Package org.webpki.sks
Interface SecureKeyStore
public interface SecureKeyStore
SKS (Secure Key Store) API. All calls may throw the unchecked SKSException
-
Field Summary
Modifier and TypeFieldDescriptionstatic final int
static final String
static final String
static final String
static final String
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final String
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte[]
static final byte[]
static final byte[]
static final byte[]
static final byte[]
static final int
static final int
static final int
static final int
static final int
static final int
static final int
static final byte[]
static final byte[]
static final byte[]
static final byte[]
static final byte[]
static final byte[]
static final byte[]
static final byte[]
static final byte[]
static final byte[]
static final byte[]
static final byte[]
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final byte
static final short
static final byte
static final byte
static final byte
static final byte
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final byte[]
-
Method Summary
Modifier and TypeMethodDescriptionvoid
abortProvisioningSession
(int provisioningHandle) void
addExtension
(int keyHandle, String type, byte subType, String qualifier, byte[] extensionData, byte[] mac) byte[]
asymmetricKeyDecrypt
(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) void
changePin
(int keyHandle, byte[] authorization, byte[] newPin) byte[]
closeProvisioningSession
(int provisioningHandle, byte[] nonce, byte[] mac) createKeyEntry
(int provisioningHandle, String id, String keyEntryAlgorithm, byte[] serverSeed, boolean devicePinProtection, int pinPolicyHandle, byte[] pinValue, boolean enablePinCaching, byte biometricProtection, byte exportProtection, byte deleteProtection, byte appUsage, String friendlyName, String keyAlgorithm, byte[] keyParameters, String[] endorsedAlgorithms, byte[] mac) int
createPinPolicy
(int provisioningHandle, String id, int pukPolicyHandle, boolean userDefined, boolean userModifiable, byte format, short retryLimit, byte grouping, byte patternRestrictions, short minLength, short maxLength, byte inputMethod, byte[] mac) createProvisioningSession
(String sessionKeyAlgorithm, boolean privacyEnabled, String serverSessionId, ECPublicKey serverEphemeralKey, String issuerUri, PublicKey keyManagementKey, int clientTime, short sessionLifeTime, short sessionKeyLimit, byte[] serverCertificate) int
createPukPolicy
(int provisioningHandle, String id, byte[] pukValue, byte format, short retryLimit, byte[] mac) void
deleteKey
(int keyHandle, byte[] authorization) enumerateKeys
(int keyHandle) enumerateProvisioningSessions
(int provisioningHandle, boolean provisioningState) byte[]
exportKey
(int keyHandle, byte[] authorization) getExtension
(int keyHandle, String type) getKeyAttributes
(int keyHandle) int
getKeyHandle
(int provisioningHandle, String id) getKeyProtectionInfo
(int keyHandle) void
importPrivateKey
(int keyHandle, byte[] encryptedKey, byte[] mac) void
importSymmetricKey
(int keyHandle, byte[] encryptedKey, byte[] mac) byte[]
keyAgreement
(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, ECPublicKey publicKey) byte[]
performHmac
(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) void
postCloneKeyProtection
(int keyHandle, int targetKeyHandle, byte[] authorization, byte[] mac) void
postDeleteKey
(int provisioningHandle, int targetKeyHandle, byte[] authorization, byte[] mac) void
postUnlockKey
