Example 16 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPLocateSample method main.
public static void main(String[] args) throws Exception {
if (args.length < 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// This set holds the managed object unique identifiers (UIDs)
Set<String> managedObjectIdentifiers;
// Locate keys with crypto algorithm = aes and crypto length = 256
KMIPAttributes queryAttributes = new KMIPAttributes();
/*
* IMPORTANT-In case of locate by name it is compulsory to pass argument for keyName as below
* [-Name locateKeyName] where locateKeyName will be value of userInput.
* */
if (args.length > 3) {
if (args[2] != null && "-Name".equals(args[2])) {
queryAttributes.add(new Attribute(KMIPAttribute.Name, args[3]));
}
}
// Have the session locate the keys matching the queryAttributes:
managedObjectIdentifiers = session.locate(queryAttributes);
// loop through the UIDs of the matching managed objects
System.out.println("Total Keys: " + managedObjectIdentifiers.size());
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
byte[] keyMaterial = null;
Object managedObject = session.getManagedObject(uid);
// not a key
if (managedObject == null)
continue;
if (managedObject instanceof NAEPublicKey) {
System.out.println(((NAEPublicKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof NAEPrivateKey) {
System.out.println(((NAEPrivateKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof NAESecretKey) {
System.out.println(((NAESecretKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
keyMaterial = ((KMIPSecretData) managedObject).export();
} else if (managedObject instanceof NAECertificate) {
System.out.println(((NAECertificate) managedObject).getName());
keyMaterial = ((NAECertificate) managedObject).certificateExport();
}
System.out.println("Key Material = " + TTLVUtil.toHexString(keyMaterial));
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEKey(com.ingrian.security.nae.NAEKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
Attribute(com.ingrian.internal.kmip.api.Attribute)
KMIPAttribute(com.ingrian.security.nae.KMIPAttributeNames.KMIPAttribute)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
NAECertificate(com.ingrian.security.nae.NAECertificate)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 17 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPKeyPairSample method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String privateKeyName = args[2];
String publicKeyName = args[3];
KMIPSession session = null;
try {
// generate the public/private key pairs with client-side provider
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
System.out.println("Provider: " + keyGen.getProvider().getName());
keyGen.initialize(length);
KeyPair generatedKeyPair = keyGen.generateKeyPair();
// get the key material
PrivateKey priv = generatedKeyPair.getPrivate();
PublicKey pub = generatedKeyPair.getPublic();
byte[] privKeyMaterial = priv.getEncoded();
byte[] pubKeyMaterial = pub.getEncoded();
// Register keys on the Key Manager
// create NAE Session using a client certificate
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create a spec for the public key
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Verify.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(publicKeyName, length, (KMIPAttributes) initialAttributes, session);
// create a public key - note: names must match
NAEPublicKey naePub = NAEKey.getPublicKey(publicKeyName, session);
// register the key
String pubUID = naePub.registerKey(pubKeyMaterial, algorithm, keyFormat, spec);
// print the Key Manager unique identifier for the key
System.out.println("Created public key: " + pubUID);
// do the same for the private key
initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Sign.getValue()));
spec = new NAEParameterSpec(privateKeyName, length, (KMIPAttributes) initialAttributes, session);
NAEPrivateKey naePriv = NAEKey.getPrivateKey(privateKeyName, session);
// remove PKCS#8 header from the key material
byte[] truncatedKeyMaterial = new byte[privKeyMaterial.length - 26];
System.arraycopy(privKeyMaterial, 26, truncatedKeyMaterial, 0, privKeyMaterial.length - 26);
String privUID = naePriv.registerKey(truncatedKeyMaterial, algorithm, keyFormat, spec);
System.out.println("Created private key: " + privUID);
// Set the link attribute for the keys on the Key Manager
naePriv.link(naePub);
naePub.link(naePriv);
System.out.println("Linked keys");
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KeyPair(java.security.KeyPair)
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
PrivateKey(java.security.PrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
PublicKey(java.security.PublicKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KeyPairGenerator(java.security.KeyPairGenerator)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 18 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPModifySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
KMIPSession session = null;
try {
// create a KMIPSession: pass in NAE client X.509 key and keyStore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key KMIPAttribute object with a list of attributes to match
Set<String> managedObjectIdentifiers;
KMIPAttributes locateAttributes = new KMIPAttributes();
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.Name);
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching criteria.");
System.out.println("\n\nKeys with attributes rsa, 2048 and object group");
for (String uid : managedObjectIdentifiers) {
System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
Object managedObject = session.getManagedObject(uid);
// not a key
if (managedObject == null)
continue;
if ((managedObject instanceof NAEPublicKey) || (managedObject instanceof NAEPrivateKey) || (managedObject instanceof NAESecretKey)) {
NAEKey key;
if (managedObject instanceof NAEPublicKey)
key = (NAEPublicKey) managedObject;
else if (managedObject instanceof NAEPrivateKey)
key = (NAEPrivateKey) managedObject;
else
key = (NAESecretKey) managedObject;
System.out.println("\tName: \t" + key.getName());
// Retrieve a KMIP attribute - in this case, Name.
