Class EdDSAUtils

java.lang.Object
org.apache.sshd.common.util.security.eddsa.generic.EdDSAUtils
public final class EdDSAUtils extends Object
Utilities to extract the raw key bytes from ed25519 or ed448 public keys, in a manner that is independent of the actual concrete key implementation classes.

  • Field Details

    • ED25519_LENGTH

      private static final int ED25519_LENGTH
      See Also:

    • ED448_LENGTH

      private static final int ED448_LENGTH
      See Also:

    • ED25519_X509_PREFIX

      private static final byte[] ED25519_X509_PREFIX

    • ED448_X509_PREFIX

      private static final byte[] ED448_X509_PREFIX

    • ED25519_PKCS8_PREFIX

      private static final byte[] ED25519_PKCS8_PREFIX

    • ED448_PKCS8_PREFIX

      private static final byte[] ED448_PKCS8_PREFIX

    • ED25519_OID

      private static final byte[] ED25519_OID

    • ED448_OID

      private static final byte[] ED448_OID

  • Constructor Details

    • EdDSAUtils

      private EdDSAUtils()

  • Method Details

    • arrayEq

      private static boolean arrayEq(byte[] a, byte[] b)

    • startsWith

      private static boolean startsWith(byte[] data, byte[] prefix)

    • getBytes

      public static byte[] getBytes(PublicKey key) throws InvalidKeyException
      Retrieves the raw key bytes from an ed25519 or ed448 PublicKey.
      Parameters:
      key - PublicKey to get the bytes of
      Returns:
      the raw key bytes
      Throws:
      InvalidKeyException - if the key is not an ed25519 or ed448 key, or if it doesn't use X.509 encoding

    • getBytes

      public static byte[] getBytes(PrivateKey key) throws InvalidKeyException
      Retrieves the raw key bytes from an ed25519 or ed448 PrivateKey.
      Parameters:
      key - PrivateKey to get the bytes of
      Returns:
      the raw key bytes
      Throws:
      InvalidKeyException - if the key is not an ed25519 or ed448 key, or if it doesn't use PKCS#8 encoding

    • asn1Parse

      private static byte[] asn1Parse(byte[] encoded) throws InvalidKeyException
      Extracts the private key bytes from an encoded EdDSA private key by parsing the bytes as ASN.1 according to RFC 5958 (PKCS #8 encoding): 
      OneAsymmetricKey ::= SEQUENCE {
  version Version,
  privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
  privateKey PrivateKey,
  ...
}

Version ::= INTEGER
PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
PrivateKey ::= OCTET STRING

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

      and RFC 8410: "... when encoding a OneAsymmetricKey object, the private key is wrapped in a CurvePrivateKey object and wrapped by the OCTET STRING of the 'privateKey' field." 

      CurvePrivateKey ::= OCTET STRING
      Parameters:
      encoded - encoded private key to extract the private key bytes from
      Returns:
      the extracted private key bytes
      Throws:
      InvalidKeyException - if the private key cannot be extracted
      See Also:

    • createPublicKeySpec

      public static KeySpec createPublicKeySpec(byte[] keyData) throws InvalidKeyException
      Creates a KeySpec for re-creating an ed25519 or ed448 public key from the raw key bytes.
      Parameters:
      keyData - the raw key bytes
      Returns:
      the KeySpec
      Throws:
      InvalidKeyException - if the key bytes do not have the appropriate length for an ed25519 or ed448 key

    • createPrivateKeySpec

      public static KeySpec createPrivateKeySpec(byte[] keyData) throws InvalidKeyException
      Creates a KeySpec for re-creating an ed25519 or ed448 public key from the raw key bytes.
      Parameters:
      keyData - the raw key bytes
      Returns:
      the KeySpec
      Throws:
      InvalidKeyException - if the key bytes do not have the appropriate length for an ed25519 or ed448 key