001/* 002 * jPOS Project [http://jpos.org] 003 * Copyright (C) 2000-2026 jPOS Software SRL 004 * 005 * This program is free software: you can redistribute it and/or modify 006 * it under the terms of the GNU Affero General Public License as 007 * published by the Free Software Foundation, either version 3 of the 008 * License, or (at your option) any later version. 009 * 010 * This program is distributed in the hope that it will be useful, 011 * but WITHOUT ANY WARRANTY; without even the implied warranty of 012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 013 * GNU Affero General Public License for more details. 014 * 015 * You should have received a copy of the GNU Affero General Public License 016 * along with this program. If not, see <http://www.gnu.org/licenses/>. 017 */ 018 019package org.jpos.security; 020 021import org.jpos.util.Loggeable; 022 023import java.io.Serializable; 024 025 026/** 027 * Represents a key that cannot be used except by your security module and for 028 * performing the operations allowed by the security module for this type 029 * of keys. 030 * 031 * So, a SecureKey can be safely stored in a clear file or database. 032 * 033 * <p> 034 * A SecureKey is typically a key encrypted under one of the secret keys that are 035 * protected by the security module itself (Local Master Keys --LMK for short).<br> 036 * </p> 037 * <p> 038 * SecureKey just holds:<br> 039 * 1- Secure Key: a byte[] holding the key in the secure proprietary format 040 * of your security module. This is typically the clear key encrypted under LMK.<br> 041 * 2- Key Type: identifies what this key can be used for (e.g. TYPE_ZPK 042 * (Zone PIN Key), TYPE_ZMK (Zone Master Key)...<BR> 043 * 3- Key Length (in bits): also called key size. e.g. LENGTH_DES, LENGTH_DES3_2KEY,...etc. 044 * This is not necessarily deducible from the length of the byte[] holding 045 * the secure key bytes, since encryption under LMK is proprietary to the 046 * security module. 047 * </p> 048 * <p> 049 * NOTE: The security of SecureKey is totally dependent on the security of 050 * the used security module. 051 * </p> 052 * @author Hani S. Kirollos 053 * @version $Revision$ $Date$ 054 * @see SMAdapter SMAdapter 055 * 056 */ 057public abstract class SecureKey 058 implements Serializable, Loggeable { 059 /** 060 * Secure Key Bytes 061 */ 062 protected byte[] keyBytes = null; 063 064 /** 065 * The keyCheckValue allows identifying which clear key does this 066 * secure key represent. 067 */ 068 protected byte[] keyCheckValue; 069 070 /** 071 * This is the bit length of the key 072 * This can be: LENGTH_DES, LENGTH_DES3_2KEY, ... 073 */ 074 protected short keyLength; 075 /** 076 * Key Type is useful for stating what this key can be used for. 077 * The value of Key Type specifies whether this encryped key is a 078 * TYPE_TMK (Terminal Master Key), TYPE_ZPK (Zone PIN Key)....<BR> 079 */ 080 protected String keyType; 081 082 /** 083 * Key scheme indicates protection metchod appiled to this key by 084 * a security module. 085 */ 086 protected KeyScheme scheme; 087 088 /** 089 * Optional key name 090 */ 091 protected String keyName; 092 093 /** 094 * Sets the secure key bytes 095 * @param keyBytes byte[] representing the secured key bytes 096 */ 097 public void setKeyBytes (byte[] keyBytes) { 098 this.keyBytes = keyBytes; 099 } 100 101 /** 102 * @return The byte[] holding the secure key Bytes 103 */ 104 public byte[] getKeyBytes () { 105 return keyBytes; 106 } 107 108 /** 109 * The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a 110 * block of zeros under the secure key when the secure key is clear 111 * (not in this class, but inside the security module). 112 * This check value allows identifying if two secure keys map to the 113 * same clear key. 114 * @param keyCheckValue 115 */ 116 public void setKeyCheckValue (byte[] keyCheckValue) { 117 this.keyCheckValue = keyCheckValue; 118 } 119 120 /** 121 * The Key Check Value is typically a 24-bits (3 bytes) formed by encrypting a 122 * block of zeros under the secure key when the secure key is clear 123 * (not in this class, but inside the security module). 124 * @return the keyCheckValue that was set before by setKeyCheckValue() 125 */ 126 public byte[] getKeyCheckValue () { 127 return keyCheckValue; 128 } 129 130 /** 131 * Sets the length of the key (in bits) (when it was still clear). 132 * This might be different than the bit length of the secureKeyBytes. 133 * @param keyLength 134 */ 135 public void setKeyLength (short keyLength) { 136 this.keyLength = keyLength; 137 } 138 139 /** 140 * @return The Length of the secure key (when it was still clear) 141 */ 142 public short getKeyLength () { 143 return keyLength; 144 } 145 146 /** 147 * Key Type is useful for stating what this key can be used for. 148 * The value of Key Type specifies whether this secure key is a 149 * TYPE_TMK (Terminal Master Key), TYPE_ZPK (Zone PIN Key)....<BR> 150 * @param keyType 151 */ 152 public void setKeyType (String keyType) { 153 this.keyType = keyType; 154 } 155 156 /** 157 * Key Type is useful for stating what this key can be used for. 158 * The value of Key Type specifies whether this secure key is a 159 * TYPE_TMK (Terminal Master Key), TYPE_ZPK (Zone PIN Key)....<BR> 160 * @return keyType 161 */ 162 public String getKeyType () { 163 return this.keyType; 164 } 165 166 /** 167 * Key scheme indicates protection metchod appiled to this key by 168 * the security module. 169 * 170 * @param scheme key scheme used to protect this key. 171 */ 172 public void setScheme(KeyScheme scheme) { 173 this.scheme = scheme; 174 } 175 176 /** 177 * Gets the key scheme used to protect this key. 178 * 179 * @return key scheme used to protect this key. 180 */ 181 public abstract KeyScheme getScheme(); 182 183 /** 184 * optional key name 185 */ 186 public String getKeyName() { 187 return this.keyName; 188 } 189 /** 190 * optional key name 191 * @param keyName string 192 */ 193 public void setKeyName (String keyName) { 194 this.keyName = keyName; 195 } 196} 197