SessionKeys

java.lang.Object
- edu.umass.cs.utils.SessionKeys

```
public class SessionKeys
extends java.lang.Object
```
Author:

arun A utility class to generate and maintain symmetric session keys. It allows a client or a server to maintain one or more session secret keys corresponding to a public key so as to use symmetric key encryption instead of public key encryption.
An important assumption is that rhe two endpoints already have an SSL connection, so a man-in-the-middle can not decipher any data exchanged. If this is not true, this utility class is not useful.
A secret key can only be proposed by the possessor of the private key corresponding to the public key that is being substituted.
Multiple secret keys corresponding to the same public key can get generated over time, e.g., different (multi-homed) clients all using the same public key may simultaneously maintain sessions with the same server. We will refer to the owner of the public/private key pair the "client". Generally, a client will propose a secret key by issuing a self-signed certificate. A server may also at any time respond with a certificate for the same key-pair that it may have obtained from elsewhere, e.g., from another avatar of the client. If a server or client receives a message signed by a secret key it doesn't have, it can ask the other end for the corresponding certificate. All methods and state here is static as the symmetric keys correspond only to public keys, so they can be reused even within "virtual" nodes within a JVM.

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`static class`	`SessionKeys.Events` Events associated with secret session keys.
`protected static class`	`SessionKeys.SecretKeyAndCertificate`
`static class`	`SessionKeys.SecretKeyCertificate` A secret key certificate consists of a [secretKey, timestamp] 2-tuple signed by the corresponding public key, and all three of these together form the certificate.

Field Summary

Fields
Modifier and Type	Field and Description
`protected static java.lang.String`	`keyPairAlgorithm`
`protected static java.lang.String`	`pkPair` Implementations on some devices require us to completely specify the transformation in the form of "ALGORITHM/MODE/PADDING" since the mode and padding defaults are not necessarily same across providers.

Constructor Summary

Constructors
Constructor and Description

SessionKeys()

Constructors
Constructor and Description
`SessionKeys()`

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static long`	`getEncryptedSecretKeyTimestamp(byte[] encoded)`
`static javax.crypto.SecretKey`	`getOrGenerateSecretKey(java.security.PublicKey publicKey, java.security.PrivateKey privateKey)`
`static javax.crypto.SecretKey`	`getSecretKey(java.security.PublicKey publicKey)`
`static javax.crypto.SecretKey`	`getSecretKey(java.security.PublicKey publicKey, java.lang.Long secretKeyID)`
`static SessionKeys.SecretKeyCertificate`	`getSecretKeyCertificate(java.security.PublicKey publicKey)`
`static javax.crypto.SecretKey`	`getSecretKeyFromCertificate(byte[] encodedSecretKeyCertificate)`
`static javax.crypto.SecretKey`	`getSecretKeyFromCertificate(byte[] encodedSecretKeyCertificate, java.security.PublicKey publicKey)`
`static void`	`main(java.lang.String[] args)`
`static void`	`putSecretKey(javax.crypto.SecretKey secretKey, SessionKeys.SecretKeyCertificate skCert)`
`static void`	`setClient()` Sets maximum number of secret keys per public key to 1.
`static void`	`setMaxPublicKeys(int n)`
`static void`	`setMaxSecretKeys(int n)` Maximum number of secret keys per public key.
`static void`	`setSecretKeyLifetime(long lifetime)`
`static boolean`	`shouldSendSecretKey(SessionKeys.SecretKeyAndCertificate skc)`
`static javax.crypto.SecretKey`	`verify(SessionKeys.SecretKeyCertificate skCert)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- pkPair
```
protected static final java.lang.String pkPair
```
  Implementations on some devices require us to completely specify the transformation in the form of "ALGORITHM/MODE/PADDING" since the mode and padding defaults are not necessarily same across providers.
  
  See Also:
  
  Constant Field Values
- keyPairAlgorithm
```
protected static final java.lang.String keyPairAlgorithm
```
  See Also:
  
  Constant Field Values

Constructor Detail
- SessionKeys
```
public SessionKeys()
```

Method Detail

getSecretKeyFromCertificate

public static javax.crypto.SecretKey getSecretKeyFromCertificate(byte[] encodedSecretKeyCertificate)
                                                          throws java.security.spec.InvalidKeySpecException,
                                                                 java.security.NoSuchAlgorithmException,
                                                                 java.security.InvalidKeyException,
                                                                 javax.crypto.NoSuchPaddingException,
                                                                 javax.crypto.IllegalBlockSizeException,
                                                                 javax.crypto.BadPaddingException