(int provisioningHandle, int targetKeyHandle, byte[] authorization, byte[] mac) void
postUpdateKey
(int keyHandle, int targetKeyHandle, byte[] authorization, byte[] mac) void
setCertificatePath
(int keyHandle, X509Certificate[] certificatePath, byte[] mac) void
setPin
(int keyHandle, byte[] authorization, byte[] newPin) void
setProperty
(int keyHandle, String type, String name, String value) byte[]
signData
(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) byte[]
symmetricKeyEncrypt
(int keyHandle, String algorithm, boolean mode, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) void
unlockKey
(int keyHandle, byte[] authorization) updateFirmware
(byte[] chunk) void
updateKeyManagementKey
(int provisioningHandle, PublicKey keyManagementKey, byte[] authorization)
-
Field Details
-
MAX_LENGTH_PIN_PUK
static final int MAX_LENGTH_PIN_PUK- See Also:
-
MAX_LENGTH_QUALIFIER
static final int MAX_LENGTH_QUALIFIER- See Also:
-
MAX_LENGTH_SYMMETRIC_KEY
static final int MAX_LENGTH_SYMMETRIC_KEY- See Also:
-
MAX_LENGTH_ID_TYPE
static final int MAX_LENGTH_ID_TYPE- See Also:
-
MAX_LENGTH_SERVER_SEED
static final int MAX_LENGTH_SERVER_SEED- See Also:
-
MAX_LENGTH_URI
static final int MAX_LENGTH_URI- See Also:
-
MAX_RETRY_LIMIT
static final int MAX_RETRY_LIMIT- See Also:
-
METHOD_SET_CERTIFICATE_PATH
static final byte[] METHOD_SET_CERTIFICATE_PATH -
METHOD_IMPORT_SYMMETRIC_KEY
static final byte[] METHOD_IMPORT_SYMMETRIC_KEY -
METHOD_IMPORT_PRIVATE_KEY
static final byte[] METHOD_IMPORT_PRIVATE_KEY -
METHOD_CLOSE_PROVISIONING_SESSION
static final byte[] METHOD_CLOSE_PROVISIONING_SESSION -
METHOD_CREATE_KEY_ENTRY
static final byte[] METHOD_CREATE_KEY_ENTRY -
METHOD_CREATE_PIN_POLICY
static final byte[] METHOD_CREATE_PIN_POLICY -
METHOD_CREATE_PUK_POLICY
static final byte[] METHOD_CREATE_PUK_POLICY -
METHOD_ADD_EXTENSION
static final byte[] METHOD_ADD_EXTENSION -
METHOD_POST_DELETE_KEY
static final byte[] METHOD_POST_DELETE_KEY -
METHOD_POST_UNLOCK_KEY
static final byte[] METHOD_POST_UNLOCK_KEY -
METHOD_POST_UPDATE_KEY
static final byte[] METHOD_POST_UPDATE_KEY -
METHOD_POST_CLONE_KEY_PROTECTION
static final byte[] METHOD_POST_CLONE_KEY_PROTECTION -
KDF_DEVICE_ATTESTATION
static final byte[] KDF_DEVICE_ATTESTATION -
KDF_ENCRYPTION_KEY
static final byte[] KDF_ENCRYPTION_KEY -
KDF_ANONYMOUS
static final byte[] KDF_ANONYMOUS -
KMK_TARGET_KEY_REFERENCE
static final byte[] KMK_TARGET_KEY_REFERENCE -
KMK_ROLL_OVER_AUTHORIZATION
static final byte[] KMK_ROLL_OVER_AUTHORIZATION -
CRYPTO_STRING_NOT_AVAILABLE
- See Also:
-
VAR_APP_USAGE
- See Also:
-
VAR_ATTESTATION
- See Also:
-
VAR_AUTHORIZATION
- See Also:
-
VAR_BIOMETRIC_PROTECTION
- See Also:
-
VAR_CLIENT_EPHEMERAL_KEY
- See Also:
-
VAR_CLIENT_SESSION_ID
- See Also:
-
VAR_CLIENT_TIME
- See Also:
-
VAR_CRYPTO_DATA_SIZE
- See Also:
-
VAR_DATA
- See Also:
-
VAR_EXTENSION_DATA
- See Also:
-
VAR_DELETE_PROTECTION
- See Also:
-
VAR_DEVICE_PIN_PROTECTION
- See Also:
-
VAR_ENDORSED_ALGORITHMS
- See Also:
-
VAR_ENABLE_PIN_CACHING
- See Also:
-
VAR_ENCRYPTED_KEY
- See Also:
-
VAR_ENCRYPTED_PUK
- See Also:
-
VAR_EXPORT_PROTECTION
- See Also:
-
VAR_FORMAT
- See Also:
-
VAR_FRIENDLY_NAME
- See Also:
-
VAR_GROUPING
- See Also:
-
VAR_ID
- See Also:
-
VAR_INPUT_METHOD
- See Also:
-
VAR_ISSUER_URI
- See Also:
-
VAR_KEY_ALGORITHM
- See Also:
-
VAR_KEY_ENTRY_ALGORITHM
- See Also:
-
VAR_KEY_MANAGEMENT_KEY
- See Also:
-
VAR_KEY_PARAMETERS
- See Also:
-
VAR_MAC
- See Also:
-
VAR_MAX_LENGTH
- See Also:
-
VAR_MIN_LENGTH
- See Also:
-
VAR_NAME
