Definition
RFC 4120, par. 5.2.9 : "The EncryptionKey type is the means by which cryptographic keys used for encryption are transferred"
Description
The ASN.1 EncryptionKey definition of this structure is :
EncryptionKey ::= SEQUENCE { keytype [0] Int32 -- actually encryption type --, keyvalue [1] OCTET STRING }
Key type values
The keytype filed uses the same values than the one described for the etype filed of the EncryptedData structure :
etype |
Value |
Description |
UNKNOWN |
-1 |
The "unknown" encryption type |
NULL |
0 |
The "null" encryption type |
DES_CBC_CRC |
1 |
The des-cbc-crc encryption type |
DES_CBC_MD4 |
2 |
The des-cbc-md4 encryption type |
DES_CBC_MD5 |
3 |
The des-cbc-md5 encryption type |
RESERVED4 |
4 |
The reserved (4) encryption type |
DES3_CBC_MD5 |
5 |
The des3-cbc-md5 encryption type |
RESERVED6 |
6 |
The reserved (6) encryption type |
DES3_CBC_SHA1 |
7 |
The des3-cbc-sha1 encryption type |
DSAWITHSHA1_CMSOID |
9 |
The dsaWithSHA1-CmsOID encryption type |
MD5WITHRSAENCRYPTION_CMSOID |
10 |
The md5WithRSAEncryption-CmsOID encryption type |
SHA1WITHRSAENCRYPTION_CMSOID |
11 |
The sha1WithRSAEncryption-CmsOID encryption type |
RC2CBC_ENVOID |
12 |
The rc2CBC-EnvOID encryption type |
RSAENCRYPTION_ENVOID |
13 |
The rsaEncryption-EnvOID encryption type |
RSAES_OAEP_ENV_OID |
14 |
The rsaES-OAEP-ENV-OID encryption type |
DES_EDE3_CBC_ENV_OID |
15 |
The des-ede3-cbc-Env-OID encryption type |
DES3_CBC_SHA1_KD |
16 |
The des3-cbc-sha1-kd encryption type |
AES128_CTS_HMAC_SHA1_96 |
17 |
The aes128-cts-hmac-sha1-96 encryption type |
AES256_CTS_HMAC_SHA1_96 |
18 |
The aes256-cts-hmac-sha1-96 encryption type |
RC4_HMAC |
23 |
The rc4-hmac encryption type |
RC4_HMAC_EXP |
24 |
The rc4-hmac-exp encryption type |
SUBKEY_KEYMATERIAL |
65 |
The subkey-keymaterial encryption type |
RC4_MD4 |
-128 |
The rc4-md4 encryption type |
RC4_HMAC_OLD |
-133 |
The c4-hmac-old encryption type |
RC4_HMAC_OLD_EXP |
-135 |
The rc4-hmac-old-exp encryption type |
Current implementation
The current implementation seems to be a copy of the EncryptedData structure, with a keyVersion filed which is not an existing field into the ASN.1 description.
public class EncryptionKey { EncryptionType keyType; byte[] keyValue; int keyVersion; }
Proposed implementation
We will removed the useless keyVersion field, and modify the class to add some setters.
public class EncryptionKey { EncryptionType keyType byte[] keyValue // Constructors EncryptionKey EncryptionKey( EncryptionType keyType, byte[] keyValue ) // Methods EncryptionType getKeyType() void setKeyType( EncryptionType keyType ) byte[] getKeyValue() void setKeyValue( byte[] keyValue ) boolean equals( Object o ) String toString() // Encoding methods int computeLength() ByteBuffer encode( ByteBuffer buffer ) }
The following state diagram expose the ASN.1 DER encoding used to describe a EncryptionKey :