hw-security / de.cotech.hw.pairedkey

Package de.cotech.hw.pairedkey


Name Summary


open class PairedDecryptor

This use case class performs a “decrypt” operation on encrypted data, parametrized by a SecurityKeyInteractor, PairedPinProvider, and PairedSecurityKey.

PairedSecurityKey pairedSecurityKey = pairedSecurityTokenStorage.getPairedSecurityKey(keyInteractor.getSecurityKeyAid());
  PairedDecryptor decryptor = PairedDecryptor(keyInteractor, pairedPinProvider, pairedSecurityToken);
  byte[] encryptedSessionSecret = encryptedSessionStorage.getEncryptedSessionSecret(pairedSecurityToken.getSecurityKeyAid());
  ByteSecret sessionSecret = decryptor.decryptSessionSecret(encryptedSessionSecret);

This sessionSecret can be used for symmetric encryption operations, e.g. to encrypt a database.


open class PairedEncryptor

This use case class performs an “encrypt” operation on some data, parametrized by a PairedSecurityKey.

ByteSecret sessionSecret = SecretGenerator.getInstance().createRandom(32);
  byte[] encryptedSessionSecret = new PairedEncryptor(pairedSecurityKey).encrypt(sessionSecret)

The encryptedSessionSecret is typically stored in an de.cotech.hw.storage.sessionkey.EncryptedSessionStorage, to be able to later restore the sessionSecret using a PairedDecryptor.

The sessionSecret can be used for symmetric encryption operations, e.g. to encrypt a database. Once it has been deleted, it can only be restored from the encryptedSessionSecret when the paired security key is connected.


open class PairedSecurityKey :Serializable

A PairedSecurityKey represents a storable reference to a hardware security key that has been paired before.

Specifically, it contains the security key’s AID, and public keys for key pairs stored on the security key. The AID (Application Identifier) contains a unique serial number, which can be used to identify its related security key when it connects.

This class is primarily used for two use cases:

  • Recognize a security key that has been paired before upon connection.
  • Perform public operations on the security key’s key pairs.

This class is a serializable POJO, and instances can be stored in a de.cotech.hw.storage.pairedkey.PairedSecurityKeyStorage, or any storage that supports Serializable objects.