Search in sources :

Example 1 with KMIPGCMSpec

use of com.ingrian.internal.kmip.api.crypto.KMIPGCMSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPEncryptAndDecrypt method main.

public static void main(String[] args) {
    if (args.length < 6) {
        checkUsage();
    }
    String certAlias = args[0];
    String certPassword = args[1];
    String keyName = args[2];
    int tagLength = Integer.parseInt(args[3]);
    /**
     * Note: For AES-GCM algorithm, same combination of nonce (IV) and key must not be reused
     * during encryption/decryption operations.
     */
    String iv = args[4];
    String data = args[5];
    KMIPSession session = null;
    try {
        // opening a valid kmip session
        session = KMIPSession.getSession(new NAEClientCertificate(certAlias, certPassword.toCharArray()));
        // taking instance for GCM. Check KMIPCipher Javadoc for rest of algorithm
        KMIPCipher cipher = KMIPCipher.getInstance("AES/GCM/NoPadding");
        // creating a spec for GCM. Check KMIPGCMSpec Javadoc for valid values
        KMIPGCMSpec spec = new KMIPGCMSpec(tagLength, iv.getBytes());
        // initializing kmip cipher with the given key name, spec and session
        // in encrypt mode. Can pass UID in place of keyname. Check other
        // overloaded methods.
        cipher.init(KMIPCipher.ENCRYPT_MODE, keyName, spec, session);
        // Perform cipher operation and return the result in KMIPCryptoResult
        // object. This object also consist of IV in case iv is not passed
        // in other algos.
        KMIPCryptoResult result = cipher.doFinal(data.getBytes());
        // encrypted result in hex
        System.out.println(IngrianProvider.byteArray2Hex(result.getData()));
        // taking GCM cipher instance for decryption. Check KMIPCipher Javadoc
        // for rest of algorithm
        KMIPCipher deCipher = KMIPCipher.getInstance("AES/GCM/NoPadding");
        // initializing kmip cipher with the given key name, spec and session
        // in decrypt mode. Can pass UID in place of keyname in other
        // overloaded methods.
        deCipher.init(KMIPCipher.DECRYPT_MODE, keyName, spec, session);
        // returns decrypted result
        KMIPCryptoResult decResult = deCipher.doFinal(result.getData());
        // printing decryption result.
        System.out.println(new String(decResult.getData()));
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        session.closeSession();
    }
}
Also used : KMIPCryptoResult(com.ingrian.internal.kmip.api.crypto.KMIPCryptoResult) KMIPCipher(com.ingrian.internal.kmip.api.crypto.KMIPCipher) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) KMIPSession(com.ingrian.security.nae.KMIPSession) KMIPGCMSpec(com.ingrian.internal.kmip.api.crypto.KMIPGCMSpec)

Aggregations

KMIPCipher (com.ingrian.internal.kmip.api.crypto.KMIPCipher)1 KMIPCryptoResult (com.ingrian.internal.kmip.api.crypto.KMIPCryptoResult)1 KMIPGCMSpec (com.ingrian.internal.kmip.api.crypto.KMIPGCMSpec)1 KMIPSession (com.ingrian.security.nae.KMIPSession)1 NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)1