org.mozilla.jss.pkcs11

Class PK11KeyPairGenerator


public final class PK11KeyPairGenerator
extends KeyPairGeneratorSpi

A Key Pair Generator implemented using PKCS #11.
See Also:
PQGParams

Field Summary

static PQGParams
PQG1024
Pre-cooked PQG values for 1024-bit keypairs, along with the seed, counter, and H values needed to verify them.
static PQGParams
PQG512
Pre-cooked PQG values for 512-bit keypairs, along with the seed, counter, and H values needed to verify them.
static PQGParams
PQG768
Pre-cooked PQG values for 768-bit keypairs, along with the seed, counter, and H values needed to verify them.

Constructor Summary

PK11KeyPairGenerator(PK11Token token, KeyPairAlgorithm algorithm)
Constructor for PK11KeyPairGenerator.

Method Summary

KeyPair
generateKeyPair()
Generates a key pair on a token.
void
initialize(AlgorithmParameterSpec params, SecureRandom random)
Initializes this KeyPairGenerator with the given algorithm-specific parameters.
void
initialize(int strength, SecureRandom random)
Initializes this KeyPairGenerator with the given key strength.
boolean
keygenOnInternalToken()
void
temporaryPairs(boolean temp)

Methods inherited from class org.mozilla.jss.crypto.KeyPairGeneratorSpi

generateKeyPair, initialize, initialize, keygenOnInternalToken, temporaryPairs

Field Details

PQG1024

public static final PQGParams PQG1024
Pre-cooked PQG values for 1024-bit keypairs, along with the seed, counter, and H values needed to verify them.

PQG512

public static final PQGParams PQG512
Pre-cooked PQG values for 512-bit keypairs, along with the seed, counter, and H values needed to verify them.

PQG768

public static final PQGParams PQG768
Pre-cooked PQG values for 768-bit keypairs, along with the seed, counter, and H values needed to verify them.

Constructor Details

PK11KeyPairGenerator

public PK11KeyPairGenerator(PK11Token token,
                            KeyPairAlgorithm algorithm)
            throws NoSuchAlgorithmException,
                   TokenException
Constructor for PK11KeyPairGenerator.
Parameters:
token - The PKCS #11 token that the keypair will be generated on.
algorithm - The type of key that will be generated. Currently, KeyPairAlgorithm.RSA and KeyPairAlgorithm.DSA are supported.

Method Details

generateKeyPair

public KeyPair generateKeyPair()
            throws TokenException
Generates a key pair on a token. Uses parameters if they were passed in through a call to initialize, otherwise uses defaults.
Overrides:
generateKeyPair in interface KeyPairGeneratorSpi

initialize

public void initialize(AlgorithmParameterSpec params,
                       SecureRandom random)
            throws InvalidAlgorithmParameterException
Initializes this KeyPairGenerator with the given algorithm-specific parameters.
Overrides:
initialize in interface KeyPairGeneratorSpi
Parameters:
params - The algorithm-specific parameters that will govern key pair generation.
random - Ignored

initialize

public void initialize(int strength,
                       SecureRandom random)
            throws InvalidParameterException
Initializes this KeyPairGenerator with the given key strength.

For DSA key generation, pre-cooked PQG values will be used be used if the key size is 512, 768, or 1024. Otherwise, an InvalidParameterException will be thrown.

Overrides:
initialize in interface KeyPairGeneratorSpi
Parameters:
strength - The strength (size) of the keys that will be generated.
random - Ignored

keygenOnInternalToken

public boolean keygenOnInternalToken()
Overrides:
keygenOnInternalToken in interface KeyPairGeneratorSpi
Returns:
true if the keypair generation will be done on the internal token and then moved to this token.

temporaryPairs

public void temporaryPairs(boolean temp)
Overrides:
temporaryPairs in interface KeyPairGeneratorSpi