
    [FIPS 140-2 data output] [FIPS 140-2 CSP] the unwrapped key
    
    Throws:
    
    java.security.NoSuchAlgorithmException - [FIPS 140-2 status output] if no installed providers can create keys of type wrappedKeyType for the wrappedKeyAlgorithm
    
    java.security.InvalidKeyException - [FIPS 140-2 status output] if wrappedKey does not represent a wrapped key of type wrappedKeyType for the wrappedKeyAlgorithm
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
  - engineGetOutputSize
```
public int engineGetOutputSize(int inputLen)
```
    Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
    This call takes into account any unprocessed (buffered) data from a previous update call, and padding.
    
    The actual output length of the next update or doFinal call may be smaller than the length returned by this method.
    FIPS 140-2:
    
    FIPS Service: Query Object
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data input interface (parameters)
    
    data output interface (return value)
    
    status output interface (exceptions)
    Specified by:
    
    engineGetOutputSize in class javax.crypto.CipherSpi
    
    Parameters:
    inputLen - [FIPS 140-2 data input] the input length (in bytes)
    
    Returns:
    [FIPS 140-2 data output] the required output buffer size (in bytes)
    
    Throws:
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
  - engineGetBlockSize
```
public int engineGetBlockSize()
```
    Returns the block size (in bytes).
    FIPS 140-2:
    
    FIPS Service: Query Object
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data output interface (return value)
    
    status output interface (exceptions)
    Specified by:
    
    engineGetBlockSize in class javax.crypto.CipherSpi
    
    Returns:
    [FIPS 140-2 data output] the block size (in bytes), or 0 if the underlying algorithm is not a block cipher
    
    Throws:
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
  - engineGetKeySize
```
protected int engineGetKeySize(java.security.Key key)
                        throws java.security.InvalidKeyException
```
    Returns the key size of the given key object in bits.
    FIPS 140-2:
    
    FIPS Service: Query Object
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data input interface (parameters)
    
    data output interface (return value)
    
    status output interface (exceptions)
    Overrides:
    
    engineGetKeySize in class javax.crypto.CipherSpi
    
    Parameters:
    key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the key object
    
    Returns:
    [FIPS 140-2 data output] the key size of the given key object
    
    Throws:
    
    java.security.InvalidKeyException - [FIPS 140-2 status output] if key is invalid
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

Class TripleDESKeyWrap

Field Summary

Constructor Summary

Method Summary

Methods inherited from class javax.crypto.CipherSpi

Methods inherited from class java.lang.Object

Field Detail

CMS_KEY_WRAP_IV

Constructor Detail

TripleDESKeyWrap

Method Detail

engineInit

engineInit

engineInit

engineSetPadding

engineSetMode

engineUpdate

engineUpdate

engineDoFinal

engineDoFinal

engineGetParameters

engineGetIV

toString

engineWrap

engineUnwrap

engineGetOutputSize

engineGetBlockSize

engineGetKeySize