use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPLocateSample method main.
public static void main(String[] args) throws Exception {
if (args.length < 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// This set holds the managed object unique identifiers (UIDs)
Set<String> managedObjectIdentifiers;
// Locate keys with crypto algorithm = aes and crypto length = 256
KMIPAttributes queryAttributes = new KMIPAttributes();
/*
* IMPORTANT-In case of locate by name it is compulsory to pass argument for keyName as below
* [-Name locateKeyName] where locateKeyName will be value of userInput.
* */
if (args.length > 3) {
if (args[2] != null && "-Name".equals(args[2])) {
queryAttributes.add(new Attribute(KMIPAttribute.Name, args[3]));
}
}
// Have the session locate the keys matching the queryAttributes:
managedObjectIdentifiers = session.locate(queryAttributes);
// loop through the UIDs of the matching managed objects
System.out.println("Total Keys: " + managedObjectIdentifiers.size());
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
byte[] keyMaterial = null;
Object managedObject = session.getManagedObject(uid);
// not a key
if (managedObject == null)
continue;
if (managedObject instanceof NAEPublicKey) {
System.out.println(((NAEPublicKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof NAEPrivateKey) {
System.out.println(((NAEPrivateKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof NAESecretKey) {
System.out.println(((NAESecretKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
keyMaterial = ((KMIPSecretData) managedObject).export();
} else if (managedObject instanceof NAECertificate) {
System.out.println(((NAECertificate) managedObject).getName());
keyMaterial = ((NAECertificate) managedObject).certificateExport();
}
System.out.println("Key Material = " + TTLVUtil.toHexString(keyMaterial));
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPKeyPairSample method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String privateKeyName = args[2];
String publicKeyName = args[3];
KMIPSession session = null;
try {
// generate the public/private key pairs with client-side provider
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
System.out.println("Provider: " + keyGen.getProvider().getName());
keyGen.initialize(length);
KeyPair generatedKeyPair = keyGen.generateKeyPair();
// get the key material
PrivateKey priv = generatedKeyPair.getPrivate();
PublicKey pub = generatedKeyPair.getPublic();
byte[] privKeyMaterial = priv.getEncoded();
byte[] pubKeyMaterial = pub.getEncoded();
// Register keys on the Key Manager
// create NAE Session using a client certificate
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create a spec for the public key
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Verify.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(publicKeyName, length, (KMIPAttributes) initialAttributes, session);
// create a public key - note: names must match
NAEPublicKey naePub = NAEKey.getPublicKey(publicKeyName, session);
// register the key
String pubUID = naePub.registerKey(pubKeyMaterial, algorithm, keyFormat, spec);
// print the Key Manager unique identifier for the key
System.out.println("Created public key: " + pubUID);
// do the same for the private key
initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Sign.getValue()));
spec = new NAEParameterSpec(privateKeyName, length, (KMIPAttributes) initialAttributes, session);
NAEPrivateKey naePriv = NAEKey.getPrivateKey(privateKeyName, session);
// remove PKCS#8 header from the key material
byte[] truncatedKeyMaterial = new byte[privKeyMaterial.length - 26];
System.arraycopy(privKeyMaterial, 26, truncatedKeyMaterial, 0, privKeyMaterial.length - 26);
String privUID = naePriv.registerKey(truncatedKeyMaterial, algorithm, keyFormat, spec);
System.out.println("Created private key: " + privUID);
// Set the link attribute for the keys on the Key Manager
naePriv.link(naePub);
naePub.link(naePriv);
System.out.println("Linked keys");
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPModifySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
KMIPSession session = null;
try {
// create a KMIPSession: pass in NAE client X.509 key and keyStore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key KMIPAttribute object with a list of attributes to match
Set<String> managedObjectIdentifiers;
KMIPAttributes locateAttributes = new KMIPAttributes();
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.Name);
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching criteria.");
System.out.println("\n\nKeys with attributes rsa, 2048 and object group");
for (String uid : managedObjectIdentifiers) {
System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
Object managedObject = session.getManagedObject(uid);
// not a key
if (managedObject == null)
continue;
if ((managedObject instanceof NAEPublicKey) || (managedObject instanceof NAEPrivateKey) || (managedObject instanceof NAESecretKey)) {
NAEKey key;
if (managedObject instanceof NAEPublicKey)
key = (NAEPublicKey) managedObject;
else if (managedObject instanceof NAEPrivateKey)
key = (NAEPrivateKey) managedObject;
else
key = (NAESecretKey) managedObject;
System.out.println("\tName: \t" + key.getName());
// Retrieve a KMIP attribute - in this case, Name.
