Package com.yahoo.security

Class KeyUtils

java.lang.Object
com.yahoo.security.KeyUtils
public class KeyUtils extends Object
Author:
bjorncs

  • Method Details

    • generateKeypair

      public static KeyPair generateKeypair(KeyAlgorithm algorithm, int keySize)

    • generateKeypair

      public static KeyPair generateKeypair(KeyAlgorithm algorithm)

    • extractPublicKey

      public static PublicKey extractPublicKey(PrivateKey privateKey)

    • toKeyPair

      public static KeyPair toKeyPair(PrivateKey privateKey)

    • keyPairFromPemEncodedPrivateKey

      public static KeyPair keyPairFromPemEncodedPrivateKey(String pem)

    • fromPemEncodedPrivateKey

      public static PrivateKey fromPemEncodedPrivateKey(String pem)

    • fromPemEncodedPublicKey

      public static PublicKey fromPemEncodedPublicKey(String pem)

    • toPem

      public static String toPem(PrivateKey privateKey)

    • toPem

      public static String toPem(PrivateKey privateKey, KeyFormat format)

    • toPem

      public static String toPem(PublicKey publicKey)

    • fromRawX25519PublicKey

      public static XECPublicKey fromRawX25519PublicKey(byte[] rawKeyBytes)

    • toRawX25519PublicKeyBytes

      public static byte[] toRawX25519PublicKeyBytes(XECPublicKey publicKey)
      Returns the bytes representing the BigInteger of the X25519 public key EC point U coordinate

    • fromBase64EncodedX25519PublicKey

      public static XECPublicKey fromBase64EncodedX25519PublicKey(String base64pk)

    • toBase64EncodedX25519PublicKey

      public static String toBase64EncodedX25519PublicKey(XECPublicKey publicKey)

    • fromBase58EncodedX25519PublicKey

      public static XECPublicKey fromBase58EncodedX25519PublicKey(String base58pk)

    • toBase58EncodedX25519PublicKey

      public static String toBase58EncodedX25519PublicKey(XECPublicKey publicKey)

    • fromRawX25519PrivateKey

      public static XECPrivateKey fromRawX25519PrivateKey(byte[] rawScalarBytes)

    • toRawX25519PrivateKeyBytes

      public static byte[] toRawX25519PrivateKeyBytes(XECPrivateKey privateKey)

    • fromBase64EncodedX25519PrivateKey

      public static XECPrivateKey fromBase64EncodedX25519PrivateKey(String base64pk)

    • toBase64EncodedX25519PrivateKey

      public static String toBase64EncodedX25519PrivateKey(XECPrivateKey privateKey)

    • fromBase58EncodedX25519PrivateKey

      public static XECPrivateKey fromBase58EncodedX25519PrivateKey(String base58pk)

    • toBase58EncodedX25519PrivateKey

      public static String toBase58EncodedX25519PrivateKey(XECPrivateKey privateKey)

    • generateX25519KeyPair

      public static KeyPair generateX25519KeyPair()

    • extractX25519PublicKey

      public static XECPublicKey extractX25519PublicKey(XECPrivateKey privateKey)

    • ecdh

      public static byte[] ecdh(XECPrivateKey privateKey, XECPublicKey publicKey)
      Computes a shared secret using the Elliptic Curve Diffie-Hellman (ECDH) protocol for X25519 curves.

      Let Bob have private (secret) key skB and public key pkB. Let Alice have private key skA and public key pkA. ECDH lets both parties separately compute their own side of: 

         ecdh(skB, pkA) == ecdh(skA, pkB)

      This arrives at the same shared secret without needing to know the secret key of the other party, but both parties must know their own secret to derive the correct shared secret. Third party Eve sneaking around in the bushes cannot compute the shared secret without knowing at least one of the secrets.

      Performs RFC 7748-recommended (and RFC 9180-mandated) check for "non-contributory" private keys by checking if the resulting shared secret comprises all zero bytes.

      Parameters:
      privateKey - X25519 private key
      publicKey - X25519 public key
      Returns:
      shared Diffie-Hellman secret. Security note: this value should never be used directly as a key; use a key derivation function (KDF).
      See Also: