1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.certsrv.security;
import java.security.PublicKey;
import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.SymmetricKey;
import com.netscape.certsrv.base.EBaseException;
/**
* An interface represents a encryption unit.
*
* @version $Revision$, $Date$
*/
public interface IEncryptionUnit extends IToken {
/**
* Retrieves the public key in this unit.
*
* @return public key
*/
public PublicKey getPublicKey();
/**
* Wraps data. The given key will be wrapped by the
* private key in this unit.
*
* @param priKey private key to be wrapped
* @return wrapped data
* @exception EBaseException failed to wrap
*/
public byte[] wrap(PrivateKey priKey) throws EBaseException;
/**
* Wraps data. The given key will be wrapped by the
* private key in this unit.
*
* @param symKey symmetric key to be wrapped
* @return wrapped data
* @exception EBaseException failed to wrap
*/
public byte[] wrap(SymmetricKey symKey) throws EBaseException;
/**
* Verifies the given key pair.
*
* @param publicKey public key
* @param privateKey private key
*/
public void verify(PublicKey publicKey, PrivateKey privateKey) throws
EBaseException;
/**
* Unwraps data. This method rebuilds the private key by
* unwrapping the private key data.
*
* @param sessionKey session key that unwrap the private key
* @param symmAlgOID symmetric algorithm
* @param symmAlgParams symmetric algorithm parameters
* @param privateKey private key data
* @param pubKey public key
* @return private key object
* @exception EBaseException failed to unwrap
*/
public PrivateKey unwrap(byte sessionKey[], String symmAlgOID,
byte symmAlgParams[], byte privateKey[],
PublicKey pubKey)
throws EBaseException;
/**
* Unwraps symmetric key data. This method rebuilds the symmetric key by
* unwrapping the private data blob.
*
* @param wrappedKeyData symmetric key data wrapped up with session key
* @return Symmetric key object
* @exception EBaseException failed to unwrap
*/
public SymmetricKey unwrap(byte wrappedKeyData[])
throws EBaseException;
/**
* Unwraps symmetric key . This method
* unwraps the symmetric key.
*
* @param sessionKey session key that unwrap the symmetric key
* @param symmAlgOID symmetric algorithm
* @param symmAlgParams symmetric algorithm parameters
* @param symmetricKey symmetric key data
* @return Symmetric key object
* @exception EBaseException failed to unwrap
*/
public SymmetricKey unwrap_symmetric(byte sessionKey[], String symmAlgOID,
byte symmAlgParams[], byte symmetricKey[])
throws EBaseException;
/**
* Unwraps symmetric key . This method
* unwraps the symmetric key.
*
* @param encSymmKey wrapped symmetric key to be unwrapped
* @return Symmetric key object
* @exception EBaseException failed to unwrap
*/
public SymmetricKey unwrap_sym(byte encSymmKey[],
SymmetricKey.Usage usage);
/**
* Unwraps data. This method rebuilds the private key by
* unwrapping the private key data.
*
* @param privateKey private key data
* @param pubKey public key object
* @return private key object
* @exception EBaseException failed to unwrap
*/
public PrivateKey unwrap(byte privateKey[], PublicKey pubKey)
throws EBaseException;
/**
* Encrypts the internal private key (private key to the KRA's
* internal storage).
*
* @param rawPrivate user's private key (key to be archived)
* @return encrypted data
* @exception EBaseException failed to encrypt
*/
public byte[] encryptInternalPrivate(byte rawPrivate[])
throws EBaseException;
/**
* Decrypts the internal private key (private key from the KRA's
* internal storage).
*
* @param wrappedPrivateData unwrapped private key data (key to be recovered)
* @return raw private key
* @exception EBaseException failed to decrypt
*/
public byte[] decryptInternalPrivate(byte wrappedPrivateData[])
throws EBaseException;
/**
* Decrypts the external private key (private key from the end-user).
*
* @param sessionKey session key that protects the user private
* @param symmAlgOID symmetric algorithm
* @param symmAlgParams symmetric algorithm parameters
* @param privateKey private key data
* @return private key data
* @exception EBaseException failed to decrypt
*/
public byte[] decryptExternalPrivate(byte sessionKey[],
String symmAlgOID,
byte symmAlgParams[], byte privateKey[])
throws EBaseException;
}
|
