Example 1 with OutputEncryptor
use of com.github.zhenwei.pkix.operator.OutputEncryptor in project LinLong-Java by zhenwei1108.
the class JceOpenSSLPKCS8EncryptorBuilder method build.
public OutputEncryptor build() throws OperatorCreationException {
final AlgorithmIdentifier algID;
if (random == null) {
random = new SecureRandom();
}
try {
this.cipher = helper.createCipher(algOID.getId());
if (PEMUtilities.isPKCS5Scheme2(algOID)) {
this.paramGen = helper.createAlgorithmParameterGenerator(algOID.getId());
}
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(algOID + " not available: " + e.getMessage(), e);
}
if (PEMUtilities.isPKCS5Scheme2(algOID)) {
salt = new byte[PEMUtilities.getSaltSize(prf.getAlgorithm())];
random.nextBytes(salt);
params = paramGen.generateParameters();
try {
EncryptionScheme scheme = new EncryptionScheme(algOID, ASN1Primitive.fromByteArray(params.getEncoded()));
KeyDerivationFunc func = new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount, prf));
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(func);
v.add(scheme);
algID = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, PBES2Parameters.getInstance(new DERSequence(v)));
} catch (IOException e) {
throw new OperatorCreationException(e.getMessage(), e);
}
try {
if (PEMUtilities.isHmacSHA1(prf)) {
key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, algOID.getId(), password, salt, iterationCount);
} else {
key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, algOID.getId(), password, salt, iterationCount, prf);
}
cipher.init(Cipher.ENCRYPT_MODE, key, params);
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(e.getMessage(), e);
}
} else if (PEMUtilities.isPKCS12(algOID)) {
ASN1EncodableVector v = new ASN1EncodableVector();
salt = new byte[20];
random.nextBytes(salt);
v.add(new DEROctetString(salt));
v.add(new ASN1Integer(iterationCount));
algID = new AlgorithmIdentifier(algOID, PKCS12PBEParams.getInstance(new DERSequence(v)));
try {
cipher.init(Cipher.ENCRYPT_MODE, new PKCS12KeyWithParameters(password, salt, iterationCount));
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(e.getMessage(), e);
}
} else {
throw new OperatorCreationException("unknown algorithm: " + algOID, null);
}
return new OutputEncryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return algID;
}
public OutputStream getOutputStream(OutputStream encOut) {
return new CipherOutputStream(encOut, cipher);
}
public GenericKey getKey() {
return new JceGenericKey(algID, key);
}
};
}
Also used :
EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme)
CipherOutputStream(com.github.zhenwei.provider.jcajce.io.CipherOutputStream)
GeneralSecurityException(java.security.GeneralSecurityException)
OutputStream(java.io.OutputStream)
CipherOutputStream(com.github.zhenwei.provider.jcajce.io.CipherOutputStream)
SecureRandom(java.security.SecureRandom)
IOException(java.io.IOException)
ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
JceGenericKey(com.github.zhenwei.pkix.operator.jcajce.JceGenericKey)
KeyDerivationFunc(com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc)
PBKDF2Params(com.github.zhenwei.core.asn1.pkcs.PBKDF2Params)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
PKCS12KeyWithParameters(com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters)
OutputEncryptor(com.github.zhenwei.pkix.operator.OutputEncryptor)
Example 2 with OutputEncryptor
use of com.github.zhenwei.pkix.operator.OutputEncryptor in project LinLong-Java by zhenwei1108.
the class JcePKCSPBEOutputEncryptorBuilder method build.
