com.dstc.security.keymanage
Class PKCS8EncryptedPrivateKey

java.lang.Object
  |
  +--com.dstc.security.keymanage.PKCS8EncryptedPrivateKey

public class PKCS8EncryptedPrivateKey
extends Object

This class encrypts/decrypts a PrivateKey to/from PKCS#8 format. Password-based encryption based on PKCS#5 and PKCS#12 are supported.

Instances of this class can be stored in PKCS#8 EncryptedPrivateKeyInfo format using the encode() method, with the ASN.1 structure

 EncryptedPrivateKeyInfo ::= SEQUENCE {
   encryptionAlgorithm EncryptionAlgorithmIdentifier,
   encryptedData EncryptedData }

 EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier

 EncryptedData ::= OCTET STRING
 

Typical usage of this class would be the following:

To encrypt a private key using the password "myPassword" and store it in a file with the above format,

 PKCS8EncryptedPrivateKey encKey = new PKCS8EncryptedPrivateKey(privateKey);
 FileOutputStream fos = new FileOutputStream(fileName);
 encKey.encrypt("myPassword".toCharArray());
 fos.write(encKey.getEncoded());
 
Conversely, to decrypt the encrypted private key stored in the file "fileName",
 FileInputStream fis = new FileInputStream("fileName"); 
 PKCS8EncryptedPrivateKey encKey = new PKCS8EncryptedPrivateKey(fis);
 encKey.decrypt("myPassword".toCharArray());
 PrivateKey privateKey = encKey.getPrivateKey();
 


Constructor Summary
PKCS8EncryptedPrivateKey(byte[] encoded)
           Construct a PKCS8EncryptedPrivateKey object from a byte array.
PKCS8EncryptedPrivateKey(InputStream is)
           Construct a PKCS8EncryptedPrivateKey object from an InputStream .
PKCS8EncryptedPrivateKey(PrivateKey priv)
           Construct a PKCS8EncryptedPrivateKey object from a PrivateKey object.
PKCS8EncryptedPrivateKey(PrivateKey priv, String alg)
           Construct a PKCS8EncryptedPrivateKey object from a PrivateKey object and an algorithm.
 
Method Summary
 void decrypt(char[] password)
           Decrypt the PKCS8EncryptedPrivateKey object using the given password.
 void decrypt(PBEKeySpec keySpec)
           Decrypt the PKCS8EncryptedPrivateKey object using the PBEKeySpec object.
 void encrypt(char[] password)
           Encrypt the PKCS8EncryptedPrivateKey object using the given password.
 void encrypt(PBEKeySpec keySpec)
           Encrypt the PKCS8EncryptedPrivateKey object using the PBEKeySpec object.
 byte[] getEncoded()
           Returns the DER encoding of this PKCS8EncryptedPrivateKey object.
 PrivateKey getPrivateKey()
           Returns the PrivateKey associated with this object.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PKCS8EncryptedPrivateKey

public PKCS8EncryptedPrivateKey(PrivateKey priv)

Construct a PKCS8EncryptedPrivateKey object from a PrivateKey object.

The algorithm used to encrypt the private key is PBE with MD5 and DES/CBC.

Parameters:
priv - the private key to encrypt.

PKCS8EncryptedPrivateKey

public PKCS8EncryptedPrivateKey(PrivateKey priv,
                                String alg)

Construct a PKCS8EncryptedPrivateKey object from a PrivateKey object and an algorithm. The following algorithms are supported:

 PBEwithMD5AndDES_CBC
 PBEwithSHAAnd3_KeyTripleDES_CBC
 PBEwithSHAAnd40BitRC2_CBC
 PBEwithSHAAnd40BitRC4
 PBEwithSHAAnd128BitRC2_CBC
 PBEwithSHAAnd128BitRC4
 
Parameters:
priv - the private key to encrypt.
alg - the algorithm used to encrypt the key.

PKCS8EncryptedPrivateKey

public PKCS8EncryptedPrivateKey(InputStream is)
                         throws PKCS8Exception,
                                IOException

Construct a PKCS8EncryptedPrivateKey object from an InputStream .

Parameters:
is - the InputStream containing the PKCS#8 encrypted key.
Throws:
PKCS8Exception - if the data in the InputStream is not in the correct format.
IOException -  

PKCS8EncryptedPrivateKey

public PKCS8EncryptedPrivateKey(byte[] encoded)
                         throws PKCS8Exception

Construct a PKCS8EncryptedPrivateKey object from a byte array.

Parameters:
encoded - the byte array containing the PKCS#8 encrypted key.
Throws:
PKCS8Exception - if the data in the byte array is not in the correct format.
Method Detail

encrypt

public void encrypt(char[] password)
             throws PKCS8Exception

Encrypt the PKCS8EncryptedPrivateKey object using the given password.

Parameters:
password - the character array containing the password used to encrypt the key.
Throws:
PKCS8Exception - if the encryption process fails.

encrypt

public void encrypt(PBEKeySpec keySpec)
             throws PKCS8Exception

Encrypt the PKCS8EncryptedPrivateKey object using the PBEKeySpec object.

Parameters:
keySpec - the PBEKeySpec containing the password used to encrypt the key.
Throws:
PKCS8Exception - if the encryption process fails.

decrypt

public void decrypt(char[] password)
             throws PKCS8Exception

Decrypt the PKCS8EncryptedPrivateKey object using the given password.

Parameters:
password - the character array containing the password used to decrypt the PKCS#8 encrypted key.
Throws:
PKCS8Exception - if the decryption process fails.

decrypt

public void decrypt(PBEKeySpec keySpec)
             throws PKCS8Exception

Decrypt the PKCS8EncryptedPrivateKey object using the PBEKeySpec object.

Parameters:
keySpec - the PBEKeySpec containing the password used to decrypt the key.
Throws:
PKCS8Exception - if the decryption process fails.

getEncoded

public byte[] getEncoded()
                  throws PKCS8Exception

Returns the DER encoding of this PKCS8EncryptedPrivateKey object.

Throws:
PKCS8Exception - if encrypt() has not yet been called.

getPrivateKey

public PrivateKey getPrivateKey()
                         throws PKCS8Exception

Returns the PrivateKey associated with this object.

Throws:
PKCS8Exception - if decrypt() has not yet been called.