|
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Object Secret
public class Secret
Conversion functions of limited-use shared secret data into cryptographic keys.
[329a] The symmetric key data MAY be binary data (as from an authentication device) or as a human-readable value (numeric, alphabetic, or both). When it is binary data, no transformation is needed; the data can be used directly as input to the MAC function.
[329b] When the symmetric key data is human-readable, it may be issued to a human user in the form of a text string which may in some circumstances be read over a telephone line. It may be randomly generated and represent an underlying numeric value, or may be a password or phrase. In either case, it is often convenient to present the value to the human user as a string of characters in a character set the particular user understands.
[330] Applications MUST ensure that the limited use shared secret data contains sufficient entropy to prevent dictionary attacks.
[331] Keying material is derived from the shared string using a MAC function.
[332] The default MAC algorithm used is HMAC-SHA1. Other MAC algorithms MAY be used provided that the client is advised that the service accepts such algorithms by means of an out of band mechanism such as a Web Service description or policy mechanism.
[333] Different MAC keying values are used according to the use of the symmetric key:
Value Application ----------------------------------------------------- 0x1 Authentication 0x2 Encoding of RevocationCodeIdentifier - Pass 1 0x3 Encoding of RevocationCodeIdentifier - Pass 2 0x4 Encryption of PrivateKey data
Method Summary | |
---|---|
static Key |
Authentication(byte[] binarydata)
Derives key for Authentication usage from binary data. |
static Key |
Authentication(String phrase)
Derives key for Authentication usage from String . |
static boolean |
compareRevocationCode(byte[] revocationCode,
byte[] revocationCodeIdentifier)
Compares a RevocationCode to a RevocationCodeIdentifier. |
static String |
getSASLprepSupport()
Gets plain text description of SASLprep library support. |
static Key |
PrivateKey(byte[] binarydata,
SecretAlgorithm algorithm)
Derives key for PrivateKey symmetric encryption from binary data. |
static Key |
PrivateKey(String phrase,
SecretAlgorithm algorithm)
Derives key for PrivateKey symmetric encryption from String . |
static String |
randomId(int length)
Creates a random Id consisting of length characters. |
static Key |
RevocationCode(byte[] binarydata)
Derives key for RevocationCode usage from binary data. |
static Key |
RevocationCode(String phrase)
Derives key for RevocationCode usage from String . |
static Key |
RevocationCodeIdentifier(byte[] binarydata)
Derives key for RevocationCodeIdentifier usage from binary data. |
static Key |
RevocationCodeIdentifier(String phrase)
Derives key for RevocationCodeIdentifier usage from String . |
Methods inherited from class Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
---|
public static String getSASLprepSupport()
Returns either:
- "SASLprep (lidIDN, with SASLprep support)"
- "no SASLprep (libIDN, without SASLprep support"
- "no SASLprep (no libIDN)"
public static Key Authentication(String phrase)
String
.
SASLprep preprocessing is applied.
phrase
- String
to derive keying material from
public static Key Authentication(byte[] binarydata)
binarydata
- binary input data
public static Key RevocationCodeIdentifier(String phrase)
String
.
SASLprep preprocessing is applied.
phrase
- String
to derive keying material from
public static Key RevocationCodeIdentifier(byte[] binarydata)
binarydata
- binary input data
public static Key RevocationCode(String phrase)
String
.
SASLprep preprocessing is applied.
phrase
- String
to derive keying material from
public static Key RevocationCode(byte[] binarydata)
binarydata
- binary input data
public static boolean compareRevocationCode(byte[] revocationCode, byte[] revocationCodeIdentifier)
Does the RevocationCodeIdentifier 2nd pass on supplied RevocationCode and compares result with supplied RevocationCodeIdentifier.
revocationCode
- RevocationCode to apply MAC onrevocationCodeIdentifier
- RevocationCodeIdentifier to compare with
true
if the results are equal otherwise false
public static Key PrivateKey(String phrase, SecretAlgorithm algorithm) throws XKMSException
String
.
SASLprep preprocessing is applied.
phrase
- String
to derive keying material from
XKMSException
public static Key PrivateKey(byte[] binarydata, SecretAlgorithm algorithm) throws XKMSException
binarydata
- binary input data
XKMSException
public static String randomId(int length)
length
characters.
The characters are choosen from the pool
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ".
length
-
String
of random characters
|
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |