Package org.mozilla.jss.pkcs11

Class PK11KeyPairGenerator

java.lang.Object

org.mozilla.jss.crypto.KeyPairGeneratorSpi

org.mozilla.jss.pkcs11.PK11KeyPairGenerator

public final class PK11KeyPairGenerator
extends KeyPairGeneratorSpi

A Key Pair Generator implemented using PKCS #11.

See Also:

• PQGParams

Nested Class Summary

Nested classes/interfaces inherited from class org.mozilla.jss.crypto.KeyPairGeneratorSpi

KeyPairGeneratorSpi.Usage

Field Summary

Fields

Modifier and Type	Field	Description
static org.slf4j.Logger	logger
static final PQGParams	PQG1024	Pre-cooked PQG values for 1024-bit keypairs, along with the seed, counter, and H values needed to verify them.
static final PQGParams	PQG512	Pre-cooked PQG values for 512-bit keypairs, along with the seed, counter, and H values needed to verify them.
static final PQGParams	PQG768	Pre-cooked PQG values for 768-bit keypairs, along with the seed, counter, and H values needed to verify them.

Constructor Summary

Constructors

Constructor	Description
PK11KeyPairGenerator(PK11Token token, KeyPairAlgorithm algorithm)	Constructor for PK11KeyPairGenerator.

Method Summary

Modifier and Type	Method	Description
void	extractablePairs(boolean extractable)
KeyPair	generateKeyPair()	Generates a key pair on a token.
int	getCurveCodeByName(String curveName)
void	initialize(int strength, SecureRandom random)	Initializes this KeyPairGenerator with the given key strength.
void	initialize(AlgorithmParameterSpec params, SecureRandom random)	Initializes this KeyPairGenerator with the given algorithm-specific parameters.
boolean	keygenOnInternalToken()
void	sensitivePairs(boolean sensitive)
void	setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages, KeyPairGeneratorSpi.Usage[] usages_mask)	Sets the requested key usages desired for the generated key pair.
void	temporaryPairs(boolean temp)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

public static org.slf4j.Logger logger

PQG1024

public static final PQGParams PQG1024

Pre-cooked PQG values for 1024-bit keypairs, along with the seed, counter, and H values needed to verify them.

PQG768

public static final PQGParams PQG768

Pre-cooked PQG values for 768-bit keypairs, along with the seed, counter, and H values needed to verify them.

PQG512

public static final PQGParams PQG512

Pre-cooked PQG values for 512-bit keypairs, along with the seed, counter, and H values needed to verify them.

Constructor Details

PK11KeyPairGenerator

public PK11KeyPairGenerator(PK11Token token,
 KeyPairAlgorithm algorithm)
                     throws NoSuchAlgorithmException,
TokenException

Constructor for PK11KeyPairGenerator.

Parameters:

token - The PKCS #11 token that the keypair will be generated on.

algorithm - The type of key that will be generated. Currently, KeyPairAlgorithm.RSA , KeyPairAlgorithm.DSA and KeyPairAlgorithm.EC are supported.

Throws:

NoSuchAlgorithmException

TokenException

Method Details

initialize

public void initialize(int strength,
 SecureRandom random)
                throws InvalidParameterException

Initializes this KeyPairGenerator with the given key strength.

For DSA key generation, pre-cooked PQG values will be used be used if the key size is 512, 768, or 1024. Otherwise, an InvalidParameterException will be thrown.

Specified by:

initialize in class KeyPairGeneratorSpi

Parameters:

strength - The strength (size) of the keys that will be generated.

random - Ignored

Throws:

InvalidParameterException - If the key strength is not supported by the algorithm or this implementation.

initialize

public void initialize(AlgorithmParameterSpec params,
 SecureRandom random)
                throws InvalidAlgorithmParameterException

Initializes this KeyPairGenerator with the given algorithm-specific parameters.

Specified by:

initialize in class KeyPairGeneratorSpi

Parameters:

params - The algorithm-specific parameters that will govern key pair generation.

random - Ignored

Throws:

InvalidAlgorithmParameterException - If the parameters are inappropriate for the key type or are not supported by this implementation.

generateKeyPair

public KeyPair generateKeyPair()
                        throws TokenException

Generates a key pair on a token. Uses parameters if they were passed in through a call to initialize, otherwise uses defaults.

Specified by:

generateKeyPair in class KeyPairGeneratorSpi

Returns:

Throws:

TokenException

keygenOnInternalToken

public boolean keygenOnInternalToken()

Specified by:

keygenOnInternalToken in class KeyPairGeneratorSpi

Returns:

true if the keypair generation will be done on the internal token and then moved to this token.

temporaryPairs

public void temporaryPairs(boolean temp)

Specified by:

temporaryPairs in class KeyPairGeneratorSpi

sensitivePairs

public void sensitivePairs(boolean sensitive)

Specified by:

sensitivePairs in class KeyPairGeneratorSpi

extractablePairs

public void extractablePairs(boolean extractable)

Specified by:

extractablePairs in class KeyPairGeneratorSpi

setKeyPairUsages

public void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages,
 KeyPairGeneratorSpi.Usage[] usages_mask)

Sets the requested key usages desired for the generated key pair. This allows the caller to suggest how NSS generates the key pair.

Specified by:

setKeyPairUsages in class KeyPairGeneratorSpi

Parameters:

usages - List of desired key usages.

usages_mask - Corresponding mask for the key usages. if a usages is desired, make sure it is in the mask as well.

getCurveCodeByName

public int getCurveCodeByName(String curveName)
                       throws InvalidParameterException

Specified by:

getCurveCodeByName in class KeyPairGeneratorSpi

Throws:

InvalidParameterException