iaik.pkcs.pkcs12

Class P12PasswordProtection

java.lang.Object

java.security.KeyStore.PasswordProtection

iaik.pkcs.pkcs12.P12PasswordProtection

All Implemented Interfaces:

P12Algorithms, java.security.KeyStore.ProtectionParameter, javax.security.auth.Destroyable

public class P12PasswordProtection
extends java.security.KeyStore.PasswordProtection
implements P12Algorithms

Parameters for protecting key entries of a PKCS#12 KeyStore.

P12 key entry protection parameters may be used to specify password and algorithm for protecting a key entry when adding it to a PKCS#12 KeyStore, e.g.:

 // the protection algorithm name
 String protectionAlg = "PBES2";
 // the keystore password
 char[] password = ...;
 // create a new PKCS12 KeyStore
 KeyStore ks = KeyStore.getInstance("PKCS12", "IAIK");
 ks.load(null, null);
 // add a key entry
 PrivateKey privateKey = ...;
 X509Certificate[] certChain = ...;
 String keyAlias = ...;
 KeyStore.PrivateKeyEntry keyEntry = new KeyStore.PrivateKeyEntry(privateKey, certChain);
 P12PasswordProtection pwdProtection = new P12PasswordProtection(password, protectionAlg);
 ks.setEntry(keyAlias, keyEntry, pwdProtection);
 // store keystore
 OutputStream os = ...;
 P12StoreParameter storeParams = new P12StoreParameter(os, password, protectionAlg);
 ks.store(storeParams);
 

Although it is possible to use any specific supported PBES1 or PBES2 algorithm, it is recommended to use the "PBES2" (for security reasons) or "PBES1" algorithm set (for backwards interoperability reasons to PKCS#12 applications that do not support PBES2 yet).

See Also:

P12KeyStore

Field Summary

Fields inherited from interface iaik.pkcs.pkcs12.P12Algorithms

P_ALG_DEFAULT, P_ALG_LEGACY, P_ALG_PBES1, P_ALG_PBES2, P_ALG_PBES2_PBMAC1

Constructor Summary

Constructors

Constructor and Description
P12PasswordProtection(char[] password) Creates P12 password protection parameters for the given password.
P12PasswordProtection(char[] password, java.lang.String protectionAlgorithm) Creates P12 password protection parameters for the given password and algorithm.

Method Summary

Methods inherited from class java.security.KeyStore.PasswordProtection

destroy, getPassword, getProtectionAlgorithm, getProtectionParameters, isDestroyed

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

P12PasswordProtection

public P12PasswordProtection(char[] password)

Creates P12 password protection parameters for the given password.

When using this constructor, the PBES2 algorithm set (with PBES2WithHmacSHA256AndAES256) is used to protect the key entry.

Parameters:

password - the password

P12PasswordProtection

public P12PasswordProtection(char[] password,
                             java.lang.String protectionAlgorithm)
                      throws java.security.NoSuchAlgorithmException

Creates P12 password protection parameters for the given password and algorithm.

Parameters:

protectionAlgorithm - the name of the protection algorithm (set) to be used, e.g. "PBES2" or "PBES1"

Throws:

java.security.NoSuchAlgorithmException - if the requested algorithm (set) is not supported