Package com.icodici.crypto

Class AbstractKey

java.lang.Object

com.icodici.crypto.AbstractKey

All Implemented Interfaces:

KeyMatcher, net.sergeych.tools.Bindable

Direct Known Subclasses:

AbstractAsymmetricKey, PrivateKey, PublicKey, SymmetricKey

public abstract class AbstractKey
extends java.lang.Object
implements net.sergeych.tools.Bindable, KeyMatcher

All the functions that some key should be able to perform. The default implementation throws UnsupportedOperationException - this is a valid behaviour for the function that the key is not able to perform. Well, there could be keys that do nothing too. Just for ;)

Created by sergeych on 17.12.16.

Field Summary

Fields

Modifier and Type	Field	Description
static int	FINGERPRINT_SHA256
static int	FINGERPRINT_SHA384
protected KeyInfo	keyInfo
static int	TYPE_PRIVATE
static int	TYPE_PRIVATE_PASSWORD
static int	TYPE_PRIVATE_PASSWORD_V2
static int	TYPE_PUBLIC

Constructor Summary

Constructors

Constructor	Description
AbstractKey()

Method Summary

Modifier and Type	Method	Description
KeyAddress	address(boolean useSha3_384, int keyMark)	Generate address for the key, see KeyAddress for more.
Capsule.KeySource	asKeySource()	Generate single-key Capsule.KeySource for this key.
boolean	canSign()	If it is an instance of the private key, it will return true, then getPublicKey() must return valid key.
byte[]	createAnonymousId()	Create a random (e.g.
byte[]	decrypt(byte[] plain)
byte[]	encrypt(byte[] plain)
byte[]	fingerprint()	The fingerprint of the key is a uniqie sequence of bytes that matches the key without compromising it.
static AbstractKey	fromBinder(net.sergeych.tools.Binder binder)	Deserialize some key instance from the binder using KeyInfo.
KeyAddress	getLongAddress()
AbstractKey	getPublicKey()	Return valid public key, for example self, or raise the exception.
KeyAddress	getShortAddress()
KeyInfo	info()
boolean	isMatchingKey(AbstractKey key)
boolean	isMatchingKeyAddress(KeyAddress other)
boolean	isPrivate()
boolean	isPublic()
boolean	matchAnonymousId(@org.checkerframework.checker.nullness.qual.NonNull byte[] packedId)	Check that the packed anonymousId matches current key.
boolean	matchTag(AbstractKey other)
boolean	matchType(AbstractKey other)
byte[]	pack()
byte[]	packedInfo()
java.lang.String	packToBase64String()
void	setTag(byte[] tag)
void	setTag(java.lang.String tag)
byte[]	sign(byte[] input, HashType hashType)
byte[]	sign(java.io.InputStream input, HashType hashType)
net.sergeych.tools.Binder	toBinder()	Serialize key to the Binder.
java.lang.String	toString()
void	unpack(byte[] bytes)
Digest	updateDigestWithKeyComponents(Digest digest)	Arbitrary fingerprint calculation.
<T> T	updateFrom(net.sergeych.tools.Binder source)
boolean	verify(byte[] input, byte[] signature, HashType hashType)
boolean	verify(java.io.InputStream input, byte[] signature, HashType hashType)
boolean	verify(java.lang.String input, byte[] signature, HashType hashType)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

FINGERPRINT_SHA256

public static final int FINGERPRINT_SHA256

See Also:

Constant Field Values

FINGERPRINT_SHA384

public static final int FINGERPRINT_SHA384

See Also:

Constant Field Values

TYPE_PRIVATE

public static final int TYPE_PRIVATE

See Also:

Constant Field Values

TYPE_PUBLIC

public static final int TYPE_PUBLIC

See Also:

Constant Field Values

TYPE_PRIVATE_PASSWORD

public static final int TYPE_PRIVATE_PASSWORD

See Also:

Constant Field Values

TYPE_PRIVATE_PASSWORD_V2

public static final int TYPE_PRIVATE_PASSWORD_V2

See Also:

Constant Field Values

keyInfo

protected KeyInfo keyInfo

Constructor Detail

AbstractKey

public AbstractKey()

Method Detail

encrypt

public byte[] encrypt(byte[] plain)
               throws EncryptionError

Throws:

EncryptionError

decrypt

public byte[] decrypt(byte[] plain)
               throws EncryptionError

Throws:

EncryptionError

sign

public byte[] sign(java.io.InputStream input,
                   HashType hashType)
            throws EncryptionError,
                   java.io.IOException

Throws:

EncryptionError

java.io.IOException

sign

public byte[] sign(byte[] input,
                   HashType hashType)
            throws EncryptionError

Throws:

EncryptionError

verify

public boolean verify(java.io.InputStream input,
                      byte[] signature,
                      HashType hashType)
               throws EncryptionError,
                      java.io.IOException

Throws:

EncryptionError

java.io.IOException

verify

public boolean verify(byte[] input,
                      byte[] signature,
                      HashType hashType)
               throws EncryptionError

Throws:

EncryptionError

verify

public boolean verify(java.lang.String input,
                      byte[] signature,
                      HashType hashType)
               throws EncryptionError

Throws:

EncryptionError

info

public KeyInfo info()

packedInfo

public byte[] packedInfo()

pack

public byte[] pack()

packToBase64String

public java.lang.String packToBase64String()

unpack

public void unpack(byte[] bytes)
            throws EncryptionError

Throws:

EncryptionError

canSign

public boolean canSign()

If it is an instance of the private key, it will return true, then getPublicKey() must return valid key.

