EncryptedPrivateKeyInfo (6.0 API Documentation)

java.lang.Object
- iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo

All Implemented Interfaces:

ASN1Type, java.io.Serializable, java.security.Key, java.security.PrivateKey
```
public class EncryptedPrivateKeyInfo
extends java.lang.Object
implements java.security.PrivateKey, ASN1Type
```
This class implements from the PKCS#8 Private-Key Information Syntax Standard the syntax for encrypted private keys.
For encrypting some private key, it is suggested to use a password-based encryption algorithm, as for instance described in PKCS#5 or PKCS#12. Both types of algorithms require a password for creating a secret key to be fed into the en/decryption process. For PKCS#5 this secret key has to be an instance of iaik.security.cipher.PBEKey, for PKCS#12 an iaik.security.cipher.PBEKeyBMP is used, treating the password as a BMPString according to PKCS#12.
PKCS#8 defines EncryptedPrivateKeyInfo as a ASN.1 SEQUENCE containing the following components:
```
 EncryptedPrivateKeyInfo ::= SEQUENCE {
   encryptionAlgorithm EncryptionAlgorithmIdentifier,
   encryptedData EncryptedData }
 
```
where:
```
 encryptionAlgorithmIdentifier ::= AlgorithmIdentifier
                                   -- algorithm for encrypting the private-key information
 EncryptedData ::= OCTET STRING    -- the encrypted private-key information
 
```
IAIK-JCE implements the PbeWithMD5AndDES_CBC algorithm of the PKCS#5 standard, and the PbeWithSHAAnd3_KeyTripleDES_CBC and PbeWithSHAAnd40BitRC2_CBC algorithms of the PKCS#12 standard, that may be used for password based encrypting some private key according to PKCS#8.
Suppose you have created a private key and want to protect it with a password according to PKCS#5 and PKCS#8:
```
 // the private key to be protected:
 PrivateKey privateKey = ...;
 // create an EncryptedPrivateKeyInfo
 EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(privateKey);
 // encrypt it
 char[] password = ...;
 AlgorithmID pbeAlg = (AlgorithmID).pbeWithSHAAnd3_KeyTripleDES_CBC.clone();
 epki.encrypt(password, pbeAlg, null);
 // write to file
 FileOutputStream fos = ...;
 epki.writeTo(fos);
 fos.close();
 
```
Decrypting goes the reverse way obtaining a PrivateKeyInfo from the EncryptedPrivateKeyInfo and "extracting" the PrivateKey:
```
 // the stream from which to read the encoded epki:
 FileInputStream fis = ...;
 // create EncryptedPrivateKeyInfo:
 EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(fis);
 // decrypt
 char[] password = ...;
 PrivateKey privateKey = epki.decrypt(password);
 
```
Version:

File Revision 34

See Also:
PbeWithSHAAnd3_KeyTripleDES_CBC, PbeWithMD5AndDES_CBC, PbeWithSHAAnd40BitRC2_CBC, PrivateKeyInfo, Serialized Form

Constructor Summary

Constructors
Constructor and Description
`EncryptedPrivateKeyInfo(ASN1Object obj)` Creates a new EncryptedPrivateKeyInfo from an ASN1Object.
`EncryptedPrivateKeyInfo(byte[] arr)` Creates a new EncryptedPrivateKeyInfo from a byte array.
`EncryptedPrivateKeyInfo(java.io.InputStream is)` Creates a new EncryptedPrivateKeyInfo from an InputStream.
`EncryptedPrivateKeyInfo(java.security.PrivateKey privateKey)` Creates a new EncryptedPrivateKeyInfo from a PrivateKey.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`decode(ASN1Object obj)` Decodes the given ASN.1 `EncryptedPrivateKeyInfo` object for parsing the internal structure.
`java.security.PrivateKey`	`decrypt(char[] password)` Decrypts an encrypted PrivateKeyInfo (PKCS#5 and PKCS#8).
`java.security.PrivateKey`	`decrypt(java.lang.String password)` Decrypts an encrypted PrivateKeyInfo (PKCS#5 and PKCS#8).
`void`	`encrypt(char[] password, AlgorithmID encryptionAlgorithm, java.security.SecureRandom random)` Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password based using the specified PBE algorithm.
`void`	`encrypt(char[] password, AlgorithmID encryptionAlgorithm, java.security.SecureRandom random, int iterationCount)` Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password based using the specified PBE algorithm.
`void`	`encrypt(char[] password, java.lang.String encryptionAlgorithm)` Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password based using the specified PBE algorithm.
`void`	`encrypt(char[] password, java.lang.String encryptionAlgorithm, java.security.SecureRandom random)` Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password based using the specified PBE algorithm.
`void`	`encrypt(java.lang.String password, AlgorithmID encryptionAlgorithm, java.security.SecureRandom random)` Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password based using the specified PBE algorithm.
`java.lang.String`	`getAlgorithm()` Returns the name of the algorithm.
`byte[]`	`getEncoded()` Returns this EncryptedPrivateKeyInfo as a DER encoded byte array.
`AlgorithmID`	`getEncryptionAlgorithm()` Gets the encryption algorithm.
`java.lang.String`	`getFormat()` Returns the name of the encoding format..
`java.security.PrivateKey`	`getPrivateKeyInfo()` Gets the PrivateKey from this EncryptedPrivateKeyInfo.
`ASN1Object`	`toASN1Object()` Returns this EncryptedPrivateKeyInfo as ASN1Object.
`java.lang.String`	`toString()` Returns a string that represents the contents of this `EncryptedPrivateKeyInfo`.
`void`	`writeTo(java.io.OutputStream os)` Writes this `EncryptedPrivateKeyInfo` to an output stream.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - EncryptedPrivateKeyInfo
```
public EncryptedPrivateKeyInfo(java.security.PrivateKey privateKey)
```
    Creates a new EncryptedPrivateKeyInfo from a PrivateKey.
    Use this constructor for supplying the private key to be encrypted, e.g.:
```
 EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(rsa_priv_key);
 
