org.jpos.security

Class SecureKeySpec

java.lang.Object

org.jpos.security.SecureKeySpec

All Implemented Interfaces:

java.io.Serializable, Loggeable

public class SecureKeySpec
extends java.lang.Object
implements java.io.Serializable, Loggeable

This class contains a set of desirable key properties that can be passed to an HSM device for example to generate a key or import it.

This class is not intended to use for key storage. It can contain confidentional data like key length. That is why they should not be kept persistently anywhere.

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
protected Algorithm	algorithm The cryptographic algorithm with which the key contained in key block will be used.
protected Exportability	exportability The conditions under which the key can be exported outside the cryptographic domain.
protected byte[]	keyBlockMAC The key block MAC ensures the integrity of the key block, and is calculated over the Header, Optional Header Blocks and the encrypted Key Data.
protected char	keyBlockVersion Identifies the method by which the key block is cryptographically protected and the content layout of the block.
protected byte[]	keyBytes Secure Key Bytes.
protected byte[]	keyCheckValue The keyCheckValue allows identifying which clear key does this secure key represent.
protected int	keyLength The key length is expressed in bits and refers to clear key (before LMK protection).
protected java.lang.String	keyName Optional key name.
protected java.lang.String	keyType Key Type is useful for stating what this key can be used for.
protected KeyUsage	keyUsage The primary usage of the key contained in the key block.
protected java.lang.String	keyVersion Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.
protected ModeOfUse	modeOfUse The operation that the key contained in the key block can perform.
protected java.util.Map<java.lang.String,java.lang.String>	optionalHeaders The TR-31 Key Block format allows a key block to contain up to 99 Optional Header Blocks which can be used to include additional (optional) data within the Key Block.
protected java.lang.String	reserved This element is not specified by TR-31 (should contain two ASCII zeros).
protected KeyScheme	scheme Key scheme indicates protection metchod appiled to this key by a security module.
protected int	variant Indicates key protection variant metchod appiled to this key by a security module.

Constructor Summary

Constructors

Constructor and Description
SecureKeySpec()

Method Summary

Modifier and Type	Method and Description
void	dump(java.io.PrintStream p, java.lang.String indent) Dumps SecureKeySpec information.
protected java.lang.String	formKeyHeader(java.lang.String indent)
Algorithm	getAlgorithm() The cryptographic algorithm with which the key contained in key block will be used.
Exportability	getExportability() The conditions under which the key can be exported outside the cryptographic domain.
byte[]	getKeyBlockMAC() The key block MAC ensures the integrity of the key block.
char	getKeyBlockVersion() Identifies the method by which the key block is cryptographically protected and the content layout of the block.
byte[]	getKeyBytes()
byte[]	getKeyCheckValue() The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a block of zeros under the secure key when the secure key is clear.
int	getKeyLength() Gets the length of the key.
java.lang.String	getKeyName() Gets optional key name.
java.lang.String	getKeyType() Key Type is useful for stating what this key can be used for.
KeyUsage	getKeyUsage() The primary usage of the key contained in the key block.
java.lang.String	getKeyVersion() Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.
ModeOfUse	getModeOfUse() The operation that the key contained in the key block can perform.
java.util.Map<java.lang.String,java.lang.String>	getOptionalHeaders() The key blok Optional Header Blocks.
java.lang.String	getReserved() This element is not specified by TR-31 (should contain two ASCII zeros).
KeyScheme	getScheme() Gets the key scheme used to protect this key.
int	getVariant() Gets the key variant method used to protect this key.
void	setAlgorithm(Algorithm algorithm)
void	setExportability(Exportability exportability)
void	setKeyBlockMAC(byte[] keyBlockMAC)
void	setKeyBlockVersion(char keyBlockVersion)
void	setKeyBytes(byte[] keyBytes) Sets the secure key bytes.
void	setKeyCheckValue(byte[] keyCheckValue) The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a block of zeros under the secure key when the secure key is clear.
void	setKeyLength(int keyLength) Sets the length of the key.
void	setKeyName(java.lang.String keyName) Sets optional key name.
void	setKeyType(java.lang.String keyType) Key Type is useful for stating what this key can be used for.
void	setKeyUsage(KeyUsage keyUsage)
void	setKeyVersion(java.lang.String keyVersion)
void	setModeOfUse(ModeOfUse modeOfUse)
void	setReserved(java.lang.String reserved)
void	setScheme(KeyScheme scheme) Key scheme indicates protection metchod appiled to this key by the security module.
void	setVariant(int variant) Sets key protection variant metchod appiled to this key by the security module.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

scheme

protected KeyScheme scheme

Key scheme indicates protection metchod appiled to this key by a security module.

keyLength

protected int keyLength

The key length is expressed in bits and refers to clear key (before LMK protection).

keyType

protected java.lang.String keyType

Key Type is useful for stating what this key can be used for.

The value of Key Type specifies whether this encryped key is a

• SMAdapter.TYPE_TMK Terminal Master Key
• SMAdapter.TYPE_ZPK Zone PIN Key
• or others

variant

protected int variant

Indicates key protection variant metchod appiled to this key by a security module.

keyBytes

protected byte[] keyBytes

Secure Key Bytes.

keyCheckValue

protected byte[] keyCheckValue

The keyCheckValue allows identifying which clear key does this secure key represent.

keyBlockVersion

protected char keyBlockVersion

Identifies the method by which the key block is cryptographically protected and the content layout of the block.

keyUsage

protected KeyUsage keyUsage

The primary usage of the key contained in the key block.

algorithm

protected Algorithm algorithm

The cryptographic algorithm with which the key contained in key block will be used.

modeOfUse

protected ModeOfUse modeOfUse

The operation that the key contained in the key block can perform.

keyVersion

protected java.lang.String keyVersion

Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.

exportability

protected Exportability exportability

The conditions under which the key can be exported outside the cryptographic domain.

reserved

protected java.lang.String reserved

This element is not specified by TR-31 (should contain two ASCII zeros).

In proprietary derivatives can be used as e.g: LMK identifier.

optionalHeaders

protected final java.util.Map<java.lang.String,java.lang.String> optionalHeaders

The TR-31 Key Block format allows a key block to contain up to 99 Optional Header Blocks which can be used to include additional (optional) data within the Key Block.

keyBlockMAC

protected byte[] keyBlockMAC

The key block MAC ensures the integrity of the key block, and is calculated over the Header, Optional Header Blocks and the encrypted Key Data.

keyName

protected java.lang.String keyName

Optional key name.

Constructor Detail

SecureKeySpec

public SecureKeySpec()

Method Detail

setScheme

public void setScheme(KeyScheme scheme)

Key scheme indicates protection metchod appiled to this key by the security module.

Parameters:

scheme - key scheme used to protect this key.

getScheme

public KeyScheme getScheme()

Gets the key scheme used to protect this key.

Returns:

key scheme used to protect this key.

setKeyLength

public void setKeyLength(int keyLength)

Sets the length of the key.

The key length is expressed in bits and refers to clear key (before LMK protection) This might be different than the bit length of the secureKeyBytes.

Parameters:

keyLength -

getKeyLength

public int getKeyLength()

Gets the length of the key.

The key length is expressed in bits and refers to clear key (before LMK protection)

Returns:

The length of the clear key

setKeyType

public void setKeyType(java.lang.String keyType)

Key Type is useful for stating what this key can be used for.

The value of Key Type specifies whether this secure key is a

• SMAdapter.TYPE_TMK Terminal Master Key
• SMAdapter.TYPE_ZPK Zone PIN Key
• or others

Parameters:

keyType - type of the key

getKeyType

public java.lang.String getKeyType()

Key Type is useful for stating what this key can be used for.

The value of Key Type specifies whether this secure key is a

• SMAdapter.TYPE_TMK Terminal Master Key
• SMAdapter.TYPE_ZPK Zone PIN Key
• or others

Returns:

keyType type of the key

setVariant

public void setVariant(int variant)

Sets key protection variant metchod appiled to this key by the security module.

Parameters:

variant - key variant method used to protect this key.

getVariant

public int getVariant()

Gets the key variant method used to protect this key.

Returns:

key variant method used to protect this key.

getKeyBlockVersion

public char getKeyBlockVersion()

Identifies the method by which the key block is cryptographically protected and the content layout of the block.

Returns:

The key block version that corresponds to byte 0 of the key block.

setKeyBlockVersion

public void setKeyBlockVersion(char keyBlockVersion)

getKeyUsage

public KeyUsage getKeyUsage()

The primary usage of the key contained in the key block.

Returns:

The key usage that corresponds to bytes 5-6 of the key block.

setKeyUsage

public void setKeyUsage(KeyUsage keyUsage)

getAlgorithm

public Algorithm getAlgorithm()

The cryptographic algorithm with which the key contained in key block will be used.

Returns:

The key algorithm that corresponds to byte 7 of the key block.

setAlgorithm

public void setAlgorithm(Algorithm algorithm)

getModeOfUse

public ModeOfUse getModeOfUse()

The operation that the key contained in the key block can perform.

Returns:

The mode of use that corresponds to byte 8 of the key block.

setModeOfUse

public void setModeOfUse(ModeOfUse modeOfUse)

getKeyVersion

public java.lang.String getKeyVersion()

Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key.

Returns:

The key version that corresponds to bytes 9-10 of the key block.

setKeyVersion

public void setKeyVersion(java.lang.String keyVersion)

getExportability

public Exportability getExportability()

The conditions under which the key can be exported outside the cryptographic domain.

Returns:

The key exportability that corresponds to byte 11 of the key block.

setExportability

public void setExportability(Exportability exportability)

getReserved

public java.lang.String getReserved()

This element is not specified by TR-31 (should contain two ASCII zeros).

In proprietary derivatives can be used as e.g: LMK identifier.

Returns:

The reserved that corresponds to bytes 14-15 of the key block.

setReserved

public void setReserved(java.lang.String reserved)

getOptionalHeaders

public java.util.Map<java.lang.String,java.lang.String> getOptionalHeaders()

The key blok Optional Header Blocks.

The number of optional heders corresponds to bytes 12-13 of the key block.

The order of the elements in the map is preserved by LinkedHashMap

Returns:

map of Optional Key Blok Heders.

getKeyBlockMAC

public byte[] getKeyBlockMAC()

The key block MAC ensures the integrity of the key block.

It is calculated over the Header, Optional Header Blocks and the encrypted Key Data. The length of the MAC depends on the type of LMK key:

• 4 bytes for DES Key Block LMK
• 8 bytes for AES Key Block LMK

Returns:

calculated key block MAC value.

setKeyBlockMAC

public void setKeyBlockMAC(byte[] keyBlockMAC)

setKeyBytes

public void setKeyBytes(byte[] keyBytes)

Sets the secure key bytes.

Parameters:

keyBytes - bytes representing the secured key

getKeyBytes

public byte[] getKeyBytes()

Returns:

The bytes representing the secured key

setKeyCheckValue

public void setKeyCheckValue(byte[] keyCheckValue)

The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a block of zeros under the secure key when the secure key is clear.

This check value allows identifying if two secure keys map to the same clear key.

Parameters:

keyCheckValue - the Key Check Value

getKeyCheckValue

public byte[] getKeyCheckValue()

The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a block of zeros under the secure key when the secure key is clear.

Returns:

the Key Check Value

getKeyName

public java.lang.String getKeyName()

Gets optional key name.

Returns:

name of the key

setKeyName

public void setKeyName(java.lang.String keyName)

Sets optional key name.

Parameters:

keyName - name of the key

dump

public void dump(java.io.PrintStream p,
                 java.lang.String indent)

Dumps SecureKeySpec information.

Specified by:

dump in interface Loggeable

Parameters:

p - a print stream usually supplied by Logger

indent - indention string, usually suppiled by Logger

See Also:

Loggeable

formKeyHeader

protected java.lang.String formKeyHeader(java.lang.String indent)