Overview  Package   Class  Tree  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

iaik.tc.cert
Class SKAEExtension

Object
  extended by SKAEExtension

public class SKAEExtension
extends Object

SKAE certificate extension helper class.

The SKAE extension specification defines a standard mechanism to represent a Certified Credential in X509 v.3 certificates. This mechanism allows a verifier to ensure that the use of the private key, represented by the corresponding public key certificate, was performed with a TCG compliant TPM environment.

For details on SKAE please refer to the public TCG specification https://www.trustedcomputinggroup.org/specs/IWG/IWG_SKAE_Extension_1-00.pdf

This class acts as a wrapper for the bare ASN1 structure (SubjectKeyAttestationEvidence) and offers methods for handling SKAE extensions and their content in both plain and encrypted format.

Constructor Summary
SKAEExtension(int specMajor, int specMinor, byte[] certifyInfo, byte[] certifyInfoSignature, AccessDescription[] accessDescription, X509Certificate aikCert)
          Creates a SKAEExtension object and initialises with passed parameters.
SKAEExtension(SubjectKeyAttestationEvidence skae)
          Creates a SKAEExtension object and initialises with passed SubjectKeyAttestationEvidence ASN1 structure.
SKAEExtension(V3Extension skae)
          Creates a SKAEExtension object and initialises with passed SubjectKeyAttestationEvidence ASN1 structure.
 
Method Summary
 void decrypt(RecipientInfo recipient, Key secretKey)
          Decrypt SKAE extension evidence.
 void encrypt(RecipientInfo[] recipients, AlgorithmID algorithmID)
          Encrypts SKAE extension evidence.
 int getEvidenceType()
          Get current state of SKAE extension evidence.
 RecipientInfo[] getRecipients()
          Get list of intended recipients contained in encrypted SKAE extension evidence.
 SubjectKeyAttestationEvidence getSubjectKeyAttestationEvidence()
          Returns internal V3Extension object SubjectKeyAttestationEvidence.
 
Methods inherited from class Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SKAEExtension

public SKAEExtension(V3Extension skae)
Creates a SKAEExtension object and initialises with passed SubjectKeyAttestationEvidence ASN1 structure.

Parameters:
skae - V3Extension of type SubjectKeyAttestationEvidence
Throws:
IllegalArgumentException - if V3Extension is not of type SubjectKeyAttestationEvidence
IllegalStateException - if passed SubjectKeyAttestationEvidence structure is incomplete

SKAEExtension

public SKAEExtension(SubjectKeyAttestationEvidence skae)
Creates a SKAEExtension object and initialises with passed SubjectKeyAttestationEvidence ASN1 structure.

Parameters:
skae - V3Extension of class SubjectKeyAttestationEvidence
Throws:
IllegalStateException - if passed SubjectKeyAttestationEvidence structure is incomplete

SKAEExtension

public SKAEExtension(int specMajor,
                     int specMinor,
                     byte[] certifyInfo,
                     byte[] certifyInfoSignature,
                     AccessDescription[] accessDescription,
                     X509Certificate aikCert)
Creates a SKAEExtension object and initialises with passed parameters.

Parameters:
specMajor - TCG main specification version number, major part
specMinor - TCG main specification version number, minor part
certifyInfo - TPM_CERTIFY_INFO blob, as returned by Tspi_Key_CertifyKey(key,AIKkey,nonce)
certifyInfoSignature - signature over TPM_CERTIFY_INFO, as returned by Tspi_Key_CertifyKey(key,AIKkey,nonce)
accessDescription - description on how to access CA information
aikCert - AIK the certification was done with. This parameter may be null (=optional).
Method Detail

encrypt

public void encrypt(RecipientInfo[] recipients,
                    AlgorithmID algorithmID)
Encrypts SKAE extension evidence.

Parameters:
recipients - intended recipients which should be able to decode the encrypted SKAE evidence
algorithmID - algorithm used for symetric encryption of SKAE evidence
Throws:
IllegalStateException - if SKAE evidence is already in encrypted state
IllegalArgumentException - if encryption fails because of wrong and/or unsupported algorithms or keys

decrypt

public void decrypt(RecipientInfo recipient,
                    Key secretKey)
Decrypt SKAE extension evidence.

Parameters:
recipient - intended recipient, one of the included list of possible recipients
secretKey - private key of recipient
Throws:
IllegalStateException - if SKAE evidence is already in decrypted state
IllegalArgumentException - if decryption fails because of wrong and/or unsupported algorithms or keys

getSubjectKeyAttestationEvidence

public SubjectKeyAttestationEvidence getSubjectKeyAttestationEvidence()
Returns internal V3Extension object SubjectKeyAttestationEvidence.

Call this method as last one to get the V3Extension object, which then can be added to a certificate.

Returns:
SubjectKeyAttestationEvidence

getEvidenceType

public int getEvidenceType()
Get current state of SKAE extension evidence.

Returns:
KeyAttestationEvidence.attestationEvidence or KeyAttestationEvidence.envelopedAttestationEvidence

getRecipients

public RecipientInfo[] getRecipients()
Get list of intended recipients contained in encrypted SKAE extension evidence.

Returns:
list of recipients
Throws:
IllegalStateException - if called on unencrypted SKAE extension evidence.
Overview  Package   Class  Tree  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD