Class EncryptedPrivateKeyInfo

java.lang.Object
javax.crypto.EncryptedPrivateKeyInfo
All Implemented Interfaces:
DEREncodablePREVIEW
public non-sealed class EncryptedPrivateKeyInfo extends Object implements DEREncodablePREVIEW
This class implements the EncryptedPrivateKeyInfo type as defined in PKCS #8.

Its ASN.1 definition is as follows: 

EncryptedPrivateKeyInfo ::=  SEQUENCE {
    encryptionAlgorithm   AlgorithmIdentifier,
    encryptedData   OCTET STRING }

AlgorithmIdentifier  ::=  SEQUENCE  {
    algorithm              OBJECT IDENTIFIER,
    parameters             ANY DEFINED BY algorithm OPTIONAL  }

Since:
1.4
See Also:

  • Constructor Details

    • EncryptedPrivateKeyInfo

      public EncryptedPrivateKeyInfo(byte[] encoded) throws IOException
      Constructs an EncryptedPrivateKeyInfo from a given encrypted PKCS#8 ASN.1 encoding.
      Parameters:
      encoded - the ASN.1 encoding of this object. The contents of the array are copied to protect against subsequent modification.
      Throws:
      NullPointerException - if encoded is null.
      IOException - if error occurs when parsing the ASN.1 encoding.

    • EncryptedPrivateKeyInfo

      public EncryptedPrivateKeyInfo(String algName, byte[] encryptedData) throws NoSuchAlgorithmException
      Constructs an EncryptedPrivateKeyInfo from the encryption algorithm name and the encrypted data.

      Note: This constructor will use null as the value of the algorithm parameters. If the encryption algorithm has parameters whose value is not null, a different constructor, e.g. EncryptedPrivateKeyInfo(AlgorithmParameters, byte[]), should be used.

      Parameters:
      algName - encryption algorithm name. See the Java Security Standard Algorithm Names document for information about standard Cipher algorithm names.
      encryptedData - encrypted data. The contents of encryptedData are copied to protect against subsequent modification when constructing this object.
      Throws:
      NullPointerException - if algName or encryptedData is null.
      IllegalArgumentException - if encryptedData is empty, i.e. 0-length.
      NoSuchAlgorithmException - if the specified algName is not supported.
      External Specifications

    • EncryptedPrivateKeyInfo

      public EncryptedPrivateKeyInfo(AlgorithmParameters algParams, byte[] encryptedData) throws NoSuchAlgorithmException
      Constructs an EncryptedPrivateKeyInfo from the encryption algorithm parameters and the encrypted data.
      Parameters:
      algParams - the algorithm parameters for the encryption algorithm. algParams.getEncoded() should return the ASN.1 encoded bytes of the parameters field of the AlgorithmIdentifier component of the EncryptedPrivateKeyInfo type.
      encryptedData - encrypted data. The contents of encryptedData are copied to protect against subsequent modification when constructing this object.
      Throws:
      NullPointerException - if algParams or encryptedData is null.
      IllegalArgumentException - if encryptedData is empty, i.e. 0-length.
      NoSuchAlgorithmException - if the specified algName of the specified algParams parameter is not supported.

  • Method Details

    • getAlgName

      public String getAlgName()
      Returns the encryption algorithm.

      Note: Standard name is returned instead of the specified one in the constructor when such mapping is available. See the Java Security Standard Algorithm Names document for information about standard Cipher algorithm names.

      Returns:
      the encryption algorithm name.
      External Specifications

    • getAlgParameters

      public AlgorithmParameters getAlgParameters()
      Returns the algorithm parameters used by the encryption algorithm.
      Returns:
      the algorithm parameters.

    • getEncryptedData

      public byte[] getEncryptedData()
      Returns the encrypted data.
      Returns:
      the encrypted data. Returns a new array each time this method is called.

