Package org.webpki.sks
Interface SecureKeyStore
public interface SecureKeyStore
SKS (Secure Key Store) API. All calls may throw the unchecked SKSException
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final intstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final Stringstatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final byte[]static final byte[]static final byte[]static final byte[]static final byte[]static final intstatic final intstatic final intstatic final intstatic final intstatic final intstatic final intstatic final byte[]static final byte[]static final byte[]static final byte[]static final byte[]static final byte[]static final byte[]static final byte[]static final byte[]static final byte[]static final byte[]static final byte[]static final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final bytestatic final shortstatic final bytestatic final bytestatic final bytestatic final bytestatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final byte[] -
Method Summary
Modifier and TypeMethodDescriptionvoidabortProvisioningSession(int provisioningHandle) voidaddExtension(int keyHandle, String type, byte subType, String qualifier, byte[] extensionData, byte[] mac) byte[]asymmetricKeyDecrypt(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) voidchangePin(int keyHandle, byte[] authorization, byte[] newPin) byte[]closeProvisioningSession(int provisioningHandle, byte[] nonce, byte[] mac) createKeyEntry(int provisioningHandle, String id, String keyEntryAlgorithm, byte[] serverSeed, boolean devicePinProtection, int pinPolicyHandle, byte[] pinValue, boolean enablePinCaching, byte biometricProtection, byte exportProtection, byte deleteProtection, byte appUsage, String friendlyName, String keyAlgorithm, byte[] keyParameters, String[] endorsedAlgorithms, byte[] mac) intcreatePinPolicy(int provisioningHandle, String id, int pukPolicyHandle, boolean userDefined, boolean userModifiable, byte format, short retryLimit, byte grouping, byte patternRestrictions, short minLength, short maxLength, byte inputMethod, byte[] mac) createProvisioningSession(String sessionKeyAlgorithm, boolean privacyEnabled, String serverSessionId, ECPublicKey serverEphemeralKey, String issuerUri, PublicKey keyManagementKey, int clientTime, short sessionLifeTime, short sessionKeyLimit, byte[] serverCertificate) intcreatePukPolicy(int provisioningHandle, String id, byte[] pukValue, byte format, short retryLimit, byte[] mac) voiddeleteKey(int keyHandle, byte[] authorization) enumerateKeys(int keyHandle) enumerateProvisioningSessions(int provisioningHandle, boolean provisioningState) byte[]exportKey(int keyHandle, byte[] authorization) getExtension(int keyHandle, String type) getKeyAttributes(int keyHandle) intgetKeyHandle(int provisioningHandle, String id) getKeyProtectionInfo(int keyHandle) voidimportPrivateKey(int keyHandle, byte[] encryptedKey, byte[] mac) voidimportSymmetricKey(int keyHandle, byte[] encryptedKey, byte[] mac) byte[]keyAgreement(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, ECPublicKey publicKey) byte[]performHmac(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) voidpostCloneKeyProtection(int keyHandle, int targetKeyHandle, byte[] authorization, byte[] mac) voidpostDeleteKey(int provisioningHandle, int targetKeyHandle, byte[] authorization, byte[] mac) voidpostUnlockKey(int provisioningHandle, int targetKeyHandle, byte[] authorization, byte[] mac) voidpostUpdateKey(int