Examples with KeysetHandle com.google.crypto.tink.KeysetHandle used on opensource projects

Example 41 with KeysetHandle

use of com.google.crypto.tink.KeysetHandle in project tink by google.

the class AeadCli method main.

public static void main(String[] args) throws Exception {
    if (args.length != 5) {
        System.out.println("Usage: AeadCli keyset-file operation input-file associated-data output-file");
        System.exit(1);
    }
    String keysetFilename = args[0];
    String operation = args[1];
    String inputFilename = args[2];
    String associatedData = args[3];
    String outputFilename = args[4];
    if (!(operation.equals("encrypt") || operation.equals("decrypt"))) {
        System.out.println("Unknown operation '" + operation + "'.\nExpected 'encrypt' or 'decrypt'.");
        System.exit(1);
    }
    System.out.println("Using keyset from file " + keysetFilename + " to AEAD-" + operation + " file " + inputFilename + " with associated data '" + associatedData + "'.");
    System.out.println("The resulting output will be written to file " + outputFilename);
    // Init Tink.
    CliUtil.initTink();
    // Read the keyset.
    System.out.println("Reading the keyset...");
    KeysetHandle keysetHandle = CliUtil.readKeyset(keysetFilename);
    // Get the primitive.
    System.out.println("Getting the primitive...");
    Aead aead = AeadFactory.getPrimitive(keysetHandle);
    // Read the input.
    byte[] input = CliUtil.read(inputFilename);
    // Compute the output.
    System.out.println(operation + "ing...");
    byte[] output;
    if (operation.equals("encrypt")) {
        output = aead.encrypt(input, associatedData.getBytes(CliUtil.UTF_8));
    } else {
        // operation.equals("decrypt")
        output = aead.decrypt(input, associatedData.getBytes(CliUtil.UTF_8));
    }
    // Write the output to the output file.
    CliUtil.write(output, outputFilename);
    System.out.println("All done.");
}

Example 42 with KeysetHandle

use of com.google.crypto.tink.KeysetHandle in project tink by google.

the class PublicKeySignFactoryTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
    Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey, EcdsaSignKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
    Key[] keys = new Key[] { tink, legacy, raw, crunchy };
    EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
    int j = keys.length;
    for (int i = 0; i < j; i++) {
        KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
        // Signs with the primary private key.
        PublicKeySign signer = PublicKeySignFactory.getPrimitive(keysetHandle);
        byte[] plaintext = Random.randBytes(1211);
        byte[] sig = signer.sign(plaintext);
        if (keys[i].getOutputPrefixType() != OutputPrefixType.RAW) {
            byte[] prefix = Arrays.copyOfRange(sig, 0, CryptoFormat.NON_RAW_PREFIX_SIZE);
            assertArrayEquals(prefix, CryptoFormat.getOutputPrefix(keys[i]));
        }
        // Verifying with the primary public key should work.
        PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[i].getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
        try {
            verifier.verify(sig, plaintext);
        } catch (GeneralSecurityException ex) {
            fail("Valid signature, should not throw exception");
        }
        // Verifying with a random public key should fail.
        EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
        verifier = PublicKeyVerifyFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey.getPublicKey(), EcdsaVerifyKeyManager.TYPE_URL, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), keys[i].getKeyId(), KeyStatusType.ENABLED, keys[i].getOutputPrefixType()))));
        try {
            verifier.verify(sig, plaintext);
            fail("Invalid signature, should have thrown exception");
        } catch (GeneralSecurityException expected) {
        // Expected
        }
    }
}