com.google.crypto.tink

Class KeysetManager

java.lang.Object

com.google.crypto.tink.KeysetManager

public final class KeysetManager
extends Object

Manages a Keyset proto, with convenience methods that rotate, disable, enable or destroy keys.

Since:

1.0.0

Method Summary

Modifier and Type	Method and Description
KeysetManager	add(KeyHandle keyHandle) Adds the input KeyHandle to the existing keyset.
KeysetManager	add(KeyHandle keyHandle, KeyAccess access) Adds the input KeyHandle to the existing keyset with OutputPrefixType.TINK.
KeysetManager	add(KeyTemplate keyTemplate) Deprecated. This method takes a KeyTemplate proto, which is an internal implementation detail. Please use the add method that takes a KeyTemplate POJO.
KeysetManager	add(KeyTemplate keyTemplate) Generates and adds a fresh key generated using keyTemplate.
int	addNewKey(KeyTemplate keyTemplate, boolean asPrimary) Deprecated. Please use add(com.google.crypto.tink.proto.KeyTemplate). This method adds a new key and when asPrimary is true immediately promotes it to primary. However, when you do keyset rotation, you almost never want to make the new key primary, because old binaries don't know the new key yet.
KeysetManager	delete(int keyId) Deletes the key with keyId.
KeysetManager	destroy(int keyId) Destroys the key material associated with the keyId.
KeysetManager	disable(int keyId) Disables the key with keyId.
KeysetManager	enable(int keyId) Enables the key with keyId.
KeysetHandle	getKeysetHandle()
KeysetManager	promote(int keyId) Deprecated. use setPrimary
KeysetManager	rotate(KeyTemplate keyTemplate) Deprecated. Please use add(com.google.crypto.tink.proto.KeyTemplate). This method adds a new key and immediately promotes it to primary. However, when you do keyset rotation, you almost never want to make the new key primary, because old binaries don't know the new key yet.
KeysetManager	setPrimary(int keyId) Sets the key with keyId as primary.
static KeysetManager	withEmptyKeyset()
static KeysetManager	withKeysetHandle(KeysetHandle val)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

withKeysetHandle

public static KeysetManager withKeysetHandle(KeysetHandle val)

Returns:

a KeysetManager for the keyset manged by val

withEmptyKeyset

public static KeysetManager withEmptyKeyset()

Returns:

a KeysetManager for an empty keyset.

getKeysetHandle

public KeysetHandle getKeysetHandle()
                             throws GeneralSecurityException

Returns:

a KeysetHandle of the managed keyset

Throws:

GeneralSecurityException

rotate

@CanIgnoreReturnValue
 @Deprecated
public KeysetManager rotate(KeyTemplate keyTemplate)
                                                        throws GeneralSecurityException

Deprecated. Please use add(com.google.crypto.tink.proto.KeyTemplate). This method adds a new key and immediately promotes it to primary. However, when you do keyset rotation, you almost never want to make the new key primary, because old binaries don't know the new key yet.

Generates and adds a fresh key generated using keyTemplate, and sets the new key as the primary key.

Throws:

GeneralSecurityException - if cannot find any KeyManager that can handle keyTemplate

add

@CanIgnoreReturnValue
 @Deprecated
public KeysetManager add(KeyTemplate keyTemplate)
                                                     throws GeneralSecurityException

Deprecated. This method takes a KeyTemplate proto, which is an internal implementation detail. Please use the add method that takes a KeyTemplate POJO.

Generates and adds a fresh key generated using keyTemplate.

Throws:

GeneralSecurityException - if cannot find any KeyManager that can handle keyTemplate

add

@CanIgnoreReturnValue
public KeysetManager add(KeyTemplate keyTemplate)
                                        throws GeneralSecurityException

Generates and adds a fresh key generated using keyTemplate.

Throws:

GeneralSecurityException - if cannot find any KeyManager that can handle keyTemplate

add

@CanIgnoreReturnValue
public KeysetManager add(KeyHandle keyHandle)
                                        throws GeneralSecurityException

Adds the input KeyHandle to the existing keyset. The KeyStatusType and key ID of the KeyHandle are used as-is in the keyset.

Throws:

UnsupportedOperationException - if the KeyHandle contains a TinkKey which is not a ProtoKey.

GeneralSecurityException - if the KeyHandle's key ID collides with another key ID in the keyset.

add

@CanIgnoreReturnValue
public KeysetManager add(KeyHandle keyHandle,
                                               KeyAccess access)
                                        throws GeneralSecurityException

Adds the input KeyHandle to the existing keyset with OutputPrefixType.TINK.

Throws:

GeneralSecurityException - if the given KeyAccess does not grant access to the key contained in the KeyHandle.

UnsupportedOperationException - if the KeyHandle contains a TinkKey which is not a ProtoKey.

addNewKey

@CanIgnoreReturnValue
 @Deprecated
public int addNewKey(KeyTemplate keyTemplate,
                                                        boolean asPrimary)
                                                 throws GeneralSecurityException

Deprecated. Please use add(com.google.crypto.tink.proto.KeyTemplate). This method adds a new key and when asPrimary is true immediately promotes it to primary. However, when you do keyset rotation, you almost never want to make the new key primary, because old binaries don't know the new key yet.

Generates a fresh key using keyTemplate and returns the keyId of it. In case asPrimary is true the generated key will be the new primary.

Throws:

GeneralSecurityException

setPrimary

@CanIgnoreReturnValue
public KeysetManager setPrimary(int keyId)
                                               throws GeneralSecurityException

Sets the key with keyId as primary.

Throws:

GeneralSecurityException - if the key is not found or not enabled

promote

@InlineMe(replacement="this.setPrimary(keyId)")
 @CanIgnoreReturnValue
 @Deprecated
public KeysetManager promote(int keyId)
                                                                                                          throws GeneralSecurityException

Deprecated. use setPrimary

Sets the key with keyId as primary.

Throws:

GeneralSecurityException - if the key is not found or not enabled

enable

@CanIgnoreReturnValue
public KeysetManager enable(int keyId)
                                           throws GeneralSecurityException

Enables the key with keyId.

Throws:

GeneralSecurityException - if the key is not found

disable

@CanIgnoreReturnValue
public KeysetManager disable(int keyId)
                                            throws GeneralSecurityException

Disables the key with keyId.

Throws:

GeneralSecurityException - if the key is not found or it is the primary key

delete

@CanIgnoreReturnValue
public KeysetManager delete(int keyId)
                                           throws GeneralSecurityException

Deletes the key with keyId.

Throws:

GeneralSecurityException - if the key is not found or it is the primary key

destroy

@CanIgnoreReturnValue
public KeysetManager destroy(int keyId)
                                            throws GeneralSecurityException

Destroys the key material associated with the keyId.

Throws:

GeneralSecurityException - if the key is not found or it is the primary key