javax.crypto: public class: KeyAgreement

javax.crypto
public class: KeyAgreement [javadoc | source]

java.lang.Object
   javax.crypto.KeyAgreement

This class provides the functionality of a key agreement (or key exchange) protocol.

The keys involved in establishing a shared secret are created by one of the key generators (KeyPairGenerator or KeyGenerator), a KeyFactory, or as a result from an intermediate phase of the key agreement protocol.

For each of the correspondents in the key exchange, doPhase needs to be called. For example, if this key exchange is with one other party, doPhase needs to be called once, with the lastPhase flag set to true. If this key exchange is with two other parties, doPhase needs to be called twice, the first time setting the lastPhase flag to false, and the second time setting it to true. There may be any number of parties involved in a key exchange.

Every implementation of the Java platform is required to support the following standard KeyAgreement algorithm:

DiffieHellman

This algorithm is described in the KeyAgreement section of the Java Cryptography Architecture Standard Algorithm Name Documentation. Consult the release documentation for your implementation to see if any other algorithms are supported.

Also see:

KeyGenerator

SecretKey

author: Jan - Luehe

since: 1.4 -

Constructor:

Constructor:
protected KeyAgreement(KeyAgreementSpi keyAgreeSpi, Provider provider, String algorithm) { this.spi = keyAgreeSpi; this.provider = provider; this.algorithm = algorithm; lock = null; } Creates a KeyAgreement object. Parameters: `keyAgreeSpi` - the delegate `provider` - the provider `algorithm` - the algorithm

 protected KeyAgreement(KeyAgreementSpi keyAgreeSpi,
    Provider provider,
    String algorithm) {
        this.spi = keyAgreeSpi;
        this.provider = provider;
        this.algorithm = algorithm;
        lock = null;
}

Creates a KeyAgreement object.

Parameters:

keyAgreeSpi - the delegate

provider - the provider

algorithm - the algorithm

Method from javax.crypto.KeyAgreement Summary:
chooseFirstProvider, doPhase, generateSecret, generateSecret, generateSecret, getAlgorithm, getInstance, getInstance, getInstance, getProvider, init, init, init, init

