+

Search Tips   |   Advanced Search

Example: Retrieving the generated keys from a key set group

This example shows how applications can use the com.ibm.websphere.crypto.KeySetHelper API to retrieve managed keys from the KeySet or KeySetGroup configurations. Use the com.ibm.websphere.crypto.KeySetHelper API to get either the latest set of keys or all the keys in the KeySet or KeySetGroup object.

Use the latest keys when performing any new cryptographic operations. All of the other keys defined in the KeySet or KeySetGroup object are for the validation of previously performed cryptographic operations.

The following example uses a method an application might use to initialize the keys in the associated KeySetGroup object. The application might want to store the keys in two separate maps, one for generation and one for validation. Refer to the API documentation for KeySetHelper API to determine which Java 2 Security requirements are required.

/**
     * Initializes the primary and secondary Maps used for initializing the keys.
     */

    public void initializeKeySetGroupKeys() throws com.ibm.websphere.crypto.KeyException
    {
        java.util.Map generationKeys = null;
        java.util.Map validationKeys = null;

        PublicKey tempPublicKey = null;
        PrivateKey tempPrivateKey = null;
        byte[] tempSharedKey = null;

        keySetGroupName = "ApplicationKeySetGroup";
        com.ibm.websphere.crypto.KeySetHelper ksh = com.ibm.websphere.crypto.KeySetHelper.getInstance();
        generationKeys = ksh.getLatestKeysForKeySetGroup(keySetGroupName);

        /***
        *  Latest keys: {
        *  KeyPair_3=com.ibm.websphere.crypto.KeyPair@64ec64ec, 
        *  Secret_3=javax.crypto.spec.SecretKeySpec@fffe8aa7
        *  }
        ***/

        if (generationKeys != null)
        {
            Iterator iKeySet = generationKeys.keySet().iterator();

            while (iKeySet.hasNext())
            {
                String keyAlias = (String)iKeySet.next();

                Object key = generationKeys.get(keyAlias);

                if (key instanceof java.security.Key)
                {
                    tempSharedKey = ((java.security.Key)key).getEncoded();
                }
                else if (key instanceof com.ibm.websphere.crypto.KeyPair)
                {                                      
                    java.security.Key publicKeyAsSecret = 
				((com.ibm.websphere.crypto.KeyPair)key).getPublicKey();
                    tempPublicKey = new PublicKey(publicKeyAsSecret.getEncoded());
                    java.security.Key privateKeyAsSecret = 
				((com.ibm.websphere.crypto.KeyPair)key).getPrivateKey();
                    tempPrivateKey = new PrivateKey(privateKeyAsSecret.getEncoded());
                }
            }

            // save these for use later, if necessary
            validationKeys = ksh.getAllKeysForKeySetGroup(keySetGroupName);

            /***
            *  All keys: {
            *  version_1=
            *      {Secret_1=javax.crypto.spec.SecretKeySpec@178cf, 
            *       KeyPair_1=com.ibm.websphere.crypto.KeyPair@1c121c12}, 
            *  version_2=
            *      {Secret_2=javax.crypto.spec.SecretKeySpec@17a77, 
            *       KeyPair_2=com.ibm.websphere.crypto.KeyPair@182e182e}, 
            *  version_3=
            *      {Secret_3=javax.crypto.spec.SecretKeySpec@fffe8aa7,
            *       KeyPair_3=com.ibm.websphere.crypto.KeyPair@4da04da0}
            *  }
            ***/  
        }
        else
        {
            throw new com.ibm.websphere.crypto.KeyException("Could not generateKeys.");
        }
    }

  • Create a key set group configuration