Package net.i2p.data
Class PrivateKeyFile
java.lang.Object
net.i2p.data.PrivateKeyFile
- Direct Known Subclasses:
RouterPrivateKeyFile
public class PrivateKeyFile extends Object
This helper class reads and writes files in the
same "eepPriv.dat" format used by the client code.
The format is:
- Destination (387 bytes if no certificate, otherwise longer)
- Public key (256 bytes)
- Signing Public key (128 bytes)
- Cert. type (1 byte)
- Cert. length (2 bytes)
- Certificate if length != 0
- Private key (256 bytes)
- Signing Private key (20 bytes, or length specified by key certificate)
- As of 0.9.38, if the Signing Private Key is all zeros,
the offline signature section (see proposal 123):
- Expires timestamp (4 bytes, seconds since epoch, rolls over in 2106)
- Sig type of transient public key (2 bytes)
- Transient Signing Public key (length as specified by transient sig type)
- Signature of Signed Public key by offline key (length as specified by destination sig type)
- Transient Signing Private key (length as specified by transient sig type)
Total: 663 or more bytes
- Author:
- welterde, zzz
-
Field Summary
Fields Modifier and Type Field Description protected Destinationdestprotected Filefileprotected PrivateKeyprivKeyprotected SigningPrivateKeysigningPrivKey -
Constructor Summary
Constructors Constructor Description PrivateKeyFile(File file)PrivateKeyFile(File file, I2PClient client)PrivateKeyFile(File file, I2PSession session)PrivateKeyFile(File file, Destination dest, PrivateKey pk, SigningPrivateKey spk)PrivateKeyFile(File file, PublicKey pubkey, SigningPublicKey spubkey, Certificate cert, PrivateKey pk, SigningPrivateKey spk)PrivateKeyFile(File file, PublicKey pubkey, SigningPublicKey spubkey, Certificate cert, PrivateKey pk, SigningPrivateKey spk, byte[] padding)PrivateKeyFile(InputStream in)Can't be used for writingPrivateKeyFile(String file) -
Method Summary
Modifier and Type Method Description static booleancheckSignature(Signature s, byte[] data, SigningPublicKey spk)DestinationcreateIfAbsent()Create with the default signature type if nonexistent.DestinationcreateIfAbsent(SigType type)Create with the specified signature type if nonexistent.static StringestimateHashCashTime(int hashEffort)DestinationgetDestination()If the destination is not set, read it in from the file.longgetOfflineExpiration()SignaturegetOfflineSignature()PrivateKeygetPrivKey()SigningPrivateKeygetSigningPrivKey()SigningPrivateKeygetTransientSigningPrivKey()SigningPublicKeygetTransientSigningPubKey()booleanisOffline()Does this session have offline and transient keys?static voidmain(String[] args)Create a new PrivateKeyFile, or modify an existing one, with various types of Certificates.I2PSessionopen()I2PSessionopen(Properties opts)CertificatesetCertType(int t)Change cert type - caller must also call write().voidsetDestination(Destination d)CertificatesetHashCashCert(int effort)change to hashcash cert - caller must also call write()CertificatesetKeyCert(SigType type)Change cert type - caller must also call write().voidsetOfflineData(long expires, SigningPublicKey transientPub, Signature sig, SigningPrivateKey transientPriv)Side effect - zeroes out the current signing private keyCertificatesetSignedCert(PrivateKeyFile pkf2)sign this dest by dest found in pkf2 - caller must also call write()StringtoString()booleanvalidateKeyPairs()Verify that the PublicKey matches the PrivateKey, and the SigningPublicKey matches the SigningPrivateKey.static booleanverifySignature(Destination d)Sample code to verify a 3rd party signature.voidwrite()Copied from I2PClientImpl.createDestination()
-
Field Details
-
Constructor Details
-
PrivateKeyFile
-
PrivateKeyFile
-
PrivateKeyFile
-
PrivateKeyFile
- Since:
- 0.8.9
-
PrivateKeyFile
- Throws:
IllegalArgumentException- on mismatch of spubkey and spk types- Since:
- 0.8.9
-
PrivateKeyFile
public PrivateKeyFile(File file, PublicKey pubkey, SigningPublicKey spubkey, Certificate cert, PrivateKey pk, SigningPrivateKey spk)- Throws:
