Examples with EncryptedKey com.github.zhenwei.pkix.util.asn1.crmf.EncryptedKey used on opensource projects

Example 1 with EncryptedKey

use of com.github.zhenwei.pkix.util.asn1.crmf.EncryptedKey in project LinLong-Java by zhenwei1108.

the class JceKeyAgreeRecipientInfoGenerator method generateRecipientEncryptedKeys.

public ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm, AlgorithmIdentifier keyEncryptionAlgorithm, GenericKey contentEncryptionKey) throws CMSException {
    if (recipientIDs.isEmpty()) {
        throw new CMSException("No recipients associated with generator - use addRecipient()");
    }
    init(keyAgreeAlgorithm.getAlgorithm());
    PrivateKey senderPrivateKey = this.senderPrivateKey;
    ASN1ObjectIdentifier keyAgreementOID = keyAgreeAlgorithm.getAlgorithm();
    ASN1EncodableVector recipientEncryptedKeys = new ASN1EncodableVector();
    for (int i = 0; i != recipientIDs.size(); i++) {
        PublicKey recipientPublicKey = (PublicKey) recipientKeys.get(i);
        KeyAgreeRecipientIdentifier karId = (KeyAgreeRecipientIdentifier) recipientIDs.get(i);
        try {
            AlgorithmParameterSpec agreementParamSpec;
            ASN1ObjectIdentifier keyEncAlg = keyEncryptionAlgorithm.getAlgorithm();
            if (CMSUtils.isMQV(keyAgreementOID)) {
                agreementParamSpec = new MQVParameterSpec(ephemeralKP, recipientPublicKey, userKeyingMaterial);
            } else if (CMSUtils.isEC(keyAgreementOID)) {
                byte[] ukmKeyingMaterial = ecc_cms_Generator.generateKDFMaterial(keyEncryptionAlgorithm, keySizeProvider.getKeySize(keyEncAlg), userKeyingMaterial);
                agreementParamSpec = new UserKeyingMaterialSpec(ukmKeyingMaterial);
            } else if (CMSUtils.isRFC2631(keyAgreementOID)) {
                if (userKeyingMaterial != null) {
                    agreementParamSpec = new UserKeyingMaterialSpec(userKeyingMaterial);
                } else {
                    if (keyAgreementOID.equals(PKCSObjectIdentifiers.id_alg_SSDH)) {
                        throw new CMSException("User keying material must be set for static keys.");
                    }
                    agreementParamSpec = null;
                }
            } else if (CMSUtils.isGOST(keyAgreementOID)) {
                if (userKeyingMaterial != null) {
                    agreementParamSpec = new UserKeyingMaterialSpec(userKeyingMaterial);
                } else {
                    throw new CMSException("User keying material must be set for static keys.");
                }
            } else {
                throw new CMSException("Unknown key agreement algorithm: " + keyAgreementOID);
            }
            // Use key agreement to choose a wrap key for this recipient
            KeyAgreement keyAgreement = helper.createKeyAgreement(keyAgreementOID);
            keyAgreement.init(senderPrivateKey, agreementParamSpec, random);
            keyAgreement.doPhase(recipientPublicKey, true);
            SecretKey keyEncryptionKey = keyAgreement.generateSecret(keyEncAlg.getId());
            // Wrap the content encryption key with the agreement key
            Cipher keyEncryptionCipher = helper.createCipher(keyEncAlg);
            ASN1OctetString encryptedKey;
            if (keyEncAlg.equals(CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap) || keyEncAlg.equals(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap)) {
                keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, new GOST28147WrapParameterSpec(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, userKeyingMaterial));
                byte[] encKeyBytes = keyEncryptionCipher.wrap(helper.getJceKey(contentEncryptionKey));
                Gost2814789EncryptedKey encKey = new Gost2814789EncryptedKey(Arrays.copyOfRange(encKeyBytes, 0, encKeyBytes.length - 4), Arrays.copyOfRange(encKeyBytes, encKeyBytes.length - 4, encKeyBytes.length));
                encryptedKey = new DEROctetString(encKey.getEncoded(ASN1Encoding.DER));
            } else {
                keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random);
                byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(helper.getJceKey(contentEncryptionKey));
                encryptedKey = new DEROctetString(encryptedKeyBytes);
            }
            recipientEncryptedKeys.add(new RecipientEncryptedKey(karId, encryptedKey));
        } catch (GeneralSecurityException e) {
            throw new CMSException("cannot perform agreement step: " + e.getMessage(), e);
        } catch (IOException e) {
            throw new CMSException("unable to encode wrapped key: " + e.getMessage(), e);
        }
    }
    return new DERSequence(recipientEncryptedKeys);
}

Example 2 with EncryptedKey

use of com.github.zhenwei.pkix.util.asn1.crmf.EncryptedKey in project LinLong-Java by zhenwei1108.

