Package net.i2p.data

Class PrivateKeyFile

  • Direct Known Subclasses:
    RouterPrivateKeyFile
    public class PrivateKeyFile
extends Object
    This helper class reads and writes files in the same "eepPriv.dat" format used by the client code. The format is: 
      - Destination (387 bytes if no certificate, otherwise longer)
     - Public key (256 bytes)
     - Signing Public key (128 bytes)
     - Cert. type (1 byte)
     - Cert. length (2 bytes)
     - Certificate if length != 0
  - Private key (256 bytes)
  - Signing Private key (20 bytes, or length specified by key certificate)
  - As of 0.9.38, if the Signing Private Key is all zeros,
    the offline signature section (see proposal 123):
     - Expires timestamp (4 bytes, seconds since epoch, rolls over in 2106)
     - Sig type of transient public key (2 bytes)
     - Transient Signing Public key (length as specified by transient sig type)
     - Signature of Signed Public key by offline key (length as specified by destination sig type)
     - Transient Signing Private key (length as specified by transient sig type)

 Total: 663 or more bytes
    Author:
    welterde, zzz

    • Method Detail

      • main

        public static void main​(String[] args)
        Create a new PrivateKeyFile, or modify an existing one, with various types of Certificates. Changing a Certificate does not change the public or private keys. But it does change the Destination Hash, which effectively makes it a new Destination. In other words, don't change the Certificate on a Destination you've already registered in a hosts.txt key add form. Copied and expanded from that in Destination.java

      • setDestination

        public void setDestination​(Destination d)

      • setCertType

        public Certificate setCertType​(int t)
        Change cert type - caller must also call write(). Side effect - creates new Destination object.

      • setKeyCert

        public Certificate setKeyCert​(SigType type)
        Change cert type - caller must also call write(). Side effect - creates new Destination object.
        Since:
        0.9.12

      • setHashCashCert

        public Certificate setHashCashCert​(int effort)
        change to hashcash cert - caller must also call write()

      • setSignedCert

        public Certificate setSignedCert​(PrivateKeyFile pkf2)
        sign this dest by dest found in pkf2 - caller must also call write()

      • getPrivKey

        public PrivateKey getPrivKey()
        Returns:
        null on error or if not initialized

      • getSigningPrivKey

        public SigningPrivateKey getSigningPrivKey()
        Returns:
        null on error or if not initialized

      • isOffline

        public boolean isOffline()
        Does this session have offline and transient keys?
        Since:
        0.9.38

      • setOfflineData

        public void setOfflineData​(long expires,
                           SigningPublicKey transientPub,
                           Signature sig,
                           SigningPrivateKey transientPriv)
        Side effect - zeroes out the current signing private key
        Since:
        0.9.38

      • getOfflineExpiration

        public long getOfflineExpiration()
        Returns:
        Java time (ms) or 0 if not initialized or does not have offline keys
        Since:
        0.9.38

      • getOfflineSignature

        public Signature getOfflineSignature()
        Since:
        0.9.38

      • getTransientSigningPubKey

        public SigningPublicKey getTransientSigningPubKey()
        Returns:
        null on error or if not initialized or does not have offline keys
        Since:
        0.9.38

      • getTransientSigningPrivKey

        public SigningPrivateKey getTransientSigningPrivKey()
        Returns:
        null on error or if not initialized or does not have offline keys
        Since:
        0.9.38

      • validateKeyPairs

        public boolean validateKeyPairs()
        Verify that the PublicKey matches the PrivateKey, and the SigningPublicKey matches the SigningPrivateKey.
        Returns:
        success
        Since:
        0.9.16

      • estimateHashCashTime

        public static String estimateHashCashTime​(int hashEffort)

      • verifySignature

        public static boolean verifySignature​(Destination d)
        Sample code to verify a 3rd party signature. This just goes through all the hosts.txt files and tries everybody. You need to be in the $I2P directory or have a local hosts.txt for this to work. Doubt this is what you want as it is super-slow, and what good is a signing scheme where anybody is allowed to sign? In a real application you would make a list of approved signers, do a naming lookup to get their Destinations, and try those only. Or do a netDb lookup of the Hash in the Certificate, do a reverse naming lookup to see if it is allowed, then verify the Signature.