| java.lang.Object sun.security.provider.KeyProtector
KeyProtector | final class KeyProtector (Code) | | This is an implementation of a Sun proprietary, exportable algorithm
intended for use when protecting (or recovering the cleartext version of)
sensitive keys.
This algorithm is not intended as a general purpose cipher.
This is how the algorithm works for key protection:
p - user password
s - random salt
X - xor key
P - to-be-protected key
Y - protected key
R - what gets stored in the keystore
Step 1:
Take the user's password, append a random salt (of fixed size) to it,
and hash it: d1 = digest(p, s)
Store d1 in X.
Step 2:
Take the user's password, append the digest result from the previous step,
and hash it: dn = digest(p, dn-1).
Store dn in X (append it to the previously stored digests).
Repeat this step until the length of X matches the length of the private key
P.
Step 3:
XOR X and P, and store the result in Y: Y = X XOR P.
Step 4:
Store s, Y, and digest(p, P) in the result buffer R:
R = s + Y + digest(p, P), where "+" denotes concatenation.
(NOTE: digest(p, P) is stored in the result buffer, so that when the key is
recovered, we can check if the recovered key indeed matches the original
key.) R is stored in the keystore.
The protected key is recovered as follows:
Step1 and Step2 are the same as above, except that the salt is not randomly
generated, but taken from the result R of step 4 (the first length(s)
bytes).
Step 3 (XOR operation) yields the plaintext key.
Then concatenate the password with the recovered key, and compare with the
last length(digest(p, P)) bytes of R. If they match, the recovered key is
indeed the same key as the original key.
author: Jan Luehe version: 1.23, 10/10/06 See Also: java.security.KeyStore See Also: JavaKeyStore See Also: KeyTool since: JDK1.2 |
Constructor Summary | |
public | KeyProtector(char[] password) Creates an instance of this class, and initializes it with the given
password. |
KeyProtector | public KeyProtector(char[] password) throws NoSuchAlgorithmException(Code) | | Creates an instance of this class, and initializes it with the given
password.
The password is expected to be in printable ASCII.
Normal rules for good password selection apply: at least
seven characters, mixed case, with punctuation encouraged.
Phrases or words which are easily guessed, for example by
being found in dictionaries, are bad.
|
finalize | protected void finalize()(Code) | | Ensures that the password bytes of this key protector are
set to zero when there are no more references to it.
|
|
|