AuthenticatedSafe (6.0 API Documentation)

java.lang.Object
- iaik.pkcs.pkcs12.AuthenticatedSafe

All Implemented Interfaces:

ASN1Type
```
public class AuthenticatedSafe
extends java.lang.Object
implements ASN1Type
```
This class implements the ASN.1 structure AuthenticatedSafe as defined in the PKCS#12 standard.
An AuthenticatedSafe object represents a PKCS#7 ContentInfo structure whose content type is either Data, EncryptedData, or EnvelopedData, depending on whether the supplied PKCS#12 SafeContents structure has to be ...
- ... left cryptographic "unprocessed" (mode UNENCRYPTED)
- ... password-based encrypted (mode PASSWORD_ENCRYPTED, password-privacy mode)
- ... public-key encrypted (mode PUBLIC_KEY_ENCRYPTED, public-key privacy mode)
This class does not support the public-key privacy mode!
The supplied SafeContents object consists of a sequence of SafaBags. A SafeBag represents one basic building block of a PFX PDU by collecting one particular piece of information (a key, a certificate, ...) together with some optional attributes. Currently, IAIK-JCE supports the three safe bag types keyBag, pkcs-8ShroudedKeyBag, and certBag.
All AuthenticatedSafe objects created as instances of this class are collected to form an AuthenticatedSafes object, which is DER encoded to give the content of a ContentInfo object of type Data. If password-integrity mode is chosen, the final PFX PDU is created by computing a SHA-1 HMAC on the contents of this Data object, but if public-key integrity mode is chosen, the Data from the previuos step is digitally signed by creating a SignedData ContentInfo structure:
```
 PFX ::= SEQUENCE {
   version     Version    -- V3(3) for this version.
   authSafes   ContentInfo,    -- from PKCS #7 v1.5
               -- SignedData in public-key integrity mode
               -- Data in password integrity mode
   macData     MacData OPTIONAL
               -- present only in password integrity mode
 }
 
```
For more information consult the PKCS#12 Personal Information Exchange Syntax Standard specification.

When creating a new AuthenticatedSafe object from a sequence of safe bags (constituting a SafeContents structure), you have to specify if the Data shall be left unencrypted, or if it shall be password-encrypted (remember that public-key privacy mode is not supported), e.g.:
```
 SafeBag[] safeBags = ...;
  ...
 AuthenticatedSafe authenticatedSafe = null;
 authenticatedSafe = new AuthenticatedSafe(AuthenticatedSafe.UNENCRYPTED, safeBags);
 
```
respectively:
```
 SafeBag[] safeBags = ...;
  ...
 AuthenticatedSafe authenticatedSafe = null;
 authenticatedSafe = new AuthenticatedSafe(AuthenticatedSafe.PASSWORD_ENCRYPTED, safeBags);
 
```
Version:

File Revision 30

See Also:
SafeBag, PKCS12, ContentInfo, Data, SignedData, EnvelopedData, EncryptedData

Field Summary

Fields
Modifier and Type	Field and Description
`static int`	`PASSWORD_ENCRYPTED` AuthenticatedSafe mode: PASSWORD_ENCRYPTED
`static int`	`PUBLIC_KEY_ENCRYPTED` AuthenticatedSafe mode: PUBLIC_KEY_ENCRYPTED (currently not supported)
`static int`	`UNENCRYPTED` AuthenticatedSafe mode: UNENCRYPTED

