public class PKCS12Algorithms
extends java.lang.Object
implements java.lang.Cloneable
PKCS#12
KeyStore.
An algorithm set consists of one MAC
algorithm used for
integrity protection of the PKCS#12 KeyStore and two PBE
(password based encryption) algorithms for encrypting (Shrouded)KeyBags contained
in unencrypted AuthenticatedSafe objects and/or CertBags contained in encrypted
AuthenticatedSafe objects.
The default
algorithm set of the IAIK PKCS#12
KeyStore implementation uses HMAC_SHA256
as mac algorithm and the PKCS#5 PBES2 scheme PBES2WithHmacSHA256AndAES256
for both encrypted (Shrouded)KeyBags contained in
unencrypted AuthenticatedSafe objects and CertBags contained in encrypted AuthenticatedSafe objects.
If your PKCS#12 KeyStore(s) must be readable with other PKCS#12 applications, too, be careful
when changing
the default algorithm set. Although we have tested the algorithms
to work with well established PKCS#12 applications, it even might happen that an application
may only be able to read PKCS#12 KeyStores protected with the legacy
algorithm set that uses HMAC_SHA1
as mac algorithm, and
the PKCS#5 PBES1 schemes PBEWithSHAAnd40BitRC2_CBC
for encrypting CertBags contained in encrypted AuthenticatedSafe objects and
PBEWithSHAAnd3_KeyTripleDES_CBC
for
encrypting (Shrouded)KeyBags contained in unencrypted AuthenticatedSafe objects. Of course the
legacy set should be used with care because it provides less security than the default
algorithm set. For interoperability reasons the legacy algorithm set has been used as default algorithm
set until IAIKJCE version 5.62.
PKCS12KeyStore
,
PKCS12
Modifier and Type  Field and Description 

static PKCS12Algorithms 
PBES1
Legacy algorithm set using
HMAC_SHA1 as mac algorithm, and
the PKCS#5 PBES1 schemes PBEWithSHAAnd40BitRC2_CBC
for encrypting CertBags contained in encrypted AuthenticatedSafe objects and
PBEWithSHAAnd3_KeyTripleDES_CBC for
encrypting (Shrouded)KeyBags contained in unencrypted AuthenticatedSafe objects. 
static PKCS12Algorithms 
PBES2
Default algorithm set using
HMAC_SHA256
as mac algorithm and the PKCS#5 PBES2 scheme PBES2WithHmacSHA256AndAES256 for both encrypted (Shrouded)KeyBags contained in
unencrypted AuthenticatedSafe objects and CertBags contained in encrypted AuthenticatedSafe objects. 
Constructor and Description 

PKCS12Algorithms(PKCS12MacAlgorithm macAlg,
PKCS12PbeAlgorithm authSafesCipherAlg,
PKCS12PbeAlgorithm keyBagCipherAlg)
Creates a PKCS12Algorithm set for the given mac and PBE algorithms.

Modifier and Type  Method and Description 

java.lang.Object 
clone()
Gets a clone of this object.

PKCS12PbeAlgorithm 
getAuthSafesCipherAlg()
Gets the PBE algorithm to be used for password based encrypting CertBags contained
in encrypted AuthenticatedSafe objects.

static PKCS12Algorithms 
getDefault()
Gets the default algorithm set.

PKCS12PbeAlgorithm 
getKeyBagCipherAlg()
Gets the PBE algorithm to be used for password based encrypting (Shrouded)KeyBags contained
in unencrypted AuthenticatedSafe objects.

static PKCS12Algorithms 
getLegacy()
Gets the legacy algorithm set.

PKCS12MacAlgorithm 
getMacAlg()
Gets the mac algorithm.

void 
setAuthSafesCipherAlg(PKCS12PbeAlgorithm authSafesCipherAlg)
Sets the PBE algorithm to be used for password based encrypting CertBags contained
in encrypted AuthenticatedSafe objects.

static void 
setDefault(PKCS12Algorithms pkcs12Algs)
Sets the default algorithm set.

static void 
setEnforceDefault(boolean enforceDefault)
Decides whether to enforce the configured default algorithm set when storing a parsed
PKCS#12 KeyStore anew. 
void 
setKeyBagCipherAlg(PKCS12PbeAlgorithm keyBagCipherAlg)
Sets the PBE algorithm to be used for password based encrypting (Shrouded)KeyBags contained
in unencrypted AuthenticatedSafe objects.