- See Also:
-
VAR_NONCE
- See Also:
-
VAR_PARAMETERS
- See Also:
-
VAR_PATTERN_RESTRICTIONS
- See Also:
-
VAR_PIN_VALUE
- See Also:
-
VAR_PRIVACY_ENABLED
- See Also:
-
VAR_PROPERTY
- See Also:
-
VAR_PROPERTY_BAG
- See Also:
-
VAR_PUBLIC_KEY
- See Also:
-
VAR_QUALIFIER
- See Also:
-
VAR_RETRY_LIMIT
- See Also:
-
VAR_SERVER_EPHEMERAL_KEY
- See Also:
-
VAR_SERVER_SEED
- See Also:
-
VAR_SERVER_SESSION_ID
- See Also:
-
VAR_SERVER_TIME
- See Also:
-
VAR_SESSION_KEY_ALGORITHM
- See Also:
-
VAR_SESSION_KEY_LIMIT
- See Also:
-
VAR_SESSION_LIFE_TIME
- See Also:
-
VAR_SUB_TYPE
- See Also:
-
VAR_TYPE
- See Also:
-
VAR_USER_MODIFIABLE
- See Also:
-
VAR_VALUE
- See Also:
-
VAR_WRITABLE
- See Also:
-
APP_USAGE_SIGNATURE
static final byte APP_USAGE_SIGNATURE- See Also:
-
APP_USAGE_AUTHENTICATION
static final byte APP_USAGE_AUTHENTICATION- See Also:
-
APP_USAGE_ENCRYPTION
static final byte APP_USAGE_ENCRYPTION- See Also:
-
APP_USAGE_UNIVERSAL
static final byte APP_USAGE_UNIVERSAL- See Also:
-
PIN_GROUPING_NONE
static final byte PIN_GROUPING_NONE- See Also:
-
PIN_GROUPING_SHARED
static final byte PIN_GROUPING_SHARED- See Also:
-
PIN_GROUPING_SIGN_PLUS_STD
static final byte PIN_GROUPING_SIGN_PLUS_STD- See Also:
-
PIN_GROUPING_UNIQUE
static final byte PIN_GROUPING_UNIQUE- See Also:
-
PIN_PATTERN_TWO_IN_A_ROW
static final byte PIN_PATTERN_TWO_IN_A_ROW- See Also:
-
PIN_PATTERN_THREE_IN_A_ROW
static final byte PIN_PATTERN_THREE_IN_A_ROW- See Also:
-
PIN_PATTERN_SEQUENCE
static final byte PIN_PATTERN_SEQUENCE- See Also:
-
PIN_PATTERN_REPEATED
static final byte PIN_PATTERN_REPEATED- See Also:
-
PIN_PATTERN_MISSING_GROUP
static final byte PIN_PATTERN_MISSING_GROUP- See Also:
-
PASSPHRASE_FORMAT_NUMERIC
static final byte PASSPHRASE_FORMAT_NUMERIC- See Also:
-
PASSPHRASE_FORMAT_ALPHANUMERIC
static final byte PASSPHRASE_FORMAT_ALPHANUMERIC- See Also:
-
PASSPHRASE_FORMAT_STRING
static final byte PASSPHRASE_FORMAT_STRING- See Also:
-
PASSPHRASE_FORMAT_BINARY
static final byte PASSPHRASE_FORMAT_BINARY- See Also:
-
SUB_TYPE_EXTENSION
static final byte SUB_TYPE_EXTENSION- See Also:
-
SUB_TYPE_ENCRYPTED_EXTENSION
static final byte SUB_TYPE_ENCRYPTED_EXTENSION- See Also:
-
SUB_TYPE_PROPERTY_BAG
static final byte SUB_TYPE_PROPERTY_BAG- See Also:
-
SUB_TYPE_LOGOTYPE
static final byte SUB_TYPE_LOGOTYPE- See Also:
-
EXPORT_DELETE_PROTECTION_NONE
static final byte EXPORT_DELETE_PROTECTION_NONE- See Also:
-
EXPORT_DELETE_PROTECTION_PIN
static final byte EXPORT_DELETE_PROTECTION_PIN- See Also:
-
EXPORT_DELETE_PROTECTION_PUK
static final byte EXPORT_DELETE_PROTECTION_PUK- See Also:
-
EXPORT_DELETE_PROTECTION_NOT_ALLOWED
static final byte EXPORT_DELETE_PROTECTION_NOT_ALLOWED- See Also:
-
INPUT_METHOD_ANY
static final byte INPUT_METHOD_ANY- See Also:
-
INPUT_METHOD_PROGRAMMATIC
static final byte INPUT_METHOD_PROGRAMMATIC- See Also:
-
INPUT_METHOD_TRUSTED_GUI
static final byte INPUT_METHOD_TRUSTED_GUI- See Also:
-
BIOMETRIC_PROTECTION_NONE
static final byte BIOMETRIC_PROTECTION_NONE- See Also:
-
BIOMETRIC_PROTECTION_ALTERNATIVE
static final byte BIOMETRIC_PROTECTION_ALTERNATIVE- See Also:
-
BIOMETRIC_PROTECTION_COMBINED
static final byte BIOMETRIC_PROTECTION_COMBINED- See Also:
-
BIOMETRIC_PROTECTION_EXCLUSIVE
static final byte BIOMETRIC_PROTECTION_EXCLUSIVE- See Also:
-
ALGORITHM_KEY_ATTEST_1
- See Also:
-
ALGORITHM_SESSION_ATTEST_1
- See Also:
-
ALGORITHM_ECDH_RAW
- See Also:
-
ALGORITHM_NONE
- See Also:
-
ZERO_LENGTH_ARRAY
static final byte[] ZERO_LENGTH_ARRAY -
SKS_API_LEVEL
