Class CryptoToolsUtil

java.lang.Object

com.netscape.cmstools.CryptoToolsUtil

public class CryptoToolsUtil
extends Object

CryptoToolsUtil - Shared cryptographic utility methods for PKI tools This class provides common cryptographic operations needed by various tools in the com.netscape.cmstools package, allowing them to remain self-contained without requiring changes to pki-common. These methods are primarily adapted from CryptoUtil to support standalone tool builds with minimal dependencies.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	CryptoToolsUtil.PKIArchiveOptionsData	Container for PKIArchiveOptions and the wrapped key data.

Constructor Summary

Constructors

Constructor	Description
CryptoToolsUtil()

Method Summary

Modifier and Type	Method	Description
static org.mozilla.jss.pkix.crmf.PKIArchiveOptions	createPKIArchiveOptions(byte[] session_data, byte[] key_data, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)	Create PKIArchiveOptions from pre-wrapped key data.
static CryptoToolsUtil.PKIArchiveOptionsData	createPKIArchiveOptionsWithData(org.mozilla.jss.crypto.CryptoToken token, PublicKey wrappingKey, org.mozilla.jss.crypto.PrivateKey privKey, org.mozilla.jss.netscape.security.util.WrappingParams params, org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)	Create PKIArchiveOptions with separate access to wrapped key data.
static byte[]	wrapUsingPublicKey(org.mozilla.jss.crypto.CryptoToken token, PublicKey wrappingKey, org.mozilla.jss.crypto.SymmetricKey data, org.mozilla.jss.crypto.KeyWrapAlgorithm alg)	Wrap a symmetric key using a public key (RSA).
static byte[]	wrapUsingSymmetricKey(org.mozilla.jss.crypto.CryptoToken token, org.mozilla.jss.crypto.SymmetricKey wrappingKey, org.mozilla.jss.crypto.PrivateKey data, org.mozilla.jss.crypto.IVParameterSpec ivspec, org.mozilla.jss.crypto.KeyWrapAlgorithm alg)	Wrap a private key using a symmetric key.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CryptoToolsUtil

public CryptoToolsUtil()

Method Details

createPKIArchiveOptionsWithData

public static CryptoToolsUtil.PKIArchiveOptionsData createPKIArchiveOptionsWithData(org.mozilla.jss.crypto.CryptoToken token,
 PublicKey wrappingKey,
 org.mozilla.jss.crypto.PrivateKey privKey,
 org.mozilla.jss.netscape.security.util.WrappingParams params,
 org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)
                                                                             throws Exception

Create PKIArchiveOptions with separate access to wrapped key data. This method performs the complete key archival wrapping process: 1. Generates a session key (symmetric key for wrapping the private key) 2. Wraps the private key using the session key 3. Wraps the session key using the transport public key (RSA) 4. Packages everything into PKIArchiveOptions ASN.1 structure

Parameters:

token - CryptoToken to use for cryptographic operations

wrappingKey - Public key (KRA transport cert) to wrap the session key

privKey - Private key to be archived

params - Wrapping parameters (algorithms, key sizes, IVs)

aid - Algorithm identifier for the payload wrapping algorithm

Returns:

PKIArchiveOptionsData containing the ASN.1 structure and raw wrapped keys

Throws:

Exception - if any cryptographic operation fails

wrapUsingSymmetricKey

public static byte[] wrapUsingSymmetricKey(org.mozilla.jss.crypto.CryptoToken token,
 org.mozilla.jss.crypto.SymmetricKey wrappingKey,
 org.mozilla.jss.crypto.PrivateKey data,
 org.mozilla.jss.crypto.IVParameterSpec ivspec,
 org.mozilla.jss.crypto.KeyWrapAlgorithm alg)
                                    throws Exception

Wrap a private key using a symmetric key.

Parameters:

token - CryptoToken to use for the operation

wrappingKey - Symmetric key to use for wrapping

data - Private key to wrap

ivspec - Initialization vector (for CBC mode algorithms)

alg - Key wrap algorithm (e.g., AES_CBC_PAD, AES_KEY_WRAP_PAD_KWP)

Returns:

Wrapped private key as byte array

Throws:

Exception - if wrapping fails

wrapUsingPublicKey

public static byte[] wrapUsingPublicKey(org.mozilla.jss.crypto.CryptoToken token,
 PublicKey wrappingKey,
 org.mozilla.jss.crypto.SymmetricKey data,
 org.mozilla.jss.crypto.KeyWrapAlgorithm alg)
                                 throws Exception

Wrap a symmetric key using a public key (RSA).

Parameters:

token - CryptoToken to use for the operation

wrappingKey - RSA public key to use for wrapping

data - Symmetric key to wrap

alg - Key wrap algorithm (RSA or RSA_OAEP)

Returns:

Wrapped symmetric key as byte array

Throws:

Exception - if wrapping fails

createPKIArchiveOptions

public static org.mozilla.jss.pkix.crmf.PKIArchiveOptions createPKIArchiveOptions(byte[] session_data,
 byte[] key_data,
 org.mozilla.jss.pkix.primitive.AlgorithmIdentifier aid)

Create PKIArchiveOptions from pre-wrapped key data. This is a lower-level method that creates the ASN.1 structure from already-wrapped keys. Use createPKIArchiveOptionsWithData() for the complete wrapping workflow.

Parameters:

session_data - Wrapped session key (encrypted with transport public key)

key_data - Wrapped private key (encrypted with session key)

aid - Algorithm identifier for the payload wrapping algorithm

Returns:

PKIArchiveOptions ASN.1 structure