com.google.crypto.tink

Class KeysetManager

java.lang.Object

com.google.crypto.tink.KeysetManager

public final class KeysetManager
extends Object

Manages a Keyset proto, with convenience methods that rotate, disable, enable or destroy keys.

Since:

1.0.0

Method Summary

Modifier and Type	Method and Description
KeysetManager	add(com.google.crypto.tink.proto.KeyTemplate keyTemplate) Deprecated. This method takes a KeyTemplate proto, which is an internal implementation detail. Please use the add method that takes a KeyTemplate POJO.
KeysetManager	add(KeyTemplate keyTemplate) Generates and adds a fresh key generated using keyTemplate.
int	addNewKey(com.google.crypto.tink.proto.KeyTemplate keyTemplate, boolean asPrimary) Deprecated. Please use add(com.google.crypto.tink.proto.KeyTemplate). This method adds a new key and when asPrimary is true immediately promotes it to primary. However, when you do keyset rotation, you almost never want to make the new key primary, because old binaries don't know the new key yet.
KeysetManager	delete(int keyId) Deletes the key with keyId.
KeysetManager	destroy(int keyId) Destroys the key material associated with the keyId.
KeysetManager	disable(int keyId) Disables the key with keyId.
KeysetManager	enable(int keyId) Enables the key with keyId.
KeysetHandle	getKeysetHandle()
KeysetManager	promote(int keyId) Deprecated. use setPrimary
KeysetManager	rotate(com.google.crypto.tink.proto.KeyTemplate keyTemplate) Deprecated. Please use add(com.google.crypto.tink.proto.KeyTemplate). This method adds a new key and immediately promotes it to primary. However, when you do keyset rotation, you almost never want to make the new key primary, because old binaries don't know the new key yet.
KeysetManager	setPrimary(int keyId) Sets the key with keyId as primary.
static KeysetManager	withEmptyKeyset()
static KeysetManager	withKeysetHandle(KeysetHandle val)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

withKeysetHandle

public static KeysetManager withKeysetHandle(KeysetHandle val)

Returns:

a KeysetManager for the keyset manged by val

withEmptyKeyset

public static KeysetManager withEmptyKeyset()

Returns:

a KeysetManager for an empty keyset.

getKeysetHandle

public KeysetHandle getKeysetHandle()
                             throws GeneralSecurityException

Returns:

a KeysetHandle of the managed keyset

Throws:

GeneralSecurityException

rotate

@Deprecated
public KeysetManager rotate(com.google.crypto.tink.proto.KeyTemplate keyTemplate)
                                 throws GeneralSecurityException

Deprecated. Please use add(com.google.crypto.tink.proto.KeyTemplate). This method adds a new key and immediately promotes it to primary. However, when you do keyset rotation, you almost never want to make the new key primary, because old binaries don't know the new key yet.

Generates and adds a fresh key generated using keyTemplate, and sets the new key as the primary key.

Throws:

GeneralSecurityException - if cannot find any KeyManager that can handle keyTemplate

add

@Deprecated
public KeysetManager add(com.google.crypto.tink.proto.KeyTemplate keyTemplate)
                              throws GeneralSecurityException

Deprecated. This method takes a KeyTemplate proto, which is an internal implementation detail. Please use the add method that takes a KeyTemplate POJO.

Generates and adds a fresh key generated using keyTemplate.

Throws:

GeneralSecurityException - if cannot find any KeyManager that can handle keyTemplate

add

public KeysetManager add(KeyTemplate keyTemplate)
                  throws GeneralSecurityException

Generates and adds a fresh key generated using keyTemplate.

Throws:

GeneralSecurityException - if cannot find any KeyManager that can handle keyTemplate

addNewKey

@Deprecated
public int addNewKey(com.google.crypto.tink.proto.KeyTemplate keyTemplate,
                                 boolean asPrimary)
                          throws GeneralSecurityException

Deprecated. Please use add(com.google.crypto.tink.proto.KeyTemplate). This method adds a new key and when asPrimary is true immediately promotes it to primary. However, when you do keyset rotation, you almost never want to make the new key primary, because old binaries don't know the new key yet.

Generates a fresh key using keyTemplate and returns the keyId of it. In case asPrimary is true the generated key will be the new primary.

Throws:

GeneralSecurityException

setPrimary

public KeysetManager setPrimary(int keyId)
                         throws GeneralSecurityException

Sets the key with keyId as primary.

Throws:

GeneralSecurityException - if the key is not found or not enabled

promote

@Deprecated
public KeysetManager promote(int keyId)
                                  throws GeneralSecurityException

Deprecated. use setPrimary

Sets the key with keyId as primary.

Throws:

GeneralSecurityException - if the key is not found or not enabled

enable

public KeysetManager enable(int keyId)
                     throws GeneralSecurityException

Enables the key with keyId.

Throws:

GeneralSecurityException - if the key is not found

disable

public KeysetManager disable(int keyId)
                      throws GeneralSecurityException

Disables the key with keyId.

Throws:

GeneralSecurityException - if the key is not found or it is the primary key

delete

public KeysetManager delete(int keyId)
                     throws GeneralSecurityException

Deletes the key with keyId.

Throws:

GeneralSecurityException - if the key is not found or it is the primary key

destroy

public KeysetManager destroy(int keyId)
                      throws GeneralSecurityException

Destroys the key material associated with the keyId.

Throws:

GeneralSecurityException - if the key is not found or it is the primary key