Package com.netscape.cmstools

Class CryptoToolsUtil

java.lang.Object
com.netscape.cmstools.CryptoToolsUtil
public class CryptoToolsUtil extends Object
CryptoToolsUtil - Shared cryptographic utility methods for PKI tools This class provides common cryptographic operations needed by various tools in the com.netscape.cmstools package, allowing them to remain self-contained without requiring changes to pki-common. These methods are primarily adapted from CryptoUtil to support standalone tool builds with minimal dependencies.

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static class 
    CryptoToolsUtil.PKIArchiveOptionsData
    Container for PKIArchiveOptions and the wrapped key data.

  • Constructor Summary

    Constructors
    Constructor
    Description
    CryptoToolsUtil()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static org.mozilla.jss.pkix.crmf.PKIArchiveOptions
    createPKIArchiveOptions(byte[] session_data, byte[] key_data, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
    Create PKIArchiveOptions from pre-wrapped key data.
    static CryptoToolsUtil.PKIArchiveOptionsData
    createPKIArchiveOptionsWithData(org.mozilla.jss.crypto.CryptoToken token, PublicKey wrappingKey, org.mozilla.jss.crypto.PrivateKey privKey, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
    Create PKIArchiveOptions with separate access to wrapped key data.
    static byte[]
    wrapUsingPublicKey(org.mozilla.jss.crypto.CryptoToken token, PublicKey wrappingKey, org.mozilla.jss.crypto.SymmetricKey data, org.mozilla.jss.crypto.KeyWrapAlgorithm alg)
    Wrap a symmetric key using a public key (RSA).
    static byte[]
    wrapUsingSymmetricKey(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey wrappingKey, org.mozilla.jss.crypto.PrivateKey data, org.mozilla.jss.crypto.IVParameterSpec ivspec, org.mozilla.jss.crypto.KeyWrapAlgorithm alg)
    Wrap a private key using a symmetric key.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • CryptoToolsUtil

      public CryptoToolsUtil()

  • Method Details

    • createPKIArchiveOptionsWithData

      public static CryptoToolsUtil.PKIArchiveOptionsData createPKIArchiveOptionsWithData(org.mozilla.jss.crypto.CryptoToken token, PublicKey wrappingKey, org.mozilla.jss.crypto.PrivateKey privKey, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid) throws Exception
      Create PKIArchiveOptions with separate access to wrapped key data. This method performs the complete key archival wrapping process: 1. Generates a session key (symmetric key for wrapping the private key) 2. Wraps the private key using the session key 3. Wraps the session key using the transport public key (RSA) 4. Packages everything into PKIArchiveOptions ASN.1 structure
      Parameters:
      token - CryptoToken to use for cryptographic operations
      wrappingKey - Public key (KRA transport cert) to wrap the session key
      privKey - Private key to be archived
      params - Wrapping parameters (algorithms, key sizes, IVs)
      aid - Algorithm identifier for the payload wrapping algorithm
      Returns:
      PKIArchiveOptionsData containing the ASN.1 structure and raw wrapped keys
      Throws:
      Exception - if any cryptographic operation fails

    • wrapUsingSymmetricKey

      public static byte[] wrapUsingSymmetricKey(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey wrappingKey, org.mozilla.jss.crypto.PrivateKey data, org.mozilla.jss.crypto.IVParameterSpec ivspec, org.mozilla.jss.crypto.KeyWrapAlgorithm alg) throws Exception
      Wrap a private key using a symmetric key.
      Parameters:
      token - CryptoToken to use for the operation
      wrappingKey - Symmetric key to use for wrapping
      data - Private key to wrap
      ivspec - Initialization vector (for CBC mode algorithms)
      alg - Key wrap algorithm (e.g., AES_CBC_PAD, AES_KEY_WRAP_PAD_KWP)
      Returns:
      Wrapped private key as byte array
      Throws:
      Exception - if wrapping fails

    • wrapUsingPublicKey

      public static byte[] wrapUsingPublicKey(org.mozilla.jss.crypto.CryptoToken token, PublicKey wrappingKey, org.mozilla.jss.crypto.SymmetricKey data, org.mozilla.jss.crypto.KeyWrapAlgorithm alg) throws Exception
      Wrap a symmetric key using a public key (RSA).
      Parameters:
      token - CryptoToken to use for the operation
      wrappingKey - RSA public key to use for wrapping
      data - Symmetric key to wrap
      alg - Key wrap algorithm (RSA or RSA_OAEP)
      Returns:
      Wrapped symmetric key as byte array
      Throws:
      Exception - if wrapping fails

    • createPKIArchiveOptions

      public static org.mozilla.jss.pkix.crmf.PKIArchiveOptions createPKIArchiveOptions(byte[] session_data, byte[] key_data, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
      Create PKIArchiveOptions from pre-wrapped key data. This is a lower-level method that creates the ASN.1 structure from already-wrapped keys. Use createPKIArchiveOptionsWithData() for the complete wrapping workflow.
      Parameters:
      session_data - Wrapped session key (encrypted with transport public key)
      key_data - Wrapped private key (encrypted with session key)
      aid - Algorithm identifier for the payload wrapping algorithm
      Returns:
      PKIArchiveOptions ASN.1 structure