public final class KeyHandle extends Object
TinkKey and enforces access to the underlying TinkKey with KeyAccess. Specifically, if the underlying TinkKey has a secret, then one can only get
it with a SecretKeyAccess instance.| Modifier and Type | Method and Description |
|---|---|
static KeyHandle |
createFromKey(com.google.crypto.tink.proto.KeyData keyData,
KeyTemplate.OutputPrefixType opt)
Returns a
KeyHandle instance where the underlying TinkKey wraps the input
keyData. |
static KeyHandle |
createFromKey(TinkKey key,
KeyAccess access)
Returns a
KeyHandle instance with key as the underlying TinkKey if the
caller provides the correct KeyAccess instance. |
TinkKey |
getKey(KeyAccess access)
Returns the underlying
TinkKey key if access is a SecretKeyAccess and
the key has a secret, or if the key does not have a secret, otherwise throws a GeneralSecurityException. |
boolean |
hasSecret()
Returns
true if the underlying TinkKey has a secret. |
public static KeyHandle createFromKey(TinkKey key, KeyAccess access) throws GeneralSecurityException
KeyHandle instance with key as the underlying TinkKey if the
caller provides the correct KeyAccess instance.GeneralSecurityException - if access does not grant access to keypublic static KeyHandle createFromKey(com.google.crypto.tink.proto.KeyData keyData, KeyTemplate.OutputPrefixType opt)
KeyHandle instance where the underlying TinkKey wraps the input
keyData. The returned KeyHandle has a secret if keyData has key material of type
UNKNOWN_KEYMATERIAL, SYMMETRIC, or ASYMMETRIC_PRIVATE.public boolean hasSecret()
true if the underlying TinkKey has a secret.public TinkKey getKey(KeyAccess access) throws GeneralSecurityException
TinkKey key if access is a SecretKeyAccess and
the key has a secret, or if the key does not have a secret, otherwise throws a GeneralSecurityException.GeneralSecurityException