iaik.pkcs.pkcs12

Class P12CertEntryProtection

java.lang.Object

iaik.pkcs.pkcs12.P12CertEntryProtection

All Implemented Interfaces:

P12Algorithms, java.security.KeyStore.ProtectionParameter

public class P12CertEntryProtection
extends java.lang.Object
implements java.security.KeyStore.ProtectionParameter, P12Algorithms

Parameters for protecting certificate entries of a PKCS#12 KeyStore.

P12 cert entry protection parameters may be used to specify the algorithm to be used for protecting a trusted certificate entry when adding it to a PKCS#12 KeyStore, e.g.:

 // the protection algorithm name
 String protectionAlg = "PBES2";
 // the keystore password
 char[] password = ...;
 // create a new PKCS12 KeyStore
 KeyStore ks = KeyStore.getInstance("PKCS12", "IAIK");
 ks.load(null, null);
 // add a cert entry
 X509Certificate trustedCert = ...;
 String certAlias = ...;
 KeyStore.TrustedCertificateEntry certEntry = new KeyStore.TrustedCertificateEntry(trustedCert);
 P12CertEntryProtection p12Protection = new P12CertEntryProtection(protectionAlg);
 ks.setEntry(certAlias, certEntry, p12Protection);
 // store keystore
 OutputStream os = ...;
 P12StoreParameter storeParams = new P12StoreParameter(os, password, protectionAlg);
 ks.store(storeParams);
 

When adding a certificate entry the protection parameters are actually applied when finally storing the KeyStore. Thus, when adding more than one certificate entry and specifying a different protection algorithm for each (or some) certificate entry, the protection algorithm that is specified for the certificate entry that has been added as last one is used for all certificate entries. This means that all certificate entries are protected by the same algorithm.

Although it is possible to use any specific supported PBES1 or PBES1 algorithm, it is recommended to use the "PBES2" (for security reasons) or "PBES1" algorithm set (for backwards interoperability reasons to PKCS#12 applications that do not support PBES2 yet).

See Also:

P12KeyStore

Field Summary

Fields inherited from interface iaik.pkcs.pkcs12.P12Algorithms

P_ALG_DEFAULT, P_ALG_LEGACY, P_ALG_PBES1, P_ALG_PBES2, P_ALG_PBES2_PBMAC1

Constructor Summary

Constructors

Constructor and Description
P12CertEntryProtection(java.lang.String protectionAlgorithm) Creates P12 cert entry protection parameters for the given algorithm.

Method Summary

Modifier and Type	Method and Description
java.lang.String	getProtectionAlgorithm() Gets the name of the protection algorithm (set).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

P12CertEntryProtection

public P12CertEntryProtection(java.lang.String protectionAlgorithm)
                       throws java.security.NoSuchAlgorithmException

Creates P12 cert entry protection parameters for the given algorithm.

Parameters:

protectionAlgorithm - the name of the protection algorithm (set) to be used, e.g. "PBES2" or "PBES1"

Throws:

java.security.NoSuchAlgorithmException - if the requested algorithm (set) is not supported

Method Detail

getProtectionAlgorithm

public java.lang.String getProtectionAlgorithm()

Gets the name of the protection algorithm (set).

Returns:

the name of the protection algorithm (set), e.g. "PBES2" or "PBES1"