|
5.24 (c) 2002 IAIK, (c) 2003 - 2014 SIC |
|
public class DHPrivateKey extends PrivateKeyInfo implements javax.crypto.interfaces.DHPrivateKey
This class extends iaik.pkcs.pkcs8.PrivateKeyInfo for supporting
the PKCS#8 Private Key Information Standard for DH private keys. This class
implements the javax.crypto.interfaces.DHPrivateKey interface
for providing the functionality of a private key used for the DH key-exchange
algorithm.
The Diffie-Hellman algorithm constitutes a key-exchange (or key-agreement) algorithm where some entities communicate according to a predescribed protocol for generating a shared secret only known by them.
The Diffie-Hellman algorithm has been the first public-key algorithm. It only can be used for key-agreement, but not for data encrypting and decrypting.
PKCS#3
describes a method for implementing the Diffie-Hellman key agreement where
two entities use general Diffie-Hellman parameters (an odd prime
p, an integer base g satisfying
0 < g < p, and optionally an integer
l prescribing the length of the private value), generated from
some central authority (which may be an entity itself), to perform two phases
of the key agreement protocol:
x
satisfying 0 < x < p-1. If the central
authority has prescribed the length l of the private value
x, it has to fulfill
2(l-1) <= x < 2l. From
the private value, the public value y is created by doing
y = (gx)(mod p) with
0 < y < p. Subsequently each entity sends
the public value just created to the other entity involved in the key
agreement.
y' received from
the other entity to finally create the shared secret z from the
own private value x:
z = (y'x)(mod p) with 0 < z < p.
There may be more than only two entities involved into a Diffie-Hellman key agreement.
Any application wishing to be participated into a Diffie-Hellman key
agreement has to instantiate the javax.crypto.KeyAgreement class
and initialize it with its DHPrivateKey for bringing in the required
private information. A DH Hellman private key maybe generated using a proper
key pair generator, e.g.:
KeyPairGnerator dh_key_gen = KeyPairGenerator.getInstance("DH");
dh_key_gen.initialize(1024);
KeyPair dh_key_pair = dh_key_gen.generateKeyPair();
DHPrivateKey dh_priv_key = (DHPrivateKey) dh_key_pair.getPrivate();
KeyAgreement dh_key_agreement = KeyAgreement.getInstance("DH");
dh_key_agreement.init(dh_priv_key);
Each phase of a key agreement is performed by a call to the
doPhase method, supplied with some other entity's public key or
some intermediate key resulting from the last phase. When calling
doPhase, it has to be specified whether to perform already the
last phase of the key agreement or not by setting the lastPhase
parameter to true or false:
dh_key_agreement.doPhase(dhPubKey_from_other_entity, true);Actually generating the shared secret is done by calling the
generateSecret method:
byte[] shared_secret = dh_key_agreement.generateSecret();
PrivateKeyInfo,
DHPrivateKey,
KeyAgreement,
DHGenParameterSpec,
DHParameterSpec,
DHPrivateKeySpec,
DHPublicKeySpec,
KeyPairGenerator,
KeyPair,
DHPublicKey,
DHKeyPairGenerator,
DHKeyFactory,
DHParameters,
DHParameterGenerator,
DHKeyAgreement,
Serialized Formprivate_key_algorithm| Constructor and Description |
|---|
DHPrivateKey(ASN1Object obj)
Creates a new DHPrivateKey from the given ASN.1 object.
|
DHPrivateKey(java.math.BigInteger x,
javax.crypto.spec.DHParameterSpec parameters)
Creates a new DHPrivateKey from given private key value x and DH parameter
specification
|
DHPrivateKey(byte[] pk)
Creates a new DHPrivateKey from the given DER encoded byte array.
|
DHPrivateKey(javax.crypto.spec.DHPrivateKeySpec keySpec)
Creates a new DHPrivateKey from the given DHPrivateKeySpec representing the
DH private key value x, and the public values p, g and l.
|
DHPrivateKey(java.io.InputStream is)
Creates a new DHPrivateKey from an InputStream.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
decode(byte[] privateKey)
Decodes a DER encoded DH private key.
|
byte[] |
encode()
Returns the raw DH private key (not wrapped in a PKCS#8 PrivateKeyInfo) as
DER encoded ASN.1 object.
|
java.lang.String |
getAlgorithm()
Returns the name of the appertaining algorithm.
|
javax.crypto.spec.DHParameterSpec |
getParams()
Returns the key parameters.
|
java.math.BigInteger |
getX()
Returns the private value
x as BigInteger. |
int |
hashCode()
Returns a hash code for this object.
|
java.lang.String |
toString()
Returns a string that represents the contents of this private key.
|
clone, createPrivateKeyInfo, decode, equals, getAlgorithmID, getEncoded, getFormat, getPrivateKey, getPrivateKey, getPrivateKey, getPrivateKey, toASN1Object, writeTopublic DHPrivateKey(java.math.BigInteger x,
javax.crypto.spec.DHParameterSpec parameters)
x - the BigInteger value representing the DH private key valueparameters - the DH parameters p (prime modulus), g (base generator) and l
(length of the private value x) as DHParameterSpecDHParameterSpecpublic DHPrivateKey(javax.crypto.spec.DHPrivateKeySpec keySpec)
keySpec - the DHPrivateKeySpec representing the private key value x, the
prime modulus p, the base generator g,
and the length l of the private valueDHPrivateKeySpecpublic DHPrivateKey(byte[] pk)
throws java.security.InvalidKeyException
This constructor may be used for parsing an already existing DH private
key, wrapped into a PKCS#8 PrivateKeyInfo that is supplied as DER encoded byte array.
pk - the byte array holding the DER encoded private key infojava.security.InvalidKeyException - if something is wrong with the key encodingpublic DHPrivateKey(ASN1Object obj) throws java.security.InvalidKeyException
PrivateKeyInfo holding the DH
private key.obj - the private key ASN.1 data structurejava.security.InvalidKeyException - if something is wrong with the key encodingpublic DHPrivateKey(java.io.InputStream is)
throws java.io.IOException,
java.security.InvalidKeyException
This constructor may be used for parsing an already existing DH private
key, wrapped into a PKCS#8 PrivateKeyInfo that is supplied as DER encoded byte array.
is - the input stream with the data to be read to initialize the
private keyjava.io.IOException - if an I/O error occursjava.security.InvalidKeyException - if something is wrong with the key encodingprotected void decode(byte[] privateKey)
throws java.security.InvalidKeyException
From the given DER encoded byte array an ASN.1 object is created and parsed
for the private key value x and the DH parameters prime
p and base g, and - if included - the length
l of the private value x.
This method is protected and typically will not be used by an application.
Rather it is used by the parent PKCS#8
PrivateKeyInfo class for decoding
the inherent DH private key.
decode in class PrivateKeyInfoprivateKey - the DH private key as DER encoded ASN.1 objectjava.security.InvalidKeyException - if the given key is not a DH private keypublic byte[] encode()
PrivateKeyInfo
class for encoding the inherent DH private key.encode in class PrivateKeyInfopublic java.math.BigInteger getX()
x as BigInteger.
getX in interface javax.crypto.interfaces.DHPrivateKeyx as BigIntegerpublic javax.crypto.spec.DHParameterSpec getParams()
getParams in interface javax.crypto.interfaces.DHKeypublic java.lang.String getAlgorithm()
getAlgorithm in interface java.security.KeygetAlgorithm in class PrivateKeyInfopublic int hashCode()
hashCode in class PrivateKeyInfopublic java.lang.String toString()
toString in class PrivateKeyInfo