Example 1 with EncryptedKeyset
use of com.google.crypto.tink.proto.EncryptedKeyset in project tink by google.
the class KeysetHandle method read.
/**
* Tries to create a {@link KeysetHandle} from an encrypted keyset obtained via {@code reader}.
*
* <p>Users that need to load cleartext keysets can use {@link CleartextKeysetHandle}.
*
* @return a new {@link KeysetHandle} from {@code encryptedKeysetProto} that was encrypted with
* {@code masterKey}
* @throws GeneralSecurityException if cannot decrypt the keyset or it doesn't contain encrypted
* key material
*/
public static final KeysetHandle read(KeysetReader reader, Aead masterKey) throws GeneralSecurityException, IOException {
EncryptedKeyset encryptedKeyset = reader.readEncrypted();
assertEnoughEncryptedKeyMaterial(encryptedKeyset);
return new KeysetHandle(decrypt(encryptedKeyset, masterKey));
}
Also used :
EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset)
Example 2 with EncryptedKeyset
use of com.google.crypto.tink.proto.EncryptedKeyset in project tink by google.
the class KeysetHandle method write.
/**
* Serializes, encrypts with {@code masterKey} and writes the keyset to {@code outputStream}.
*/
public void write(KeysetWriter keysetWriter, Aead masterKey) throws GeneralSecurityException, IOException {
EncryptedKeyset encryptedKeyset = encrypt(keyset, masterKey);
keysetWriter.write(encryptedKeyset);
return;
}
Also used :
EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset)
Example 3 with EncryptedKeyset
use of com.google.crypto.tink.proto.EncryptedKeyset in project tink by google.
the class KeysetHandle method decrypt.
/**
* Decrypts the encrypted keyset with the {@link Aead} master key.
*/
private static Keyset decrypt(EncryptedKeyset encryptedKeyset, Aead masterKey, byte[] associatedData) throws GeneralSecurityException {
try {
Keyset keyset = Keyset.parseFrom(masterKey.decrypt(encryptedKeyset.getEncryptedKeyset().toByteArray(), associatedData), ExtensionRegistryLite.getEmptyRegistry());
// check emptiness here too, in case the encrypted keys unwrapped to nothing?
assertEnoughKeyMaterial(keyset);
return keyset;
} catch (@SuppressWarnings("UnusedException") InvalidProtocolBufferException e) {
// Do not propagate InvalidProtocolBufferException to guarantee no key material is leaked
throw new GeneralSecurityException("invalid keyset, corrupted key material");
}
}
Also used :
EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset)
Keyset(com.google.crypto.tink.proto.Keyset)
GeneralSecurityException(java.security.GeneralSecurityException)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
Example 4 with EncryptedKeyset
use of com.google.crypto.tink.proto.EncryptedKeyset in project tink by google.
the class KeysetHandle method writeWithAssociatedData.
/**
* Serializes, encrypts with {@code masterKey} and writes the keyset to {@code outputStream} using
* the provided associated data.
*/
public void writeWithAssociatedData(KeysetWriter keysetWriter, Aead masterKey, byte[] associatedData) throws GeneralSecurityException, IOException {
EncryptedKeyset encryptedKeyset = encrypt(keyset, masterKey, associatedData);
keysetWriter.write(encryptedKeyset);
return;
}
Also used :
EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset)
Example 5 with EncryptedKeyset
use of com.google.crypto.tink.proto.EncryptedKeyset in project tink by google.
the class AddKeyCommandTest method testAddEncrypted_shouldAddNewKey.
@Test
public void testAddEncrypted_shouldAddNewKey() throws Exception {
// This test requires KMS/internet access and thus cannot run on RBE.
assumeFalse(TestUtil.isRemoteBuildExecution());
// Create an input stream containing an encrypted keyset.
String masterKeyUri = TestUtil.RESTRICTED_CRYPTO_KEY_URI;
String credentialPath = TestUtil.SERVICE_ACCOUNT_FILE;
InputStream inputStream = TinkeyUtil.createKeyset(existingTemplate, INPUT_FORMAT, masterKeyUri, credentialPath);
EncryptedKeyset encryptedKeyset = addNewKeyToKeyset(OUTPUT_FORMAT, inputStream, INPUT_FORMAT, masterKeyUri, credentialPath, newTemplate).readEncrypted();
KeysetInfo keysetInfo = encryptedKeyset.getKeysetInfo();
assertThat(keysetInfo.getKeyInfoCount()).isEqualTo(2);
assertThat(keysetInfo.getPrimaryKeyId()).isEqualTo(keysetInfo.getKeyInfo(0).getKeyId());
TestUtil.assertKeyInfo(existingTemplate, keysetInfo.getKeyInfo(0));
TestUtil.assertKeyInfo(newTemplate, keysetInfo.getKeyInfo(0));
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset)
KeysetInfo(com.google.crypto.tink.proto.KeysetInfo)
Test(org.junit.Test)
Aggregations
EncryptedKeyset (com.google.crypto.tink.proto.EncryptedKeyset)9
KeysetInfo (com.google.crypto.tink.proto.KeysetInfo)3
ByteArrayInputStream (java.io.ByteArrayInputStream)3
Keyset (com.google.crypto.tink.proto.Keyset)2
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2
InputStream (java.io.InputStream)2
GeneralSecurityException (java.security.GeneralSecurityException)2
Test (org.junit.Test)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
