Package org.mozilla.jss.pkcs11

Class PK11KeyPairGenerator

java.lang.Object
org.mozilla.jss.crypto.KeyPairGeneratorSpi
org.mozilla.jss.pkcs11.PK11KeyPairGenerator
public final class PK11KeyPairGenerator extends KeyPairGeneratorSpi
A Key Pair Generator implemented using PKCS #11.
See Also:

  • Field Details

  • Constructor Details

  • Method Details

    • initialize

      public void initialize(int strength, SecureRandom random) throws InvalidParameterException
      Initializes this KeyPairGenerator with the given key strength.

      For DSA key generation, pre-cooked PQG values will be used be used if the key size is 512, 768, or 1024. Otherwise, an InvalidParameterException will be thrown.

      Specified by:
      initialize in class KeyPairGeneratorSpi
      Parameters:
      strength - The strength (size) of the keys that will be generated.
      random - Ignored
      Throws:
      InvalidParameterException - If the key strength is not supported by the algorithm or this implementation.

    • initialize

      public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException
      Initializes this KeyPairGenerator with the given algorithm-specific parameters.
      Specified by:
      initialize in class KeyPairGeneratorSpi
      Parameters:
      params - The algorithm-specific parameters that will govern key pair generation.
      random - Ignored
      Throws:
      InvalidAlgorithmParameterException - If the parameters are inappropriate for the key type or are not supported by this implementation.

    • generateKeyPair

      public KeyPair generateKeyPair() throws TokenException
      Generates a key pair on a token. Uses parameters if they were passed in through a call to initialize, otherwise uses defaults.
      Specified by:
      generateKeyPair in class KeyPairGeneratorSpi
      Returns:
      Throws:
      TokenException

    • keygenOnInternalToken

      public boolean keygenOnInternalToken()
      Specified by:
      keygenOnInternalToken in class KeyPairGeneratorSpi
      Returns:
      true if the keypair generation will be done on the internal token and then moved to this token.

    • generateRSAKeyPair

      private KeyPair generateRSAKeyPair(PK11Token token, int keySize, long publicExponent, boolean temporary, int sensitive, int extractable) throws TokenException
      Generates an RSA key pair with the given size and public exponent.
      Throws:
      TokenException

    • generateRSAKeyPairWithOpFlags

      private KeyPair generateRSAKeyPairWithOpFlags(PK11Token token, int keySize, long publicExponent, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) throws TokenException
      Generates an RSA key pair with the given size and public exponent. Adds the ability to specify a set of flags and masks to control how NSS generates the key pair.
      Throws:
      TokenException

    • generateDSAKeyPair

      private KeyPair generateDSAKeyPair(PK11Token token, byte[] P, byte[] Q, byte[] G, boolean temporary, int sensitive, int extractable) throws TokenException
      Generates a DSA key pair with the given P, Q, and G values. P, Q, and G are stored as big-endian twos-complement octet strings.
      Throws:
      TokenException

    • generateDSAKeyPairWithOpFlags

      private KeyPair generateDSAKeyPairWithOpFlags(PK11Token token, byte[] P, byte[] Q, byte[] G, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) throws TokenException
      Generates a DSA key pair with the given P, Q, and G values. P, Q, and G are stored as big-endian twos-complement octet strings. Adds the ability to specify a set of flags and masks to control how NSS generates the key pair.
      Throws:
      TokenException

    • generateMLDSAKeyPair

      private KeyPair generateMLDSAKeyPair(PK11Token token, int size, boolean temporary, int sensitive, int extractable) throws TokenException
      Generates a ML-DSA key pair with the given security level. Security level as defined by NIST can be the value 44, 65 or 87.
      Throws:
      TokenException

    • generateMLDSAKeyPairWithOpFlags

      private KeyPair generateMLDSAKeyPairWithOpFlags(PK11Token token, int size, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) throws TokenException
      Generates a ML-DSA key pair with the given security level. Security level as defined by NIST can be the value 44, 65 or 87. Adds the ability to specify a set of flags and masks to control how NSS generates the key pair.
      Throws:
      TokenException

    • generateECKeyPair

      private KeyPair generateECKeyPair(PK11Token token, byte[] Curve, boolean temporary, int sensitive, int extractable) throws TokenException
      Generates a EC key pair with the given a curve. Curves are stored as DER Encoded Parameters.
      Throws:
      TokenException

    • generateECKeyPairWithOpFlags

      private KeyPair generateECKeyPairWithOpFlags(PK11Token token, byte[] Curve, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) throws TokenException
      Generates a EC key pair with the given a curve. Curves are stored as DER Encoded Parameters. Adds the ability to specify a set of flags and masks to control how NSS generates the key pair.
      Throws:
      TokenException

    • testDefaults

      private static void testDefaults()

    • temporaryPairs

      public void temporaryPairs(boolean temp)
      Specified by:
      temporaryPairs in class KeyPairGeneratorSpi

    • sensitivePairs

      public void sensitivePairs(boolean sensitive)
      Specified by:
      sensitivePairs in class KeyPairGeneratorSpi

    • extractablePairs

      public void extractablePairs(boolean extractable)
      Specified by:
      extractablePairs in class KeyPairGeneratorSpi

    • setKeyPairUsages

      public void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages, KeyPairGeneratorSpi.Usage[] usages_mask)
      Sets the requested key usages desired for the generated key pair. This allows the caller to suggest how NSS generates the key pair.
      Specified by:
      setKeyPairUsages in class KeyPairGeneratorSpi
      Parameters:
      usages - List of desired key usages.
      usages_mask - Corresponding mask for the key usages. if a usages is desired, make sure it is in the mask as well.

    • getCurveCodeByName

      public int getCurveCodeByName(String curveName) throws InvalidParameterException
      Specified by:
      getCurveCodeByName in class KeyPairGeneratorSpi
      Throws:
      InvalidParameterException

    • getECCurve

      private AlgorithmParameterSpec getECCurve(int curvecode) throws InvalidParameterException
      Throws:
      InvalidParameterException

    • getCurve

      private AlgorithmParameterSpec getCurve(int strength) throws InvalidParameterException
      Throws:
      InvalidParameterException