keyHandle, int targetKeyHandle, byte[] authorization, byte[] mac) voidsetCertificatePath(int keyHandle, X509Certificate[] certificatePath, byte[] mac) voidsetPin(int keyHandle, byte[] authorization, byte[] newPin) voidsetProperty(int keyHandle, String type, String name, String value) byte[]signData(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) byte[]symmetricKeyEncrypt(int keyHandle, String algorithm, boolean mode, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) voidunlockKey(int keyHandle, byte[] authorization) updateFirmware(byte[] chunk) voidupdateKeyManagementKey(int provisioningHandle, PublicKey keyManagementKey, byte[] authorization)
-
Field Details
-
MAX_LENGTH_PIN_PUK
static final int MAX_LENGTH_PIN_PUK- See Also:
-
MAX_LENGTH_QUALIFIER
static final int MAX_LENGTH_QUALIFIER- See Also:
-
MAX_LENGTH_SYMMETRIC_KEY
static final int MAX_LENGTH_SYMMETRIC_KEY- See Also:
-
MAX_LENGTH_ID_TYPE
static final int MAX_LENGTH_ID_TYPE- See Also:
-
MAX_LENGTH_SERVER_SEED
static final int MAX_LENGTH_SERVER_SEED- See Also:
-
MAX_LENGTH_URI
static final int MAX_LENGTH_URI- See Also:
-
MAX_RETRY_LIMIT
static final int MAX_RETRY_LIMIT- See Also:
-
METHOD_SET_CERTIFICATE_PATH
static final byte[] METHOD_SET_CERTIFICATE_PATH -
METHOD_IMPORT_SYMMETRIC_KEY
static final byte[] METHOD_IMPORT_SYMMETRIC_KEY -
METHOD_IMPORT_PRIVATE_KEY
static final byte[] METHOD_IMPORT_PRIVATE_KEY -
METHOD_CLOSE_PROVISIONING_SESSION
static final byte[] METHOD_CLOSE_PROVISIONING_SESSION -
METHOD_CREATE_KEY_ENTRY
static final byte[] METHOD_CREATE_KEY_ENTRY -
METHOD_CREATE_PIN_POLICY
static final byte[] METHOD_CREATE_PIN_POLICY -
METHOD_CREATE_PUK_POLICY
static final byte[] METHOD_CREATE_PUK_POLICY -
METHOD_ADD_EXTENSION
static final byte[] METHOD_ADD_EXTENSION -
METHOD_POST_DELETE_KEY
static final byte[] METHOD_POST_DELETE_KEY -
METHOD_POST_UNLOCK_KEY
static final byte[] METHOD_POST_UNLOCK_KEY -
METHOD_POST_UPDATE_KEY
static final byte[] METHOD_POST_UPDATE_KEY -
METHOD_POST_CLONE_KEY_PROTECTION
static final byte[] METHOD_POST_CLONE_KEY_PROTECTION -
KDF_DEVICE_ATTESTATION
static final byte[] KDF_DEVICE_ATTESTATION -
KDF_ENCRYPTION_KEY
static final byte[] KDF_ENCRYPTION_KEY -
KDF_ANONYMOUS
static final byte[] KDF_ANONYMOUS -
KMK_TARGET_KEY_REFERENCE
static final byte[] KMK_TARGET_KEY_REFERENCE -
KMK_ROLL_OVER_AUTHORIZATION
static final byte[] KMK_ROLL_OVER_AUTHORIZATION -
CRYPTO_STRING_NOT_AVAILABLE
- See Also:
-
VAR_APP_USAGE
- See Also:
-
VAR_ATTESTATION
- See Also:
-
VAR_AUTHORIZATION
- See Also:
-
VAR_BIOMETRIC_PROTECTION
- See Also:
-
VAR_CLIENT_EPHEMERAL_KEY
- See Also:
-
VAR_CLIENT_SESSION_ID
- See Also:
-
VAR_CLIENT_TIME
- See Also:
-
VAR_CRYPTO_DATA_SIZE
- See Also:
-
VAR_DATA
- See Also:
-
VAR_EXTENSION_DATA
- See Also:
-
VAR_DELETE_PROTECTION
- See Also:
-
VAR_DEVICE_PIN_PROTECTION
- See Also:
-
VAR_ENDORSED_ALGORITHMS
- See Also:
-
VAR_ENABLE_PIN_CACHING
- See Also:
-
VAR_ENCRYPTED_KEY
- See Also:
-
VAR_ENCRYPTED_PUK
- See Also:
-
VAR_EXPORT_PROTECTION
- See Also:
-
VAR_FORMAT
- See Also:
-
VAR_FRIENDLY_NAME
- See Also:
-
VAR_GROUPING
- See Also:
-
VAR_ID
- See Also:
-
VAR_INPUT_METHOD
- See Also:
-
VAR_ISSUER_URI
- See Also:
-
VAR_KEY_ALGORITHM
- See Also:
-
VAR_KEY_ENTRY_ALGORITHM
- See Also:
-
VAR_KEY_MANAGEMENT_KEY
- See Also:
-
VAR_KEY_PARAMETERS
- See Also:
-
VAR_MAC
- See Also:
-
VAR_MAX_LENGTH
- See Also:
-
VAR_MIN_LENGTH
- See Also:
-
VAR_NAME
- See Also:
-
VAR_NONCE
- See Also:
-
