Secret
|
||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||
Object
public class Secret
Conversion functions of limited-use shared secret data into cryptographic keys.
[329a] The symmetric key data MAY be binary data (as from an authentication device) or as a human-readable value (numeric, alphabetic, or both). When it is binary data, no transformation is needed; the data can be used directly as input to the MAC function.
[329b] When the symmetric key data is human-readable, it may be issued to a human user in the form of a text string which may in some circumstances be read over a telephone line. It may be randomly generated and represent an underlying numeric value, or may be a password or phrase. In either case, it is often convenient to present the value to the human user as a string of characters in a character set the particular user understands.
[330] Applications MUST ensure that the limited use shared secret data contains sufficient entropy to prevent dictionary attacks.
[331] Keying material is derived from the shared string using a MAC function.
[332] The default MAC algorithm used is HMAC-SHA1. Other MAC algorithms MAY be used provided that the client is advised that the service accepts such algorithms by means of an out of band mechanism such as a Web Service description or policy mechanism.
[333] Different MAC keying values are used according to the use of the symmetric key:
Value Application ----------------------------------------------------- 0x1 Authentication 0x2 Encoding of RevocationCodeIdentifier - Pass 1 0x3 Encoding of RevocationCodeIdentifier - Pass 2 0x4 Encryption of PrivateKey data
| Method Summary | |
|---|---|
static Key |
Authentication(byte[] binarydata)
Derives key for Authentication usage from binary data. |
static Key |
Authentication(String phrase)
Derives key for Authentication usage from String. |
static boolean |
compareRevocationCode(byte[] revocationCode,
byte[] revocationCodeIdentifier)
Compares a RevocationCode to a RevocationCodeIdentifier. |
static String |
getSASLprepSupport()
Gets plain text description of SASLprep library support. |
static Key |
PrivateKey(byte[] binarydata,
SecretAlgorithm algorithm)
Derives key for PrivateKey symmetric encryption from binary data. |
static Key |
PrivateKey(String phrase,
SecretAlgorithm algorithm)
Derives key for PrivateKey symmetric encryption from String. |
static String |
randomId(int length)
Creates a random Id consisting of length characters. |
static Key |
RevocationCode(byte[] binarydata)
Derives key for RevocationCode usage from binary data. |
static Key |
RevocationCode(String phrase)
Derives key for RevocationCode usage from String. |
static Key |
RevocationCodeIdentifier(byte[] binarydata)
Derives key for RevocationCodeIdentifier usage from binary data. |
static Key |
RevocationCodeIdentifier(String phrase)
Derives key for RevocationCodeIdentifier usage from String. |
| Methods inherited from class Object |
|---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Method Detail |
|---|
public static String getSASLprepSupport()
Returns either:
- "SASLprep (lidIDN, with SASLprep support)"
- "no SASLprep (libIDN, without SASLprep support"
- "no SASLprep (no libIDN)"
public static Key Authentication(String phrase)
String.
SASLprep preprocessing is applied.
phrase - String to derive keying material from
public static Key Authentication(byte[] binarydata)
binarydata - binary input data
public static Key RevocationCodeIdentifier(String phrase)
String.
SASLprep preprocessing is applied.
phrase - String to derive keying material from
public static Key RevocationCodeIdentifier(byte[] binarydata)
binarydata - binary input data
public static Key RevocationCode(String phrase)
String.
SASLprep preprocessing is applied.
phrase - String to derive keying material from
public static Key RevocationCode(byte[] binarydata)
binarydata - binary input data
public static boolean compareRevocationCode(byte[] revocationCode,
byte[] revocationCodeIdentifier)
Does the RevocationCodeIdentifier 2nd pass on supplied RevocationCode and compares result with supplied RevocationCodeIdentifier.
revocationCode - RevocationCode to apply MAC onrevocationCodeIdentifier - RevocationCodeIdentifier to compare with
true if the results are equal otherwise false
public static Key PrivateKey(String phrase,
SecretAlgorithm algorithm)
throws XKMSException
String.
SASLprep preprocessing is applied.
phrase - String to derive keying material from
XKMSException
public static Key PrivateKey(byte[] binarydata,
SecretAlgorithm algorithm)
throws XKMSException
binarydata - binary input data
XKMSExceptionpublic static String randomId(int length)
length characters.
The characters are choosen from the pool
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ".
length -
String of random characters
|
||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||