Package com.yahoo.security

Class SharedKeyGenerator

java.lang.Object

com.yahoo.security.SharedKeyGenerator

public class SharedKeyGenerator
extends Object

Implements both the sender and receiver sides of a secure, anonymous one-way key generation and exchange protocol implemented using HPKE; a hybrid crypto scheme built around elliptic curves. A shared key, once generated, may have its sealed component sent over a public channel without revealing anything about the underlying secret key. Only a recipient holding the private key corresponding to the public used for shared key creation may derive the same secret key as the sender. Every generated key is globally unique (with extremely high probability). The secret key is intended to be used only once. It MUST NOT be used to produce more than a single ciphertext. Using the secret key to produce multiple ciphertexts completely breaks the security model due to using a fixed Initialization Vector (IV).

Constructor Summary

Constructors

Constructor	Description
SharedKeyGenerator()

Method Summary

Modifier and Type	Method	Description
static SecretSharedKey	fromSealedKey(SealedSharedKey sealedKey, PrivateKey receiverPrivateKey)
static SecretSharedKey	generateForReceiverPublicKey(PublicKey receiverPublicKey, KeyId keyId)
static SecretSharedKey	reseal(SecretSharedKey secret, PublicKey receiverPublicKey, KeyId keyId)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SharedKeyGenerator

public SharedKeyGenerator()

Method Details

generateForReceiverPublicKey

public static SecretSharedKey generateForReceiverPublicKey(PublicKey receiverPublicKey,
 KeyId keyId)

fromSealedKey

public static SecretSharedKey fromSealedKey(SealedSharedKey sealedKey,
 PrivateKey receiverPrivateKey)

reseal

public static SecretSharedKey reseal(SecretSharedKey secret,
 PublicKey receiverPublicKey,
 KeyId keyId)