```
    Parameters:
    privateKey - the PrivateKeyInfo to be used for initializing this EncryptedPrivateKeyInfo
  - EncryptedPrivateKeyInfo
```
public EncryptedPrivateKeyInfo(ASN1Object obj)
                        throws java.security.InvalidKeyException
```
    Creates a new EncryptedPrivateKeyInfo from an ASN1Object.
    Do not use this constructor for supplying the private key to be encrypted. This constructor may be used for parsing an already existing EncryptedPrivateKeyInfo object, supplied as ASN1Object that may have been created by calling toASN1Object.
    Use the EncryptedPrivateKeyInfo(PrivateKeyInfo privateKeyInfo) constructor for supplying the private key to be encrypted when creating an EncryptedPrivateKeyInfo object.
    
    Parameters:
    obj - the PrivateKeyInfo as ASN1Object
    
    Throws:
    
    java.security.InvalidKeyException - if the object can not be parsed
  - EncryptedPrivateKeyInfo
```
public EncryptedPrivateKeyInfo(java.io.InputStream is)
                        throws java.security.InvalidKeyException,
                               java.io.IOException
```
    Creates a new EncryptedPrivateKeyInfo from an InputStream.
    This constructor reads an EncryptedPrivateKeyInfo previously written with method writeTo(OutputStream). This constructor cannot be used to read a serialized object.
    
    Parameters:
    is - the input stream from where the EncryptedPrivateKeyInfo shall be read
    
    Throws:
    
    java.security.InvalidKeyException - if the data can not be parsed
    
    java.io.IOException - if an I/O error occurs
  - EncryptedPrivateKeyInfo
```
public EncryptedPrivateKeyInfo(byte[] arr)
                        throws java.security.InvalidKeyException
```
    Creates a new EncryptedPrivateKeyInfo from a byte array.
    Do not use this constructor for supplying the private key to be encrypted. This constructor may be used for parsing an already existing EncryptedPrivateKeyInfo object, supplied as DER encoded ASN.1 structure which may have been created by calling the getEncoded method of this class.
    Use the EncryptedPrivateKeyInfo(PrivateKeyInfo privateKeyInfo) constructor for supplying the private key to be encrypted when creating an EncryptedPrivateKeyInfo object.
    
    Parameters:
    arr - the array containing the encoded EncryptedPrivateKeyInfo
    
    Throws:
    
    java.security.InvalidKeyException - if the data can not be parsed
- Method Detail
  - decode
```
public void decode(ASN1Object obj)
            throws CodingException
```
    Decodes the given ASN.1 EncryptedPrivateKeyInfo object for parsing the internal structure.
    This method implements the ASN1Type interface and internally is called when creating a PKCS#8 EncryptedPrivateKeyInfo object from an already existing EncryptedPrivateKeyInfo object, supplied as ASN1Object or DER encoded ASN1Object.
    
    Specified by:
    
    decode in interface ASN1Type
    
    Parameters:
    obj - the EncryptedPrivateKeyInfo as ASN1Object
    
    Throws:
    
    CodingException - if the ASN1Object could not be parsed
  - encrypt
```
public void encrypt(char[] password,
           java.lang.String encryptionAlgorithm)
             throws java.security.NoSuchAlgorithmException
```
    Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password based using the specified PBE algorithm.
    This method uses an iteration count value of 2000.
    
    Parameters:
    password - the password to use
    encryptionAlgorithm - the AlgorithmID of the PBE algorithm
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm
  - encrypt
```
public void encrypt(char[] password,
           java.lang.String encryptionAlgorithm,
           java.security.SecureRandom random)
             throws java.security.NoSuchAlgorithmException
```
    Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password based using the specified PBE algorithm.
    This method uses an iteration count value of 2000.
    
    Parameters:
    password - the password to use
    encryptionAlgorithm - the AlgorithmID of the PBE algorithm
    random - the source or randomness for generating the salt or null if the default SecureRandom() shall be used
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm
  - encrypt
```
public void encrypt(java.lang.String password,
           AlgorithmID encryptionAlgorithm,
           java.security.SecureRandom random)
             throws java.security.NoSuchAlgorithmException
```
    Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password based using the specified PBE algorithm.
    This method uses an iteration count value of 2000.
    
