Package com.google.crypto.tink

Class KeysetManager

  • public final class KeysetManager
extends java.lang.Object
    Manages a Keyset proto, with convenience methods that rotate, disable, enable or destroy keys.

    We do not recommend usage of this class. Instead, we recommend you to use a Keyset.Builder which has an improved API (in that it e.g. returns the just added objects, allowing you to manipulate them further).

    Since:
    1.0.0

    • Method Detail

      • getKeysetHandle

        public KeysetHandle getKeysetHandle()
                             throws java.security.GeneralSecurityException
        Returns:
        a KeysetHandle of the managed keyset
        Throws:
        java.security.GeneralSecurityException

      • rotate

        @CanIgnoreReturnValue
public KeysetManager rotate​(com.google.crypto.tink.proto.KeyTemplate keyTemplate)
                     throws java.security.GeneralSecurityException
        Generates and adds a fresh key generated using keyTemplate, and sets the new key as the primary key.
        Throws:
        java.security.GeneralSecurityException - if cannot find any KeyManager that can handle keyTemplate

      • add

        @CanIgnoreReturnValue
public KeysetManager add​(com.google.crypto.tink.proto.KeyTemplate keyTemplate)
                  throws java.security.GeneralSecurityException
        Generates and adds a fresh key generated using keyTemplate.
        Throws:
        java.security.GeneralSecurityException - if cannot find any KeyManager that can handle keyTemplate

      • add

        @CanIgnoreReturnValue
public KeysetManager add​(KeyTemplate keyTemplate)
                  throws java.security.GeneralSecurityException
        Generates and adds a fresh key generated using keyTemplate.
        Throws:
        java.security.GeneralSecurityException - if cannot find any KeyManager that can handle keyTemplate

      • add

        @CanIgnoreReturnValue
@Deprecated
public KeysetManager add​(KeyHandle keyHandle)
                  throws java.security.GeneralSecurityException
        Deprecated.
        We recommend to use the KeysetHandle.Builder API.
        Adds the input KeyHandle to the existing keyset. The KeyStatusType and key ID of the KeyHandle are used as-is in the keyset.
        Throws:
        java.lang.UnsupportedOperationException - if the KeyHandle contains a TinkKey which is not a ProtoKey.
        java.security.GeneralSecurityException - if the KeyHandle's key ID collides with another key ID in the keyset.

      • add

        @CanIgnoreReturnValue
@Deprecated
public KeysetManager add​(KeyHandle keyHandle,
                         KeyAccess access)
                  throws java.security.GeneralSecurityException
        Deprecated.
        We recommend to use the KeysetHandle.Builder API.
        Adds the input KeyHandle to the existing keyset with OutputPrefixType.TINK.
        Throws:
        java.security.GeneralSecurityException - if the given KeyAccess does not grant access to the key contained in the KeyHandle.
        java.lang.UnsupportedOperationException - if the KeyHandle contains a TinkKey which is not a ProtoKey.

      • addNewKey

        @CanIgnoreReturnValue
public int addNewKey​(com.google.crypto.tink.proto.KeyTemplate keyTemplate,
                     boolean asPrimary)
              throws java.security.GeneralSecurityException
        Generates a fresh key using keyTemplate and returns the keyId of it. In case asPrimary is true the generated key will be the new primary.
        Throws:
        java.security.GeneralSecurityException

      • setPrimary

        @CanIgnoreReturnValue
public KeysetManager setPrimary​(int keyId)
                         throws java.security.GeneralSecurityException
        Sets the key with keyId as primary.
        Throws:
        java.security.GeneralSecurityException - if the key is not found or not enabled

      • promote

        @InlineMe(replacement="this.setPrimary(keyId)")
@CanIgnoreReturnValue
public KeysetManager promote​(int keyId)
                      throws java.security.GeneralSecurityException
        Sets the key with keyId as primary.
        Throws:
        java.security.GeneralSecurityException - if the key is not found or not enabled

      • enable

        @CanIgnoreReturnValue
public KeysetManager enable​(int keyId)
                     throws java.security.GeneralSecurityException
        Enables the key with keyId.
        Throws:
        java.security.GeneralSecurityException - if the key is not found

      • disable

        @CanIgnoreReturnValue
public KeysetManager disable​(int keyId)
                      throws java.security.GeneralSecurityException
        Disables the key with keyId.
        Throws:
        java.security.GeneralSecurityException - if the key is not found or it is the primary key

      • delete

        @CanIgnoreReturnValue
public KeysetManager delete​(int keyId)
                     throws java.security.GeneralSecurityException
        Deletes the key with keyId.
        Throws:
        java.security.GeneralSecurityException - if the key is not found or it is the primary key

      • destroy

        @CanIgnoreReturnValue
public KeysetManager destroy​(int keyId)
                      throws java.security.GeneralSecurityException
        Destroys the key material associated with the keyId.
        Throws:
        java.security.GeneralSecurityException - if the key is not found or it is the primary key