Class StatefulKeyManager
public class StatefulKeyManager extends KeyManager
KeyManager.loadKey(StorageParameters storageParameters)
or
createNewKey(AlgorithmParameters algorithmParameters, StorageParameters storageParameters)
of KeyManager
.
This KeyManager handles stateful key pairs. Currently the signatures schemes XMSS and XMSSMT are supported. In these schemes the private key is stateful, meaning it has to be updated after every signature to keep the scheme secure. The update process as well as the persistent storage of the key material is taken care of by the KeyManager.
When choosing the parameters to be used for stateful signature schemes, the limited number of signatures that can be created has to be taken into account. This KeyManager will give out a warning when the available signatures will reach their end, so that a new key pair can be created right in time.
- Author:
- Alexander Zeier
-
Method Summary
Modifier and Type Method Description static KeyManager
createNewKey(AlgorithmParameters algorithmParameters, StorageParameters storageParameters)
PrivateKey
getPrivateKey()
Get the private key managed by the KeyManager.void
updateKeyInAdvance(int numberOfUpdates)
Updates the stateful private key n times in advance (n being the given numberOfUpdates) and stores it at the specified storage location, reserving the n states between the origin state and the updates state for signing.Methods inherited from class de.hda.fbi.ucs.eucrite.KeyManager
castToStatefulKeyManager, createSelfSignedCertificate, getAlgorithm, getCertificate, getPublicKey, getSecretKey, loadKey
-
Method Details
-
createNewKey
public static KeyManager createNewKey(AlgorithmParameters algorithmParameters, StorageParameters storageParameters) throws FileAlreadyExistsException, NoSuchAlgorithmException, IllegalArgumentException -
getPrivateKey
Get the private key managed by the KeyManager. The private key is then updated by the KeyManager and stored at the location specified in storageLocation.- Returns:
- The private key.
-
updateKeyInAdvance
public void updateKeyInAdvance(int numberOfUpdates)Updates the stateful private key n times in advance (n being the given numberOfUpdates) and stores it at the specified storage location, reserving the n states between the origin state and the updates state for signing.
After using this method n signatures can be done without storing the private key again, leading to more efficient signing.This method should only be used with caution. The reserved n states will be lost after reloading the key from the storage location (e.g. when the application was restarted).
Updating the private key in advance to do 3 signatures would look like this:
... StorageParameters storageParameters = ...; KeyManager keyManager = KeyManager.loadKeyPair(storageParameters); keyManager.castToStatefulKeyManager().updateKeyInAdvance(3); byte[] signature1 = signer.sign(data1); byte[] signature2 = signer.sign(data2); byte[] signature3 = signer.sign(data3);
- Overrides:
updateKeyInAdvance
in classKeyManager
- Parameters:
numberOfUpdates
- The number of times the private key is updated in advanced.- See Also:
More information about stateful signature schemes.
-