java.lang.Object
org.apache.xml.security.utils.KeyUtils

public class KeyUtils extends Object
A set of utility methods to handle keys.
  • Constructor Details

    • KeyUtils

      public KeyUtils()
  • Method Details

    • generateEphemeralDHKeyPair

      public static KeyPair generateEphemeralDHKeyPair(PublicKey recipientPublicKey, Provider provider) throws XMLEncryptionException
      Method generates DH keypair which match the type of given public key type.
      Parameters:
      recipientPublicKey - public key of recipient
      provider - provider to use for key generation
      Returns:
      generated keypair
      Throws:
      XMLEncryptionException - if the keys cannot be generated
    • createKeyPairGenerator

      public static KeyPairGenerator createKeyPairGenerator(String algorithm, Provider provider) throws NoSuchAlgorithmException
      Create a KeyPairGenerator for the given algorithm and provider.
      Parameters:
      algorithm - the key JCE algorithm name
      provider - the provider to use or null if default JCE provider should be used
      Returns:
      the KeyPairGenerator
      Throws:
      NoSuchAlgorithmException - if the algorithm is not supported
    • aesWrapKeyWithDHGeneratedKey

      public static SecretKey aesWrapKeyWithDHGeneratedKey(KeyAgreementParameters parameterSpec) throws XMLEncryptionException
      Method generates a secret key for given KeyAgreementParameterSpec.
      Parameters:
      parameterSpec - KeyAgreementParameterSpec which defines algorithm to derive key
      Returns:
      generated secret key
      Throws:
      XMLEncryptionException - if the secret key cannot be generated as: Key agreement is not supported, wrong key types, etc.
    • getAESKeyBitSizeForWrapAlgorithm

      public static int getAESKeyBitSizeForWrapAlgorithm(String keyWrapAlg) throws XMLEncryptionException
      Defines the key size for the encrypting algorithm.
      Parameters:
      keyWrapAlg - the key wrap algorithm URI
      Returns:
      the key size in bits
      Throws:
      XMLEncryptionException - if the key wrap algorithm is not supported
    • deriveKeyEncryptionKey

      public static byte[] deriveKeyEncryptionKey(byte[] sharedSecret, KeyDerivationParameters keyDerivationParameter) throws XMLSecurityException
      Derive a key encryption key from a shared secret and keyDerivationParameter. Currently only the ConcatKDF and HMAC-base Extract-and-Expand Key Derivation Function (HKDF) are supported.
      Parameters:
      sharedSecret - the shared secret
      keyDerivationParameter - the key derivation parameters
      Returns:
      the derived key encryption key
      Throws:
      IllegalArgumentException - if the keyDerivationParameter is null
      XMLSecurityException - if the key derivation algorithm is not supported
    • deriveKeyWithHKDF

      public static byte[] deriveKeyWithHKDF(byte[] sharedSecret, HKDFParams hkdfParameter) throws XMLSecurityException
      Derive a key using the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) with implementation instance HKDFParams.
      Parameters:
      sharedSecret - the shared secret
      hkdfParameter - the HKDF parameters
      Returns:
      the derived key encryption key.
      Throws:
      XMLSecurityException - if the key derivation parameters are invalid or the hmac algorithm is not supported.
    • deriveKeyWithConcatKDF

      public static byte[] deriveKeyWithConcatKDF(byte[] sharedSecret, ConcatKDFParams ckdfParameter) throws XMLSecurityException
      Derive a key using the Concatenation Key Derivation Function (ConcatKDF) with implementation instance ConcatKDFParams.
      Parameters:
      sharedSecret - the shared secret/ input keying material
      ckdfParameter - the ConcatKDF parameters
      Returns:
      the derived key
      Throws:
      XMLSecurityException - if the key derivation parameters are invalid or the hash algorithm is not supported.