public class EncryptedPrivateKeyInfo extends java.lang.Object implements java.security.PrivateKey, ASN1Type
 For encrypting some private key, it is suggested to use a password-based
 encryption algorithm, as for instance described in PKCS#5 or PKCS#12. Both
 types of algorithms require a password for creating a secret key to be fed
 into the en/decryption process. For PKCS#5 this secret key has to be an
 instance of iaik.security.cipher.PBEKey, for PKCS#12 an
 iaik.security.cipher.PBEKeyBMP is used, treating the password as
 a BMPString according to PKCS#12.
 
 PKCS#8 defines EncryptedPrivateKeyInfo as a ASN.1 SEQUENCE
 containing the following components:
 
 
 
 EncryptedPrivateKeyInfo ::= SEQUENCE {
   encryptionAlgorithm EncryptionAlgorithmIdentifier,
   encryptedData EncryptedData }
 
 
 
 where:
 
 
 encryptionAlgorithmIdentifier ::= AlgorithmIdentifier
                                   -- algorithm for encrypting the private-key information
 EncryptedData ::= OCTET STRING    -- the encrypted private-key information
 
 
 
 
 IAIK-JCE implements the PbeWithMD5AndDES_CBC algorithm of the
 PKCS#5 standard, and the PbeWithSHAAnd3_KeyTripleDES_CBC and
 PbeWithSHAAnd40BitRC2_CBC algorithms of the PKCS#12 standard,
 that may be used for password based encrypting some private key according to
 PKCS#8.
 
Suppose you have created a private key and want to protect it with a password according to PKCS#5 and PKCS#8:
Decrypting goes the reverse way obtaining a PrivateKeyInfo from the EncryptedPrivateKeyInfo and "extracting" the PrivateKey:// the private key to be protected: PrivateKey privateKey = ...; // create an EncryptedPrivateKeyInfo EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(privateKey); // encrypt it char[] password = ...; AlgorithmID pbeAlg = (AlgorithmID).pbeWithSHAAnd3_KeyTripleDES_CBC.clone(); epki.encrypt(password, pbeAlg, null); // write to file FileOutputStream fos = ...; epki.writeTo(fos); fos.close();
// the stream from which to read the encoded epki: FileInputStream fis = ...; // create EncryptedPrivateKeyInfo: EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(fis); // decrypt char[] password = ...; PrivateKey privateKey = epki.decrypt(password);
PbeWithSHAAnd3_KeyTripleDES_CBC, 
PbeWithMD5AndDES_CBC, 
PbeWithSHAAnd40BitRC2_CBC, 
PrivateKeyInfo, 
Serialized Form| Constructor and Description | 
|---|
| EncryptedPrivateKeyInfo(ASN1Object obj)Creates a new EncryptedPrivateKeyInfo from an ASN1Object. | 
| EncryptedPrivateKeyInfo(byte[] arr)Creates a new EncryptedPrivateKeyInfo from a byte array. | 
| EncryptedPrivateKeyInfo(java.io.InputStream is)Creates a new EncryptedPrivateKeyInfo from an InputStream. | 
| EncryptedPrivateKeyInfo(java.security.PrivateKey privateKey)Creates a new EncryptedPrivateKeyInfo from a PrivateKey. | 
| Modifier and Type | Method and Description | 
|---|---|
| void | decode(ASN1Object obj)Decodes the given ASN.1  EncryptedPrivateKeyInfoobject for
 parsing the internal structure. | 
| java.security.PrivateKey | decrypt(char[] password)Decrypts an encrypted PrivateKeyInfo (PKCS#5 and PKCS#8). | 
| java.security.PrivateKey | decrypt(java.lang.String password)Decrypts an encrypted PrivateKeyInfo (PKCS#5 and PKCS#8). | 
| void | encrypt(char[] password,
       AlgorithmID encryptionAlgorithm,
       java.security.SecureRandom random)Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password
 based using the specified PBE algorithm. | 
| void | encrypt(char[] password,
       AlgorithmID encryptionAlgorithm,
       java.security.SecureRandom random,
       int iterationCount)Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password
 based using the specified PBE algorithm. | 
| void | encrypt(char[] password,
       java.lang.String encryptionAlgorithm)Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password
 based using the specified PBE algorithm. | 
| void | encrypt(char[] password,
       java.lang.String encryptionAlgorithm,
       java.security.SecureRandom random)Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password
 based using the specified PBE algorithm. | 
| void | encrypt(java.lang.String password,
       AlgorithmID encryptionAlgorithm,
       java.security.SecureRandom random)Encrypts the PrivateKeyInfo data structure (PKCS#5 and PKCS#8) password
 based using the specified PBE algorithm. | 
| java.lang.String | getAlgorithm()Returns the name of the algorithm. | 
| byte[] | getEncoded()Returns this EncryptedPrivateKeyInfo as a DER encoded byte array. | 
| java.lang.String | getFormat()Returns the name of the encoding format.. | 
| java.security.PrivateKey | getPrivateKeyInfo()Gets the PrivateKey from this EncryptedPrivateKeyInfo. | 
| ASN1Object | toASN1Object()Returns this EncryptedPrivateKeyInfo as ASN1Object. | 
| java.lang.String | toString()Returns a string that represents the contents of this
  EncryptedPrivateKeyInfo. | 
| void | writeTo(java.io.OutputStream os)Writes this  EncryptedPrivateKeyInfoto an output stream. | 
public EncryptedPrivateKeyInfo(java.security.PrivateKey privateKey)
Use this constructor for supplying the private key to be encrypted, e.g.:
EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(rsa_priv_key);
privateKey - the PrivateKeyInfo to be used for initializing this
          EncryptedPrivateKeyInfopublic EncryptedPrivateKeyInfo(ASN1Object obj) throws java.security.InvalidKeyException
 Do not use this constructor for supplying the private key to
 be encrypted. This constructor may be used for parsing an already existing
 EncryptedPrivateKeyInfo object, supplied as ASN1Object that
 may have been created by calling toASN1Object.
 
