Uses of Class org.forgerock.secrets.keys.CryptoKey (OpenAM Server Only 7.2.2 Documentation)

Packages that use CryptoKey
Package	Description
org.forgerock.json.jose.jwe	Classes and interfaces for JWT encryption and JWEs.
org.forgerock.json.jose.jwk	Classes and interfaces for creating and manipulating JWKs.
org.forgerock.json.jose.jws	Classes and interfaces for JWT signing and JWS'.
org.forgerock.json.jose.tokenhandler	JWT implementation(s) of `TokenHandler`.
org.forgerock.json.jose.utils	Utility classes for JWT creation and manipulation.
org.forgerock.openam.secrets	The AM supporting classes for centrally configuring secrets.
org.forgerock.secrets	Provides a unified API for accessing secrets of various kinds.
org.forgerock.secrets.gcpkms	A secret store implementation that can retrieve keys from a Google Cloud Platform Key Management Service.
org.forgerock.secrets.jwkset	Secret store backend for retrieving keys from a local or remote JWK Set.
org.forgerock.secrets.keys	Contains cryptographic key related API objects.
org.forgerock.secrets.keystore	Implementations of `SecretStore` for accessing keys stored in Java KeyStores, such as PKCS#11 Hardware Security Modules (HSMs) and PKCS#12 file-based encrypted key stores.

Uses of CryptoKey in org.forgerock.json.jose.jwe

Methods in org.forgerock.json.jose.jwe that return types with arguments of type CryptoKey
Modifier and Type	Method	Description
`Purpose<? extends CryptoKey>`	JweAlgorithm.`getDecryptionPurpose(String label)`	Returns a `Purpose` that can be used to retrieve keys that are suitable for decryption with this JWE algorithm.
`Purpose<? extends CryptoKey>`	JweAlgorithmType.`getDecryptionPurpose(String label)`	Returns a `Purpose` that can be used to retrieve keys that are suitable for decryption with this type of JWE algorithm.
`Purpose<? extends CryptoKey>`	JweAlgorithm.`getEncryptionPurpose(String label)`	Returns a `Purpose` that can be used to retrieve keys that are suitable for encryption with this JWE algorithm.
`Purpose<? extends CryptoKey>`	JweAlgorithmType.`getEncryptionPurpose(String label)`	Returns a `Purpose` that can be used to retrieve keys that are suitable for encryption with this type of JWE algorithm.

Method parameters in org.forgerock.json.jose.jwe with type arguments of type CryptoKey
Modifier and Type	Method	Description
`Promise<? extends EncryptedJwt,JweDecryptionCheckedException>`	EncryptedJwt.`decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)`	Attempts to decrypt the JWT using any available keys for the given `Purpose` from the given `SecretsProvider`.
`Promise<SignedThenEncryptedJwt,JweDecryptionCheckedException>`	SignedThenEncryptedJwt.`decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)`
`Promise<SignedThenEncryptedJwt,JweDecryptionCheckedException>`	SignedThenEncryptedJwt.`decryptAndVerify(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> decryptionPurpose, Purpose<VerificationKey> verificationPurpose)`	Decrypts the outer JWT and then verifies the signature on the inner JWT using secrets from the supplied `SecretsProvider`.
`Promise<byte[],JweDecryptionCheckedException>`	EncryptedJwt.`decryptRawPayload(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)`	Attempts to decrypt the raw payload of the JWT using any keys from the given `SecretsProvider` that satisfy the supplied `Purpose`.

Uses of CryptoKey in org.forgerock.json.jose.jwk

Methods in org.forgerock.json.jose.jwk with type parameters of type CryptoKey
Modifier and Type	Method	Description
`<T extends CryptoKey> T`	JWK.`toCryptoKey(Purpose<T> purpose, Instant expiry)`	Converts this JWK into a `CryptoKey` subclass object for use with the Secrets API.

Uses of CryptoKey in org.forgerock.json.jose.jws

Method parameters in org.forgerock.json.jose.jws with type arguments of type CryptoKey
Modifier and Type	Method	Description
`Promise<? extends EncryptedJwt,JweDecryptionCheckedException>`	EncryptedThenSignedJwt.`decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> decryptionPurpose)`	Decrypts the inner encrypted JWE so that the payload can be accessed.

Uses of CryptoKey in org.forgerock.json.jose.tokenhandler

Method parameters in org.forgerock.json.jose.tokenhandler with type arguments of type CryptoKey
Modifier and Type	Method	Description
`SecretsJwtTokenHandler.Builder`	SecretsJwtTokenHandler.Builder.`decryptionPurpose(Purpose<? extends CryptoKey> decryptionKeyPurpose)`	Specifies the `Purpose` used to retrieve decryption keys from the secrets provider.
`SecretsJwtTokenHandler.Builder`	SecretsJwtTokenHandler.Builder.`encryptionPurpose(Purpose<? extends CryptoKey> encryptionKeyPurpose)`	Specifies the `Purpose` used to retrieve encryption keys from the secrets provider.