    Parameters:
    password - the password to use
    encryptionAlgorithm - the name of the PBE algorithm
    random - the source or randomness for generating the salt or null if the default SecureRandom() shall be used
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm
  - encrypt
```
public void encrypt(char[] password,
           AlgorithmID encryptionAlgorithm,
           java.security.SecureRandom random)
             throws java.security.NoSuchAlgorithmException
```
    Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password based using the specified PBE algorithm.
    This method uses an iteration count value of 2000.
    
    Parameters:
    password - the password to use
    encryptionAlgorithm - the AlgorithmID of the PBE algorithm
    random - the source or randomness for generating the salt or null if the default SecureRandom() shall be used
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm
  - encrypt
```
public void encrypt(char[] password,
           AlgorithmID encryptionAlgorithm,
           java.security.SecureRandom random,
           int iterationCount)
             throws java.security.NoSuchAlgorithmException
```
    Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password based using the specified PBE algorithm.
    
    Parameters:
    password - the password to use
    encryptionAlgorithm - the AlgorithmID of the encryption algorithm
    random - the source or randomness for generating the salt or null if the default SecureRandom() shall be used
    iterationCount - the iteration count for key derivation
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithm
  - decrypt
```
public java.security.PrivateKey decrypt(java.lang.String password)
                                 throws java.security.NoSuchAlgorithmException,
                                        java.security.GeneralSecurityException
```
    Decrypts an encrypted PrivateKeyInfo (PKCS#5 and PKCS#8).
    
    Parameters:
    password - the password to decrypt the key
    
    Returns:
    the recovered PrivateKey
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if there is no implementation for the encryption algorithm
    
    java.security.GeneralSecurityException - if the private key could not be decrypted (password wrong)
  - decrypt
```
public java.security.PrivateKey decrypt(char[] password)
                                 throws java.security.NoSuchAlgorithmException,
                                        java.security.GeneralSecurityException
```
    Decrypts an encrypted PrivateKeyInfo (PKCS#5 and PKCS#8).
    
    Parameters:
    password - the password to decrypt the key
    
    Returns:
    the recovered PrivateKey
    
    Throws:
    
    java.security.NoSuchAlgorithmException - if there is no implementation for the encryption algorithm
    
    java.security.GeneralSecurityException - if the private key could not be decrypted (password wrong)
  - getPrivateKeyInfo
```
public java.security.PrivateKey getPrivateKeyInfo()
```
    Gets the PrivateKey from this EncryptedPrivateKeyInfo.
    
    Returns:
    the PrivateKey
  - getEncryptionAlgorithm
```
public AlgorithmID getEncryptionAlgorithm()
```
    Gets the encryption algorithm.
    
    Returns:
    the encryption algorithm or null if it is not set
  - toASN1Object
```
public ASN1Object toASN1Object()
```
    Returns this EncryptedPrivateKeyInfo as ASN1Object.
    If the private key is encrypted, an EncryptedPrivateKeyInfo is returned, otherwise a PrivateKeyInfo.
    
    Specified by:
    
    toASN1Object in interface ASN1Type
    
    Returns:
    this EncryptedPrivateKeyInfo as ASN1Object
  - getEncoded
```
public byte[] getEncoded()
```
    Returns this EncryptedPrivateKeyInfo as a DER encoded byte array.
    
    Specified by:
    
    getEncoded in interface java.security.Key
    
    Returns:
    this EncryptedPrivateKeyInfo as DER encoded byte array
  - getAlgorithm
```
public java.lang.String getAlgorithm()
```
    Returns the name of the algorithm.
    
    Specified by:
    
    getAlgorithm in interface java.security.Key
    
    Returns:
    the string "ENCRYPTED"
  - getFormat
```
public java.lang.String getFormat()
```
    Returns the name of the encoding format..
    
    Specified by:
    
    getFormat in interface java.security.Key
    
    Returns:
    the string "PKCS#8"
  - writeTo
```
public void writeTo(java.io.OutputStream os)
             throws java.io.IOException
```
    Writes this EncryptedPrivateKeyInfo to an output stream.
    
    Parameters:
    os - the output stream
    
    Throws:
    
    java.io.IOException - if an I/O error occurs
  - toString
```
public java.lang.String toString()
```
    Returns a string that represents the contents of this EncryptedPrivateKeyInfo.
    If the private key already has been encrypted, the name of the encryption algorithm is specified.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    the string representation

Class EncryptedPrivateKeyInfo

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

EncryptedPrivateKeyInfo

EncryptedPrivateKeyInfo

EncryptedPrivateKeyInfo

EncryptedPrivateKeyInfo

Method Detail

decode

encrypt

encrypt

encrypt

encrypt

encrypt

decrypt

decrypt

getPrivateKeyInfo

getEncryptionAlgorithm

toASN1Object

getEncoded

getAlgorithm

getFormat

writeTo

toString