IllegalArgumentException- on mismatch of spubkey and spk types- Since:
- 0.8.9
-
PrivateKeyFile
public PrivateKeyFile(File file, PublicKey pubkey, SigningPublicKey spubkey, Certificate cert, PrivateKey pk, SigningPrivateKey spk, byte[] padding)- Parameters:
padding- null OK, must be non-null if spubkey length < 128- Throws:
IllegalArgumentException- on mismatch of spubkey and spk types- Since:
- 0.9.16
-
PrivateKeyFile
Can't be used for writing- Throws:
I2PSessionException- Since:
- 0.9.26
-
-
Method Details
-
main
Create a new PrivateKeyFile, or modify an existing one, with various types of Certificates. Changing a Certificate does not change the public or private keys. But it does change the Destination Hash, which effectively makes it a new Destination. In other words, don't change the Certificate on a Destination you've already registered in a hosts.txt key add form. Copied and expanded from that in Destination.java -
createIfAbsent
Create with the default signature type if nonexistent. Also reads in the file to get the privKey and signingPrivKey, which aren't available from I2PClient. -
createIfAbsent
public Destination createIfAbsent(SigType type) throws I2PException, IOException, DataFormatExceptionCreate with the specified signature type if nonexistent. Also reads in the file to get the privKey and signingPrivKey, which aren't available from I2PClient.- Throws:
I2PExceptionIOExceptionDataFormatException- Since:
- 0.9.26
-
getDestination
If the destination is not set, read it in from the file. Also sets the local privKey and signingPrivKey. -
setDestination
-
setCertType
Change cert type - caller must also call write(). Side effect - creates new Destination object. -
setKeyCert
Change cert type - caller must also call write(). Side effect - creates new Destination object.- Since:
- 0.9.12
-
setHashCashCert
change to hashcash cert - caller must also call write() -
setSignedCert
sign this dest by dest found in pkf2 - caller must also call write() -
getPrivKey
- Returns:
- null on error or if not initialized
-
getSigningPrivKey
- Returns:
- null on error or if not initialized
-
isOffline
public boolean isOffline()Does this session have offline and transient keys?- Since:
- 0.9.38
-
setOfflineData
public void setOfflineData(long expires, SigningPublicKey transientPub, Signature sig, SigningPrivateKey transientPriv)Side effect - zeroes out the current signing private key- Since:
- 0.9.38
-
getOfflineExpiration
public long getOfflineExpiration()- Returns:
- Java time (ms) or 0 if not initialized or does not have offline keys
- Since:
- 0.9.38
-
getOfflineSignature
- Since:
- 0.9.38
-
getTransientSigningPubKey
- Returns:
- null on error or if not initialized or does not have offline keys
- Since:
- 0.9.38
-
getTransientSigningPrivKey
- Returns:
- null on error or if not initialized or does not have offline keys
- Since:
- 0.9.38
-
open
- Throws:
I2PSessionExceptionIOException
-
open
- Throws:
I2PSessionExceptionIOException
-
write
Copied from I2PClientImpl.createDestination()- Throws:
IOExceptionDataFormatException
-
validateKeyPairs
public boolean validateKeyPairs()Verify that the PublicKey matches the PrivateKey, and the SigningPublicKey matches the SigningPrivateKey.- Returns:
- success
- Since:
- 0.9.16
-
toString
-
estimateHashCashTime
-
verifySignature
Sample code to verify a 3rd party signature. This just goes through all the hosts.txt files and tries everybody. You need to be in the $I2P directory or have a local hosts.txt for this to work. Doubt this is what you want as it is super-slow, and what good is a signing scheme where anybody is allowed to sign? In a real application you would make a list of approved signers, do a naming lookup to get their Destinations, and try those only. Or do a netDb lookup of the Hash in the Certificate, do a reverse naming lookup to see if it is allowed, then verify the Signature. -
checkSignature
-