Uses of CryptoKey in org.forgerock.json.jose.utils

Methods in org.forgerock.json.jose.utils that return types with arguments of type CryptoKey
Modifier and Type	Method	Description
`static SecretConstraint<CryptoKey>`	JoseSecretConstraints.`allowedAlgorithm(Algorithm algorithm)`	Enforces that the key is allowed to be used with the given JWA algorithm.

Methods in org.forgerock.json.jose.utils with parameters of type CryptoKey
Modifier and Type	Method	Description
`static void`	Utils.`checkRsaKeySize(CryptoKey key)`	Verifies that the RSA key being used meets minimum key size requirement of 2048 bits as specified in the JOSE specifications.

Uses of CryptoKey in org.forgerock.openam.secrets

Methods in org.forgerock.openam.secrets with parameters of type CryptoKey
Modifier and Type	Method	Description
`static Key`	SecretsUtils.`convertRawEncryptionKey(CryptoKey cryptoKey, JweAlgorithm jweAlgorithm, EncryptionMethod encryptionMethod)`	Converts symmetric encryption key that was created using the RAW algorithm to a more suitable key, but only if the key material is available.

Uses of CryptoKey in org.forgerock.secrets

Methods in org.forgerock.secrets with type parameters of type CryptoKey
Modifier and Type	Method	Description
`<T extends CryptoKey> KeyStore`	SecretsProvider.`asKeyStore(Purpose<T> purpose)`	Returns a view of this secrets provider as a keystore for the given purpose.

Methods in org.forgerock.secrets that return types with arguments of type CryptoKey
Modifier and Type	Method	Description
`static SecretConstraint<CryptoKey>`	SecretConstraint.`allowedAlgorithm(String algorithm)`	Enforces that the key is allowed to be used with the given algorithm.
`static SecretConstraint<CryptoKey>`	SecretConstraint.`allowedKeyUsages(Set<KeyUsage> keyUsages)`	Enforces that the key satisfies at least one of the given key usage constraints.
`static SecretConstraint<CryptoKey>`	SecretConstraint.`allowedKeyUsages(KeyUsage first, KeyUsage... rest)`	Enforces that the key satisfies at least one of the given key usage constraints.
`static SecretConstraint<CryptoKey>`	SecretConstraint.`ellipticCurveKeyParameters(ECParameterSpec requiredParameters)`	Enforces that the key is an elliptic curve key with the given parameters.
`static SecretConstraint<CryptoKey>`	SecretConstraint.`keyAlgorithm(String keyAlgorithm)`	Enforces a particular key algorithm (case insensitive).
`static SecretConstraint<CryptoKey>`	SecretConstraint.`requiredKeyUsages(Set<KeyUsage> keyUsages)`	Enforces that the key satisfies all of the given key usage constraints.
`static SecretConstraint<CryptoKey>`	SecretConstraint.`requiredKeyUsages(KeyUsage first, KeyUsage... rest)`	Enforces that the key satisfies all of the given key usage constraints.

Method parameters in org.forgerock.secrets with type arguments of type CryptoKey
Modifier and Type	Method	Description
`X509ExtendedKeyManager`	SecretsProvider.`getKeyManager(Purpose<? extends CryptoKey> purpose)`	Returns a `KeyManager` that can be used to `initialize an SSLContext`, allowing certificates and private keys to be retrieved from this secrets provider.
`X509ExtendedKeyManager`	SecretsProvider.`getKeyManager(Purpose<? extends CryptoKey> purpose, Options options)`	Returns a `KeyManager` that can be used to `initialize an SSLContext`, allowing certificates and private keys to be retrieved from this secrets provider.
`SecretsTrustManager`	SecretsProvider.`getTrustManager(Purpose<? extends CryptoKey> purpose)`	Constructs an `X509ExtendedTrustManager` that will retrieve certificates from this secrets provider for the provided purpose.
`SecretsTrustManager`	SecretsProvider.`getTrustManager(Purpose<? extends CryptoKey> purpose, Options options)`	Constructs an `X509ExtendedTrustManager` that will retrieve certificates from this secrets provider for the provided purpose.

Constructor parameters in org.forgerock.secrets with type arguments of type CryptoKey
Constructor	Description
`SecretsLoadStoreParameter(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose, Clock clock)`	Initialises the keystore with the given secrets API objects.

Uses of CryptoKey in org.forgerock.secrets.gcpkms

Methods in org.forgerock.secrets.gcpkms with type parameters of type CryptoKey
Modifier and Type	Method	Description
`<S extends CryptoKey> Promise<S,NoSuchSecretException>`	GoogleKmsSecretStore.`getActive(Purpose<S> purpose)`
`<S extends CryptoKey> Promise<S,NoSuchSecretException>`	GoogleKmsSecretStore.`getNamed(Purpose<S> purpose, String name)`
`<S extends CryptoKey> Promise<Stream<S>,NeverThrowsException>`	GoogleKmsSecretStore.`getValid(Purpose<S> purpose)`

Methods in org.forgerock.secrets.gcpkms that return types with arguments of type CryptoKey
Modifier and Type	Method	Description
`Class<CryptoKey>`	GoogleKmsSecretStore.`getStoredType()`

Method parameters in org.forgerock.secrets.gcpkms with type arguments of type CryptoKey
Modifier and Type	Method	Description
`GoogleKmsSecretStore.Builder`	GoogleKmsSecretStore.Builder.`cryptoKeyMapping(Function<Purpose<? extends CryptoKey>,String> cryptoKeyMapping)`	Sets the mapping from purposes to crypto key names in KMS.
`GoogleKmsSecretStore.Builder`	GoogleKmsSecretStore.Builder.`cryptoKeyMapping(Map<Purpose<? extends CryptoKey>,String> mapping)`	Sets the mapping from purposes to crypto key names in KMS.

