Package com.google.crypto.tink

Class Key

  • Direct Known Subclasses:
    AeadKey, DeterministicAeadKey, HybridPrivateKey, HybridPublicKey, JwtMacKey, JwtSignaturePrivateKey, JwtSignaturePublicKey, KeyDerivationKey, LegacyProtoKey, MacKey, PrfKey, SignaturePrivateKey, SignaturePublicKey, StreamingAeadKey
    @Immutable
public abstract class Key
extends java.lang.Object
    Represents a cryptographic object.

    In Tink, Key objects are objects which represent some cryptographic functions. For example, a MacKey represents the two functions computeMac and verifyMac. The function computeMac maps a byte sequence (possibly with additional randomness) to another byte sequence, called the tag. The function verifyMac verifies the tag. A subclass HmacKey then contains all the information one needs to properly compute an HMAC (including e.g. the hash function and tag length used).

    Key objects are light weight, i.e., they should have almost no dependencies, except what is needed to represent the function. This allows key objects to be used in contexts where dependencies need to be kept at a minimum.

    • Constructor Summary

      Constructors 
      Constructor Description
      Key()  

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      abstract boolean equalsKey​(Key other)
      Returns true if the key is guaranteed to be equal to other.
      abstract java.lang.Integer getIdRequirementOrNull()
      Returns null if this key has no id requirement, otherwise the required id.
      abstract Parameters getParameters()
      Returns a Parameters object containing all the information about the key which is not randomly chosen.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • Key

        public Key()

    • Method Detail

      • getParameters

        public abstract Parameters getParameters()
        Returns a Parameters object containing all the information about the key which is not randomly chosen.

        Implementations need to ensure that getParameters().hasIdRequirement() returns true if and only if getIdRequirementOrNull is non-null.

      • getIdRequirementOrNull

        @Nullable
public abstract java.lang.Integer getIdRequirementOrNull()
        Returns null if this key has no id requirement, otherwise the required id.

        Some keys, when they are in a keyset, are required to have a certain ID to work properly. This comes from the fact that Tink in some cases prefixes ciphertexts or signatures with the string 0x01<id>, where the ID is encoded in big endian (see the documentation of the key type for details), in which case the key requires a certain ID.

      • equalsKey

        public abstract boolean equalsKey​(Key other)
        Returns true if the key is guaranteed to be equal to other.

        Implementations are required to do this in constant time.

        Note: this is allowed to return false even if two keys are guaranteed to represent the same function, but are represented differently. For example, a key is allowed to internally store the number of zero-bytes used as padding when a large number is represented as a byte array, and use this in the comparison.

        Note: Tink Key objects should typically not override hashCode (because it could risk leaking key material). Hence, they typically also should not override equals.