KMIPAttributes returnedAttributes = key.getKMIPAttributes(getAttributes);
KMIPNameAttribute name = returnedAttributes.getNameAttribute();
System.out.println("Name attribute: " + name.getNameValue().getNameValue());
// Modify the Application Specific Information for this key - if it has any
KMIPAttributes modAttributes = new KMIPAttributes();
String ts = timestamp();
modAttributes.add(new KMIPApplicationSpecificInformation("namespace-" + ts, ts), 0);
try {
// throws NAE error if the key does not already have attribute being modified
key.modifyKMIPAttributes(modAttributes);
} catch (NAEException nae) {
if (!nae.getMessage().contains("Object does not have the specified attribute"))
throw nae;
}
} else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class HKDFSecretKeySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 7) {
System.err.println("Usage: java HKDFSecretKeySample user password masterKeyName aesKeyName_1 aesKeyName_2 hmacKeyName_1 hmacKeyName_2 ");
System.exit(-1);
/*
* Usage description:
* masterKeyName: Master key to create the AES and Hmac keys.
* aesKeyName_1 and aesKeyName_2: AES key names to be created. These are used to determine that their key data is same
* using Encryption/Decryption operation.
* hmacKeyName_1 and hmacKeyName_2: Hmac key names to be created. These are used to determine that their key data is same
* using MAC/MACVerify operation.
*
*/
}
String username = args[0];
String password = args[1];
String masterKeyName = args[2];
String aesKeyName_1 = args[3];
String aesKeyName_2 = args[4];
String hmacKeyName_1 = args[5];
String hmacKeyName_2 = args[6];
// Add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
NAESession session = null;
try {
// Creates NAE Session: pass in NAE user name and password
session = NAESession.getSession(username, password.toCharArray());
byte[] salt = "010203".getBytes();
byte[] info = "010203".getBytes();
int size = 256;
// Creates HKDFParameterSpec for AES key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec aesSpec = new HKDFParameterSpec(aesKeyName_1, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
// Initializes key generator with parameter spec to generate the AES key
kg.init(aesSpec);
// Creates AES Key on Key Manager
NAEKey nae_key_aes_1 = (NAEKey) kg.generateKey();
System.out.println("AES Key: " + aesKeyName_1 + " generated Successfully");
// Creates HKDFParameterSpec for AES key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec aesSpec_2 = new HKDFParameterSpec(aesKeyName_2, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
// Initializes key generator with parameter spec to generate the AES key
kg.init(aesSpec_2);
// Creates AES Key on Key Manager
NAEKey nae_key_aes_2 = (NAEKey) kg.generateKey();
System.out.println("AES Key: " + aesKeyName_2 + " generated Successfully");
// Below code illustrates that two keys created using HKDF have same key data using Encryption/Decryption operation
String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
// Note: HKDF generates same key data on Key Manager but they have different default IV
// That is why we are passing the external iv when using AES in CBC mode
byte[] iv = "1234567812345678".getBytes();
IvParameterSpec ivSpec = new IvParameterSpec(iv);
// Get a cipher
Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// Initialize cipher to encrypt
encryptCipher.init(Cipher.ENCRYPT_MODE, nae_key_aes_1, ivSpec);
// Encrypt data
byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
// Get a cipher for decryption
Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// To decrypt data, initialize cipher to decrypt
decryptCipher.init(Cipher.DECRYPT_MODE, nae_key_aes_2, ivSpec);
// Decrypt data
byte[] newbuf = decryptCipher.doFinal(outbuf);
if (dataToEncrypt.equals(new String(newbuf))) {
System.out.println("AES keys generated have same key data.");
} else {
System.out.println("AES keys generated doesn't have same key data, Hence deleting both keys from Key Manager.");
nae_key_aes_1.delete();
nae_key_aes_2.delete();
}
// Below code illustrates that two keys created using HKDF have same key data using MAC/MACVerify operation
