public class StatefulKeyManager extends KeyManager
createNewKey(AlgorithmParameters algorithmParameters, StorageParameters storageParameters)of
This KeyManager handles stateful key pairs. Currently the signatures schemes XMSS and XMSSMT are supported. In these schemes the private key is stateful, meaning it has to be updated after every signature to keep the scheme secure. The update process as well as the persistent storage of the key material is taken care of by the KeyManager.
When choosing the parameters to be used for stateful signature schemes, the limited number of signatures that can be created has to be taken into account. This KeyManager will give out a warning when the available signatures will reach their end, so that a new key pair can be created right in time.
- Alexander Zeier
Modifier and Type Method Description
AlgorithmParameters algorithmParameters, StorageParameters storageParameters)(
()Get the private key managed by the KeyManager.
(int numberOfUpdates)Updates the stateful private key n times in advance (n being the given numberOfUpdates) and stores it at the specified storage location, reserving the n states between the origin state and the updates state for signing.
Methods inherited from class de.hda.fbi.ucs.eucrite.KeyManager
castToStatefulKeyManager, createSelfSignedCertificate, getAlgorithm, getCertificate, getPublicKey, getSecretKey, loadKey
createNewKeypublic static KeyManager createNewKey(AlgorithmParameters algorithmParameters, StorageParameters storageParameters) throws FileAlreadyExistsException, NoSuchAlgorithmException, IllegalArgumentException
getPrivateKeypublic PrivateKey getPrivateKey()Get the private key managed by the KeyManager. The private key is then updated by the KeyManager and stored at the location specified in storageLocation.
- The private key.
updateKeyInAdvancepublic void updateKeyInAdvance(int numberOfUpdates)Updates the stateful private key n times in advance (n being the given numberOfUpdates) and stores it at the specified storage location, reserving the n states between the origin state and the updates state for signing.
After using this method n signatures can be done without storing the private key again, leading to more efficient signing.
This method should only be used with caution. The reserved n states will be lost after reloading the key from the storage location (e.g. when the application was restarted).
Updating the private key in advance to do 3 signatures would look like this:
... StorageParameters storageParameters = ...; KeyManager keyManager = KeyManager.loadKeyPair(storageParameters); keyManager.castToStatefulKeyManager().updateKeyInAdvance(3); byte signature1 = signer.sign(data1); byte signature2 = signer.sign(data2); byte signature3 = signer.sign(data3);
numberOfUpdates- The number of times the private key is updated in advanced.
- See Also:
More information about stateful signature schemes.