Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

iaik.me.keymgmt
Class PKCS12

java.lang.Object
  |
  +--iaik.me.keymgmt.PKCS12
public class PKCS12
extends Object

A class to read and write PKCS#12 files, aka PFX files. PKCS#12 is a standard format for exchange of private keys and certificates supported by most browsers and cryptographic applications. However, it is broken in a number of ways (see Peter Gutmann's article) and not terribly efficient. It is recommended for import and export only, internally the KeyStore format is to be preferred.

It should be able to handle all types of PKCS#12 files that conform to the current specification (version 1.0 of June 24, 1999) and use the password integrity and encryption modes. Interoperability was tested using Netscape 4.76, Netscape 6.0, and Internet Explorer 5.5 SP1 (under Windows 2000 Professional SP1). Note that keys longer than 512 bit and Triple DES encryption are not supported by the old exportable versions of those browsers.

It is assumed that the file contains a single private key and an accompaning certificate chain. The certificate chain returned by decrypt is automatically arranged to contain the user certificate at index 0 and the full certificate chain up to the self signed root (if the certificate path is included in the PKCS#12 file).

Constructor Summary
PKCS12(InputStream in)
          Parse a PKCS#12 object from an InputStream.
PKCS12(KeyAndCert kac)
           
 
Method Summary
 KeyAndCert decrypt(char[] password)
          Decrypt the PKCS#12 file and return the contained private key and certificates.
 byte[] encrypt(char[] password)
           
 byte[] encrypt(char[] password, String algorithm, int iterationCount)
           
 boolean verify(char[] password)
          Verify the MAC of the PKCS#12 file.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PKCS12

public PKCS12(InputStream in)
       throws IOException
Parse a PKCS#12 object from an InputStream.

PKCS12

public PKCS12(KeyAndCert kac)
Method Detail

verify

public boolean verify(char[] password)
Verify the MAC of the PKCS#12 file. This method should always be called before decrypt to make sure the password is correct.
See Also:
decrypt(char[])

decrypt

public KeyAndCert decrypt(char[] password)
                   throws CryptoException
Decrypt the PKCS#12 file and return the contained private key and certificates.
See Also:
verify(char[])

encrypt

public byte[] encrypt(char[] password)
               throws CryptoException

encrypt

public byte[] encrypt(char[] password,
                      String algorithm,
                      int iterationCount)
               throws CryptoException
Overview  Package   Class  Tree  Deprecated  Index  Help 
This Javadoc may contain text parts from IETF Internet Standard specifications, see copyright note) and RSA Data Security Public-Key Cryptography Standards (see copyright note).
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
IAIK-JCE ME 3.04, (c) 2002 IAIK, (c) 2003 to 2006 Stiftung SIC