Package com.google.crypto.tink.tinkkey

Class KeyHandle

  • Direct Known Subclasses:
    InternalKeyHandle
    @Immutable
public class KeyHandle
extends java.lang.Object
    Wraps a TinkKey and enforces access to the underlying TinkKey with KeyAccess. Specifically, if the underlying TinkKey has a secret, then one can only get it with a SecretKeyAccess instance.

    Do not use this in new code. Instead, use Key and these facilities.

    • Constructor Detail

      • KeyHandle

        protected KeyHandle​(TinkKey key,
                    KeyHandle.KeyStatusType status,
                    int keyId)
        Constructor intended for Tink internal purposes; allows one to set all the member variables of a KeyHandle.

    • Method Detail

      • createFromKey

        public static KeyHandle createFromKey​(TinkKey key,
                                      KeyAccess access)
                               throws java.security.GeneralSecurityException
        Returns a KeyHandle instance with key as the underlying TinkKey if the caller provides the correct KeyAccess instance.
        Throws:
        java.security.GeneralSecurityException - if access does not grant access to key

      • createFromKey

        public static KeyHandle createFromKey​(com.google.crypto.tink.proto.KeyData keyData,
                                      KeyTemplate.OutputPrefixType opt)
        Returns a KeyHandle instance where the underlying TinkKey wraps the input keyData. The returned KeyHandle has a secret if keyData has key material of type UNKNOWN_KEYMATERIAL, SYMMETRIC, or ASYMMETRIC_PRIVATE.

        Do not use this in new code. Instead, use Key and these facilities.

      • generateNew

        public static KeyHandle generateNew​(KeyTemplate keyTemplate)
                             throws java.security.GeneralSecurityException
        Generates a new KeyHandle that contains a fresh key generated according to keyTemplate.
        Throws:
        java.security.GeneralSecurityException - if the key template's type URL has not been registered with the Registry.

      • hasSecret

        public boolean hasSecret()
        Returns true if the underlying TinkKey has a secret.

      • getId

        public int getId()
        Returns the key ID of this key. The key ID is not guaranteed to be unique among all KeyHandles.

      • getKey

        public TinkKey getKey​(KeyAccess access)
               throws java.security.GeneralSecurityException
        Returns the underlying TinkKey key if access is a SecretKeyAccess and the key has a secret, or if the key does not have a secret, otherwise throws a GeneralSecurityException.
        Throws:
        java.security.GeneralSecurityException

      • getKeyTemplate

        public KeyTemplate getKeyTemplate()
        Returns the KeyTemplate of the underlying TinkKey.
        Throws:
        java.lang.UnsupportedOperationException - if the underlying TinkKey has not implemented getKeyTemplate().