    • getKeySpec

      public PKCS8EncodedKeySpec getKeySpec(Cipher cipher) throws InvalidKeySpecException
      Extract the enclosed PKCS8EncodedKeySpec object from the encrypted data and return it.
      Note: In order to successfully retrieve the enclosed PKCS8EncodedKeySpec object, cipher needs to be initialized to either Cipher.DECRYPT_MODE or Cipher.UNWRAP_MODE, with the same key and parameters used for generating the encrypted data.
      Parameters:
      cipher - the initialized Cipher object which will be used for decrypting the encrypted data.
      Returns:
      the PKCS8EncodedKeySpec object.
      Throws:
      NullPointerException - if cipher is null.
      InvalidKeySpecException - if the given cipher is inappropriate for the encrypted data or the encrypted data is corrupted and cannot be decrypted.

    • encryptKey

      public static EncryptedPrivateKeyInfo encryptKey(PrivateKey key, char[] password, String algorithm, AlgorithmParameterSpec params, Provider provider)
      encryptKey is a preview API of the Java platform.
      Programs can only use encryptKey when preview features are enabled.
      Preview features may be removed in a future release, or upgraded to permanent features of the Java platform.
      Creates and encrypts an EncryptedPrivateKeyInfo from a given PrivateKey. A valid password-based encryption (PBE) algorithm and password must be specified.

      The PBE algorithm string format details can be found in the Cipher section of the Java Security Standard Algorithm Names Specification.

      Implementation Note:
      The jdk.epkcs8.defaultAlgorithm Security Property defines the default encryption algorithm and the AlgorithmParameterSpec are the provider's algorithm defaults.
      Parameters:
      key - the PrivateKey to be encrypted
      password - the password used in the PBE encryption. This array will be cloned before being used.
      algorithm - the PBE encryption algorithm. The default algorithm will be used if null. However, null is not allowed when params is non-null.
      params - the AlgorithmParameterSpec to be used with encryption. The provider default will be used if null.
      provider - the Provider will be used for PBE SecretKeyFactory generation and Cipher encryption operations. The default provider list will be used if null.
      Returns:
      an EncryptedPrivateKeyInfo
      Throws:
      IllegalArgumentException - on initialization errors based on the arguments passed to the method
      RuntimeException - on an encryption error
      NullPointerException - if the key or password are null. If params is non-null when algorithm is null.
      Since:
      25

    • encryptKey

      public static EncryptedPrivateKeyInfo encryptKey(PrivateKey key, char[] password)
      encryptKey is a preview API of the Java platform.
      Programs can only use encryptKey when preview features are enabled.
      Preview features may be removed in a future release, or upgraded to permanent features of the Java platform.
      Creates and encrypts an EncryptedPrivateKeyInfo from a given PrivateKey and password. Default algorithm and parameters are used.
      Implementation Note:
      The jdk.epkcs8.defaultAlgorithm Security Property defines the default encryption algorithm and the AlgorithmParameterSpec are the provider's algorithm defaults.
      Parameters:
      key - the PrivateKey to be encrypted
      password - the password used in the PBE encryption. This array will be cloned before being used.
      Returns:
      an EncryptedPrivateKeyInfo
      Throws:
      IllegalArgumentException - on initialization errors based on the arguments passed to the method
      RuntimeException - on an encryption error
      NullPointerException - when the key or password is null
      Since:
      25

    • encryptKey

      public static EncryptedPrivateKeyInfo encryptKey(PrivateKey key, Key encKey, String algorithm, AlgorithmParameterSpec params, Provider provider, SecureRandom random)
      encryptKey is a preview API of the Java platform.
      Programs can only use encryptKey when preview features are enabled.
      Preview features may be removed in a future release, or upgraded to permanent features of the Java platform.
      Creates and encrypts an EncryptedPrivateKeyInfo from the given PrivateKey using the encKey and given parameters.
      Implementation Note:
      The jdk.epkcs8.defaultAlgorithm Security Property defines the default encryption algorithm and the AlgorithmParameterSpec are the provider's algorithm defaults.
      Parameters:
      key - the PrivateKey to be encrypted
      encKey - the password-based encryption (PBE) Key used to encrypt key.
      algorithm - the PBE encryption algorithm. The default algorithm is will be used if null; however, null is not allowed when params is non-null.
      params - the AlgorithmParameterSpec to be used with encryption. The provider list default will be used if null.
      provider - the Provider is used for Cipher encryption operation. The default provider list will be used if null.
      random - the SecureRandom instance used during encryption. The default will be used if null.
      Returns:
      an EncryptedPrivateKeyInfo
      Throws:
      IllegalArgumentException - on initialization errors based on the arguments passed to the method
      RuntimeException - on an encryption error
      NullPointerException - if the key or encKey are null. If params is non-null, algorithm cannot be null.
      Since:
      25