 Use the EncryptedPrivateKeyInfo(PrivateKeyInfo privateKeyInfo) constructor for
 supplying the private key to be encrypted when creating an
 EncryptedPrivateKeyInfo object.
 
obj - the PrivateKeyInfo as ASN1Objectjava.security.InvalidKeyException - if the object can not be parsedpublic EncryptedPrivateKeyInfo(java.io.InputStream is)
                        throws java.security.InvalidKeyException,
                               java.io.IOException
This constructor reads an EncryptedPrivateKeyInfo previously written with method writeTo(OutputStream). This constructor cannot be used to read a serialized object.
is - the input stream from where the EncryptedPrivateKeyInfo shall be
          readjava.security.InvalidKeyException - if the data can not be parsedjava.io.IOException - if an I/O error occurspublic EncryptedPrivateKeyInfo(byte[] arr)
                        throws java.security.InvalidKeyException
 Do not use this constructor for supplying the private key to
 be encrypted. This constructor may be used for parsing an already existing
 EncryptedPrivateKeyInfo object, supplied as DER encoded ASN.1
 structure which may have been created by calling the getEncoded method of this class.
 
 Use the EncryptedPrivateKeyInfo(PrivateKeyInfo privateKeyInfo) constructor for
 supplying the private key to be encrypted when creating an
 EncryptedPrivateKeyInfo object.
 
arr - the array containing the encoded EncryptedPrivateKeyInfojava.security.InvalidKeyException - if the data can not be parsedpublic void decode(ASN1Object obj) throws CodingException
EncryptedPrivateKeyInfo object for
 parsing the internal structure.
 