public OutputEncryptor build(final char[] password) throws OperatorCreationException {
final Cipher cipher;
SecretKey key;
if (random == null) {
random = new SecureRandom();
}
final AlgorithmIdentifier encryptionAlg;
try {
if (isPKCS12(algorithm)) {
byte[] salt = new byte[20];
random.nextBytes(salt);
cipher = helper.createCipher(algorithm.getId());
cipher.init(Cipher.ENCRYPT_MODE, new PKCS12KeyWithParameters(password, salt, iterationCount));
encryptionAlg = new AlgorithmIdentifier(algorithm, new PKCS12PBEParams(salt, iterationCount));
} else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
PBKDFConfig pbkDef = (pbkdf == null) ? pbkdfBuilder.build() : pbkdf;
if (MiscObjectIdentifiers.id_scrypt.equals(pbkDef.getAlgorithm())) {
ScryptConfig skdf = (ScryptConfig) pbkDef;
byte[] salt = new byte[skdf.getSaltLength()];
random.nextBytes(salt);
ScryptParams params = new ScryptParams(salt, skdf.getCostParameter(), skdf.getBlockSize(), skdf.getParallelizationParameter());
SecretKeyFactory keyFact = helper.createSecretKeyFactory("SCRYPT");
key = keyFact.generateSecret(new ScryptKeySpec(password, salt, skdf.getCostParameter(), skdf.getBlockSize(), skdf.getParallelizationParameter(), keySizeProvider.getKeySize(new AlgorithmIdentifier(keyEncAlgorithm))));
cipher = helper.createCipher(keyEncAlgorithm.getId());
cipher.init(Cipher.ENCRYPT_MODE, simplifyPbeKey(key), random);
AlgorithmParameters algP = cipher.getParameters();
PBES2Parameters algParams;
if (algP != null) {
algParams = new PBES2Parameters(new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params), new EncryptionScheme(keyEncAlgorithm, ASN1Primitive.fromByteArray(cipher.getParameters().getEncoded())));
} else {
algParams = new PBES2Parameters(new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params), new EncryptionScheme(keyEncAlgorithm));
}
encryptionAlg = new AlgorithmIdentifier(algorithm, algParams);
} else {
PBKDF2Config pkdf = (PBKDF2Config) pbkDef;
byte[] salt = new byte[pkdf.getSaltLength()];
random.nextBytes(salt);
SecretKeyFactory keyFact = helper.createSecretKeyFactory(JceUtils.getAlgorithm(pkdf.getPRF().getAlgorithm()));
key = keyFact.generateSecret(new PBEKeySpec(password, salt, pkdf.getIterationCount(), keySizeProvider.getKeySize(new AlgorithmIdentifier(keyEncAlgorithm))));
cipher = helper.createCipher(keyEncAlgorithm.getId());
cipher.init(Cipher.ENCRYPT_MODE, simplifyPbeKey(key), random);
AlgorithmParameters algP = cipher.getParameters();
PBES2Parameters algParams;
if (algP != null) {
algParams = new PBES2Parameters(new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, pkdf.getIterationCount(), pkdf.getPRF())), new EncryptionScheme(keyEncAlgorithm, ASN1Primitive.fromByteArray(cipher.getParameters().getEncoded())));
} else {
algParams = new PBES2Parameters(new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, pkdf.getIterationCount(), pkdf.getPRF())), new EncryptionScheme(keyEncAlgorithm));
}
encryptionAlg = new AlgorithmIdentifier(algorithm, algParams);
}
} else {
throw new OperatorCreationException("unrecognised algorithm");
}
return new OutputEncryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return encryptionAlg;
}
public OutputStream getOutputStream(OutputStream out) {
return new CipherOutputStream(out, cipher);
}
public GenericKey getKey() {
if (isPKCS12(encryptionAlg.getAlgorithm())) {
return new GenericKey(encryptionAlg, PKCS12PasswordToBytes(password));
} else {
return new GenericKey(encryptionAlg, PKCS5PasswordToBytes(password));
}
}
};
} catch (Exception e) {
throw new OperatorCreationException("unable to create OutputEncryptor: " + e.getMessage(), e);
}
}
Also used :
PBKDF2Config(com.github.zhenwei.core.crypto.util.PBKDF2Config)
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme)
CipherOutputStream(com.github.zhenwei.provider.jcajce.io.CipherOutputStream)
OutputStream(java.io.OutputStream)
