org.bouncycastle.cms.jcajce
Class JceKeyTransRecipient
java.lang.Object
|
+--org.bouncycastle.cms.jcajce.JceKeyTransRecipient
- All Implemented Interfaces:
- KeyTransRecipient, Recipient
- Direct Known Subclasses:
- JceKeyTransAuthenticatedRecipient, JceKeyTransEnvelopedRecipient
- public abstract class JceKeyTransRecipient
- extends java.lang.Object
- implements KeyTransRecipient
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
helper
protected EnvelopedDataHelper helper
contentHelper
protected EnvelopedDataHelper contentHelper
extraMappings
protected java.util.Map extraMappings
validateKeySize
protected boolean validateKeySize
unwrappedKeyMustBeEncodable
protected boolean unwrappedKeyMustBeEncodable
JceKeyTransRecipient
public JceKeyTransRecipient(java.security.PrivateKey recipientKey)
setProvider
public JceKeyTransRecipient setProvider(java.security.Provider provider)
- Set the provider to use for key recovery and content processing.
- Parameters:
provider - provider to use.- Returns:
- this recipient.
setProvider
public JceKeyTransRecipient setProvider(java.lang.String providerName)
- Set the provider to use for key recovery and content processing.
- Parameters:
providerName - the name of the provider to use.- Returns:
- this recipient.
setAlgorithmMapping
public JceKeyTransRecipient setAlgorithmMapping(org.bouncycastle.asn1.ASN1ObjectIdentifier algorithm,
java.lang.String algorithmName)
- Internally algorithm ids are converted into cipher names using a lookup table. For some providers
the standard lookup table won't work. Use this method to establish a specific mapping from an
algorithm identifier to a specific algorithm.
For example:
unwrapper.setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA");
- Parameters:
algorithm - OID of algorithm in recipient.algorithmName - JCE algorithm name to use.- Returns:
- the current Recipient.
setContentProvider
public JceKeyTransRecipient setContentProvider(java.security.Provider provider)
- Set the provider to use for content processing. If providerName is null a "no provider" search will be
used to satisfy getInstance calls.
- Parameters:
provider - the provider to use.- Returns:
- this recipient.
setMustProduceEncodableUnwrappedKey
public JceKeyTransRecipient setMustProduceEncodableUnwrappedKey(boolean unwrappedKeyMustBeEncodable)
- Flag that unwrapping must produce a key that will return a meaningful value from a call to Key.getEncoded().
This is important if you are using a HSM for unwrapping and using a software based provider for
decrypting the content. Default value: false.
- Parameters:
unwrappedKeyMustBeEncodable - true if getEncoded() should return key bytes, false if not necessary.- Returns:
- this recipient.
setContentProvider
public JceKeyTransRecipient setContentProvider(java.lang.String providerName)
- Set the provider to use for content processing. If providerName is null a "no provider" search will be
used to satisfy getInstance calls.
- Parameters:
providerName - the name of the provider to use.- Returns:
- this recipient.
setKeySizeValidation
public JceKeyTransRecipient setKeySizeValidation(boolean doValidate)
- Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off.
This setting will not have any affect if the encryption algorithm in the recipient does not specify a particular key size, or
if the unwrapper is a HSM and the byte encoding of the unwrapped secret key is not available.
- Parameters:
doValidate - true if unwrapped key's should be validated against the content encryption algorithm, false otherwise.- Returns:
- this recipient.
extractSecretKey
protected java.security.Key extractSecretKey(org.bouncycastle.asn1.x509.AlgorithmIdentifier keyEncryptionAlgorithm,
org.bouncycastle.asn1.x509.AlgorithmIdentifier encryptedKeyAlgorithm,
byte[] encryptedEncryptionKey)
throws CMSException