Example 61 with Keyset
use of com.google.crypto.tink.proto.Keyset in project tink by google.
the class JwtHmacKeyManagerTest method getRfc7515ExampleKeysetHandle.
private static KeysetHandle getRfc7515ExampleKeysetHandle() throws Exception {
String keyValue = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow";
JwtHmacKey key = JwtHmacKey.newBuilder().setVersion(0).setAlgorithm(JwtHmacAlgorithm.HS256).setKeyValue(ByteString.copyFrom(Base64.urlSafeDecode(keyValue))).build();
KeyData keyData = KeyData.newBuilder().setTypeUrl("type.googleapis.com/google.crypto.tink.JwtHmacKey").setValue(key.toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.SYMMETRIC).build();
Keyset.Key keySetKey = Keyset.Key.newBuilder().setKeyData(keyData).setKeyId(123).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.RAW).build();
Keyset keyset = Keyset.newBuilder().addKey(keySetKey).setPrimaryKeyId(123).build();
return CleartextKeysetHandle.fromKeyset(keyset);
}
Also used :
Keyset(com.google.crypto.tink.proto.Keyset)
JwtHmacKey(com.google.crypto.tink.proto.JwtHmacKey)
ByteString(com.google.protobuf.ByteString)
KeyData(com.google.crypto.tink.proto.KeyData)
Example 62 with Keyset
use of com.google.crypto.tink.proto.Keyset in project tink by google.
the class KeysetHandle method decrypt.
/**
* Decrypts the encrypted keyset with the {@link Aead} master key.
*/
private static Keyset decrypt(EncryptedKeyset encryptedKeyset, Aead masterKey) throws GeneralSecurityException {
try {
Keyset keyset = Keyset.parseFrom(masterKey.decrypt(encryptedKeyset.getEncryptedKeyset().toByteArray(), /* associatedData= */
new byte[0]));
// check emptiness here too, in case the encrypted keys unwrapped to nothing?
assertEnoughKeyMaterial(keyset);
return keyset;
} catch (InvalidProtocolBufferException e) {
throw new GeneralSecurityException("invalid keyset, corrupted key material");
}
}
Also used :
EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset)
Keyset(com.google.crypto.tink.proto.Keyset)
GeneralSecurityException(java.security.GeneralSecurityException)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
Example 63 with Keyset
use of com.google.crypto.tink.proto.Keyset in project tink by google.
the class TestUtil method createKeyset.
/**
* @return a keyset from a list of keys. The first key is primary.
*/
public static Keyset createKeyset(Key primary, Key... keys) throws Exception {
Keyset.Builder builder = Keyset.newBuilder();
builder.addKey(primary).setPrimaryKeyId(primary.getKeyId());
for (Key key : keys) {
builder.addKey(key);
}
return builder.build();
}
Also used :
Keyset(com.google.crypto.tink.proto.Keyset)
EcdsaPrivateKey(com.google.crypto.tink.proto.EcdsaPrivateKey)
AesSivKey(com.google.crypto.tink.proto.AesSivKey)
AesEaxKey(com.google.crypto.tink.proto.AesEaxKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
EciesAeadHkdfPublicKey(com.google.crypto.tink.proto.EciesAeadHkdfPublicKey)
EcdsaPublicKey(com.google.crypto.tink.proto.EcdsaPublicKey)
EciesAeadHkdfPrivateKey(com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey)
AesCtrHmacAeadKey(com.google.crypto.tink.proto.AesCtrHmacAeadKey)
ECPrivateKey(java.security.interfaces.ECPrivateKey)
AesCtrKey(com.google.crypto.tink.proto.AesCtrKey)
AesCtrHmacStreamingKey(com.google.crypto.tink.proto.AesCtrHmacStreamingKey)
AesGcmHkdfStreamingKey(com.google.crypto.tink.proto.AesGcmHkdfStreamingKey)
AesGcmKey(com.google.crypto.tink.proto.AesGcmKey)
HmacKey(com.google.crypto.tink.proto.HmacKey)
Key(com.google.crypto.tink.proto.Keyset.Key)
Example 64 with Keyset
use of com.google.crypto.tink.proto.Keyset in project tink by google.
the class UtilTest method testValidateKeyset.