void 
setMacAlg(PKCS12MacAlgorithm macAlg)
Sets the mac algorithm.

java.lang.String 
toString()
Gets a String representation of this PKCS12Algorithms.

public static final PKCS12Algorithms PBES1
HMAC_SHA1
as mac algorithm, and
the PKCS#5 PBES1 schemes PBEWithSHAAnd40BitRC2_CBC
for encrypting CertBags contained in encrypted AuthenticatedSafe objects and
PBEWithSHAAnd3_KeyTripleDES_CBC
for
encrypting (Shrouded)KeyBags contained in unencrypted AuthenticatedSafe objects.public static final PKCS12Algorithms PBES2
HMAC_SHA256
as mac algorithm and the PKCS#5 PBES2 scheme PBES2WithHmacSHA256AndAES256
for both encrypted (Shrouded)KeyBags contained in
unencrypted AuthenticatedSafe objects and CertBags contained in encrypted AuthenticatedSafe objects.public PKCS12Algorithms(PKCS12MacAlgorithm macAlg, PKCS12PbeAlgorithm authSafesCipherAlg, PKCS12PbeAlgorithm keyBagCipherAlg)
macAlg
 the mac algorithm to be usedauthSafesCipherAlg
 the PBE algorithm to be used for password based encrypting CertBags
contained in encrypted AuthenticatedSafe objectskeyBagCipherAlg
 the PBE algorithm to be used for password based encrypting (Shrouded)KeyBags
contained in unencrypted AuthenticatedSafe objectspublic static final void setDefault(PKCS12Algorithms pkcs12Algs)
The library default set is PBES2
using HMAC_SHA256
as mac algorithm and the PKCS#5 PBES2 scheme PBES2WithHmacSHA256AndAES256
for both encrypted (Shrouded)KeyBags contained in
unencrypted AuthenticatedSafe objects and CertBags contained in encrypted AuthenticatedSafe objects.
pkcs12Algs
 the new default algorithm setpublic static final PKCS12Algorithms getDefault()
The library default set is PBES2
using HMAC_SHA256
as mac algorithm and the PKCS#5 PBES2 scheme PBES2WithHmacSHA256AndAES256
for both encrypted (Shrouded)KeyBags contained in
unencrypted AuthenticatedSafe objects and CertBags contained in encrypted AuthenticatedSafe objects.
public static final PKCS12Algorithms getLegacy()
The legacy set is PBES1
using HMAC_SHA1
as mac algorithm, and
the PKCS#5 PBES1 schemes PBEWithSHAAnd40BitRC2_CBC
for encrypting CertBags contained in encrypted AuthenticatedSafe objects and
PBEWithSHAAnd3_KeyTripleDES_CBC
for
encrypting (Shrouded)KeyBags contained in unencrypted AuthenticatedSafe objects.
public static final void setEnforceDefault(boolean enforceDefault)
PKCS#12
KeyStore anew.
If set to true
, the KeyStore will be protected
with the configured default algorithms when storing it anew. This may be useful when wishing
to change the algorithms that have been used to protect a PKCS#12 KeyStore.enforceDefault
 whether to enforce the configured default algorithm set when storing a
parsed PKCS#12 KeyStore anew; default: false
public PKCS12MacAlgorithm getMacAlg()
HMAC_SHA256
)
is returned.public void setMacAlg(PKCS12MacAlgorithm macAlg)
macAlg
 the mac algorithmpublic PKCS12PbeAlgorithm getAuthSafesCipherAlg()
PBES2WithHmacSHA256AndAES256
) is returned.public void setAuthSafesCipherAlg(PKCS12PbeAlgorithm authSafesCipherAlg)
authSafesCipherAlg
 the PBE algorithm to be used for password based encrypting
CertBags contained in encrypted AuthenticatedSafe objectspublic PKCS12PbeAlgorithm getKeyBagCipherAlg()
PBES2WithHmacSHA256AndAES256
) is returned.public void setKeyBagCipherAlg(PKCS12PbeAlgorithm keyBagCipherAlg)
keyBagCipherAlg
 the PBE algorithm to be used for password based encrypting
(Shrouded)KeyBags contained in unencrypted AuthenticatedSafe objectspublic java.lang.Object clone()
clone
in class java.lang.Object
public java.lang.String toString()
toString
in class java.lang.Object
6.0 (c) 2002 IAIK, (c) 2003  2022 SIC 