 This method implements the ASN1Type interface and internally is called when
 creating a PKCS#8 EncryptedPrivateKeyInfo object from an
 already existing EncryptedPrivateKeyInfo object, supplied as
 ASN1Object or DER encoded ASN1Object.
 
decode in interface ASN1Typeobj - the EncryptedPrivateKeyInfo as ASN1ObjectCodingException - if the ASN1Object could not be parsedpublic void encrypt(char[] password,
           java.lang.String encryptionAlgorithm)
             throws java.security.NoSuchAlgorithmException
This method uses an iteration count value of 2000.
password - the password to useencryptionAlgorithm - the AlgorithmID of the PBE algorithmjava.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithmpublic void encrypt(char[] password,
           java.lang.String encryptionAlgorithm,
           java.security.SecureRandom random)
             throws java.security.NoSuchAlgorithmException
This method uses an iteration count value of 2000.
password - the password to useencryptionAlgorithm - the AlgorithmID of the PBE algorithmrandom - the source or randomness for generating the salt or null if the
          default SecureRandom() shall be usedjava.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithmpublic void encrypt(java.lang.String password,
           AlgorithmID encryptionAlgorithm,
           java.security.SecureRandom random)
             throws java.security.NoSuchAlgorithmException
This method uses an iteration count value of 2000.
password - the password to useencryptionAlgorithm - the name of the PBE algorithmrandom - the source or randomness for generating the salt or null if the
          default SecureRandom() shall be usedjava.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithmpublic void encrypt(char[] password,
           AlgorithmID encryptionAlgorithm,
           java.security.SecureRandom random)
             throws java.security.NoSuchAlgorithmException
This method uses an iteration count value of 2000.
password - the password to useencryptionAlgorithm - the AlgorithmID of the PBE algorithmrandom - the source or randomness for generating the salt or null if the
          default SecureRandom() shall be usedjava.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithmpublic void encrypt(char[] password,
           AlgorithmID encryptionAlgorithm,
           java.security.SecureRandom random,
           int iterationCount)
             throws java.security.NoSuchAlgorithmException
password - the password to useencryptionAlgorithm - the AlgorithmID of the encryption algorithmrandom - the source or randomness for generating the salt or null if the
          default SecureRandom() shall be usediterationCount - the iteration count for key derivationjava.security.NoSuchAlgorithmException - if there is no implementation for the specified algorithmpublic java.security.PrivateKey decrypt(java.lang.String password)
                                 throws java.security.NoSuchAlgorithmException,
                                        java.security.GeneralSecurityException
password - the password to decrypt the keyjava.security.NoSuchAlgorithmException - if there is no implementation for the encryption algorithmjava.security.GeneralSecurityException - if the private key could not be decrypted (password wrong)public java.security.PrivateKey decrypt(char[] password)
                                 throws java.security.NoSuchAlgorithmException,
                                        java.security.GeneralSecurityException
password - the password to decrypt the keyjava.security.NoSuchAlgorithmException - if there is no implementation for the encryption algorithmjava.security.GeneralSecurityException - if the private key could not be decrypted (password wrong)public java.security.PrivateKey getPrivateKeyInfo()
public ASN1Object toASN1Object()
If the private key is encrypted, an EncryptedPrivateKeyInfo is returned, otherwise a PrivateKeyInfo.
toASN1Object in interface ASN1Typepublic byte[] getEncoded()
getEncoded in interface java.security.Keypublic java.lang.String getAlgorithm()
getAlgorithm in interface java.security.Keypublic java.lang.String getFormat()
getFormat in interface java.security.Keypublic void writeTo(java.io.OutputStream os)
             throws java.io.IOException
EncryptedPrivateKeyInfo to an output stream.
 os - the output streamjava.io.IOException - if an I/O error occurspublic java.lang.String toString()
EncryptedPrivateKeyInfo.
 If the private key already has been encrypted, the name of the encryption algorithm is specified.
toString in class java.lang.Object