the class JceKTSKeyUnwrapper method generateUnwrappedKey.

public GenericKey generateUnwrappedKey(AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedKey) throws OperatorException {
    GenericHybridParameters params = GenericHybridParameters.getInstance(this.getAlgorithmIdentifier().getParameters());
    Cipher keyCipher = helper.createAsymmetricWrapper(this.getAlgorithmIdentifier().getAlgorithm(), extraMappings);
    String symmetricWrappingAlg = helper.getWrappingAlgorithmName(params.getDem().getAlgorithm());
    RsaKemParameters kemParameters = RsaKemParameters.getInstance(params.getKem().getParameters());
    int keySizeInBits = kemParameters.getKeyLength().intValue() * 8;
    Key sKey;
    try {
        DEROtherInfo otherInfo = new DEROtherInfo.Builder(params.getDem(), partyUInfo, partyVInfo).build();
        KTSParameterSpec ktsSpec = new KTSParameterSpec.Builder(symmetricWrappingAlg, keySizeInBits, otherInfo.getEncoded()).withKdfAlgorithm(kemParameters.getKeyDerivationFunction()).build();
        keyCipher.init(Cipher.UNWRAP_MODE, privKey, ktsSpec);
        sKey = keyCipher.unwrap(encryptedKey, helper.getKeyAlgorithmName(encryptedKeyAlgorithm.getAlgorithm()), Cipher.SECRET_KEY);
    } catch (Exception e) {
        throw new OperatorException("Unable to unwrap contents key: " + e.getMessage(), e);
    }
    return new JceGenericKey(encryptedKeyAlgorithm, sKey);
}

Example 3 with EncryptedKey

use of com.github.zhenwei.pkix.util.asn1.crmf.EncryptedKey in project LinLong-Java by zhenwei1108.

the class PKIArchiveControl method getEnvelopedData.

/**
 * Return the enveloped data structure contained in this control.
 *
 * @return a CMSEnvelopedData object.
 */
public CMSEnvelopedData getEnvelopedData() throws CRMFException {
    try {
        EncryptedKey encKey = EncryptedKey.getInstance(pkiArchiveOptions.getValue());
        EnvelopedData data = EnvelopedData.getInstance(encKey.getValue());
        return new CMSEnvelopedData(new ContentInfo(CMSObjectIdentifiers.envelopedData, data));
    } catch (CMSException e) {
        throw new CRMFException("CMS parsing error: " + e.getMessage(), e.getCause());
    } catch (Exception e) {
        throw new CRMFException("CRMF parsing error: " + e.getMessage(), e);
    }
}

Example 4 with EncryptedKey

use of com.github.zhenwei.pkix.util.asn1.crmf.EncryptedKey in project LinLong-Java by zhenwei1108.

the class PKIArchiveControlBuilder method build.

/**
 * Build the PKIArchiveControl using the passed in encryptor to encrypt its contents.
 *
 * @param contentEncryptor a suitable content encryptor.
 * @return a PKIArchiveControl object.
 * @throws CMSException in the event the build fails.
 */
public PKIArchiveControl build(OutputEncryptor contentEncryptor) throws CMSException {
    CMSEnvelopedData envContent = envGen.generate(keyContent, contentEncryptor);
    EnvelopedData envD = EnvelopedData.getInstance(envContent.toASN1Structure().getContent());
    return new PKIArchiveControl(new PKIArchiveOptions(new EncryptedKey(envD)));
}

Example 5 with EncryptedKey

use of com.github.zhenwei.pkix.util.asn1.crmf.EncryptedKey in project LinLong-Java by zhenwei1108.

the class PasswordRecipientInfoGenerator method generate.

public RecipientInfo generate(GenericKey contentEncryptionKey) throws CMSException {
    // / TODO: set IV size properly!
    byte[] iv = new byte[blockSize];
    if (random == null) {
        random = new SecureRandom();
    }
    random.nextBytes(iv);
    if (salt == null) {
        salt = new byte[20];
        random.nextBytes(salt);
    }
    keyDerivationAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount, prf.prfAlgID));
    byte[] derivedKey = calculateDerivedKey(schemeID, keyDerivationAlgorithm, keySize);
    AlgorithmIdentifier kekAlgorithmId = new AlgorithmIdentifier(kekAlgorithm, new DEROctetString(iv));
    byte[] encryptedKeyBytes = generateEncryptedBytes(kekAlgorithmId, derivedKey, contentEncryptionKey);
    ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes);
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(kekAlgorithm);
    v.add(new DEROctetString(iv));
    AlgorithmIdentifier keyEncryptionAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_PWRI_KEK, new DERSequence(v));
    return new RecipientInfo(new PasswordRecipientInfo(keyDerivationAlgorithm, keyEncryptionAlgorithm, encryptedKey));
}