CryptoServerCXI.KeyStore Class Reference

Key storage for external (MBK encrypted) keys More...

Public Member Functions
	KeyStore (String filename, int idxLength) throws IOException,CryptoServerException
	Opens the given key store database or creates it if not existing. More...
	KeyStore (CryptoServerConfig config, int idxLength) throws IOException,CryptoServerException
	Opens the given key store database or creates it if not existing. More...
int	getIndexLength () throws CryptoServerException
	Returns the index (search key) length of the database.
boolean	findKey (byte[] startIndex, int mode, KeyAttributes attributes) throws CryptoServerException
	Finds a key with the given attributes. More...
Key	getKey (byte[] index) throws CryptoServerException
	Returns the key with the given index. More...
byte[]	insertKey (int flags, byte[] index, Key key) throws CryptoServerException
	Inserts a key into the key store. More...
void	deleteKey (byte[] index) throws CryptoServerException
	Deletes the key with the given index. More...

Static Public Attributes
static final int	MODE_EQUAL = 0
	search the key with exactly the given index
static final int	MODE_GTEQ = 1
	search key with exactly the given index or the next greater index
static final int	MODE_GREATER = 2
	search key with the next greater index

Detailed Description

Key storage for external (MBK encrypted) keys

On creation or import of a key on the CryptoServer, it can either be stored on the CryptoServer or exported as an external key (see Command Flags). In the latter case the key is encrypted with the CryptoServer's Master Box Key (MBK). Such external keys can be stored in an external key database provided by this class.

Each record in a key store database consists of two fields:

• A search key (index) that uniquely identifies the record within the database.
• A data field where the key blob is stored.

The index fields of all records have the same length. This length has to be defined on creation of the database and can't be changed later.
Most commonly the unique key name (MD5 hash over name, group and specifier) with a length of 16 bytes is used as index (see Key.getUName()).
But the application may use any other index (e.g. a continuous serial number) to identify a key.

The length of the data field is variable.

Note

The database driver allows parallel access form multiple processes / threads on the local computer.
If the database file resides on a network share it may not be accessed from different computers.

Example:

The following example illustrates the usage of the KeyStore class:

// open / create external key store
CryptoServerCXI.KeyStore ks = new CryptoServerCXI.KeyStore("d:/temp/cxi.ks", 16);
 
// generate an RSA key (external key storage)
attr = new CryptoServerCXI.KeyAttributes();
attr.setAlgo(CryptoServerCXI.KEY_ALGO_RSA);
attr.setSize(1024);
attr.setName("RSA test key");
CryptoServerCXI.Key rsaKey = cxi.generateKey(attr, 0, false);
 
// store key in external key store
ks.insertKey(CryptoServerCXI.FLAG_OVERWRITE, rsaKey.getUName(), rsaKey);
 
// list all keys
System.out.println("\nListing all keys...");
byte [] index = new byte[ks.getIndexLength()];
int mode = CryptoServerCXI.KeyStore.MODE_GTEQ;
 
while (ks.findKey(index, mode, null) == true)
{
  CryptoServerUtil.xtrace("index", index);
 
  CryptoServerCXI.Key key = ks.getKey(index);
  // ...
 
  mode = CryptoServerCXI.KeyStore.MODE_GREATER;
}