PrivateKey¶

public class PrivateKey extends Key implements java.security.interfaces.RSAPrivateCrtKey ¶

Class describes a private key object. Inherits from Key and implements from java.security.interfaces.RSAPrivateCrtKey.

Note that the constructor is not intended to be called by user code. Such objects are constructed internally by the API.

Methods¶

decrypt¶

public byte[] decrypt(byte[] data)¶

Decrypts the provided data using a private key. The operation will use PKCS#1 padding.

Parameters:	data – bytearray containing the ciphertext data to decrypt.
Returns:	a bytearray containing the plaintext data.

decrypt¶

public byte[] decrypt(byte[] data, String alg)¶

Decrypts the provided data using a private key.

Parameters:	data – bytearray containing the ciphertext data to decrypt. alg – algorithm to use as a String. Possible values are: `"raw"` for raw decryption and `"pkcs1"` for PKCS#1 padding.
Returns:	a bytearray containing the plaintext data.

getActualModulus¶

public BigInteger getActualModulus()¶

Gets the modulus.

Returns:	the modulus.

getActualPublicExponent¶

public BigInteger getActualPublicExponent()¶

Gets the public exponent.

Returns:	the public exponent.

getAlgorithm¶

public String getAlgorithm()¶

Returns algorithm of key. For now, only RSA keys are supported.

Returns:	`"RSA"`.

getCrtCoefficient¶

public BigInteger getCrtCoefficient()¶

The private key is not extractable from the card, thus this method is not available.

Throws:	ProviderException – always.

getEncoded¶

public byte[] getEncoded()¶

The private key is not extractable from the card, thus this method is not available.

Throws:	ProviderException – always.

getFormat¶

public String getFormat()¶

Returns the name of the primary encoding format of this key (null for a private key).

Returns:	null: the key does not support encoding (not extractable).

getModulus¶

public BigInteger getModulus()¶

Because of the constraints imposed by Java Cryptography Architecture (JCA) and its provider, this method is not available. However, to get the modulus, you can use PrivateKey.getActualModulus() method.

Returns:	`null`.

getPrimeExponentP¶

public BigInteger getPrimeExponentP()¶

The private key is not extractable from the card, thus this method is not available.

Throws:	ProviderException – always.

getPrimeExponentQ¶

public BigInteger getPrimeExponentQ()¶

The private key is not extractable from the card, thus this method is not available.

Throws:	ProviderException – always.

getPrimeP¶

public BigInteger getPrimeP()¶

The private key is not extractable from the card, thus this method is not available.

Throws:	ProviderException – always.

getPrimeQ¶

public BigInteger getPrimeQ()¶

The private key is not extractable from the card, thus this method is not available.

Throws:	ProviderException – always.

getPrivateExponent¶

public BigInteger getPrivateExponent()¶

The private key is not extractable from the card, thus this method is not available.

Throws:	ProviderException – always.

getPublicExponent¶

public BigInteger getPublicExponent()¶

Because of the constraints imposed by Java Cryptography Architecture (JCA) and its provider, this method is not available. However, to get the modulus, you can use PrivateKey.getActualPublicExponent() method.

Returns:	`null`.

hashAndSign¶

public byte[] hashAndSign(byte[] data, String algorithm)¶

Hashes the provided data and signs the hash using a private key. The operation will use PKCS#1 or PSS padding, depending on algorithm value:

for PKCS#1 padding, the algorithm parameter indicates the hash algorithm to use and can take the following values:
- "sha1" or "sha256": Available for all keys (SHA-1 may be forbidden with qualified signature keys depending on the card profile). The API will automatically take care of the partial hashing requirement when used with a qualified signature key.
- "sha384" or "sha512": Not available for qualified signature keys.
for PSS padding, the algorithm parameter indicates the hash and padding parameters used for PSS padding. It can take the following values:
- "sha1pss": hash function and mask generation function will be SHA1 and salt length will be 20.
- "sha256pss": hash function and mask generation function will be SHA256 and salt length will be 32.
- "sha384pss": hash function and mask generation function will be SHA384 and salt length will be 48.
- "sha512pss": hash function and mask generation function will be SHA512 and salt length will be 64.

Parameters:	data – data to hash, provided as a bytearray. algorithm – algorithm of the signature.
Returns:	the bytearray containing the signature.

isPartialHash¶

public boolean isPartialHash()¶

Returns true if the key must use partial hashing (qualified signature key). Available only for private Keys

Returns:	`true` if the key must use partial hashing; `false` otherwise

sign¶

public byte[] sign(byte[] hash, String algorithm)¶

Signs the provided hash using a private key. The operation will use PKCS#1 or PSS padding, depending on algorithm value:

The algorithm of the hash needs to be indicated if the OID needs to be added within the signature block. The algorithm parameter can take the following values:
- null: The hash data will be signed as provided. Not available for qualified signature keys.
- "sha1", "sha256", "sha384" or "sha512": The corresponding OID will be prepended. Not available for qualified signature keys.
- "sha1-partial" or "sha256-partial": The hash must be provided as a partial hash block (containing intermediate hash values) as defined by the IAS specifications. The hash will be finalized by the card and the corresponding OID will be prepended. Available only for qualified signature keys.
The PrivateKey.isPartialHash() property can be used to check whether the key is a qualified signature key that requires partial hashing.
for PSS padding, the algorithm parameter indicates the PSS padding parameters. It can take the following values:
- "sha1pss": mask generation function will be SHA1 and salt length will be 20.
- "sha256pss": mask generation function will be SHA256 and salt length will be 32.
- "sha384pss": mask generation function will be SHA384 and salt length will be 48.
- "sha512pss": mask generation function will be SHA512 and salt length will be 64.

Parameters:	hash – `bytearray` containing the hash value. algorithm – (optional) algorithm of the signature.
Returns:	a `bytearray` containing the signature.

sign¶

public byte[] sign(byte[] hash, String algorithm, AlgorithmParameterSpec params)¶

Signs the provided hash using a private key. If params parameter is null, this is equivalent than calling PrivateKey.sign(byte[],String). Otherwise, it must contain a PSSParameterSpec object defining PSS padding parameters. In this case, algorithm parameter is not used.

Parameters:	hash – `bytearray` containing hash to sign. algorithm – (optional) algorithm of the signature. params – (optional) siggnature algorithm parameters. Only `PSSParameterSpec` is supported.
Returns:	a `bytearray` containing the signature.

PrivateKey¶

Methods¶

decrypt¶

decrypt¶

getActualModulus¶

getActualPublicExponent¶

getAlgorithm¶

getCrtCoefficient¶

getEncoded¶

getFormat¶

getModulus¶

getPrimeExponentP¶

getPrimeExponentQ¶

getPrimeP¶

getPrimeQ¶

getPrivateExponent¶

getPublicExponent¶

hashAndSign¶

isPartialHash¶

sign¶

sign¶

SCM Android API

Table Of Contents

Related Topics