Uses of CryptoKey in org.forgerock.secrets.jwkset

Methods in org.forgerock.secrets.jwkset with type parameters of type CryptoKey
Modifier and Type	Method	Description
`<S extends CryptoKey> Promise<S,NoSuchSecretException>`	JwkSetSecretStore.`getNamed(Purpose<S> purpose, String name)`
`<S extends CryptoKey> Promise<Stream<S>,NeverThrowsException>`	JwkSetSecretStore.`getValid(Purpose<S> purpose)`

Methods in org.forgerock.secrets.jwkset that return types with arguments of type CryptoKey
Modifier and Type	Method	Description
`Class<CryptoKey>`	JwkSetSecretStore.`getStoredType()`

Methods in org.forgerock.secrets.jwkset with parameters of type CryptoKey
Modifier and Type	Method	Description
`JWK`	JwkKeyFormat.`export(CryptoKey key, Key rawKey)`

Uses of CryptoKey in org.forgerock.secrets.keys

Classes in org.forgerock.secrets.keys with type parameters of type CryptoKey
Modifier and Type	Interface	Description
`interface`	`DecryptionKey<T extends CryptoKey>`	Marker interface for all key types that can be used for decryption.
`interface`	`EncryptionKey<T extends CryptoKey>`	Marker interface for all key types that can be used for encryption.

Subclasses of CryptoKey in org.forgerock.secrets.keys
Modifier and Type	Class	Description
`class`	`CertificateVerificationKey`	A key used for verifying certificate signatures.
`class`	`DataDecryptionKey`	A key that is used for decrypting confidential data.
`class`	`DataEncryptionKey`	A key that is used for encrypting confidential data.
`class`	`KeyAgreementKey`	A key that is used in a key-agreement protocol (such as Diffie-Hellman) to agree another key.
`class`	`KeyDecryptionKey`	A key that is used to decrypt (or "unwrap") other keys that have been encrypted with a `KeyEncryptionKey`.
`class`	`KeyEncryptionKey`	A key that is used to encrypt ("wrap") other keys.
`class`	`SigningKey`	A key that is used for signing digital signatures.
`class`	`VerificationKey`	A key used for verifying digital signatures.

Methods in org.forgerock.secrets.keys that return types with arguments of type CryptoKey
Modifier and Type	Method	Description
`Class<? extends CryptoKey>`	KeyUsage.`getKeyType()`	The key type corresponding to this key usage.

Methods in org.forgerock.secrets.keys with parameters of type CryptoKey
Modifier and Type	Method	Description
`T`	KeyFormat.`export(CryptoKey key, Key rawKey)`	Exports the given crypto key and raw key material.
`String`	KeyFormatPem.`export(CryptoKey key, Key rawKey)`
`Key`	KeyFormatRaw.`export(CryptoKey key, Key rawKey)`

Method parameters in org.forgerock.secrets.keys with type arguments of type CryptoKey
Modifier and Type	Method	Description
`static EnumSet<KeyUsage>`	KeyUsage.`forKeyType(Class<? extends CryptoKey> keyType)`	Returns the set of all key usages that are applicable to the given key type.

Uses of CryptoKey in org.forgerock.secrets.keystore

Methods in org.forgerock.secrets.keystore with type parameters of type CryptoKey
Modifier and Type	Method	Description
`<S extends CryptoKey> Promise<S,NoSuchSecretException>`	KeyStoreSecretStore.`getActive(Purpose<S> purpose)`
`<S extends CryptoKey> Promise<S,NoSuchSecretException>`	KeyStoreSecretStore.`getNamed(Purpose<S> purpose, String id)`
`<S extends CryptoKey> Promise<Stream<S>,NeverThrowsException>`	KeyStoreSecretStore.`getValid(Purpose<S> purpose)`

Methods in org.forgerock.secrets.keystore that return types with arguments of type CryptoKey
Modifier and Type	Method	Description
`Class<CryptoKey>`	KeyStoreSecretStore.`getStoredType()`

Method parameters in org.forgerock.secrets.keystore with type arguments of type CryptoKey
Modifier and Type	Method	Description
`void`	KeyStoreSecretStore.`retire(Purpose<? extends CryptoKey> purpose, String oldAlias)`	Retires a key previously used for a given purpose.
`void`	KeyStoreSecretStore.`rotate(Purpose<? extends CryptoKey> purpose, String newAlias)`	Rotates the key associated with a given purpose.