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from javax.crypto.KeyAgreement Detail:
void chooseFirstProvider() { if (spi != null) { return; } synchronized (lock) { if (spi != null) { return; } if (debug != null) { int w = --warnCount; if (w >= 0) { debug.println("KeyAgreement.init() not first method " + "called, disabling delayed provider selection"); if (w == 0) { debug.println("Further warnings of this type will " + "be suppressed"); } new Exception("Call trace").printStackTrace(); } } Exception lastException = null; while ((firstService != null) \|\| serviceIterator.hasNext()) { Service s; if (firstService != null) { s = firstService; firstService = null; } else { s = (Service)serviceIterator.next(); } if (JceSecurity.canUseProvider(s.getProvider()) == false) { continue; } try { Object obj = s.newInstance(null); if (obj instanceof KeyAgreementSpi == false) { continue; } spi = (KeyAgreementSpi)obj; provider = s.getProvider(); // not needed any more firstService = null; serviceIterator = null; return; } catch (Exception e) { lastException = e; } } ProviderException e = new ProviderException ("Could not construct KeyAgreementSpi instance"); if (lastException != null) { e.initCause(lastException); } throw e; } } Choose the Spi from the first provider available. Used if delayed provider selection is not possible because init() is not the first method called.
public final Key doPhase(Key key, boolean lastPhase) throws InvalidKeyException, IllegalStateException { chooseFirstProvider(); return spi.engineDoPhase(key, lastPhase); } Executes the next phase of this key agreement with the given key that was received from one of the other parties involved in this key agreement.
public final byte[] generateSecret() throws IllegalStateException { chooseFirstProvider(); return spi.engineGenerateSecret(); } Generates the shared secret and returns it in a new buffer. This method resets this `KeyAgreement` object, so that it can be reused for further key agreements. Unless this key agreement is reinitialized with one of the `init` methods, the same private information and algorithm parameters will be used for subsequent key agreements.
public final SecretKey generateSecret(String algorithm) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException { chooseFirstProvider(); return spi.engineGenerateSecret(algorithm); } Creates the shared secret and returns it as a `SecretKey` object of the specified algorithm. This method resets this `KeyAgreement` object, so that it can be reused for further key agreements. Unless this key agreement is reinitialized with one of the `init` methods, the same private information and algorithm parameters will be used for subsequent key agreements.
public final int generateSecret(byte[] sharedSecret, int offset) throws IllegalStateException, ShortBufferException { chooseFirstProvider(); return spi.engineGenerateSecret(sharedSecret, offset); } Generates the shared secret, and places it into the buffer `sharedSecret`, beginning at `offset` inclusive. If the `sharedSecret` buffer is too small to hold the result, a `ShortBufferException` is thrown. In this case, this call should be repeated with a larger output buffer. This method resets this `KeyAgreement` object, so that it can be reused for further key agreements. Unless this key agreement is reinitialized with one of the `init` methods, the same private information and algorithm parameters will be used for subsequent key agreements.
public final String getAlgorithm() { return this.algorithm; } Returns the algorithm name of this `KeyAgreement` object. This is the same name that was specified in one of the `getInstance` calls that created this `KeyAgreement` object.
public static final KeyAgreement getInstance(String algorithm) throws NoSuchAlgorithmException { List services = GetInstance.getServices("KeyAgreement", algorithm); // make sure there is at least one service from a signed provider Iterator t = services.iterator(); while (t.hasNext()) { Service s = (Service)t.next(); if (JceSecurity.canUseProvider(s.getProvider()) == false) { continue; } return new KeyAgreement(s, t, algorithm); } throw new NoSuchAlgorithmException ("Algorithm " + algorithm + " not available"); } Returns a `KeyAgreement` object that implements the specified key agreement algorithm. This method traverses the list of registered security Providers, starting with the most preferred Provider. A new KeyAgreement object encapsulating the KeyAgreementSpi implementation from the first Provider that supports the specified algorithm is returned. Note that the list of registered providers may be retrieved via the Security.getProviders() method.
public static final KeyAgreement getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException { Instance instance = JceSecurity.getInstance ("KeyAgreement", KeyAgreementSpi.class, algorithm, provider); return new KeyAgreement((KeyAgreementSpi)instance.impl, instance.provider, algorithm); } Returns a `KeyAgreement` object that implements the specified key agreement algorithm. A new KeyAgreement object encapsulating the KeyAgreementSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list. Note that the list of registered providers may be retrieved via the Security.getProviders() method.
public static final KeyAgreement getInstance(String algorithm, Provider provider) throws NoSuchAlgorithmException { Instance instance = JceSecurity.getInstance ("KeyAgreement", KeyAgreementSpi.class, algorithm, provider); return new KeyAgreement((KeyAgreementSpi)instance.impl, instance.provider, algorithm); } Returns a `KeyAgreement` object that implements the specified key agreement algorithm. A new KeyAgreement object encapsulating the KeyAgreementSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.
public final Provider getProvider() { chooseFirstProvider(); return this.provider; } Returns the provider of this `KeyAgreement` object.
public final void init(Key key) throws InvalidKeyException { init(key, JceSecurity.RANDOM); } Initializes this key agreement with the given key, which is required to contain all the algorithm parameters required for this key agreement. If this key agreement requires any random bytes, it will get them using the `SecureRandom` implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness will be used.)
public final void init(Key key, SecureRandom random) throws InvalidKeyException { if (spi != null) { spi.engineInit(key, random); } else { try { chooseProvider(I_NO_PARAMS, key, null, random); } catch (InvalidAlgorithmParameterException e) { // should never occur throw new InvalidKeyException(e); } } } Initializes this key agreement with the given key and source of randomness. The given key is required to contain all the algorithm parameters required for this key agreement. If the key agreement algorithm requires random bytes, it gets them from the given source of randomness, `random`. However, if the underlying algorithm implementation does not require any random bytes, `random` is ignored.
public final void init(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { init(key, params, JceSecurity.RANDOM); } Initializes this key agreement with the given key and set of algorithm parameters. If this key agreement requires any random bytes, it will get them using the `SecureRandom` implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness will be used.)
public final void init(Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { if (spi != null) { spi.engineInit(key, params, random); } else { chooseProvider(I_PARAMS, key, params, random); } } Initializes this key agreement with the given key, set of algorithm parameters, and source of randomness.

Method from javax.crypto.KeyAgreement Detail:

  void chooseFirstProvider() {
        if (spi != null) {
            return;
        }
        synchronized (lock) {
            if (spi != null) {
                return;
            }
            if (debug != null) {
                int w = --warnCount;
                if (w  >= 0) {
                    debug.println("KeyAgreement.init() not first method "
                        + "called, disabling delayed provider selection");
                    if (w == 0) {
                        debug.println("Further warnings of this type will "
                            + "be suppressed");
                    }
                    new Exception("Call trace").printStackTrace();
                }
            }
            Exception lastException = null;
            while ((firstService != null) || serviceIterator.hasNext()) {
                Service s;
                if (firstService != null) {
                    s = firstService;
                    firstService = null;
                } else {
                    s = (Service)serviceIterator.next();
                }
                if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                    continue;
                }
                try {
                    Object obj = s.newInstance(null);
                    if (obj instanceof KeyAgreementSpi == false) {
                        continue;
                    }
                    spi = (KeyAgreementSpi)obj;
                    provider = s.getProvider();
                    // not needed any more
                    firstService = null;
                    serviceIterator = null;
                    return;
                } catch (Exception e) {
                    lastException = e;
                }
            }
            ProviderException e = new ProviderException
                    ("Could not construct KeyAgreementSpi instance");
            if (lastException != null) {
                e.initCause(lastException);
            }
            throw e;
        }
}

