Class KDFSpi

java.lang.Object
javax.crypto.KDFSpi

public abstract class KDFSpi extends Object
KDFSpi is a preview API of the Java platform.
Programs can only use KDFSpi when preview features are enabled.
Preview features may be removed in a future release, or upgraded to permanent features of the Java platform.
This class defines the Service Provider Interface (SPI) for the KDF class.

All the abstract methods in this class must be implemented by each cryptographic service provider who wishes to supply the implementation of a particular key derivation algorithm.

A KDFSpi implementation must be immutable. The deriveKey and deriveData methods of KDFSpi implementations must be thread-safe. That is, multiple threads may concurrently invoke these methods on a single KDFSpi implementations with no ill effects.

Since:
23
See Also:
  • Constructor Details

  • Method Details

    • engineDeriveKey

      protected abstract SecretKey engineDeriveKey(String alg, KDFParameterSpecPREVIEW kdfParameterSpec) throws InvalidParameterSpecException
      Derives a key, returned as a SecretKey.

      The deriveKey method may be called multiple times on a particular KDF instance.

      Delayed provider selection is also supported such that the provider performing the derive is not selected until the method is called. Once a provider is selected, it cannot be changed.

      Parameters:
      alg - the algorithm of the resultant SecretKey object (may not be null)
      kdfParameterSpec - derivation parameters
      Returns:
      a SecretKey object corresponding to a key built from the KDF output and according to the derivation parameters
      Throws:
      InvalidParameterSpecException - if the information contained within the KDFParameterSpec is invalid or incorrect for the type of key to be derived
      NullPointerException - if alg or kdfParameterSpec is null
    • engineDeriveData

      protected abstract byte[] engineDeriveData(KDFParameterSpecPREVIEW kdfParameterSpec) throws InvalidParameterSpecException
      Obtains raw data from a key derivation function.

      The deriveData method may be called multiple times on a particular KDF instance.

      Delayed provider selection is also supported such that the provider performing the derive is not selected until the method is called. Once a provider is selected, it cannot be changed.

      Parameters:
      kdfParameterSpec - derivation parameters
      Returns:
      a byte array whose length matches the specified length in the processed KDFParameterSpec and containing the output from the key derivation function
      Throws:
      InvalidParameterSpecException - if the information contained within the KDFParameterSpec is invalid or incorrect for the type of key to be derived
      UnsupportedOperationException - if the derived key material is not extractable
      NullPointerException - if kdfParameterSpec is null