VAR_PARAMETERS
- See Also:
-
VAR_PATTERN_RESTRICTIONS
- See Also:
-
VAR_PIN_VALUE
- See Also:
-
VAR_PRIVACY_ENABLED
- See Also:
-
VAR_PROPERTY
- See Also:
-
VAR_PROPERTY_BAG
- See Also:
-
VAR_PUBLIC_KEY
- See Also:
-
VAR_QUALIFIER
- See Also:
-
VAR_RETRY_LIMIT
- See Also:
-
VAR_SERVER_EPHEMERAL_KEY
- See Also:
-
VAR_SERVER_SEED
- See Also:
-
VAR_SERVER_SESSION_ID
- See Also:
-
VAR_SERVER_TIME
- See Also:
-
VAR_SESSION_KEY_ALGORITHM
- See Also:
-
VAR_SESSION_KEY_LIMIT
- See Also:
-
VAR_SESSION_LIFE_TIME
- See Also:
-
VAR_SUB_TYPE
- See Also:
-
VAR_TYPE
- See Also:
-
VAR_USER_MODIFIABLE
- See Also:
-
VAR_VALUE
- See Also:
-
VAR_WRITABLE
- See Also:
-
APP_USAGE_SIGNATURE
static final byte APP_USAGE_SIGNATURE- See Also:
-
APP_USAGE_AUTHENTICATION
static final byte APP_USAGE_AUTHENTICATION- See Also:
-
APP_USAGE_ENCRYPTION
static final byte APP_USAGE_ENCRYPTION- See Also:
-
APP_USAGE_UNIVERSAL
static final byte APP_USAGE_UNIVERSAL- See Also:
-
PIN_GROUPING_NONE
static final byte PIN_GROUPING_NONE- See Also:
-
PIN_GROUPING_SHARED
static final byte PIN_GROUPING_SHARED- See Also:
-
PIN_GROUPING_SIGN_PLUS_STD
static final byte PIN_GROUPING_SIGN_PLUS_STD- See Also:
-
PIN_GROUPING_UNIQUE
static final byte PIN_GROUPING_UNIQUE- See Also:
-
PIN_PATTERN_TWO_IN_A_ROW
static final byte PIN_PATTERN_TWO_IN_A_ROW- See Also:
-
PIN_PATTERN_THREE_IN_A_ROW
static final byte PIN_PATTERN_THREE_IN_A_ROW- See Also:
-
PIN_PATTERN_SEQUENCE
static final byte PIN_PATTERN_SEQUENCE- See Also:
-
PIN_PATTERN_REPEATED
static final byte PIN_PATTERN_REPEATED- See Also:
-
PIN_PATTERN_MISSING_GROUP
static final byte PIN_PATTERN_MISSING_GROUP- See Also:
-
PASSPHRASE_FORMAT_NUMERIC
static final byte PASSPHRASE_FORMAT_NUMERIC- See Also:
-
PASSPHRASE_FORMAT_ALPHANUMERIC
static final byte PASSPHRASE_FORMAT_ALPHANUMERIC- See Also:
-
PASSPHRASE_FORMAT_STRING
static final byte PASSPHRASE_FORMAT_STRING- See Also:
-
PASSPHRASE_FORMAT_BINARY
static final byte PASSPHRASE_FORMAT_BINARY- See Also:
-
SUB_TYPE_EXTENSION
static final byte SUB_TYPE_EXTENSION- See Also:
-
SUB_TYPE_ENCRYPTED_EXTENSION
static final byte SUB_TYPE_ENCRYPTED_EXTENSION- See Also:
-
SUB_TYPE_PROPERTY_BAG
static final byte SUB_TYPE_PROPERTY_BAG- See Also:
-
SUB_TYPE_LOGOTYPE
static final byte SUB_TYPE_LOGOTYPE- See Also:
-
EXPORT_DELETE_PROTECTION_NONE
static final byte EXPORT_DELETE_PROTECTION_NONE- See Also:
-
EXPORT_DELETE_PROTECTION_PIN
static final byte EXPORT_DELETE_PROTECTION_PIN- See Also:
-
EXPORT_DELETE_PROTECTION_PUK
static final byte EXPORT_DELETE_PROTECTION_PUK- See Also:
-
EXPORT_DELETE_PROTECTION_NOT_ALLOWED
static final byte EXPORT_DELETE_PROTECTION_NOT_ALLOWED- See Also:
-
INPUT_METHOD_ANY
static final byte INPUT_METHOD_ANY- See Also:
-
INPUT_METHOD_PROGRAMMATIC
static final byte INPUT_METHOD_PROGRAMMATIC- See Also:
-
INPUT_METHOD_TRUSTED_GUI
static final byte INPUT_METHOD_TRUSTED_GUI- See Also:
-
BIOMETRIC_PROTECTION_NONE
static final byte BIOMETRIC_PROTECTION_NONE- See Also:
-
BIOMETRIC_PROTECTION_ALTERNATIVE
static final byte BIOMETRIC_PROTECTION_ALTERNATIVE- See Also:
-
BIOMETRIC_PROTECTION_COMBINED
static final byte BIOMETRIC_PROTECTION_COMBINED- See Also:
-
BIOMETRIC_PROTECTION_EXCLUSIVE
static final byte BIOMETRIC_PROTECTION_EXCLUSIVE- See Also:
-
ALGORITHM_KEY_ATTEST_1
- See Also:
-
ALGORITHM_SESSION_ATTEST_1
- See Also:
-
ALGORITHM_ECDH_RAW
- See Also:
-
ALGORITHM_NONE
- See Also:
-
ZERO_LENGTH_ARRAY
static final byte[] ZERO_LENGTH_ARRAY -
SKS_API_LEVEL