Choose the Spi from the first provider available. Used if delayed provider selection is not possible because init() is not the first method called.

 public final Key doPhase(Key key,
    boolean lastPhase) throws InvalidKeyException, IllegalStateException {
        chooseFirstProvider();
        return spi.engineDoPhase(key, lastPhase);
}

Executes the next phase of this key agreement with the given key that was received from one of the other parties involved in this key agreement.

 public final byte[] generateSecret() throws IllegalStateException {
        chooseFirstProvider();
        return spi.engineGenerateSecret();
}

This method resets this KeyAgreement object, so that it can be reused for further key agreements. Unless this key agreement is reinitialized with one of the init methods, the same private information and algorithm parameters will be used for subsequent key agreements.

 public final SecretKey generateSecret(String algorithm) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        chooseFirstProvider();
        return spi.engineGenerateSecret(algorithm);
}

SecretKey

 public final int generateSecret(byte[] sharedSecret,
    int offset) throws IllegalStateException, ShortBufferException {
        chooseFirstProvider();
        return spi.engineGenerateSecret(sharedSecret, offset);
}

sharedSecret

offset

If the sharedSecret buffer is too small to hold the result, a ShortBufferException is thrown. In this case, this call should be repeated with a larger output buffer.

 public final String getAlgorithm() {
        return this.algorithm;
}

KeyAgreement

This is the same name that was specified in one of the getInstance calls that created this KeyAgreement object.

 public static final KeyAgreement getInstance(String algorithm) throws NoSuchAlgorithmException {
        List services = GetInstance.getServices("KeyAgreement", algorithm);
        // make sure there is at least one service from a signed provider
        Iterator t = services.iterator();
        while (t.hasNext()) {
            Service s = (Service)t.next();
            if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                continue;
            }
            return new KeyAgreement(s, t, algorithm);
        }
        throw new NoSuchAlgorithmException
                                ("Algorithm " + algorithm + " not available");
}

KeyAgreement

This method traverses the list of registered security Providers, starting with the most preferred Provider. A new KeyAgreement object encapsulating the KeyAgreementSpi implementation from the first Provider that supports the specified algorithm is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

 public static final KeyAgreement getInstance(String algorithm,
    String provider) throws NoSuchAlgorithmException, NoSuchProviderException {
        Instance instance = JceSecurity.getInstance
                ("KeyAgreement", KeyAgreementSpi.class, algorithm, provider);
        return new KeyAgreement((KeyAgreementSpi)instance.impl,
                instance.provider, algorithm);
}

KeyAgreement

A new KeyAgreement object encapsulating the KeyAgreementSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

 public static final KeyAgreement getInstance(String algorithm,
    Provider provider) throws NoSuchAlgorithmException {
        Instance instance = JceSecurity.getInstance
                ("KeyAgreement", KeyAgreementSpi.class, algorithm, provider);
        return new KeyAgreement((KeyAgreementSpi)instance.impl,
                instance.provider, algorithm);
}

KeyAgreement

A new KeyAgreement object encapsulating the KeyAgreementSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.

 public final Provider getProvider() {
        chooseFirstProvider();
        return this.provider;
}

KeyAgreement

 public final  void init(Key key) throws InvalidKeyException {
        init(key, JceSecurity.RANDOM);
}

If this key agreement requires any random bytes, it will get them using the SecureRandom implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness will be used.)

 public final  void init(Key key,
    SecureRandom random) throws InvalidKeyException {
        if (spi != null) {
            spi.engineInit(key, random);
        } else {
            try {
                chooseProvider(I_NO_PARAMS, key, null, random);
            } catch (InvalidAlgorithmParameterException e) {
                // should never occur
                throw new InvalidKeyException(e);
            }
        }
}

If the key agreement algorithm requires random bytes, it gets them from the given source of randomness, random. However, if the underlying algorithm implementation does not require any random bytes, random is ignored.

 public final  void init(Key key,
    AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException {
        init(key, params, JceSecurity.RANDOM);
}

 public final  void init(Key key,
    AlgorithmParameterSpec params,
    SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (spi != null) {
            spi.engineInit(key, params, random);
        } else {
            chooseProvider(I_PARAMS, key, params, random);
        }
}

Initializes this key agreement with the given key, set of algorithm parameters, and source of randomness.