Constructor Summary

Constructors
Constructor and Description
`AuthenticatedSafe(ASN1Object obj)` Creates a new `AuthenticatedSafe` object from an ASN1Object.
`AuthenticatedSafe(int mode, SafeBag[] safeBags)` Creates a new AuthenticatedSafe containing the given SafeBags with the desired mode.
`AuthenticatedSafe(int mode, SafeBag[] safeBags, int blockSize)` Creates a new AuthenticatedSafe containing the given SafeBags with the desired mode.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`decode(ASN1Object obj)` Decode and inits this `AuthenticatedSafe` from an ASN1Object.
`void`	`decrypt(char[] password)` Uses the given password for decrypting the password-based encrypted contents of this `AuthenticatedSafe` to recover the safe bags constituting this `AuthenticatedSafe` object.
`void`	`encrypt(char[] password, AlgorithmID algorithm)` Password-based encrypts the Data containing the sequence of safe bags included in this `AuthenticatedSafe`, if the PASSWORD_ENCRYPTED mode has been set when creating this `AuthenticatedSafe` object.
`SafeBag[]`	`getSafeBags()` Returns the SafeBags this AuthenticatedSafe contains.
`void`	`setBlockSize(int blockSize)` Sets the block size to be used for encoding the inherent Data package.
`ASN1Object`	`toASN1Object()` Returns this `AuthenticatedSafe` as ASN1Object.
`java.lang.String`	`toString()` Returns a string giving some information about this `AuthenticatedSafe` object.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Field Detail
  - UNENCRYPTED
```
public static final int UNENCRYPTED
```
    AuthenticatedSafe mode: UNENCRYPTED
    
    See Also:
    Constant Field Values
  - PASSWORD_ENCRYPTED
```
public static final int PASSWORD_ENCRYPTED
```
    AuthenticatedSafe mode: PASSWORD_ENCRYPTED
    
    See Also:
    Constant Field Values
  - PUBLIC_KEY_ENCRYPTED
```
public static final int PUBLIC_KEY_ENCRYPTED
```
    AuthenticatedSafe mode: PUBLIC_KEY_ENCRYPTED (currently not supported)
    
    See Also:
    Constant Field Values
- Constructor Detail
  - AuthenticatedSafe
```
public AuthenticatedSafe(int mode,
                 SafeBag[] safeBags)
                  throws PKCSException
```
    Creates a new AuthenticatedSafe containing the given SafeBags with the desired mode.
    Depending on the specified privacy mode either a ContentInfo object of content type Data (mode UNENCRYPTED), or of content type EncryptedData is created from the supplied safe bags. The public-key privacy mode (PUBLIC_KEY_ENCRYPTED) currently is not supported.
    
    Parameters:
    mode - the privacy mode (UNENCRYPTED, PASSWORD_ENCRYPTED, PUBLIC_KEY_ENCRYPTED)
    safeBags - the safe contents as an Array of SafeBags
    
    Throws:
    
    PKCSException - if the AutenticatedSafe can not be created for some reason (e.g. some unknown or unsupported mode is requested)
  - AuthenticatedSafe
```
public AuthenticatedSafe(int mode,
                 SafeBag[] safeBags,
                 int blockSize)
                  throws PKCSException
```
    Creates a new AuthenticatedSafe containing the given SafeBags with the desired mode.
    Depending on the specified privacy mode either a ContentInfo object of content type Data (mode UNENCRYPTED), or of content type EncryptedData is created from the supplied safe bags. The public-key privacy mode (PUBLIC_KEY_ENCRYPTED) currently is not supported.
    
    Parameters:
    mode - the privacy mode (UNENCRYPTED, PASSWORD_ENCRYPTED, PUBLIC_KEY_ENCRYPTED)
    safeBags - the safe contents as an Array of SafeBags
    blockSize - the blockSize to be used for Data encoding (default: 1024 for indefinite constructed OCTET_STRING encoding; if not positive, definite primitive encoding will be used)
    
    Throws:
    
    PKCSException - if the AutenticatedSafe can not be created for some reason (e.g. some unknown or unsupported mode is requested)
  - AuthenticatedSafe
```
public AuthenticatedSafe(ASN1Object obj)
                  throws PKCSParsingException
```
    Creates a new AuthenticatedSafe object from an ASN1Object.
    
    Parameters:
    obj - a AuthenticatedSafe as ASN1Object
    
    Throws:
    
    PKCSParsingException - if the object could not be parsed
- Method Detail
  - decode
```
public void decode(ASN1Object obj)
            throws CodingException
```
    Decode and inits this AuthenticatedSafe from an ASN1Object.
    