CipherOutputStream(com.github.zhenwei.provider.jcajce.io.CipherOutputStream)
ScryptConfig(com.github.zhenwei.core.crypto.util.ScryptConfig)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
KeyDerivationFunc(com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc)
PBKDF2Params(com.github.zhenwei.core.asn1.pkcs.PBKDF2Params)
GenericKey(com.github.zhenwei.pkix.operator.GenericKey)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
ScryptParams(com.github.zhenwei.core.asn1.misc.ScryptParams)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
PKCS12KeyWithParameters(com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters)
PBKDFConfig(com.github.zhenwei.core.crypto.util.PBKDFConfig)
PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters)
SecureRandom(java.security.SecureRandom)
ScryptKeySpec(com.github.zhenwei.provider.jcajce.spec.ScryptKeySpec)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
SecretKey(javax.crypto.SecretKey)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
Cipher(javax.crypto.Cipher)
OutputEncryptor(com.github.zhenwei.pkix.operator.OutputEncryptor)
AlgorithmParameters(java.security.AlgorithmParameters)
Example 3 with OutputEncryptor
use of com.github.zhenwei.pkix.operator.OutputEncryptor in project LinLong-Java by zhenwei1108.
the class BcPKCS12PBEOutputEncryptorBuilder method build.
public OutputEncryptor build(final char[] password) {
if (random == null) {
random = new SecureRandom();
}
final byte[] salt = new byte[20];
random.nextBytes(salt);
final PKCS12PBEParams pbeParams = new PKCS12PBEParams(salt, iterationCount);
CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithm, digest, engine.getBlockSize(), pbeParams, password);
engine.init(true, params);
return new OutputEncryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(algorithm, pbeParams);
}
public OutputStream getOutputStream(OutputStream out) {
return new CipherOutputStream(out, engine);
}
public GenericKey getKey() {
return new GenericKey(new AlgorithmIdentifier(algorithm, pbeParams), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
}
};
}
Also used :
CipherParameters(com.github.zhenwei.core.crypto.CipherParameters)
CipherOutputStream(com.github.zhenwei.core.crypto.io.CipherOutputStream)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
OutputStream(java.io.OutputStream)
CipherOutputStream(com.github.zhenwei.core.crypto.io.CipherOutputStream)
SecureRandom(java.security.SecureRandom)
GenericKey(com.github.zhenwei.pkix.operator.GenericKey)
OutputEncryptor(com.github.zhenwei.pkix.operator.OutputEncryptor)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Aggregations
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)3
OutputEncryptor (com.github.zhenwei.pkix.operator.OutputEncryptor)3
OutputStream (java.io.OutputStream)3
SecureRandom (java.security.SecureRandom)3
EncryptionScheme (com.github.zhenwei.core.asn1.pkcs.EncryptionScheme)2
KeyDerivationFunc (com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc)2
PBKDF2Params (com.github.zhenwei.core.asn1.pkcs.PBKDF2Params)2
PKCS12PBEParams (com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)2
GenericKey (com.github.zhenwei.pkix.operator.GenericKey)2
OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)2
PKCS12KeyWithParameters (com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters)2
CipherOutputStream (com.github.zhenwei.provider.jcajce.io.CipherOutputStream)2
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)1
ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)1
DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)1
DERSequence (com.github.zhenwei.core.asn1.DERSequence)1
ScryptParams (com.github.zhenwei.core.asn1.misc.ScryptParams)1
PBES2Parameters (com.github.zhenwei.core.asn1.pkcs.PBES2Parameters)1
CipherParameters (com.github.zhenwei.core.crypto.CipherParameters)1
CipherOutputStream (com.github.zhenwei.core.crypto.io.CipherOutputStream)1
