Package org.apache.sshd.common.util.security.eddsa.generic

Class EdDSAUtils

  • public final class EdDSAUtils
extends java.lang.Object
    Utilities to extract the raw key bytes from ed25519 or ed448 public keys, in a manner that is independent of the actual concrete key implementation classes.

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private EdDSAUtils()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      private static boolean arrayEq​(byte[] a, byte[] b)  
      private static byte[] asn1Parse​(byte[] encoded)
      Extracts the private key bytes from an encoded EdDSA private key by parsing the bytes as ASN.1 according to RFC 5958 (PKCS #8 encoding):
      static java.security.spec.KeySpec createPrivateKeySpec​(byte[] keyData)
      Creates a KeySpec for re-creating an ed25519 or ed448 public key from the raw key bytes.
      static java.security.spec.KeySpec createPublicKeySpec​(byte[] keyData)
      Creates a KeySpec for re-creating an ed25519 or ed448 public key from the raw key bytes.
      static byte[] getBytes​(java.security.PrivateKey key)
      Retrieves the raw key bytes from an ed25519 or ed448 PrivateKey.
      static byte[] getBytes​(java.security.PublicKey key)
      Retrieves the raw key bytes from an ed25519 or ed448 PublicKey.
      private static boolean startsWith​(byte[] data, byte[] prefix)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • ED25519_X509_PREFIX

        private static final byte[] ED25519_X509_PREFIX

      • ED448_X509_PREFIX

        private static final byte[] ED448_X509_PREFIX

      • ED25519_PKCS8_PREFIX

        private static final byte[] ED25519_PKCS8_PREFIX

      • ED448_PKCS8_PREFIX

        private static final byte[] ED448_PKCS8_PREFIX

      • ED25519_OID

        private static final byte[] ED25519_OID

      • ED448_OID

        private static final byte[] ED448_OID

    • Constructor Detail

      • EdDSAUtils

        private EdDSAUtils()

    • Method Detail

      • arrayEq

        private static boolean arrayEq​(byte[] a,
                               byte[] b)

      • startsWith

        private static boolean startsWith​(byte[] data,
                                  byte[] prefix)

      • getBytes

        public static byte[] getBytes​(java.security.PublicKey key)
                       throws java.security.InvalidKeyException
        Retrieves the raw key bytes from an ed25519 or ed448 PublicKey.
        Parameters:
        key - PublicKey to get the bytes of
        Returns:
        the raw key bytes
        Throws:
        java.security.InvalidKeyException - if the key is not an ed25519 or ed448 key, or if it doesn't use X.509 encoding

      • getBytes

        public static byte[] getBytes​(java.security.PrivateKey key)
                       throws java.security.InvalidKeyException
        Retrieves the raw key bytes from an ed25519 or ed448 PrivateKey.
        Parameters:
        key - PrivateKey to get the bytes of
        Returns:
        the raw key bytes
        Throws:
        java.security.InvalidKeyException - if the key is not an ed25519 or ed448 key, or if it doesn't use PKCS#8 encoding

      • asn1Parse

        private static byte[] asn1Parse​(byte[] encoded)
                         throws java.security.InvalidKeyException
        Extracts the private key bytes from an encoded EdDSA private key by parsing the bytes as ASN.1 according to RFC 5958 (PKCS #8 encoding): 
         OneAsymmetricKey ::= SEQUENCE {
   version Version,
   privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
   privateKey PrivateKey,
   ...
 }

 Version ::= INTEGER
 PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
 PrivateKey ::= OCTET STRING

 AlgorithmIdentifier  ::=  SEQUENCE  {
   algorithm   OBJECT IDENTIFIER,
   parameters  ANY DEFINED BY algorithm OPTIONAL
 }

        and RFC 8410: "... when encoding a OneAsymmetricKey object, the private key is wrapped in a CurvePrivateKey object and wrapped by the OCTET STRING of the 'privateKey' field." 

         CurvePrivateKey ::= OCTET STRING
        Parameters:
        encoded - encoded private key to extract the private key bytes from
        Returns:
        the extracted private key bytes
        Throws:
        java.security.InvalidKeyException - if the private key cannot be extracted
        See Also:
        RFC 5958, RFC 8410

      • createPublicKeySpec

        public static java.security.spec.KeySpec createPublicKeySpec​(byte[] keyData)
                                                      throws java.security.InvalidKeyException
        Creates a KeySpec for re-creating an ed25519 or ed448 public key from the raw key bytes.
        Parameters:
        keyData - the raw key bytes
        Returns:
        the KeySpec
        Throws:
        java.security.InvalidKeyException - if the key bytes do not have the appropriate length for an ed25519 or ed448 key

      • createPrivateKeySpec

        public static java.security.spec.KeySpec createPrivateKeySpec​(byte[] keyData)
                                                       throws java.security.InvalidKeyException
        Creates a KeySpec for re-creating an ed25519 or ed448 public key from the raw key bytes.
        Parameters:
        keyData - the raw key bytes
        Returns:
        the KeySpec
        Throws:
        java.security.InvalidKeyException - if the key bytes do not have the appropriate length for an ed25519 or ed448 key