static final short SKS_API_LEVEL- See Also:
-
AES_CBC_PKCS5_PADDING
static final int AES_CBC_PKCS5_PADDING- See Also:
-
-
Method Details
-
createProvisioningSession
ProvisioningSession createProvisioningSession(String sessionKeyAlgorithm, boolean privacyEnabled, String serverSessionId, ECPublicKey serverEphemeralKey, String issuerUri, PublicKey keyManagementKey, int clientTime, short sessionLifeTime, short sessionKeyLimit, byte[] serverCertificate) -
closeProvisioningSession
byte[] closeProvisioningSession(int provisioningHandle, byte[] nonce, byte[] mac) -
enumerateProvisioningSessions
EnumeratedProvisioningSession enumerateProvisioningSessions(int provisioningHandle, boolean provisioningState) -
createKeyEntry
KeyData createKeyEntry(int provisioningHandle, String id, String keyEntryAlgorithm, byte[] serverSeed, boolean devicePinProtection, int pinPolicyHandle, byte[] pinValue, boolean enablePinCaching, byte biometricProtection, byte exportProtection, byte deleteProtection, byte appUsage, String friendlyName, String keyAlgorithm, byte[] keyParameters, String[] endorsedAlgorithms, byte[] mac) -
getKeyHandle
-
abortProvisioningSession
void abortProvisioningSession(int provisioningHandle) -
setCertificatePath
-
addExtension
-
importSymmetricKey
void importSymmetricKey(int keyHandle, byte[] encryptedKey, byte[] mac) -
importPrivateKey
void importPrivateKey(int keyHandle, byte[] encryptedKey, byte[] mac) -
createPinPolicy
int createPinPolicy(int provisioningHandle, String id, int pukPolicyHandle, boolean userDefined, boolean userModifiable, byte format, short retryLimit, byte grouping, byte patternRestrictions, short minLength, short maxLength, byte inputMethod, byte[] mac) -
createPukPolicy
int createPukPolicy(int provisioningHandle, String id, byte[] pukValue, byte format, short retryLimit, byte[] mac) -
updateKeyManagementKey
void updateKeyManagementKey(int provisioningHandle, PublicKey keyManagementKey, byte[] authorization) -
postDeleteKey
void postDeleteKey(int provisioningHandle, int targetKeyHandle, byte[] authorization, byte[] mac) -
postUnlockKey
void postUnlockKey(int provisioningHandle, int targetKeyHandle, byte[] authorization, byte[] mac) -
postUpdateKey
void postUpdateKey(int keyHandle, int targetKeyHandle, byte[] authorization, byte[] mac) -
postCloneKeyProtection
void postCloneKeyProtection(int keyHandle, int targetKeyHandle, byte[] authorization, byte[] mac) -
signData
byte[] signData(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) -
performHmac
byte[] performHmac(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) -
symmetricKeyEncrypt
byte[] symmetricKeyEncrypt(int keyHandle, String algorithm, boolean mode, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) -
asymmetricKeyDecrypt
byte[] asymmetricKeyDecrypt(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) -
keyAgreement
byte[] keyAgreement(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, ECPublicKey publicKey) -
getKeyAttributes
-
enumerateKeys
-
deleteKey
void deleteKey(int keyHandle, byte[] authorization) -
getDeviceInfo
DeviceInfo getDeviceInfo() -
getExtension
-
getKeyProtectionInfo
-
setProperty
-
unlockKey
void unlockKey(int keyHandle, byte[] authorization) -
changePin
void changePin(int keyHandle, byte[] authorization, byte[] newPin) -
setPin
void setPin(int keyHandle, byte[] authorization, byte[] newPin) -
exportKey
byte[] exportKey(int keyHandle, byte[] authorization) -
updateFirmware
-