org.apache.xml.security.utils

Class KeyUtils

java.lang.Object

org.apache.xml.security.utils.KeyUtils

public class KeyUtils
extends Object

A set of utility methods to handle keys.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	KeyUtils.KeyAlgorithmType Enumeration of Supported key algorithm types.
static class	KeyUtils.KeyType Enumeration of specific key types.

Constructor Summary

Constructors

Constructor and Description
KeyUtils()

Method Summary

Modifier and Type	Method and Description
static SecretKey	aesWrapKeyWithDHGeneratedKey(KeyAgreementParameters parameterSpec) Method generates a secret key for given KeyAgreementParameterSpec.
static KeyPairGenerator	createKeyPairGenerator(String algorithm, Provider provider) Create a KeyPairGenerator for the given algorithm and provider.
static byte[]	deriveKeyEncryptionKey(byte[] sharedSecret, KeyDerivationParameters keyDerivationParameter) Derive a key encryption key from a shared secret and keyDerivationParameter.
static byte[]	deriveKeyWithConcatKDF(byte[] sharedSecret, ConcatKDFParams ckdfParameter) Derive a key using the Concatenation Key Derivation Function (ConcatKDF) with implementation instance ConcatKDFParams.
static byte[]	deriveKeyWithHKDF(byte[] sharedSecret, HKDFParams hkdfParameter) Derive a key using the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) with implementation instance HKDFParams.
static KeyPair	generateEphemeralDHKeyPair(PublicKey recipientPublicKey, Provider provider) Method generates DH keypair which match the type of given public key type.
static int	getAESKeyBitSizeForWrapAlgorithm(String keyWrapAlg) Defines the key size for the encrypting algorithm.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyUtils

public KeyUtils()

Method Detail

generateEphemeralDHKeyPair

public static KeyPair generateEphemeralDHKeyPair(PublicKey recipientPublicKey,
                                                 Provider provider)
                                          throws XMLEncryptionException

Method generates DH keypair which match the type of given public key type.

Parameters:

recipientPublicKey - public key of recipient

provider - provider to use for key generation

Returns:

generated keypair

Throws:

XMLEncryptionException - if the keys cannot be generated

createKeyPairGenerator

public static KeyPairGenerator createKeyPairGenerator(String algorithm,
                                                      Provider provider)
                                               throws NoSuchAlgorithmException

Create a KeyPairGenerator for the given algorithm and provider.

Parameters:

algorithm - the key JCE algorithm name

provider - the provider to use or null if default JCE provider should be used

Returns:

the KeyPairGenerator

Throws:

NoSuchAlgorithmException - if the algorithm is not supported

aesWrapKeyWithDHGeneratedKey

public static SecretKey aesWrapKeyWithDHGeneratedKey(KeyAgreementParameters parameterSpec)
                                              throws XMLEncryptionException

Method generates a secret key for given KeyAgreementParameterSpec.

Parameters:

parameterSpec - KeyAgreementParameterSpec which defines algorithm to derive key

Returns:

generated secret key

Throws:

XMLEncryptionException - if the secret key cannot be generated as: Key agreement is not supported, wrong key types, etc.

getAESKeyBitSizeForWrapAlgorithm

public static int getAESKeyBitSizeForWrapAlgorithm(String keyWrapAlg)
                                            throws XMLEncryptionException

Defines the key size for the encrypting algorithm.

Parameters:

keyWrapAlg - the key wrap algorithm URI

Returns:

the key size in bits

Throws:

XMLEncryptionException - if the key wrap algorithm is not supported

deriveKeyEncryptionKey

public static byte[] deriveKeyEncryptionKey(byte[] sharedSecret,
                                            KeyDerivationParameters keyDerivationParameter)
                                     throws XMLSecurityException

Derive a key encryption key from a shared secret and keyDerivationParameter. Currently only the ConcatKDF and HMAC-base Extract-and-Expand Key Derivation Function (HKDF) are supported.

Parameters:

sharedSecret - the shared secret

keyDerivationParameter - the key derivation parameters

Returns:

the derived key encryption key

Throws:

IllegalArgumentException - if the keyDerivationParameter is null

XMLSecurityException - if the key derivation algorithm is not supported

deriveKeyWithHKDF

public static byte[] deriveKeyWithHKDF(byte[] sharedSecret,
                                       HKDFParams hkdfParameter)
                                throws XMLSecurityException

Derive a key using the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) with implementation instance HKDFParams.

Parameters:

sharedSecret - the shared secret

hkdfParameter - the HKDF parameters

Returns:

the derived key encryption key.

Throws:

XMLSecurityException - if the key derivation parameters are invalid or the hmac algorithm is not supported.

deriveKeyWithConcatKDF

public static byte[] deriveKeyWithConcatKDF(byte[] sharedSecret,
                                            ConcatKDFParams ckdfParameter)
                                     throws XMLSecurityException

Derive a key using the Concatenation Key Derivation Function (ConcatKDF) with implementation instance ConcatKDFParams.

Parameters:

sharedSecret - the shared secret/ input keying material

ckdfParameter - the ConcatKDF parameters

Returns:

the derived key

Throws:

XMLSecurityException - if the key derivation parameters are invalid or the hash algorithm is not supported.