com.netscape.certsrv.security
Interface IEncryptionUnit

All Superinterfaces:
IToken
All Known Subinterfaces:
IStorageKeyUnit, ITransportKeyUnit

public interface IEncryptionUnit
extends IToken

An interface represents a encryption unit.

Version:
$Revision: 1211 $, $Date: 2010-08-18 10:15:37 -0700 (Wed, 18 Aug 2010) $

Method Summary
 byte[] decryptExternalPrivate(byte[] sessionKey, java.lang.String symmAlgOID, byte[] symmAlgParams, byte[] privateKey)
          Decrypts the external private key (private key from the end-user).
 byte[] decryptInternalPrivate(byte[] wrappedPrivateData)
          Decrypts the internal private key (private key from the KRA's internal storage).
 byte[] encryptInternalPrivate(byte[] rawPrivate)
          Encrypts the internal private key (private key to the KRA's internal storage).
 java.security.PublicKey getPublicKey()
          Retrieves the public key in this unit.
 org.mozilla.jss.crypto.PrivateKey unwrap(byte[] privateKey, java.security.PublicKey pubKey)
          Unwraps data.
 org.mozilla.jss.crypto.PrivateKey unwrap(byte[] sessionKey, java.lang.String symmAlgOID, byte[] symmAlgParams, byte[] privateKey, java.security.PublicKey pubKey)
          Unwraps data.
 void verify(java.security.PublicKey publicKey, org.mozilla.jss.crypto.PrivateKey privateKey)
          Verifies the given key pair.
 byte[] wrap(org.mozilla.jss.crypto.PrivateKey priKey)
          Wraps data.
 
Methods inherited from interface com.netscape.certsrv.security.IToken
login, logout
 

Method Detail

getPublicKey

java.security.PublicKey getPublicKey()
Retrieves the public key in this unit.

Returns:
public key

wrap

byte[] wrap(org.mozilla.jss.crypto.PrivateKey priKey)
            throws EBaseException
Wraps data. The given key will be wrapped by the private key in this unit.

Parameters:
priKey - private key to be wrapped
Returns:
wrapped data
Throws:
EBaseException - failed to wrap

verify

void verify(java.security.PublicKey publicKey,
            org.mozilla.jss.crypto.PrivateKey privateKey)
            throws EBaseException
Verifies the given key pair.

Parameters:
publicKey - public key
privateKey - private key
Throws:
EBaseException

unwrap

org.mozilla.jss.crypto.PrivateKey unwrap(byte[] sessionKey,
                                         java.lang.String symmAlgOID,
                                         byte[] symmAlgParams,
                                         byte[] privateKey,
                                         java.security.PublicKey pubKey)
                                         throws EBaseException
Unwraps data. This method rebuilds the private key by unwrapping the private key data.

Parameters:
sessionKey - session key that unwrap the private key
symmAlgOID - symmetric algorithm
symmAlgParams - symmetric algorithm parameters
privateKey - private key data
pubKey - public key
Returns:
private key object
Throws:
EBaseException - failed to unwrap

unwrap

org.mozilla.jss.crypto.PrivateKey unwrap(byte[] privateKey,
                                         java.security.PublicKey pubKey)
                                         throws EBaseException
Unwraps data. This method rebuilds the private key by unwrapping the private key data.

Parameters:
privateKey - private key data
pubKey - public key object
Returns:
private key object
Throws:
EBaseException - failed to unwrap

encryptInternalPrivate

byte[] encryptInternalPrivate(byte[] rawPrivate)
                              throws EBaseException
Encrypts the internal private key (private key to the KRA's internal storage).

Parameters:
rawPrivate - user's private key (key to be archived)
Returns:
encrypted data
Throws:
EBaseException - failed to encrypt

decryptInternalPrivate

byte[] decryptInternalPrivate(byte[] wrappedPrivateData)
                              throws EBaseException
Decrypts the internal private key (private key from the KRA's internal storage).

Parameters:
wrappedPrivateData - unwrapped private key data (key to be recovered)
Returns:
raw private key
Throws:
EBaseException - failed to decrypt

decryptExternalPrivate

byte[] decryptExternalPrivate(byte[] sessionKey,
                              java.lang.String symmAlgOID,
                              byte[] symmAlgParams,
                              byte[] privateKey)
                              throws EBaseException
Decrypts the external private key (private key from the end-user).

Parameters:
sessionKey - session key that protects the user private
symmAlgOID - symmetric algorithm
symmAlgParams - symmetric algorithm parameters
privateKey - private key data
Returns:
private key data
Throws:
EBaseException - failed to decrypt