    Specified by:
    
    decode in interface ASN1Type
    
    Parameters:
    obj - an AuthenticatedSafe as ASN1Object
    
    Throws:
    
    CodingException - if the object could not be parsed
  - toASN1Object
```
public ASN1Object toASN1Object()
                        throws CodingException
```
    Returns this AuthenticatedSafe as ASN1Object.
    
    Specified by:
    
    toASN1Object in interface ASN1Type
    
    Returns:
    this AuthenticatedSafe as ASN1Object
    
    Throws:
    
    CodingException - if there occurs an error while creating the ASN1Object
  - encrypt
```
public void encrypt(char[] password,
           AlgorithmID algorithm)
             throws java.security.NoSuchAlgorithmException,
                    PKCSException
```
    Password-based encrypts the Data containing the sequence of safe bags included in this AuthenticatedSafe, if the PASSWORD_ENCRYPTED mode has been set when creating this AuthenticatedSafe object.
    The general proceeding is described in the PKCS#12. From the safe bags supplied when creating this AuthenticatedSafe object, a PKCS#7 ContentInfo object of content type Data has been constructed, whose DER encoding is password-based encrypted when calling this method. By default the PKCS#5 PBES2 scheme PBES2WithHmacSHA256AndAES256 is used for encrypting the data.
    If the UNENCRYPTED mode has been set when creating this AuthenticatedSafe object, a call to this method would not have any effect; if the PUBLIC_KEY_ENCRYPTED mode has been set, calling this method would raise a RuntimeException, since the public-key privacy mode is not supported.
    
    Parameters:
    password - the password to encrypt the contents
    algorithm - the PBE algorithm to be used for encryption
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if there is no implementation of the requested algorithm
    
    PKCSException - if the encryption process fails for some reason (e.g. the privacy mode that has been set when creating this AuthenticatedSafe object is not supported
  - decrypt
```
public void decrypt(char[] password)
             throws PKCSException,
                    java.security.NoSuchAlgorithmException
```
    Uses the given password for decrypting the password-based encrypted contents of this AuthenticatedSafe to recover the safe bags constituting this AuthenticatedSafe object.
    Password based decryption only is performed, if the PASSWORD_ENCRYPTED privacy mode has been set when creating this AuthenticatedSafe object. If the UNENCRYPTED mode has been set, a call to this method would not have any effect; if the PUBLIC_KEY_ENCRYPTED mode has been set, calling this method would raise a RuntimeException, since the public-key privacy mode is not supported.
    
    Parameters:
    password - the password to decrypt the contents
    
    Throws:
    
    PKCSException - if there occurs an error while decrypting
    
    java.security.NoSuchAlgorithmException - if there is no implementation of the encryption algorithm
  - getSafeBags
```
public SafeBag[] getSafeBags()
```
    Returns the SafeBags this AuthenticatedSafe contains.
    
    Returns:
    the SafeBags this AuthenticatedSafe contains, as array of SafeBag
    See Also:
    SafeBag
  - setBlockSize
```
public void setBlockSize(int blockSize)
```
    Sets the block size to be used for encoding the inherent Data package.
    
    Parameters:
    blockSize - the blockSize to be used for Data encoding (default: 1024 for indefinite constructed OCTET_STRING encoding; if not positive, definite primitive encoding will be used)
  - toString
```
public java.lang.String toString()
```
    Returns a string giving some information about this AuthenticatedSafe object.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    the string representation

Class AuthenticatedSafe

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

UNENCRYPTED

PASSWORD_ENCRYPTED

PUBLIC_KEY_ENCRYPTED

Constructor Detail

AuthenticatedSafe

AuthenticatedSafe

AuthenticatedSafe

Method Detail

decode

toASN1Object

encrypt

decrypt

getSafeBags

setBlockSize

toString