Class semper.crypto.CryptoKeyInfo

All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class semper.crypto.CryptoKeyInfo

java.lang.Object
   |
   +----semper.crypto.CryptoKeyInfo

public class CryptoKeyInfo
extends Object
implements CryptoConstants, Streamable

CryptoKeyInfo implements a datastructure containing all keys used internally in SEMPER. Thus external modules do not need to use this structure unless they want to use the key inside SEMPER as well. See the overview for more details on this. A CryptoKeyInfo object contains the following information on a key:

a key identifier (this is an access name, which is also used when storing the key), the actual key value (an array of bytes),
a boolean indicating if the key value is encrypted,
if applicable an integer encoding the algorithm for which the key is to be used.

For some asymmetric keys part of the key is common to many key pairs. This is, for example, the case in ElGamal like systems (such as DSS), where the same prime and generator can be used by everyone. In order to avoid storing such a common part of the key several times a CryptoKeyInfo object may contain a pointer to the common part of the key.

Finally the object may contain a capability needed for access control to the key. This is not implemented yet, though.

Version:: $Revision: 1.26 $ $Date: 1997/04/11 15:20:17 $
Author:: Jesper Drud Nielsen ([email protected]), Torben Pryds Pedersen ([email protected])
See Also:: Statement

CryptoKeyInfo(): Creates a new, empty key information object.
CryptoKeyInfo(AccessName, byte[], CryptoKeyInfo, int, Capability): Creates a new key information object with variables initialised by the parameters.
CryptoKeyInfo(CryptoKeyInfo): Creates a new object based on the values of a given one.

clearKeyId(): Deletes the key identifier from the object.
decryptKeyVal(CryptoKeyInfo): This service decrypts the key value under the key given.
encryptKeyVal(CryptoKeyInfo): This service encrypts the key value under the key given.
equals(CryptoKeyInfo): Compares the CryptoKeyInfo with another CryptoKeyInfo.
getAlg(): Find the algorithm for which this key can be used.
getCap()
getCommonKey(): Returns the value of the common key of the object.
getCommonKeyInfo(): Returns the common key CryptoKeyInfo of the object.
getKeyId(): Returns the key identifier in the object.
getKeyVal(boolean, CryptoKeyInfo): Returns the key value stored in the object.
getLength(): Returns the block length for the conventional key.
myStreamSize(): Finds the expected number of bytes needed to externalize the object to s.
printContents()
readObject(StreamInputInterface): Initialise a CryptoKeyInfo with values read from an io stream (SourceStream)
setAlg(int): Sets the algorithm identifier of the object
setCap(Capability): Sets the capability of the object if allowed by the present capability.
setCommonKeyInfo(CryptoKeyInfo): Sets the common key of the object.
setKeyId(AccessName): Defines the key identifier in the object.
setKeyVal(byte[]): Sets the actual key value of the object.
storeKeyVal(Date, boolean, CryptoKeyInfo): Store and protect a key.
writeObject(StreamOutputInterface): Writes the state of the object to an io stream (TargetStream).

CryptoKeyInfo

  public CryptoKeyInfo()

Creates a new, empty key information object.

CryptoKeyInfo

  public CryptoKeyInfo(CryptoKeyInfo oldKeyInfo)

Creates a new object based on the values of a given one.

Parameters:: oldKeyInfo - is used to a new CryptokeyInfo object.

CryptoKeyInfo

  public CryptoKeyInfo(AccessName newKeyId,
                       byte newKeyVal[],
                       CryptoKeyInfo newCommon,
                       int newAlgId,
                       Capability newCapability)

Creates a new key information object with variables initialised by the parameters. The supplied key value must not be encrypted.

Parameters:: newKeyID - is the identity of the key; newKeyVal - is the actual key value; newCommon - is the common part of the new key (see above); identifies - the algorithm for which the key can be used; newCapability - is the capability for protecting the key
Returns:: the new key information object

getKeyVal

  public byte[] getKeyVal(boolean decryptedKey,
                          CryptoKeyInfo masterKey) throws CryptoManException

Returns the key value stored in the object. If necessary the archive is used to retrieve it. This function will decrypt the key if it is encrypted en decryption is explicitly requested. If a user wants to the entire CryptokeyInfo object it can be retrieved immediately from the archive withou this function (given the key identifier).

Parameters:: decryptedKey - if true the key will be decrypted (only if it is encrypted); masterKey - is the key under which the key should be decrypted (if null the masterKey of CryptoMan will be used).
Returns:: an array of bytes containing the actual key
Throws: CryptoManException: if the capability is locked or problems with archive occur
See Also:: storeKeyVal

getCommonKey

  public byte[] getCommonKey() throws CryptoManException

Returns the value of the common key of the object. If necessary the archive is used to retrieve it. No master key is needed as the common key is not protected.

Returns:: key value of the common key
Throws: CryptoManException: if the common key value could not be retrieved

getCommonKeyInfo

  public CryptoKeyInfo getCommonKeyInfo()

Returns the common key CryptoKeyInfo of the object. See the overview for more details on this.