@Test
public void testValidateKeyset() throws Exception {
String keyValue = "01234567890123456";
Keyset keyset = TestUtil.createKeyset(TestUtil.createKey(TestUtil.createHmacKeyData(keyValue.getBytes("UTF-8"), 16), -42, KeyStatusType.ENABLED, OutputPrefixType.TINK));
try {
Util.validateKeyset(keyset);
} catch (GeneralSecurityException e) {
fail("Valid keyset; should not throw Exception: " + e);
}
// Empty keyset.
try {
Util.validateKeyset(Keyset.newBuilder().build());
fail("Invalid keyset. Expect GeneralSecurityException");
} catch (GeneralSecurityException e) {
assertExceptionContains(e, "empty keyset");
}
// Multiple primary keys.
Keyset invalidKeyset = TestUtil.createKeyset(TestUtil.createKey(TestUtil.createHmacKeyData(keyValue.getBytes("UTF-8"), 16), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK), TestUtil.createKey(TestUtil.createHmacKeyData(keyValue.getBytes("UTF-8"), 16), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK));
try {
Util.validateKeyset(invalidKeyset);
fail("Invalid keyset. Expect GeneralSecurityException");
} catch (GeneralSecurityException e) {
assertExceptionContains(e, "keyset contains multiple primary keys");
}
// Primary key is disabled.
invalidKeyset = TestUtil.createKeyset(TestUtil.createKey(TestUtil.createHmacKeyData(keyValue.getBytes("UTF-8"), 16), 42, KeyStatusType.DISABLED, OutputPrefixType.TINK));
try {
Util.validateKeyset(invalidKeyset);
fail("Invalid keyset. Expect GeneralSecurityException");
} catch (GeneralSecurityException e) {
assertExceptionContains(e, "keyset doesn't contain a valid primary key");
}
// No primary key.
invalidKeyset = Keyset.newBuilder().addKey(Keyset.Key.newBuilder().setKeyData(TestUtil.createHmacKeyData(keyValue.getBytes("UTF-8"), 16)).setKeyId(1).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.TINK).build()).build();
try {
Util.validateKeyset(invalidKeyset);
fail("Invalid keyset. Expect GeneralSecurityException");
} catch (GeneralSecurityException e) {
assertExceptionContains(e, "keyset doesn't contain a valid primary key");
}
// No primary key, but contains only public key material.
Keyset validKeyset = Keyset.newBuilder().addKey(Keyset.Key.newBuilder().setKeyData(TestUtil.createKeyData(KeyData.newBuilder().build(), "typeUrl", KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC)).setKeyId(1).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.TINK).build()).build();
try {
Util.validateKeyset(validKeyset);
} catch (GeneralSecurityException e) {
fail("Valid keyset, should not fail: " + e);
}
}
Also used :
Keyset(com.google.crypto.tink.proto.Keyset)
GeneralSecurityException(java.security.GeneralSecurityException)
Test(org.junit.Test)
Example 65 with Keyset
use of com.google.crypto.tink.proto.Keyset in project tink by google.
the class KeysetHandleTest method testToString.
/**
* Tests that toString doesn't contain key material.
*/
@Test
public void testToString() throws Exception {
String keyValue = "01234567890123456";
Keyset keyset = TestUtil.createKeyset(TestUtil.createKey(TestUtil.createHmacKeyData(keyValue.getBytes("UTF-8"), 16), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK));
KeysetHandle handle = KeysetHandle.fromKeyset(keyset);
assertEquals(keyset, handle.getKeyset());
String keysetInfo = handle.toString();
assertFalse(keysetInfo.contains(keyValue));
assertTrue(handle.getKeyset().toString().contains(keyValue));
}Aggregations
Keyset (com.google.crypto.tink.proto.Keyset)108
Test (org.junit.Test)81
GeneralSecurityException (java.security.GeneralSecurityException)22
CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)17
KeysetHandle (com.google.crypto.tink.KeysetHandle)17
KeyData (com.google.crypto.tink.proto.KeyData)17
KeyTemplate (com.google.crypto.tink.KeyTemplate)12
EncryptedKeyset (com.google.crypto.tink.proto.EncryptedKeyset)12
ByteArrayOutputStream (java.io.ByteArrayOutputStream)11
ByteString (com.google.protobuf.ByteString)10
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)10
Key (com.google.crypto.tink.proto.Keyset.Key)9
JsonObject (com.google.gson.JsonObject)9
AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)8
KeysetReader (com.google.crypto.tink.KeysetReader)7
IOException (java.io.IOException)7
AesEaxKey (com.google.crypto.tink.proto.AesEaxKey)6
AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)6
Enums (com.google.crypto.tink.subtle.Enums)6
KeyHandle (com.google.crypto.tink.tinkkey.KeyHandle)6
