Examples with PublicKeySign com.google.crypto.tink.PublicKeySign used on opensource projects

Search in sources :

Example 6 with PublicKeySign

use of com.google.crypto.tink.PublicKeySign in project tink by google.

the class PublicKeyVerifyIntegrationTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
    Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
    Key[] keys = new Key[] { tink, legacy, raw, crunchy };
    EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
    int j = keys.length;
    for (int i = 0; i < j; i++) {
        KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
        PublicKeyVerify verifier = keysetHandle.getPrimitive(PublicKeyVerify.class);
        // Signature from any keys in the keyset should be valid.
        for (int k = 0; k < j; k++) {
            PublicKeySign signer = TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[k], new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), keys[k].getKeyId(), KeyStatusType.ENABLED, keys[k].getOutputPrefixType()))).getPrimitive(PublicKeySign.class);
            byte[] plaintext = Random.randBytes(1211);
            byte[] sig = signer.sign(plaintext);
            try {
                verifier.verify(sig, plaintext);
            } catch (GeneralSecurityException ex) {
                fail("Valid signature, should not throw exception: " + k);
            }
        }
        // Signature from a random key should be invalid.
        EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
        PublicKeySign signer = TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, keys[0].getOutputPrefixType()))).getPrimitive(PublicKeySign.class);
        byte[] plaintext = Random.randBytes(1211);
        byte[] sig = signer.sign(plaintext);
        assertThrows(GeneralSecurityException.class, () -> verifier.verify(sig, plaintext));
    }
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) PublicKeySign(com.google.crypto.tink.PublicKeySign) Test(org.junit.Test)

Example 7 with PublicKeySign

use of com.google.crypto.tink.PublicKeySign in project tink by google.

the class RsaSsaPssSignKeyManagerTest method createPrimitive.

@Test
public void createPrimitive() throws Exception {
    if (TestUtil.isTsan()) {
        // factory.createKey is too slow in Tsan.
        return;
    }
    RsaSsaPssKeyFormat format = createKeyFormat(HashType.SHA512, HashType.SHA512, 64, 4096, RSAKeyGenParameterSpec.F4);
    RsaSsaPssPrivateKey key = factory.createKey(format);
    PublicKeySign signer = manager.getPrimitive(key, PublicKeySign.class);
    KeyFactory kf = EngineFactory.KEY_FACTORY.getInstance("RSA");
    BigInteger modulus = new BigInteger(1, key.getPublicKey().getN().toByteArray());
    BigInteger exponent = new BigInteger(1, key.getPublicKey().getE().toByteArray());
    RSAPublicKey publicKey = (RSAPublicKey) kf.generatePublic(new RSAPublicKeySpec(modulus, exponent));
    RsaSsaPssParams params = key.getPublicKey().getParams();
    PublicKeyVerify verifier = new RsaSsaPssVerifyJce(publicKey, SigUtil.toHashType(params.getSigHash()), SigUtil.toHashType(params.getMgf1Hash()), params.getSaltLength());
    byte[] message = Random.randBytes(135);
    verifier.verify(signer.sign(message), message);
}
Also used : RsaSsaPssPrivateKey(com.google.crypto.tink.proto.RsaSsaPssPrivateKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) RsaSsaPssKeyFormat(com.google.crypto.tink.proto.RsaSsaPssKeyFormat) RsaSsaPssVerifyJce(com.google.crypto.tink.subtle.RsaSsaPssVerifyJce) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) BigInteger(java.math.BigInteger) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) RsaSsaPssParams(com.google.crypto.tink.proto.RsaSsaPssParams) PublicKeySign(com.google.crypto.tink.PublicKeySign) KeyFactory(java.security.KeyFactory) Test(org.junit.Test)

Example 8 with PublicKeySign

use of com.google.crypto.tink.PublicKeySign in project tink by google.

the class PublicKeyVerifyFactoryTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
    Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
    Key[] keys = new Key[] { tink, legacy, raw, crunchy };
    EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
    int j = keys.length;
    for (int i = 0; i < j; i++) {
        KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]));
        PublicKeyVerify verifier = PublicKeyVerifyFactory.getPrimitive(keysetHandle);
        // Signature from any keys in the keyset should be valid.
        for (int k = 0; k < j; k++) {
            PublicKeySign signer = PublicKeySignFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[k], new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), keys[k].getKeyId(), KeyStatusType.ENABLED, keys[k].getOutputPrefixType()))));
            byte[] plaintext = Random.randBytes(1211);
            byte[] sig = signer.sign(plaintext);
            try {
                verifier.verify(sig, plaintext);
            } catch (GeneralSecurityException ex) {
                fail("Valid signature, should not throw exception: " + k);
            }
        }
        // Signature from a random key should be invalid.
        EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
        PublicKeySign signer = PublicKeySignFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, keys[0].getOutputPrefixType()))));
        byte[] plaintext = Random.randBytes(1211);
        byte[] sig = signer.sign(plaintext);
        assertThrows(GeneralSecurityException.class, () -> verifier.verify(sig, plaintext));
    }
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) PublicKeySign(com.google.crypto.tink.PublicKeySign) Test(org.junit.Test)

Example 9 with PublicKeySign

use of com.google.crypto.tink.PublicKeySign in project tink by google.

the class PublicKeyVerifyWrapperTest method testMultipleKeys.

@Test
public void testMultipleKeys() throws Exception {
    EcdsaPrivateKey tinkPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key tink = TestUtil.createKey(TestUtil.createKeyData(tinkPrivateKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 1, KeyStatusType.ENABLED, OutputPrefixType.TINK);
    EcdsaPrivateKey legacyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P256, HashType.SHA256, EcdsaSignatureEncoding.DER);
    Key legacy = TestUtil.createKey(TestUtil.createKeyData(legacyPrivateKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 2, KeyStatusType.ENABLED, OutputPrefixType.LEGACY);
    EcdsaPrivateKey rawPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key raw = TestUtil.createKey(TestUtil.createKeyData(rawPrivateKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 3, KeyStatusType.ENABLED, OutputPrefixType.RAW);
    EcdsaPrivateKey crunchyPrivateKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P384, HashType.SHA512, EcdsaSignatureEncoding.DER);
    Key crunchy = TestUtil.createKey(TestUtil.createKeyData(crunchyPrivateKey.getPublicKey(), new EcdsaVerifyKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC), 4, KeyStatusType.ENABLED, OutputPrefixType.CRUNCHY);
    Key[] keys = new Key[] { tink, legacy, raw, crunchy };
    EcdsaPrivateKey[] privateKeys = new EcdsaPrivateKey[] { tinkPrivateKey, legacyPrivateKey, rawPrivateKey, crunchyPrivateKey };
    int j = keys.length;
    for (int i = 0; i < j; i++) {
        PrimitiveSet<PublicKeyVerify> primitives = TestUtil.createPrimitiveSet(TestUtil.createKeyset(keys[i], keys[(i + 1) % j], keys[(i + 2) % j], keys[(i + 3) % j]), PublicKeyVerify.class);
        PublicKeyVerify verifier = new PublicKeyVerifyWrapper().wrap(primitives);
        // Signature from any keys in the keyset should be valid.
        for (int k = 0; k < j; k++) {
            PublicKeySign signer = PublicKeySignFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(privateKeys[k], new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), keys[k].getKeyId(), KeyStatusType.ENABLED, keys[k].getOutputPrefixType()))));
            byte[] plaintext = Random.randBytes(1211);
            byte[] sig = signer.sign(plaintext);
            try {
                verifier.verify(sig, plaintext);
            } catch (GeneralSecurityException ex) {
                fail("Valid signature, should not throw exception: " + k);
            }
        }
        // Signature from a random key should be invalid.
        EcdsaPrivateKey randomPrivKey = TestUtil.generateEcdsaPrivKey(EllipticCurveType.NIST_P521, HashType.SHA512, EcdsaSignatureEncoding.DER);
        PublicKeySign signer = PublicKeySignFactory.getPrimitive(TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createKeyData(randomPrivKey, new EcdsaSignKeyManager().getKeyType(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE), 1, KeyStatusType.ENABLED, keys[0].getOutputPrefixType()))));
        byte[] plaintext = Random.randBytes(1211);
        byte[] sig = signer.sign(plaintext);
        assertThrows(GeneralSecurityException.class, () -> verifier.verify(sig, plaintext));
    }
}
Also used : GeneralSecurityException(java.security.GeneralSecurityException) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey) Key(com.google.crypto.tink.proto.Keyset.Key) PublicKeySign(com.google.crypto.tink.PublicKeySign) Test(org.junit.Test)

