public class PKCS8Key extends Object
Can handle base64 PEM, or raw DER. Can handle PKCS8 Version 1.5 and 2.0. Can also handle OpenSSL encrypted or unencrypted private keys (DSA or RSA).
The PKCS12 key derivation (the "pkcs12()" method) comes from BouncyCastle.
Modifier and Type | Class and Description |
---|---|
static class |
PKCS8Key.DecryptResult |
Modifier and Type | Field and Description |
---|---|
private byte[] |
decryptedBytes |
static String |
DSA_OID |
private boolean |
isDSA |
private boolean |
isRSA |
private int |
keySize |
static String |
OPENSSL_DSA |
static String |
OPENSSL_RSA |
static String |
PKCS8_ENCRYPTED |
static String |
PKCS8_UNENCRYPTED |
private PrivateKey |
privateKey |
static String |
RSA_OID |
private String |
transformation |
Constructor and Description |
---|
PKCS8Key(byte[] encoded,
char[] password) |
PKCS8Key(ByteArrayInputStream in,
char[] password) |
PKCS8Key(InputStream in,
char[] password) |
Modifier and Type | Method and Description |
---|---|
private static boolean |
allZeroes(byte[] b) |
static PKCS8Key.DecryptResult |
decrypt(String cipher,
String mode,
DerivedKey dk,
boolean des2,
byte[] iv,
byte[] encryptedBytes) |
private static PKCS8Key.DecryptResult |
decryptPKCS8(ASN1Structure pkcs8,
char[] password) |
static DerivedKey |
deriveKeyPKCS12(char[] password,
byte[] salt,
int iterations,
int keySizeInBits,
int ivSizeInBits,
MessageDigest md) |
static DerivedKey |
deriveKeyV1(byte[] password,
byte[] salt,
int iterations,
int keySizeInBits,
int ivSizeInBits,
MessageDigest md) |
static DerivedKey |
deriveKeyV2(byte[] password,
byte[] salt,
int iterations,
int keySizeInBits,
int ivSizeInBits,
Mac mac) |
static byte[] |
encode(ASN1Encodable der) |
static byte[] |
formatAsPKCS8(byte[] privateKey,
String oid,
ASN1Structure pkcs8) |
static Cipher |
generateCipher(String cipher,
String mode,
DerivedKey dk,
boolean des2,
byte[] iv,
boolean decryptMode) |
byte[] |
getDecryptedBytes() |
int |
getKeySize() |
PrivateKey |
getPrivateKey() |
PublicKey |
getPublicKey() |
String |
getTransformation() |
boolean |
isDSA() |
boolean |
isRSA() |
static void |
main(String[] args) |
private static PKCS8Key.DecryptResult |
opensslDecrypt(PEMItem item,
char[] password) |
private static byte[] |
pkcs12(int idByte,
int n,
byte[] salt,
byte[] password,
int iterationCount,
MessageDigest md)
This PKCS12 key derivation code comes from BouncyCastle.
|
public static final String RSA_OID
public static final String DSA_OID
public static final String PKCS8_UNENCRYPTED
public static final String PKCS8_ENCRYPTED
public static final String OPENSSL_RSA
public static final String OPENSSL_DSA
private final PrivateKey privateKey
private final byte[] decryptedBytes
private final String transformation
private final int keySize
private final boolean isDSA
private final boolean isRSA
public PKCS8Key(InputStream in, char[] password) throws GeneralSecurityException, IOException
in
- pkcs8 file to parse (pem or der, encrypted or unencrypted)password
- password to decrypt the pkcs8 file. Ignored if the
supplied pkcs8 is already unencrypted.GeneralSecurityException
- If a parsing or decryption problem
occured.IOException
- If the supplied InputStream could not be read.public PKCS8Key(ByteArrayInputStream in, char[] password) throws GeneralSecurityException
in
- pkcs8 file to parse (pem or der, encrypted or unencrypted)password
- password to decrypt the pkcs8 file. Ignored if the
supplied pkcs8 is already unencrypted.GeneralSecurityException
- If a parsing or decryption problem
occured.public PKCS8Key(byte[] encoded, char[] password) throws GeneralSecurityException
encoded
- pkcs8 file to parse (pem or der, encrypted or unencrypted)password
- password to decrypt the pkcs8 file. Ignored if the
supplied pkcs8 is already unencrypted.GeneralSecurityException
- If a parsing or decryption problem
occured.public boolean isRSA()
public boolean isDSA()
public String getTransformation()
public int getKeySize()
public byte[] getDecryptedBytes()
public PrivateKey getPrivateKey()
public PublicKey getPublicKey() throws GeneralSecurityException
GeneralSecurityException
private static PKCS8Key.DecryptResult opensslDecrypt(PEMItem item, char[] password) throws GeneralSecurityException
GeneralSecurityException
public static Cipher generateCipher(String cipher, String mode, DerivedKey dk, boolean des2, byte[] iv, boolean decryptMode) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException
public static PKCS8Key.DecryptResult decrypt(String cipher, String mode, DerivedKey dk, boolean des2, byte[] iv, byte[] encryptedBytes) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
private static PKCS8Key.DecryptResult decryptPKCS8(ASN1Structure pkcs8, char[] password) throws GeneralSecurityException
GeneralSecurityException
public static DerivedKey deriveKeyV1(byte[] password, byte[] salt, int iterations, int keySizeInBits, int ivSizeInBits, MessageDigest md)
public static DerivedKey deriveKeyPKCS12(char[] password, byte[] salt, int iterations, int keySizeInBits, int ivSizeInBits, MessageDigest md)
private static byte[] pkcs12(int idByte, int n, byte[] salt, byte[] password, int iterationCount, MessageDigest md)
idByte
- 1 == key, 2 == ivn
- keysize or ivsizesalt
- 8 byte saltpassword
- passworditerationCount
- iteration-countmd
- The message digest to usepublic static DerivedKey deriveKeyV2(byte[] password, byte[] salt, int iterations, int keySizeInBits, int ivSizeInBits, Mac mac) throws InvalidKeyException
InvalidKeyException
public static byte[] formatAsPKCS8(byte[] privateKey, String oid, ASN1Structure pkcs8)
private static boolean allZeroes(byte[] b)
public static byte[] encode(ASN1Encodable der) throws IOException
IOException