multipaz/org.multipaz.crypto/AsymmetricKey

AsymmetricKey

sealed class AsymmetricKey

Private key that can be used to sign messages or used for key agreement, optionally with some kind of identification.

A private key can either be a software key EcPrivateKey or reside in a SecureArea. Keys can either be anonymous or identified either by a certificate chain or using a key id. When reading a key from settings, all six possible variants are potentially useful, yet it makes very little difference for the rest of the code which variant is actually used. AsymmetricKey class encapsulates these variants so the code can be written in more generic way.

Although strictly speaking not a signing operation, AsymmetricKey can also be used for key exchange operation, provided it was created with that capability.

Inheritors

Types

Link copied to clipboard
sealed class Anonymous : AsymmetricKey.X509Compatible

Key without identification, typically used when it is clear from the context which key must be employed.

Link copied to clipboard
data class AnonymousExplicit(val privateKey: EcPrivateKey, val algorithm: Algorithm = privateKey.curve.defaultSigningAlgorithmFullySpecified) : AsymmetricKey.Anonymous, AsymmetricKey.Explicit

AsymmetricKey which is both AsymmetricKey.Anonymous and AsymmetricKey.Explicit.

Link copied to clipboard
class AnonymousSecureAreaBased(val alias: String, val secureArea: SecureArea, val keyInfo: KeyInfo, val unlockReason: UnlockReason = UnlockReason.Unspecified, val algorithm: Algorithm = keyInfo.algorithm) : AsymmetricKey.Anonymous, AsymmetricKey.SecureAreaBased

AsymmetricKey which is both AsymmetricKey.Anonymous and AsymmetricKey.SecureAreaBased.

Link copied to clipboard
object Companion
Link copied to clipboard
interface Explicit

Implemented by AsymmetricKey where the private key is explicitly given.

Link copied to clipboard
sealed class Named : AsymmetricKey

Key identified by a key id which is somehow known to other parties.

Link copied to clipboard
data class NamedExplicit(val keyId: String, val privateKey: EcPrivateKey, val algorithm: Algorithm = privateKey.curve.defaultSigningAlgorithmFullySpecified) : AsymmetricKey.Named, AsymmetricKey.Explicit

AsymmetricKey which is both AsymmetricKey.Named and AsymmetricKey.Explicit.

Link copied to clipboard
data class NamedSecureAreaBased(val keyId: String, val alias: String, val secureArea: SecureArea, val keyInfo: KeyInfo, val unlockReason: UnlockReason = UnlockReason.Unspecified, val algorithm: Algorithm = keyInfo.algorithm) : AsymmetricKey.Named, AsymmetricKey.SecureAreaBased

AsymmetricKey which is both AsymmetricKey.Named and AsymmetricKey.SecureAreaBased.

Link copied to clipboard
interface SecureAreaBased

Implemented by AsymmetricKey where the private key resides in SecureArea

Link copied to clipboard
sealed class X509Certified : AsymmetricKey.X509Compatible

A key which is identified by a X509 certificate chain.

Link copied to clipboard
data class X509CertifiedExplicit(val certChain: X509CertChain, val privateKey: EcPrivateKey, val algorithm: Algorithm = privateKey.curve.defaultSigningAlgorithmFullySpecified) : AsymmetricKey.X509Certified, AsymmetricKey.Explicit

AsymmetricKey which is both AsymmetricKey.X509Certified and AsymmetricKey.Explicit.

Link copied to clipboard
data class X509CertifiedSecureAreaBased(val certChain: X509CertChain, val alias: String, val secureArea: SecureArea, val keyInfo: KeyInfo, val unlockReason: UnlockReason = UnlockReason.Unspecified, val algorithm: Algorithm = keyInfo.algorithm) : AsymmetricKey.X509Certified, AsymmetricKey.SecureAreaBased

AsymmetricKey which is both AsymmetricKey.X509Certified and AsymmetricKey.SecureAreaBased.

Link copied to clipboard
sealed class X509Compatible : AsymmetricKey

Keys that are (potentially) compatible with X509-certificate-based workflows.

Properties

Link copied to clipboard
abstract val algorithm: Algorithm

Signature algorithm

Link copied to clipboard
abstract val publicKey: EcPublicKey

Public key that corresponds to the private key used for signing

Link copied to clipboard
abstract val subject: String

Entity to which the key belongs; key id for named key, common name for the keys with the certificate chain.

Functions

Link copied to clipboard
abstract suspend fun keyAgreement(otherKey: EcPublicKey): ByteArray

Performs Key Agreement using this key and otherKey.

Link copied to clipboard
abstract suspend fun sign(message: ByteArray): EcSignature

Signs message with this key.