An implementation of this interface represents a cryptographic key or non-cryptographic stored value. More...
Public Member Functions | |
| DAMetaData | getInfo () |
| Get information about this instance. | |
| DAMechanism[] | getMechanisms () |
| Get the list of supported mechanisms. | |
| void | encrypt (DAMessage msg) throws DAError |
| Encrypt the message returned by msg.getPlaintext(), and place the result in msg. | |
| void | decrypt (DAMessage msg) throws DAError |
| Decrypt the ciphertext returned by msg.getCiphertext(), and place the plaintext in msg using msg.setPlaintext(). | |
| void | sign (DAMessage msg) throws DAError |
| Sign the message returned by msg.getPlaintext(), and place the signature in msg. | |
| void | verify (DAMessage msg) throws DAError |
| Verify the message returned by msg.getPlaintext() against the signature returned by msg.getCiphertext(). | |
| byte[] | getData () throws DAError |
| Returns the contents of a storage-only key. | |
| void | setData (byte[] data) throws DAError |
| Sets the contents of a storage-only key. | |
| void | generateMaterial () throws DAError |
| Regenerate underlying key material. | |
Detailed Description
An implementation of this interface represents a cryptographic key or non-cryptographic stored value.
Operations exist to read and optionally write stored values, and perform cryptographic operations (such as sign/verify and encrypt/decrypt) with cryptographic keys. These cryptographic operations are performed on a DAMessage instance which encapsulates the plaintext and ciphertext as well as describing the mechanism used.
Member Function Documentation
Decrypt the ciphertext returned by msg.getCiphertext(), and place the plaintext in msg using msg.setPlaintext().
msg.getMechanism() will always return non-null here, specifying what decryption mechanism to use.
- Parameters:
-
msg the object containing the message ciphertext (on entry) and plaintext (on exit)
- Exceptions:
-
DAError on failure
Implemented in com.good.daf.basic.BasicKey, and com.good.daf.class3.Class3Key.
Encrypt the message returned by msg.getPlaintext(), and place the result in msg.
If msg.getMechanism() returns non-null, you should try to use that mechanism. If it is not supported, throw DAError.MechNotSupported.
If msg.getMechanism() returns null, choose an appropriate mechanism and call msg.setMechanism() to note your choice.
Place the ciphertext in msg using msg.setCiphertext(), and any IV likewise using msg.setIV().
- Parameters:
-
msg the object containing the message plaintext (on entry) and ciphertext (on exit)
- Exceptions:
-
DAError on failure
Implemented in com.good.daf.basic.BasicKey, and com.good.daf.class3.Class3Key.
| void com.good.daf.DAKey.generateMaterial | ( | ) | throws DAError |
Regenerate underlying key material.
DAF calls this to roll over the key material. The type and capabilities of the key should remain the same. Class 1 implementations may throw DAError.NotImplemented in which case DAF will use setData() instead.
- Exceptions:
-
DAError on failure
Implemented in com.good.daf.basic.BasicKey.
| byte [] com.good.daf.DAKey.getData | ( | ) | throws DAError |
Returns the contents of a storage-only key.
- Returns:
- the contents of the storage (must not be null).
- Exceptions:
-
DAError on failure
Implemented in com.good.daf.basic.BasicKey, com.good.daf.class0.Class0Key, and com.good.daf.class1.Class1Key.
| DAMetaData com.good.daf.DAKey.getInfo | ( | ) |
Get information about this instance.
This method will be called once shortly after construction and the result wrapped by the native translation layer.
This method is not allowed to fail except fatally (OutOfMemoryError, etc.)
- Returns:
- the metadata object for this instance. Must not be null.
Implemented in com.good.daf.class0.Class0Key, com.good.daf.class1.Class1Key, com.good.daf.class2.Class2Key, and com.good.daf.class3.Class3Key.
| DAMechanism [] com.good.daf.DAKey.getMechanisms | ( | ) |
Get the list of supported mechanisms.
This method is not allowed to fail except fatally (OutOfMemoryError, etc.).
- Returns:
- a list of DAMechanism instances, one per supported mechanism. This list can be empty, but should not be null nor contain null elements.
Implemented in com.good.daf.basic.BasicKey, com.good.daf.class2.Class2Key, and com.good.daf.class3.Class3Key.
| void com.good.daf.DAKey.setData | ( | byte[] | data | ) | throws DAError |
Sets the contents of a storage-only key.
- Parameters:
-
data the new data to write to the storage. Never null.
- Exceptions:
-
DAError on failure
Implemented in com.good.daf.basic.BasicKey, and com.good.daf.class1.Class1Key.
Sign the message returned by msg.getPlaintext(), and place the signature in msg.
If msg.getMechanism() returns non-null, you should try to use that mechanism. If it is not supported, throw DAError.MechNotSupported.
If msg.getMechanism() returns null, choose an appropriate mechanism and call msg.setMechanism() to note your choice.
Place the signature in msg using msg.setCiphertext(), and any IV or nonce likewise using msg.setIV().
- Parameters:
-
msg the object containing the message plaintext (on entry) and signature (on exit)
- Exceptions:
-
DAError on failure
Implemented in com.good.daf.basic.BasicKey, com.good.daf.class2.Class2Key, and com.good.daf.class3.Class3Key.
Verify the message returned by msg.getPlaintext() against the signature returned by msg.getCiphertext().
msg.getMechanism() will always return non-null here, specifying what signature verification mechanism to use.
If the signature is invalid, throw DAError.VerifyFailed.
- Parameters:
-
msg the object containing the message plaintext and signature
- Exceptions:
-
DAError on failure
Implemented in com.good.daf.basic.BasicKey, and com.good.daf.class2.Class2Key.
The documentation for this interface was generated from the following file:
- DAKey.java
