io.getlime.security.powerauth.client.keyfactory

Class PowerAuthClientKeyFactory

java.lang.Object

io.getlime.security.powerauth.client.keyfactory.PowerAuthClientKeyFactory

public class PowerAuthClientKeyFactory
extends Object

Class implementing client side key factory for keys related to PowerAuth processes.

Author:

Petr Dvorak

Constructor Summary

Constructors

Constructor and Description
PowerAuthClientKeyFactory()

Method Summary

Modifier and Type	Method and Description
SecretKey	generateClientMasterSecretKey(PrivateKey devicePrivateKey, PublicKey serverPublicKey) Generate a master secret key KEY_MASTER_SECRET using the device private key KEY_DEVICE_PRIVATE and server public key KEY_SERVER_PUBLIC.
SecretKey	generateClientSignatureBiometryKey(SecretKey masterSecretKey) Generate a signature key KEY_SIGNATURE_BIOMETRY from master secret key KEY_MASTER_SECRET using KDF.
SecretKey	generateClientSignatureKnowledgeKey(SecretKey masterSecretKey) Generate a signature key KEY_SIGNATURE_KNOWLEDGE from master secret key KEY_MASTER_SECRET using KDF.
SecretKey	generateClientSignaturePossessionKey(SecretKey masterSecretKey) Generate a signature key KEY_SIGNATURE_POSSESSION from master secret key KEY_MASTER_SECRET using KDF.
SecretKey	generateServerEncryptedVaultKey(SecretKey masterSecretKey) Generate a transport key KEY_ENCRYPTED_VAULT from master secret key KEY_MASTER_SECRET using KDF.
SecretKey	generateServerTransportKey(SecretKey masterSecretKey) Generate a transport key KEY_TRANSPORT from master secret key KEY_MASTER_SECRET using KDF.
List<SecretKey>	keysForSignatureType(String signatureType, SecretKey masterSecretKey) Generate a list with signature keys for given signature type and master secret
List<SecretKey>	keysForSignatureType(String signatureType, SecretKey possessionSignatureKey, SecretKey knowledgeSignatureKey, SecretKey biometrySignatureKey) Return a correct list of keys for given signature type.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PowerAuthClientKeyFactory

public PowerAuthClientKeyFactory()

Method Detail

keysForSignatureType

public List<SecretKey> keysForSignatureType(String signatureType,
                                            SecretKey possessionSignatureKey,
                                            SecretKey knowledgeSignatureKey,
                                            SecretKey biometrySignatureKey)

Return a correct list of keys for given signature type.

Parameters:

signatureType - Requested type of a signature.

possessionSignatureKey - Possession factor related signature key.

knowledgeSignatureKey - Knowledge factor related signature key.

biometrySignatureKey - Biometry factor related signature key.

Returns:

List with correct keys

keysForSignatureType

public List<SecretKey> keysForSignatureType(String signatureType,
                                            SecretKey masterSecretKey)

Generate a list with signature keys for given signature type and master secret

Parameters:

signatureType - Requested signature type

masterSecretKey - Master Key Secret

Returns:

List with keys constructed from master secret that are needed to get requested signature type.

generateClientMasterSecretKey

public SecretKey generateClientMasterSecretKey(PrivateKey devicePrivateKey,
                                               PublicKey serverPublicKey)
                                        throws InvalidKeyException

Generate a master secret key KEY_MASTER_SECRET using the device private key KEY_DEVICE_PRIVATE and server public key KEY_SERVER_PUBLIC.

Parameters:

devicePrivateKey - Device private key KEY_DEVICE_PRIVATE.

serverPublicKey - Server public key KEY_SERVER_PUBLIC.

Returns:

Computed symmetric key KEY_MASTER_SECRET.

Throws:

InvalidKeyException - In case some provided key is invalid.

generateClientSignatureBiometryKey

public SecretKey generateClientSignatureBiometryKey(SecretKey masterSecretKey)

Generate a signature key KEY_SIGNATURE_BIOMETRY from master secret key KEY_MASTER_SECRET using KDF.

Parameters:

masterSecretKey - Master secret key KEY_MASTER_SECRET.

Returns:

An instance of signature key KEY_SIGNATURE_BIOMETRY.

See Also:

KeyGenerator.deriveSecretKey(SecretKey, long)

generateClientSignatureKnowledgeKey

public SecretKey generateClientSignatureKnowledgeKey(SecretKey masterSecretKey)

Generate a signature key KEY_SIGNATURE_KNOWLEDGE from master secret key KEY_MASTER_SECRET using KDF.

Parameters:

masterSecretKey - Master secret key KEY_MASTER_SECRET.

Returns:

An instance of signature key KEY_SIGNATURE_KNOWLEDGE.

See Also:

KeyGenerator.deriveSecretKey(SecretKey, long)

generateClientSignaturePossessionKey

public SecretKey generateClientSignaturePossessionKey(SecretKey masterSecretKey)

Generate a signature key KEY_SIGNATURE_POSSESSION from master secret key KEY_MASTER_SECRET using KDF.

Parameters:

masterSecretKey - Master secret key KEY_MASTER_SECRET.

Returns:

An instance of signature key KEY_SIGNATURE_POSSESSION.

See Also:

KeyGenerator.deriveSecretKey(SecretKey, long)

generateServerEncryptedVaultKey

public SecretKey generateServerEncryptedVaultKey(SecretKey masterSecretKey)

Generate a transport key KEY_ENCRYPTED_VAULT from master secret key KEY_MASTER_SECRET using KDF.

Parameters:

masterSecretKey - Master secret key KEY_MASTER_SECRET.

Returns:

An instance of signature key KEY_ENCRYPTED_VAULT.

See Also:

KeyGenerator.deriveSecretKey(SecretKey, long)

generateServerTransportKey

public SecretKey generateServerTransportKey(SecretKey masterSecretKey)

Generate a transport key KEY_TRANSPORT from master secret key KEY_MASTER_SECRET using KDF.

Parameters:

masterSecretKey - Master secret key KEY_MASTER_SECRET.

Returns:

An instance of signature key KEY_TRANSPORT.

See Also:

KeyGenerator.deriveSecretKey(SecretKey, long)