iaik.pkcs.pkcs12

Class PKCS12PbeAlgorithm

java.lang.Object

iaik.pkcs.pkcs12.PKCS12Algorithm

iaik.pkcs.pkcs12.PKCS12PbeAlgorithm

All Implemented Interfaces:

java.lang.Cloneable

Direct Known Subclasses:

PKCS12Pbes2Algorithm

public class PKCS12PbeAlgorithm
extends PKCS12Algorithm

PKCS#12 PBE algorithm.

PKCS#12 PBE algorithms are used to password based encrypt (Shrouded)KeyBags contained in unencrypted AuthenticatedSafe objects and/or CertBags contained in encrypted AuthenticatedSafe objects.

This class provides two PBE algorithms based on the PKCS#5 PBES1 password based encryption schemes: PBEWithSHAAnd40BitRC2_CBC (typically used for encrypting CertBags contained in encrypted AuthenticatedSafe objects), and PBEWithSHAAnd3_KeyTripleDES_CBC (typically used for encrypting (Shrouded)KeyBags contained in unencrypted AuthenticatedSafe objects). Both PBES1 encryption schemes are legacy schemes that may be used mainly for interoperability to existing PKCS#12 applications that do not support the more secure PBES2 password based encryption scheme.
The default PBE algorithm used by the IAIK PKCS#12 KeyStore implementation is PBES2WithHmacSHA256AndAES256 for both encrypted (Shrouded)KeyBags contained in unencrypted AuthenticatedSafe objects and CertBags contained in encrypted AuthenticatedSafe objects.

Field Summary

Fields

Modifier and Type	Field and Description
static PKCS12PbeAlgorithm	NONE PKCS12PbeAlgorithm providing no protection at all.
static PKCS12PbeAlgorithm	PBEWithSHAAnd3_KeyTripleDES_CBC PKCS#5 PBES1 encryption scheme PBEWithSHAAnd3_KeyTripleDES_CBC as specified by PKCS#12 (RFC 7292).
static PKCS12PbeAlgorithm	PBEWithSHAAnd40BitRC2_CBC PKCS#5 PBES1 encryption scheme PBEWithSHAAnd40BitRC2_CBC as specified by PKCS#12 (RFC 7292).

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.Object	clone() Creates a clone of this PKCS12PbeAlgorithm.
static PKCS12PbeAlgorithm	getPKCS12PbeAlgorithm(java.lang.String name) Gets a (PBES1) PKCS12PbeAlgorithm by its name.

Methods inherited from class iaik.pkcs.pkcs12.PKCS12Algorithm

equals, getIterationCount, getSaltLength, setIterationCount, setSalt, setSaltLength, toString

Methods inherited from class java.lang.Object

finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

NONE

public static final PKCS12PbeAlgorithm NONE

PKCS12PbeAlgorithm providing no protection at all. May be used for AuthenticateSafe objects that contain CertBags, but not for KeyBags. When using it be aware that the CertBags of your PKCS#12 KeyStore will not be encrypted.

PBEWithSHAAnd40BitRC2_CBC

public static final PKCS12PbeAlgorithm PBEWithSHAAnd40BitRC2_CBC

PKCS#5 PBES1 encryption scheme PBEWithSHAAnd40BitRC2_CBC as specified by PKCS#12 (RFC 7292).

Salt length: 20.
Iteration count: 10000.

PBEWithSHAAnd3_KeyTripleDES_CBC

public static final PKCS12PbeAlgorithm PBEWithSHAAnd3_KeyTripleDES_CBC

PKCS#5 PBES1 encryption scheme PBEWithSHAAnd3_KeyTripleDES_CBC as specified by PKCS#12 (RFC 7292).

Salt length: 20.
Iteration count: 10000.

Method Detail

getPKCS12PbeAlgorithm

public static final PKCS12PbeAlgorithm getPKCS12PbeAlgorithm(java.lang.String name)

Gets a (PBES1) PKCS12PbeAlgorithm by its name.

Valid names are:

1. "PBEWithSHA1AndRC2_40" or "PbeWithSHAAnd40BitRC2-CBC"
2. "PBEWithSHA1AndDESede" or "PbeWithSHAAnd3-KeyTripleDES-CBC"
3. "NONE"

Parameters:

name - the name of the PKCS#12 PBES1 algorithm

Returns:

the PKCS12PbeAlgorithm for the given name, or null if the requested PKCS12PbeAlgorithm is not supported

clone

public java.lang.Object clone()

Creates a clone of this PKCS12PbeAlgorithm.

Overrides:

clone in class PKCS12Algorithm

Returns:

a clone of this PKCS12PbeAlgorithm