static final short SKS_API_LEVEL- See Also:
-
AES_CBC_PKCS5_PADDING
static final int AES_CBC_PKCS5_PADDING- See Also:
-
-
Method Details
-
createProvisioningSession
ProvisioningSession createProvisioningSession(String sessionKeyAlgorithm, boolean privacyEnabled, String serverSessionId, ECPublicKey serverEphemeralKey, String issuerUri, PublicKey keyManagementKey, int clientTime, short sessionLifeTime, short sessionKeyLimit, byte[] serverCertificate) -
closeProvisioningSession
byte[] closeProvisioningSession(int provisioningHandle, byte[] nonce, byte[] mac) -
enumerateProvisioningSessions
EnumeratedProvisioningSession enumerateProvisioningSessions(int provisioningHandle, boolean provisioningState) -
createKeyEntry
KeyData createKeyEntry(int provisioningHandle, String id, String keyEntryAlgorithm, byte[] serverSeed, boolean devicePinProtection, int pinPolicyHandle, byte[] pinValue, boolean enablePinCaching, byte biometricProtection, byte exportProtection, byte deleteProtection, byte appUsage, String friendlyName, String keyAlgorithm, byte[] keyParameters, String[] endorsedAlgorithms, byte[] mac) -
getKeyHandle
-
abortProvisioningSession
void abortProvisioningSession(int provisioningHandle) -
setCertificatePath
-
addExtension
-
importSymmetricKey
void importSymmetricKey(int keyHandle, byte[] encryptedKey, byte[] mac) -
importPrivateKey
void importPrivateKey(int keyHandle, byte[] encryptedKey, byte[] mac) -
createPinPolicy
int createPinPolicy(int provisioningHandle, String id, int pukPolicyHandle, boolean userDefined, boolean userModifiable, byte format, short retryLimit, byte grouping, byte patternRestrictions, short minLength, short maxLength, byte inputMethod, byte[] mac) -
createPukPolicy
int createPukPolicy(int provisioningHandle, String id, byte[] pukValue, byte format, short retryLimit, byte[] mac) -
updateKeyManagementKey
void updateKeyManagementKey(int provisioningHandle, PublicKey keyManagementKey, byte[] authorization) -
postDeleteKey
void postDeleteKey(int provisioningHandle, int targetKeyHandle, byte[] authorization, byte[] mac) -
postUnlockKey
void postUnlockKey(int provisioningHandle, int targetKeyHandle, byte[] authorization, byte[] mac) -
postUpdateKey
void postUpdateKey(int keyHandle, int targetKeyHandle, byte[] authorization, byte[] mac) -
postCloneKeyProtection
void postCloneKeyProtection(int keyHandle, int targetKeyHandle, byte[] authorization, byte[] mac) -
signData
byte[] signData(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) -
performHmac
byte[] performHmac(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) -
symmetricKeyEncrypt
byte[] symmetricKeyEncrypt(int keyHandle, String algorithm, boolean mode, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) -
asymmetricKeyDecrypt
byte[] asymmetricKeyDecrypt(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, byte[] data) -
keyAgreement
byte[] keyAgreement(int keyHandle, String algorithm, byte[] parameters, boolean biometricAuth, byte[] authorization, ECPublicKey publicKey) -
getKeyAttributes
-
enumerateKeys
-
deleteKey
void deleteKey(int keyHandle, byte[] authorization) -
getDeviceInfo
DeviceInfo getDeviceInfo() -
getExtension
-
getKeyProtectionInfo
-
setProperty
-
unlockKey
void unlockKey(int keyHandle, byte[] authorization) -
changePin
void changePin(int keyHandle, byte[] authorization, byte[] newPin) -
setPin
void setPin(int keyHandle, byte[] authorization, byte[] newPin) -
exportKey
byte[] exportKey(int keyHandle, byte[] authorization) -
updateFirmware
-