Returns:

isPublic

public boolean isPublic()

isPrivate

public boolean isPrivate()

getPublicKey

public AbstractKey getPublicKey()

Return valid public key, for example self, or raise the exception. This implementation returns self if isPublic() or throws an exception.

Returns:

toBinder

public final net.sergeych.tools.Binder toBinder()

Serialize key to the Binder. Due to the multiplatform nature of attesta items, especially keys that are often part of the Capsule, it is not possible to use default java serialization mechanics. Instead, we serialize objects to Binders that can be effectively transmitted over the network and reconstructed on the any platform.

Note that derived classes usually do not override it, instead, they should properly initialize keyInfo and provide pack() and unpack(byte[]) methods, that are widely used across the system. for that reason we make this method final as for now. If you think you know the case when it is necessary to override it, contact developers.

See fromBinder(Binder) for deserialization.

Specified by:

toBinder in interface net.sergeych.tools.Bindable

Returns:

binder with packed key.

updateFrom

public final <T> T updateFrom(net.sergeych.tools.Binder source)
                       throws java.io.IOException

Specified by:

updateFrom in interface net.sergeych.tools.Bindable

Throws:

java.io.IOException

fromBinder

public static AbstractKey fromBinder(net.sergeych.tools.Binder binder)
                              throws java.io.IOException,
                                     EncryptionError

Deserialize some key instance from the binder using KeyInfo. Inverse of toBinder(). Serialized data are in binary form and are bit-effective, when using with Boss encoders (the default for Attesta).

Parameters:

binder - from where to restore.

Returns:

ready to use key

Throws:

java.io.IOException

EncryptionError

matchType

public boolean matchType(AbstractKey other)

matchTag

public boolean matchTag(AbstractKey other)

setTag

public void setTag(java.lang.String tag)

setTag

public void setTag(byte[] tag)

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

asKeySource

public Capsule.KeySource asKeySource()

Generate single-key Capsule.KeySource for this key. Useful to unpack a capsule with a given key and when you need to use one key in different roles (e.g. decsrypt and check signature).

Returns:

KeySource that contains only this key

fingerprint

public byte[] fingerprint()

The fingerprint of the key is a uniqie sequence of bytes that matches the key without compromising it. In fact, only public keys can have it, for symmetric keys the fingerprint will compromise it.

Therefore, the private key fingerprint is its public key fingerprint. The public key fingerprint is calculated using some hash over it's parameters, see PublicKey.fingerprint()

Returns:

updateDigestWithKeyComponents

public Digest updateDigestWithKeyComponents(Digest digest)

Arbitrary fingerprint calculation. As the digest may be different adn it might be useful to include more information than a key to it, it is possible to update some digest instance with key data.

Create any digest you need and call this method to update it with a ket data.

This can and should be used to obtain higher-order composite fingerprints for high security setups.

Returns:

same digest instance (to chain calls)

createAnonymousId

public byte[] createAnonymousId()

Create a random (e.g. every call a different) sequence of bytes that identidy this key. There can almost infinite number if anonynous ids for e key (more than 1.0E77), so it is really anonymous way to identify some key. The anonymousId for public and private keys are the same.

Anonymous ID size is 64 bytes: first are 32 random bytes, last are HMAC(key, sha256) of these random bytes.

The most important thing about anonymous ids is that every time this call generates new id for the same key, providing anonymous but exact identification of a key.

To check that the key matches some anonymousId, use matchAnonymousId(byte[]).

Therefore, the private key fingerprint is its public key fingerprint. The public key fingerprint is calculated using some hash over it's parameters, see PublicKey.fingerprint()

Returns:

matchAnonymousId

public boolean matchAnonymousId(@org.checkerframework.checker.nullness.qual.NonNull byte[] packedId)
                         throws java.io.IOException

Check that the packed anonymousId matches current key. Use createAnonymousId() to get a random anonymous id for this key.

Parameters:

packedId -

Returns:

true if it matches.

Throws:

java.io.IOException

address

public KeyAddress address(boolean useSha3_384,
                          int keyMark)

Generate address for the key, see KeyAddress for more.

Parameters:

useSha3_384 - use SHA3-384 for hash, otherwise SHA3-256

keyMark - some data code in 0..15 range inclusive

Returns:

generated address

getShortAddress

public final KeyAddress getShortAddress()

getLongAddress

public final KeyAddress getLongAddress()

isMatchingKey

public boolean isMatchingKey(AbstractKey key)

Specified by:

isMatchingKey in interface KeyMatcher

isMatchingKeyAddress

public final boolean isMatchingKeyAddress(KeyAddress other)

Specified by:

isMatchingKeyAddress in interface KeyMatcher