WrappedKeyEntry
public
class
WrappedKeyEntry
extends Object
implements
KeyStore.Entry
An Entry
that holds a wrapped key. Wrapped keys contain encrypted key data and
description information that can be used to securely import key material into a hardware-backed
Keystore.
The wrapped key is in DER-encoded ASN.1 format, specified by the following schema:
KeyDescription ::= SEQUENCE(
keyFormat INTEGER, # Values from KeyFormat enum.
keyParams AuthorizationList,
)
SecureKeyWrapper ::= SEQUENCE(
version INTEGER, # Contains value 0
encryptedTransportKey OCTET_STRING,
initializationVector OCTET_STRING,
keyDescription KeyDescription,
encryptedKey OCTET_STRING,
tag OCTET_STRING
)
- keyFormat is an integer from the KeyFormat enum, defining the format of the plaintext
key material.
- keyParams is the characteristics of the key to be imported (as with generateKey or
importKey). If the secure import is successful, these characteristics must be
associated with the key exactly as if the key material had been insecurely imported
with importKey. See Key Attestation for the AuthorizationList format.
- encryptedTransportKey is a 256-bit AES key, XORed with a masking key and then encrypted
in RSA-OAEP mode (SHA-256 digest, SHA-1 MGF1 digest) with the wrapping key specified by
wrappingKeyBlob.
- keyDescription is a KeyDescription, above.
- encryptedKey is the key material of the key to be imported, in format keyFormat, and
encrypted with encryptedEphemeralKey in AES-GCM mode, with the DER-encoded
representation of keyDescription provided as additional authenticated data.
- tag is the tag produced by the AES-GCM encryption of encryptedKey.
Imported wrapped keys will have KeymasterDefs.KM_ORIGIN_SECURELY_IMPORTED
Summary
Inherited methods |
From class
java.lang.Object
Object
|
clone()
Creates and returns a copy of this object.
|
boolean
|
equals(Object obj)
Indicates whether some other object is "equal to" this one.
|
void
|
finalize()
Called by the garbage collector on an object when garbage collection
determines that there are no more references to the object.
|
final
Class<?>
|
getClass()
Returns the runtime class of this Object .
|
int
|
hashCode()
Returns a hash code value for the object.
|
final
void
|
notify()
Wakes up a single thread that is waiting on this object's
monitor.
|
final
void
|
notifyAll()
Wakes up all threads that are waiting on this object's monitor.
|
String
|
toString()
Returns a string representation of the object.
|
final
void
|
wait(long timeoutMillis, int nanos)
Causes the current thread to wait until it is awakened, typically
by being notified or interrupted, or until a
certain amount of real time has elapsed.
|
final
void
|
wait(long timeoutMillis)
Causes the current thread to wait until it is awakened, typically
by being notified or interrupted, or until a
certain amount of real time has elapsed.
|
final
void
|
wait()
Causes the current thread to wait until it is awakened, typically
by being notified or interrupted.
|
|
From interface
java.security.KeyStore.Entry
|
Public constructors
WrappedKeyEntry
public WrappedKeyEntry (byte[] wrappedKeyBytes,
String wrappingKeyAlias,
String transformation,
AlgorithmParameterSpec algorithmParameterSpec)
Constructs a WrappedKeyEntry
with a binary wrapped key.
Parameters |
wrappedKeyBytes |
byte : ASN.1 DER encoded wrapped key |
wrappingKeyAlias |
String : identifies the private key that can unwrap the wrapped key |
transformation |
String : used to unwrap the key. ex: "RSA/ECB/OAEPPadding" |
algorithmParameterSpec |
AlgorithmParameterSpec : spec for the private key used to unwrap the wrapped key |
Public methods
public String getTransformation ()
getWrappedKeyBytes
public byte[] getWrappedKeyBytes ()
getWrappingKeyAlias
public String getWrappingKeyAlias ()
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-02-10 UTC.
[null,null,["Last updated 2025-02-10 UTC."],[],[]]