All Superinterfaces:
Destroyable, Key, SecretKey, Serializable

public interface DelegatedKey extends SecretKey
Identifies keys which should not be used directly with Cipher but instead contain their own cryptographic logic. This can be used to wrap more complex logic, HSM integration, or service-calls.

Most delegated keys will only support a subset of these operations. (For example, AES keys will generally not support sign(byte[], String) or verify(byte[], byte[], String) and HMAC keys will generally not support anything except sign and verify.) UnsupportedOperationException should be thrown in these cases.

Author:
Greg Rubin
  • Field Summary

    Fields inherited from interface javax.crypto.SecretKey

    serialVersionUID
  • Method Summary

    Modifier and Type
    Method
    Description
    byte[]
    decrypt(byte[] cipherText, byte[] additionalAssociatedData, String algorithm)
    Decrypts the provided ciphertext and returns a byte-array containing the plaintext.
    byte[]
    encrypt(byte[] plainText, byte[] additionalAssociatedData, String algorithm)
    Encrypts the provided plaintext and returns a byte-array containing the ciphertext.
    byte[]
    sign(byte[] dataToSign, String algorithm)
    Calculates and returns a signature for dataToSign.
    unwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType, byte[] additionalAssociatedData, String algorithm)
    Unwraps (decrypts) the provided wrappedKey to recover the original key.
    boolean
    verify(byte[] dataToSign, byte[] signature, String algorithm)
    Checks the provided signature for correctness.
    byte[]
    wrap(Key key, byte[] additionalAssociatedData, String algorithm)
    Wraps (encrypts) the provided key to make it safe for storage or transmission.

    Methods inherited from interface javax.security.auth.Destroyable

    destroy, isDestroyed

    Methods inherited from interface java.security.Key

    getAlgorithm, getEncoded, getFormat