Returns:: the common key object

setCommonKeyInfo

  public void setCommonKeyInfo(CryptoKeyInfo newComKeyInfo)

Sets the common key of the object. See the overview for more details on this.

Parameters:: newComKeyInfo - is the new common key of the object
Returns:: void

setCap

  public void setCap(Capability newCapability) throws CryptoManException

Sets the capability of the object if allowed by the present capability.

Parameters:: newCapabiity - is the new capability of the object
Returns:: void
Throws: CryptoManException: if the old capability could not be unlocked

getAlg

  public int getAlg()

Find the algorithm for which this key can be used.

Returns:: the algorithm identifier corresponding to the key information object

setAlg

  public void setAlg(int newAlgId)

Sets the algorithm identifier of the object

Parameters:: newAlgId - is the new algorithm identifier.

getCap

  public Capability getCap()

Returns:: the capability identifier corresponding to the key information object

clearKeyId

  public void clearKeyId()

Deletes the key identifier from the object. Since the key identifier is a local handle, this may be useful if the KeyInfo object is part of Statement which is communicatd to another enntity.

setKeyId

  public void setKeyId(AccessName newKeyId)

Defines the key identifier in the object. This may be useful if a Statement is received from nother party and the recipient want to store it. The key identifier should never be changed for an already stored key! Be careful using this function, as the Statement Manager for the moment expects the default names.

Parameters:: newKeyId - is the new value of the key identifier

getKeyId

  public AccessName getKeyId()

Returns the key identifier in the object.

Returns:: the key identifier

encryptKeyVal

  public boolean encryptKeyVal(CryptoKeyInfo masterKey) throws CryptoManException

This service encrypts the key value under the key given. If a null key is given the master key of the CryptoMan is used. If the key value is already encrypted nothing is done and the method returns false.

Parameters:: masterKey - is the key encryption key (if null masterKey of CryptoMan will be used)
Returns:: false if the key was already encrypted. True otherwise.
Throws: CryptoManException: if problems with archive or encryption
See Also:: getKeyVal

decryptKeyVal

  public int decryptKeyVal(CryptoKeyInfo masterKey) throws CryptoManException

This service decrypts the key value under the key given. If a null key is given the master key of the CryptoMan is used. The service returns true if the correct key was obtained (based on redundance in the encrypted key). encrypted nothing is done an the method returns false.

Parameters:: masterKey - is the key encryption key (if null masterKey of CryptoMan will be used)
Returns:: false if the redundancy check failed. True otherwise.
Throws: CryptoManException: if problems with archive or encryption
See Also:: getKeyVal

storeKeyVal

  public void storeKeyVal(Date expDate,
                          boolean encryptKey,
                          CryptoKeyInfo masterKey) throws CryptoManException

Store and protect a key. If an expiration date is given as parameter the key value is stored in archive before being deleted. If requested the key is encrypted before being stored. Note that this method works on the given object - not a copy. The key is stored using the keyId as access name. Currently an exception is raised if the key had been stored previously.

Parameters:: expDate - tells for how long the key must be stored in archive; encryptKey - tells if the key should be encrypted before storage, if not, it will be done by the Archive.; masterKey - is the key encryption key (if null masterKey of CryptoMan will be used)
Throws: CryptoManException: if problems with archive or encryption
See Also:: getKeyVal

setKeyVal

  public void setKeyVal(byte newKeyVal[]) throws CryptoManException

Sets the actual key value of the object. Can be used to clear the key value of a CryptoKeyInfo object. It is assumed that the key is in clear

Parameters:: newKeyVal - is the new key value to be associated with this object
Returns:: void
Throws: CryptoManException: if the capability could not be unlocked

getLength

  public int getLength() throws CryptoManException

Returns the block length for the conventional key.

Returns:: the block length
Throws: CryptoManException: if the key does not designate a supported conventional algorithm

writeObject

  public void writeObject(StreamOutputInterface s) throws StreamIOException

Writes the state of the object to an io stream (TargetStream). Caveat: The actual key value is also written if not explcicitly cleared previously.

Parameters:: s - is the stream the object is written to
Returns:: void
Throws: StreamIOException: if the object could not be serialised
See Also:: readObject

readObject

  public void readObject(StreamInputInterface s) throws StreamIOException

Initialise a CryptoKeyInfo with values read from an io stream (SourceStream)

Parameters:: s - is the stream the value is read from
Returns:: void
Throws: StreamIOException: if the object could not be externalised
See Also:: writeObject

myStreamSize

  public int myStreamSize() throws StreamIOException

Finds the expected number of bytes needed to externalize the object to s.

Parameters:: s - is the stream the key information is written to
Returns:: number of bytes required
Throws: StreamIOException: if the size could not be computed
See Also:: writeObject

equals

  public boolean equals(CryptoKeyInfo key)

Compares the CryptoKeyInfo with another CryptoKeyInfo. the current implementation just verifies if the two object have the same key identifier (as this should be unique).

Parameters:: key - is the CryptoKeyInfo with which to compare
Returns:: true iff keyId's match false otherwise.

printContents

  public void printContents()

All Packages  Class Hierarchy  This Package  Previous  Next  Index