Definition

RFC 4120, par. 5.2.9 : "The EncryptionKey type is the means by which cryptographic keys used for encryption are transferred"

Description

The ASN.1 EncryptionKey definition of this structure is :

   EncryptionKey   ::= SEQUENCE {
           keytype         [0] Int32 -- actually encryption type --,
           keyvalue        [1] OCTET STRING
   }

Key type values

The keytype filed uses the same values than the one described for the etype filed of the EncryptedData structure :

etype

Value

Description

UNKNOWN

-1

The "unknown" encryption type

NULL

0

The "null" encryption type

DES_CBC_CRC

1

The des-cbc-crc encryption type

DES_CBC_MD4

2

The des-cbc-md4 encryption type

DES_CBC_MD5

3

The des-cbc-md5 encryption type

RESERVED4

4

The reserved (4) encryption type

DES3_CBC_MD5

5

The des3-cbc-md5 encryption type

RESERVED6

6

The reserved (6) encryption type

DES3_CBC_SHA1

7

The des3-cbc-sha1 encryption type

DSAWITHSHA1_CMSOID

9

The dsaWithSHA1-CmsOID encryption type

MD5WITHRSAENCRYPTION_CMSOID

10

The md5WithRSAEncryption-CmsOID encryption type

SHA1WITHRSAENCRYPTION_CMSOID

11

The sha1WithRSAEncryption-CmsOID encryption type

RC2CBC_ENVOID

12

The rc2CBC-EnvOID encryption type

RSAENCRYPTION_ENVOID

13

The rsaEncryption-EnvOID encryption type

RSAES_OAEP_ENV_OID

14

The rsaES-OAEP-ENV-OID encryption type

DES_EDE3_CBC_ENV_OID

15

The des-ede3-cbc-Env-OID encryption type

DES3_CBC_SHA1_KD

16

The des3-cbc-sha1-kd encryption type

AES128_CTS_HMAC_SHA1_96

17

The aes128-cts-hmac-sha1-96 encryption type

AES256_CTS_HMAC_SHA1_96

18

The aes256-cts-hmac-sha1-96 encryption type

RC4_HMAC

23

The rc4-hmac encryption type

RC4_HMAC_EXP

24

The rc4-hmac-exp encryption type

SUBKEY_KEYMATERIAL

65

The subkey-keymaterial encryption type

RC4_MD4

-128

The rc4-md4 encryption type

RC4_HMAC_OLD

-133

The c4-hmac-old encryption type

RC4_HMAC_OLD_EXP

-135

The rc4-hmac-old-exp encryption type

Current implementation

The current implementation seems to be a copy of the EncryptedData structure, with a keyVersion filed which is not an existing field into the ASN.1 description.

public class EncryptionKey
{
    EncryptionType keyType;
    byte[] keyValue;
    int keyVersion;
}

Proposed implementation

We will removed the useless keyVersion field, and modify the class to add some setters.

public class EncryptionKey
{
    EncryptionType keyType
    byte[] keyValue

    // Constructors
    EncryptionKey
    EncryptionKey( EncryptionType keyType, byte[] keyValue )

    // Methods
    EncryptionType getKeyType()
    void setKeyType( EncryptionType keyType )
    byte[] getKeyValue()
    void setKeyValue( byte[] keyValue )
    boolean equals( Object o )
    String toString()

    // Encoding methods
    int computeLength()
    ByteBuffer encode( ByteBuffer buffer )
}

The following state diagram expose the ASN.1 DER encoding used to describe a EncryptionKey :

  • No labels