Class StatefulKeyManager


public class StatefulKeyManager
extends KeyManager
The StatefulKeyManager manages a stateful key pair or secret pair and the corresponding certificate. To initialize, use the static methods KeyManager.loadKey(StorageParameters storageParameters) or createNewKey(AlgorithmParameters algorithmParameters, StorageParameters storageParameters) of KeyManager.

This KeyManager handles stateful key pairs. Currently the signatures schemes XMSS and XMSSMT are supported. In these schemes the private key is stateful, meaning it has to be updated after every signature to keep the scheme secure. The update process as well as the persistent storage of the key material is taken care of by the KeyManager.

When choosing the parameters to be used for stateful signature schemes, the limited number of signatures that can be created has to be taken into account. This KeyManager will give out a warning when the available signatures will reach their end, so that a new key pair can be created right in time.

Alexander Zeier
  • Method Details

    • createNewKey

      public static KeyManager createNewKey​(AlgorithmParameters algorithmParameters, StorageParameters storageParameters) throws FileAlreadyExistsException, NoSuchAlgorithmException, IllegalArgumentException
    • getPrivateKey

      public PrivateKey getPrivateKey()
      Get the private key managed by the KeyManager. The private key is then updated by the KeyManager and stored at the location specified in storageLocation.
      The private key.
    • updateKeyInAdvance

      public void updateKeyInAdvance​(int numberOfUpdates)
      Updates the stateful private key n times in advance (n being the given numberOfUpdates) and stores it at the specified storage location, reserving the n states between the origin state and the updates state for signing.
      After using this method n signatures can be done without storing the private key again, leading to more efficient signing.

      This method should only be used with caution. The reserved n states will be lost after reloading the key from the storage location (e.g. when the application was restarted).

      Updating the private key in advance to do 3 signatures would look like this:

       StorageParameters storageParameters = ...;
       KeyManager keyManager = KeyManager.loadKeyPair(storageParameters);
       byte[] signature1 = signer.sign(data1);
       byte[] signature2 = signer.sign(data2);
       byte[] signature3 = signer.sign(data3);
      updateKeyInAdvance in class KeyManager
      numberOfUpdates - The number of times the private key is updated in advanced.
      See Also:
      More information about stateful signature schemes.