Example 10 with PublicKeySign

use of com.google.crypto.tink.PublicKeySign in project tink by google.

the class RsaSsaPkcs1VerifyKeyManagerTest method createPrimitive_anotherKey_throws.

@Test
public void createPrimitive_anotherKey_throws() throws Exception {
    if (TestUtil.isTsan()) {
        // factory.createKey is too slow in Tsan.
        return;
    }
    RsaSsaPkcs1KeyFormat keyFormat = RsaSsaPkcs1KeyFormat.newBuilder().setParams(RsaSsaPkcs1Params.newBuilder().setHashType(HashType.SHA256)).setModulusSizeInBits(3072).setPublicExponent(ByteString.copyFrom(RSAKeyGenParameterSpec.F4.toByteArray())).build();
    RsaSsaPkcs1PrivateKey privateKey = factory.createKey(keyFormat);
    // Create a different key.
    RsaSsaPkcs1PublicKey publicKey = signManager.getPublicKey(factory.createKey(keyFormat));
    PublicKeySign signer = signManager.getPrimitive(privateKey, PublicKeySign.class);
    PublicKeyVerify verifier = verifyManager.getPrimitive(publicKey, PublicKeyVerify.class);
    byte[] message = Random.randBytes(135);
    byte[] signature = signer.sign(message);
    assertThrows(GeneralSecurityException.class, () -> verifier.verify(signature, message));
}
Also used : RsaSsaPkcs1PrivateKey(com.google.crypto.tink.proto.RsaSsaPkcs1PrivateKey) RsaSsaPkcs1PublicKey(com.google.crypto.tink.proto.RsaSsaPkcs1PublicKey) PublicKeyVerify(com.google.crypto.tink.PublicKeyVerify) PublicKeySign(com.google.crypto.tink.PublicKeySign) RsaSsaPkcs1KeyFormat(com.google.crypto.tink.proto.RsaSsaPkcs1KeyFormat) Test(org.junit.Test)

Aggregations

PublicKeySign (com.google.crypto.tink.PublicKeySign)28 PublicKeyVerify (com.google.crypto.tink.PublicKeyVerify)23 Test (org.junit.Test)21 GeneralSecurityException (java.security.GeneralSecurityException)14 KeysetHandle (com.google.crypto.tink.KeysetHandle)10 EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)9 Ed25519PrivateKey (com.google.crypto.tink.proto.Ed25519PrivateKey)7 Key (com.google.crypto.tink.proto.Keyset.Key)6 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)3 RsaSsaPkcs1KeyFormat (com.google.crypto.tink.proto.RsaSsaPkcs1KeyFormat)3 RsaSsaPkcs1PrivateKey (com.google.crypto.tink.proto.RsaSsaPkcs1PrivateKey)3 RsaSsaPssKeyFormat (com.google.crypto.tink.proto.RsaSsaPssKeyFormat)3 RsaSsaPssPrivateKey (com.google.crypto.tink.proto.RsaSsaPssPrivateKey)3 Ed25519Verify (com.google.crypto.tink.subtle.Ed25519Verify)3 Ed25519PublicKey (com.google.crypto.tink.proto.Ed25519PublicKey)2 KeyData (com.google.crypto.tink.proto.KeyData)2 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)2 RsaSsaPkcs1PublicKey (com.google.crypto.tink.proto.RsaSsaPkcs1PublicKey)2 RsaSsaPssPublicKey (com.google.crypto.tink.proto.RsaSsaPssPublicKey)2 MessageLite (com.google.protobuf.MessageLite)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial