All Packages Class Hierarchy This Package Previous Next Index
Class netscape.security.x509.CertAndKeyGen
netscape.security.x509.CertAndKeyGen
- public final class CertAndKeyGen
Generate a pair of keys, and provide access to them. This class is
provided primarily for ease of use.
This provides some simple certificate management functionality.
Specifically, it allows you to create self-signed X.509 certificates
as well as PKCS 10 based certificate signing requests.
Keys for some public key signature algorithms have algorithm
parameters, such as DSS/DSA. Some sites' Certificate Authorities
adopt fixed algorithm parameters, which speeds up some operations
including key generation and signing. At this time, this interface
does not provide a way to provide such algorithm parameters, e.g.
by providing the CA certificate which includes those parameters.
Also, note that at this time only signature-capable keys may be
acquired through this interface. Diffie-Hellman keys, used for secure
key exchange, may be supported later.
- See Also:
- PKCS10, X509CertImpl
-
CertAndKeyGen(String, String)
- Creates a CertAndKeyGen object for a particular key type
and signature algorithm.
-
generate(int)
- Generates a random public/private key pair, with a given key
size.
-
getCertRequest(X500Name)
- Returns a PKCS #10 certificate request.
-
getPrivateKey()
- Returns the private key of the generated key pair.
-
getPublicKey()
- Returns the public key of the generated key pair.
-
getSelfCert(X500Name, long)
- Returns a self-signed X.509v1 certificate for the public key.
Deprecated.
-
getSelfCertificate(X500Name, long)
- Returns a self-signed X.509v3 certificate for the public key.
-
setRandom(SecureRandom)
- Sets the source of random numbers used when generating keys.
Deprecated.
CertAndKeyGen
public CertAndKeyGen(String keyType,
String sigAlg) throws NoSuchAlgorithmException
- Creates a CertAndKeyGen object for a particular key type
and signature algorithm.
- Parameters:
- keyType - type of key, e.g. "RSA", "DSA"
- sigAlg - name of the signature algorithm, e.g. "MD5WithRSA",
"MD2WithRSA", "SHAwithDSA".
- Throws: NoSuchAlgorithmException
- on unrecognized algorithms.
setRandom
public void setRandom(SecureRandom generator)
- Note: setRandom() is deprecated.
All random numbers come from PKCS #11 now.
- Sets the source of random numbers used when generating keys.
If you do not provide one, a system default facility is used.
You may wish to provide your own source of random numbers
to get a reproducible sequence of keys and signatures, or
because you may be able to take advantage of strong sources
of randomness/entropy in your environment.
generate
public void generate(int keyBits) throws InvalidKeyException
- Generates a random public/private key pair, with a given key
size. Different algorithms provide different degrees of security
for the same key size, because of the "work factor" involved in
brute force attacks. As computers become faster, it becomes
easier to perform such attacks. Small keys are to be avoided.
Note that not all values of "keyBits" are valid for all
algorithms, and not all public key algorithms are currently
supported for use in X.509 certificates. If the algorithm
you specified does not produce X.509 compatible keys, an
invalid key exception is thrown.
- Parameters:
- keyBits - the number of bits in the keys.
- Throws: InvalidKeyException
- if the environment does not
provide X.509 public keys for this signature algorithm.
getPublicKey
public X509Key getPublicKey()
- Returns the public key of the generated key pair.
getPrivateKey
public PrivateKey getPrivateKey()
- Returns the private key of the generated key pair.
Be extremely careful when handling private keys.
When private keys are not kept secret, they lose their ability
to securely authenticate specific entities ... that is a huge
security risk!
getSelfCert
public X509Cert getSelfCert(X500Name myname,
long validity) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException
- Note: getSelfCert() is deprecated.
Use the new
- Returns a self-signed X.509v1 certificate for the public key.
The certificate is immediately valid.
Such certificates normally are used to identify a "Certificate
Authority" (CA). Accordingly, they will not always be accepted by
other parties. However, such certificates are also useful when
you are bootstrapping your security infrastructure, or deploying
system prototypes.
- Parameters:
- myname - X.500 name of the subject (who is also the issuer)
- validity - how long the certificate should be valid, in seconds
getSelfCertificate
public X509Certificate getSelfCertificate(X500Name myname,
long validity) throws CertificateException, InvalidKeyException, SignatureException, NoSuchAlgorithmException, NoSuchProviderException
- Returns a self-signed X.509v3 certificate for the public key.
The certificate is immediately valid. No extensions.
Such certificates normally are used to identify a "Certificate
Authority" (CA). Accordingly, they will not always be accepted by
other parties. However, such certificates are also useful when
you are bootstrapping your security infrastructure, or deploying
system prototypes.
- Parameters:
- myname - X.500 name of the subject (who is also the issuer)
- validity - how long the certificate should be valid, in seconds
- Throws: CertificateException
- on certificate handling errors.
- Throws: InvalidKeyException
- on key handling errors.
- Throws: SignatureException
- on signature handling errors.
- Throws: NoSuchAlgorithmException
- on unrecognized algorithms.
- Throws: NoSuchProviderException
- on unrecognized providers.
getCertRequest
public PKCS10 getCertRequest(X500Name myname) throws InvalidKeyException, SignatureException
- Returns a PKCS #10 certificate request. The caller uses either
PKCS10.print or PKCS10.toByteArray
operations on the result, to get the request in an appropriate
transmission format.
PKCS #10 certificate requests are sent, along with some proof
of identity, to Certificate Authorities (CAs) which then issue
X.509 public key certificates.
- Parameters:
- myname - X.500 name of the subject
- Throws: InvalidKeyException
- on key handling errors.
- Throws: SignatureException
- on signature handling errors.
All Packages Class Hierarchy This Package Previous Next Index