Re: PrivateKey as Input parameter in JCA engine classes, specify

Charlie Lai (charlie@angeles.eng.sun.com)
Thu, 6 Aug 1998 12:15:01 -0800 (PDT)

From: charlie@angeles.eng.sun.com (Charlie Lai)
Message-Id: <199808061915.MAA27451@angeles.eng.sun.com>
Subject: Re: PrivateKey as Input parameter in JCA engine classes, specify
To: peter_bendel@de.ibm.com (Peter Bendel)
Date: Thu, 6 Aug 1998 12:15:01 -0800 (PDT)
In-Reply-To: <5120010013478616000002L162*@MHS> from "Peter Bendel" at Aug 5, 98 06:51:53 am

hi,

> If you intend to use software that exploits signing on a smart card as a
> service provider (e.g. for SignatureSPI) you have no access to the
> private key used for signing (they are stored safely on card).
>
> The private key can thus not be an input parameter of the initSign
> method of this provider.

if you check out the class definition for PrivateKey, it's simply
an interface. in the case of smartcards, the class which implements
this interface would simply hold a reference to the private key.

so the KeyPairGenerator for a smartcard would create the key pair
on the smartcard, and then return a PrivateKey object that only
contains a reference to the private key on the card.

then you can pass this PrivateKey reference thru the Signature APIs.

> A caller of the getInstance() methods can request a specific algorithm
> and (optionally) a specific provider. What is missing from my
> perspectivie is the ability to request a specific key
> strength

we wanted to make sure that the getInstance() methods across all
the classes were consistent. so regardless of whether you're
getting a Signature instance, a MessageDigest instance, a SecureRandom
instance, etc., the common parameters you can provide are an algorithm name
and a provider name.

thanks,
charlie