Parameters:: encodedSecretKeyCertificate -
Returns:: Secret key decoded from encodedSecretKeyCertificate.
Throws:: java.security.spec.InvalidKeySpecException; java.security.NoSuchAlgorithmException; javax.crypto.BadPaddingException; javax.crypto.IllegalBlockSizeException; javax.crypto.NoSuchPaddingException; java.security.InvalidKeyException

getSecretKeyFromCertificate

public static javax.crypto.SecretKey getSecretKeyFromCertificate(byte[] encodedSecretKeyCertificate,
                                                                 java.security.PublicKey publicKey)
                                                          throws java.security.spec.InvalidKeySpecException,
                                                                 java.security.NoSuchAlgorithmException,
                                                                 javax.crypto.NoSuchPaddingException,
                                                                 java.security.InvalidKeyException,
                                                                 javax.crypto.IllegalBlockSizeException,
                                                                 javax.crypto.BadPaddingException

Parameters:: encodedSecretKeyCertificate -; publicKey -
Returns:: Secret key decoded from encodedSecretKeyCertificate.
Throws:: java.security.spec.InvalidKeySpecException; java.security.NoSuchAlgorithmException; javax.crypto.NoSuchPaddingException; java.security.InvalidKeyException; javax.crypto.BadPaddingException; javax.crypto.IllegalBlockSizeException

getEncryptedSecretKeyTimestamp
```
public static long getEncryptedSecretKeyTimestamp(byte[] encoded)
```
Parameters:

encoded -

Returns:

Encrypted secret key timestamp.

setMaxPublicKeys

public static void setMaxPublicKeys(int n)

Parameters:: n -

setMaxSecretKeys
```
public static void setMaxSecretKeys(int n)
```
Maximum number of secret keys per public key. Clients should set this to 1 as they should have at most secret key per public key at any time.

Parameters:

n -

setClient
```
public static void setClient()
```
Sets maximum number of secret keys per public key to 1.

setSecretKeyLifetime

public static void setSecretKeyLifetime(long lifetime)

Parameters:: lifetime -

getSecretKey

public static javax.crypto.SecretKey getSecretKey(java.security.PublicKey publicKey,
                                                  java.lang.Long secretKeyID)

Parameters:: publicKey -; secretKeyID -
Returns:: Stored secret key if any, else null.

getSecretKey

public static javax.crypto.SecretKey getSecretKey(java.security.PublicKey publicKey)

Parameters:: publicKey -
Returns:: SecretKey corresponding to publicKey.

getOrGenerateSecretKey

public static javax.crypto.SecretKey getOrGenerateSecretKey(java.security.PublicKey publicKey,
                                                            java.security.PrivateKey privateKey)
                                                     throws java.security.InvalidKeyException,
                                                            java.security.NoSuchAlgorithmException,
                                                            java.security.SignatureException,
                                                            java.io.UnsupportedEncodingException,
                                                            javax.crypto.IllegalBlockSizeException,
                                                            javax.crypto.BadPaddingException,
                                                            javax.crypto.NoSuchPaddingException

Parameters:: publicKey -; privateKey -
Returns:: Secret key, possibly generated on demand.
Throws:: java.security.InvalidKeyException; java.security.NoSuchAlgorithmException; java.security.SignatureException; java.io.UnsupportedEncodingException; javax.crypto.NoSuchPaddingException; javax.crypto.BadPaddingException; javax.crypto.IllegalBlockSizeException

putSecretKey

public static void putSecretKey(javax.crypto.SecretKey secretKey,
                                SessionKeys.SecretKeyCertificate skCert)

Parameters:: secretKey -; skCert -

shouldSendSecretKey
```
public static boolean shouldSendSecretKey(SessionKeys.SecretKeyAndCertificate skc)
```
Parameters:

skc -

Returns:

True if the secret key certificate should be sent to the remote endpoint along with the secret-key-signed message.

verify

public static javax.crypto.SecretKey verify(SessionKeys.SecretKeyCertificate skCert)
                                     throws java.security.SignatureException,
                                            java.security.NoSuchAlgorithmException,
                                            javax.crypto.IllegalBlockSizeException,
                                            javax.crypto.BadPaddingException,
                                            javax.crypto.NoSuchPaddingException,
                                            java.security.InvalidKeyException

Parameters:: skCert -
Returns:: Decrypts and returns the secret key contained in the supplied secret key certificate.
Throws:: java.security.SignatureException; java.security.NoSuchAlgorithmException; javax.crypto.IllegalBlockSizeException; javax.crypto.BadPaddingException; javax.crypto.NoSuchPaddingException; java.security.InvalidKeyException

getSecretKeyCertificate
```
public static SessionKeys.SecretKeyCertificate getSecretKeyCertificate(java.security.PublicKey publicKey)
```
Parameters:

publicKey -

Returns:

SecretKeyCertificate corresponding to publicKey. This method will return the most recent if multiple certificates exist.

main

public static void main(java.lang.String[] args)

Parameters:: args -

Class SessionKeys

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

pkPair

keyPairAlgorithm

Constructor Detail

SessionKeys

Method Detail

getSecretKeyFromCertificate

getSecretKeyFromCertificate

getEncryptedSecretKeyTimestamp

setMaxPublicKeys

setMaxSecretKeys

setClient

setSecretKeyLifetime

getSecretKey

getSecretKey

getOrGenerateSecretKey

putSecretKey

shouldSendSecretKey

verify

getSecretKeyCertificate

main