    • getKey

      public PrivateKey getKey(char[] password) throws GeneralSecurityException
      getKey is a preview API of the Java platform.
      Programs can only use getKey when preview features are enabled.
      Preview features may be removed in a future release, or upgraded to permanent features of the Java platform.
      Extract the enclosed PrivateKey object from the encrypted data and return it.
      Parameters:
      password - the password used in the PBE encryption. This array will be cloned before being used.
      Returns:
      a PrivateKey
      Throws:
      GeneralSecurityException - if an error occurs parsing or decrypting the encrypted data, or producing the key object.
      NullPointerException - if password is null
      Since:
      25

    • getKey

      public PrivateKey getKey(Key decryptKey, Provider provider) throws GeneralSecurityException
      getKey is a preview API of the Java platform.
      Programs can only use getKey when preview features are enabled.
      Preview features may be removed in a future release, or upgraded to permanent features of the Java platform.
      Extract the enclosed PrivateKey object from the encrypted data and return it.
      Parameters:
      decryptKey - the decryption key and cannot be null
      provider - the Provider used for Cipher decryption and PrivateKey generation. A null value will use the default provider configuration.
      Returns:
      a PrivateKey
      Throws:
      GeneralSecurityException - if an error occurs parsing or decrypting the encrypted data, or producing the key object.
      NullPointerException - if decryptKey is null
      Since:
      25

    • getKeySpec

      public PKCS8EncodedKeySpec getKeySpec(Key decryptKey) throws NoSuchAlgorithmException, InvalidKeyException
      Extract the enclosed PKCS8EncodedKeySpec object from the encrypted data and return it.
      Parameters:
      decryptKey - key used for decrypting the encrypted data.
      Returns:
      the PKCS8EncodedKeySpec object.
      Throws:
      NullPointerException - if decryptKey is null.
      NoSuchAlgorithmException - if cannot find appropriate cipher to decrypt the encrypted data.
      InvalidKeyException - if decryptKey cannot be used to decrypt the encrypted data or the decryption result is not a valid PKCS8KeySpec.
      Since:
      1.5

    • getKeySpec

      public PKCS8EncodedKeySpec getKeySpec(Key decryptKey, String providerName) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException
      Extract the enclosed PKCS8EncodedKeySpec object from the encrypted data and return it.
      Parameters:
      decryptKey - key used for decrypting the encrypted data.
      providerName - the name of provider whose cipher implementation will be used.
      Returns:
      the PKCS8EncodedKeySpec object.
      Throws:
      NullPointerException - if decryptKey or providerName is null.
      NoSuchProviderException - if no provider providerName is registered.
      NoSuchAlgorithmException - if cannot find appropriate cipher to decrypt the encrypted data.
      InvalidKeyException - if decryptKey cannot be used to decrypt the encrypted data or the decryption result is not a valid PKCS8KeySpec.
      Since:
      1.5

    • getKeySpec

      public PKCS8EncodedKeySpec getKeySpec(Key decryptKey, Provider provider) throws NoSuchAlgorithmException, InvalidKeyException
      Extract the enclosed PKCS8EncodedKeySpec object from the encrypted data and return it.
      Parameters:
      decryptKey - key used for decrypting the encrypted data.
      provider - the name of provider whose cipher implementation will be used.
      Returns:
      the PKCS8EncodedKeySpec object.
      Throws:
      NullPointerException - if decryptKey or provider is null.
      NoSuchAlgorithmException - if cannot find appropriate cipher to decrypt the encrypted data in provider.
      InvalidKeyException - if decryptKey cannot be used to decrypt the encrypted data or the decryption result is not a valid PKCS8KeySpec.
      Since:
      1.5

    • getEncoded

      public byte[] getEncoded() throws IOException
      Returns the ASN.1 encoding of this object.
      Returns:
      the ASN.1 encoding. Returns a new array each time this method is called.
      Throws:
      IOException - if error occurs when constructing its ASN.1 encoding.