iaik.pkcs.pkcs12

Class PKCS12MacAlgorithm

java.lang.Object

iaik.pkcs.pkcs12.PKCS12Algorithm

iaik.pkcs.pkcs12.PKCS12MacAlgorithm

All Implemented Interfaces:

java.lang.Cloneable

public class PKCS12MacAlgorithm
extends PKCS12Algorithm

PKCS#12 Mac algorithm.

A PKCS#12 Mac algorithm is used to protect the integrity of a PKCS#12 KeyStore.

The default Mac algorithm used by the IAIK PKCS#12 KeyStore implementation is HMAC_SHA256 using salt value of 32 bytes and an iteration count value of 10000 for deriving the mac key from the password.

This class also offers some alternative mac algorithms like the legacy HMAC_SHA1 which has been used by PKCS#12 applications over years. However, since providing less security than HMAC_SHA256 it may be selected only if required because of interoperability.

If your PKCS#12 KeyStore(s) must be readable with other PKCS#12 applications, too, be careful when selecting another than the default HMAC_SHA256 algorithm. Although we have tested the algorithms to work with well established PKCS#12 applications, it even might happen that an application may only be able to read PKCS#12 KeyStores using the legacy HMAC_SHA1 algorithm.

Field Summary

Fields

Modifier and Type	Field and Description
static PKCS12MacAlgorithm	HMAC_SHA1 HMAC with SHA-1.
static PKCS12MacAlgorithm	HMAC_SHA224 HMAC with SHA-224.
static PKCS12MacAlgorithm	HMAC_SHA256 HMAC with SHA-256.
static PKCS12MacAlgorithm	HMAC_SHA384 HMAC with SHA-384.
static PKCS12MacAlgorithm	HMAC_SHA512 HMAC with SHA-512.
static PKCS12MacAlgorithm	NONE PKCS12MacAlgorithm providing no protection at all.

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.Object	clone() Creates a clone of this PKCS12MacAlgorithm.
static PKCS12MacAlgorithm	getPKCS12MacAlgorithm(java.lang.String name) Gets a PKCS12MacAlgorithm by its name.

Methods inherited from class iaik.pkcs.pkcs12.PKCS12Algorithm

equals, getIterationCount, getSaltLength, setIterationCount, setSalt, setSaltLength, toString

Methods inherited from class java.lang.Object

finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

NONE

public static final PKCS12MacAlgorithm NONE

PKCS12MacAlgorithm providing no protection at all. When using it be aware that your PKCS#12 KeyStore does not offer integrity protection.

HMAC_SHA1

public static final PKCS12MacAlgorithm HMAC_SHA1

HMAC with SHA-1.

Salt length: 20.
Iteration count: 10000.

HMAC_SHA224

public static final PKCS12MacAlgorithm HMAC_SHA224

HMAC with SHA-224.

Salt length: 28.
Iteration count: 10000.

HMAC_SHA256

public static final PKCS12MacAlgorithm HMAC_SHA256

HMAC with SHA-256.

Salt length: 32.
Iteration count: 10000.

This is the HMAC algorithm that is used by default.

HMAC_SHA384

public static final PKCS12MacAlgorithm HMAC_SHA384

HMAC with SHA-384.

Salt length: 48.
Iteration count: 10000.

HMAC_SHA512

public static final PKCS12MacAlgorithm HMAC_SHA512

HMAC with SHA-512.

Salt length: 64.
Iteration count: 10000.

Method Detail

getPKCS12MacAlgorithm

public static final PKCS12MacAlgorithm getPKCS12MacAlgorithm(java.lang.String name)

Gets a PKCS12MacAlgorithm by its name.

Valid names are:

1. "HMacSHA1" or "HmacPBESHA1"
2. "HMacSHA224" or "HmacPBESHA224"
3. "HMacSHA256" or "HmacPBESHA256"
4. "HMacSHA384" or "HmacPBESHA384"
5. "HMacSHA512" or "HmacPBESHA512"
6. "NONE"

Parameters:

name - the name of the PKCS#12 MAC algorithm

Returns:

the PKCS12MacAlgorithm for the given name, or null if the requested PKCS12MacAlgorithm is not supported

clone

public java.lang.Object clone()

Creates a clone of this PKCS12MacAlgorithm.

Overrides:

clone in class PKCS12Algorithm

Returns:

a clone of this PKCS12MacAlgorithm