// Creates HKDFParameterSpec for HmacSHA256 key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec hamcSpec_1 = new HKDFParameterSpec(hmacKeyName_1, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
KeyGenerator kg1 = KeyGenerator.getInstance("HmacSHA256", "IngrianProvider");
// Initializes key generator with parameter spec to generate the HmacSHA256 key
kg1.init(hamcSpec_1);
// Creates HmacSHA256 key on Key Manager
NAEKey nae_key_hmac_1 = (NAEKey) kg1.generateKey();
System.out.println("Hmac Key: " + hmacKeyName_1 + " generated Successfully");
// Creates HKDFParameterSpec for HmacSHA256 key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec hamcSpec_2 = new HKDFParameterSpec(hmacKeyName_2, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
// Initializes key generator with parameter spec to generate the HmacSHA256 key
kg1.init(hamcSpec_2);
// To illustrate two key bytes generated by HKDF are same
// Creates HmacSHA256 key on Key Manager
NAEKey nae_key_hmac_2 = (NAEKey) kg1.generateKey();
System.out.println("Hmac Key: " + hmacKeyName_2 + " generated Successfully");
// Creates MAC instance to get the message authentication code using first key
Mac mac = Mac.getInstance("HmacSHA256", "IngrianProvider");
mac.init(nae_key_hmac_1);
byte[] macValue = mac.doFinal(dataToMac.getBytes());
// Creates MAC instance to verify the message authentication code using second key
Mac macV = Mac.getInstance("HmacSHA256Verify", "IngrianProvider");
macV.init(nae_key_hmac_2, new MACValue(macValue));
byte[] result = macV.doFinal(dataToMac.getBytes());
// Check verification result
if (result.length != 1 || result[0] != 1) {
System.out.println("HMAC256 keys generated doesn't have same key data, Hence deleting both keys from Key Manager.");
nae_key_hmac_1.delete();
nae_key_hmac_2.delete();
} else {
System.out.println("HMAC256 Keys generated have same key data.");
}
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class RSAKeySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.err.println("Usage: java RSAKeySample user password keyname group");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
String group = args[3];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
NAESession session = null;
try {
// create NAE Session: pass in Key Manager user name and password
session = NAESession.getSession(username, password.toCharArray());
// Configure the key permissions to be granted to NAE group.
NAEPermission permission = new NAEPermission(group);
// add permission to sign
permission.setSign(true);
// add permission to verify signature
permission.setSignV(true);
NAEPermission[] permissions = { permission };
// create key pair which is exportable and deletable
// key owner is Key Manager user, default key length 1024 bits and
// permissions granted to sign and verify
NAEParameterSpec rsaParamSpec = new NAEParameterSpec(keyName, true, true, session, permissions);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "IngrianProvider");
kpg.initialize(rsaParamSpec);
KeyPair pair = kpg.generateKeyPair();
// Get public key data from Key Manager
NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
byte[] pubKeyData = pubKey.export();
System.out.println("Exported public key: " + pubKey.getName());
// Export private key data (contains both public and private key data)
NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
byte[] privKeyData = privKey.export();
// Delete the key pair from Key Manager
pubKey.delete();
// Import the key pair back to the Key Manager
// key pair name is keyName+"Dup", keys are exportable and not deletable
NAEParameterSpec spec_dup = new NAEParameterSpec(keyName + "Dup", true, false, session);
// private key contains both public and private key data
privKey.importKey(privKeyData, "RSA", spec_dup);
System.out.println("Imported key data; Duplicate Key pair " + privKey.getName() + " is created on NAE Server.");
// Export private key data in PKCS#8 format and create JCE key
NAEPrivateKey prKey = NAEKey.getPrivateKey(keyName + "Dup", session);
PrivateKey jcePrivateKey = prKey.exportJCEKey();
// Export public key data in PKCS#5 format and create JCE key
NAEPublicKey publKey = NAEKey.getPublicKey(keyName + "Dup", session);
PublicKey jcePublicKey = publKey.exportJCEKey();
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
Aggregations