KMIPAttributes returnedAttributes = key.getKMIPAttributes(getAttributes);
KMIPNameAttribute name = returnedAttributes.getNameAttribute();
System.out.println("Name attribute: " + name.getNameValue().getNameValue());
// Modify the Application Specific Information for this key - if it has any
KMIPAttributes modAttributes = new KMIPAttributes();
String ts = timestamp();
modAttributes.add(new KMIPApplicationSpecificInformation("namespace-" + ts, ts), 0);
try {
// throws NAE error if the key does not already have attribute being modified
key.modifyKMIPAttributes(modAttributes);
} catch (NAEException nae) {
if (!nae.getMessage().contains("Object does not have the specified attribute"))
throw nae;
}
} else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEException(com.ingrian.security.nae.NAEException)
NAEKey(com.ingrian.security.nae.NAEKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
NAEException(com.ingrian.security.nae.NAEException)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
KMIPApplicationSpecificInformation(com.ingrian.security.nae.KMIPApplicationSpecificInformation)
KMIPNameAttribute(com.ingrian.security.nae.KMIPNameAttribute)
Example 19 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class HKDFSecretKeySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 7) {
System.err.println("Usage: java HKDFSecretKeySample user password masterKeyName aesKeyName_1 aesKeyName_2 hmacKeyName_1 hmacKeyName_2 ");
System.exit(-1);
/*
* Usage description:
* masterKeyName: Master key to create the AES and Hmac keys.
* aesKeyName_1 and aesKeyName_2: AES key names to be created. These are used to determine that their key data is same
* using Encryption/Decryption operation.
* hmacKeyName_1 and hmacKeyName_2: Hmac key names to be created. These are used to determine that their key data is same
* using MAC/MACVerify operation.
*
*/
}
String username = args[0];
String password = args[1];
String masterKeyName = args[2];
String aesKeyName_1 = args[3];
String aesKeyName_2 = args[4];
String hmacKeyName_1 = args[5];
String hmacKeyName_2 = args[6];
// Add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
NAESession session = null;
try {
// Creates NAE Session: pass in NAE user name and password
session = NAESession.getSession(username, password.toCharArray());
byte[] salt = "010203".getBytes();
byte[] info = "010203".getBytes();
int size = 256;
// Creates HKDFParameterSpec for AES key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec aesSpec = new HKDFParameterSpec(aesKeyName_1, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
// Initializes key generator with parameter spec to generate the AES key
kg.init(aesSpec);
// Creates AES Key on Key Manager
NAEKey nae_key_aes_1 = (NAEKey) kg.generateKey();
System.out.println("AES Key: " + aesKeyName_1 + " generated Successfully");
// Creates HKDFParameterSpec for AES key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec aesSpec_2 = new HKDFParameterSpec(aesKeyName_2, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
// Initializes key generator with parameter spec to generate the AES key
kg.init(aesSpec_2);
// Creates AES Key on Key Manager
NAEKey nae_key_aes_2 = (NAEKey) kg.generateKey();
System.out.println("AES Key: " + aesKeyName_2 + " generated Successfully");
// Below code illustrates that two keys created using HKDF have same key data using Encryption/Decryption operation
String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
// Note: HKDF generates same key data on Key Manager but they have different default IV
// That is why we are passing the external iv when using AES in CBC mode
byte[] iv = "1234567812345678".getBytes();
IvParameterSpec ivSpec = new IvParameterSpec(iv);
// Get a cipher
Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// Initialize cipher to encrypt
encryptCipher.init(Cipher.ENCRYPT_MODE, nae_key_aes_1, ivSpec);
// Encrypt data
byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
// Get a cipher for decryption
Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// To decrypt data, initialize cipher to decrypt
decryptCipher.init(Cipher.DECRYPT_MODE, nae_key_aes_2, ivSpec);
// Decrypt data
byte[] newbuf = decryptCipher.doFinal(outbuf);
if (dataToEncrypt.equals(new String(newbuf))) {
System.out.println("AES keys generated have same key data.");
} else {
System.out.println("AES keys generated doesn't have same key data, Hence deleting both keys from Key Manager.");
nae_key_aes_1.delete();
nae_key_aes_2.delete();
}
// Below code illustrates that two keys created using HKDF have same key data using MAC/MACVerify operation
// Creates HKDFParameterSpec for HmacSHA256 key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec hamcSpec_1 = new HKDFParameterSpec(hmacKeyName_1, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
KeyGenerator kg1 = KeyGenerator.getInstance("HmacSHA256", "IngrianProvider");
// Initializes key generator with parameter spec to generate the HmacSHA256 key
kg1.init(hamcSpec_1);
// Creates HmacSHA256 key on Key Manager
NAEKey nae_key_hmac_1 = (NAEKey) kg1.generateKey();
System.out.println("Hmac Key: " + hmacKeyName_1 + " generated Successfully");
// Creates HKDFParameterSpec for HmacSHA256 key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec hamcSpec_2 = new HKDFParameterSpec(hmacKeyName_2, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
// Initializes key generator with parameter spec to generate the HmacSHA256 key
kg1.init(hamcSpec_2);
// To illustrate two key bytes generated by HKDF are same
// Creates HmacSHA256 key on Key Manager
NAEKey nae_key_hmac_2 = (NAEKey) kg1.generateKey();
System.out.println("Hmac Key: " + hmacKeyName_2 + " generated Successfully");
// Creates MAC instance to get the message authentication code using first key
Mac mac = Mac.getInstance("HmacSHA256", "IngrianProvider");
mac.init(nae_key_hmac_1);
byte[] macValue = mac.doFinal(dataToMac.getBytes());
// Creates MAC instance to verify the message authentication code using second key
Mac macV = Mac.getInstance("HmacSHA256Verify", "IngrianProvider");
macV.init(nae_key_hmac_2, new MACValue(macValue));
byte[] result = macV.doFinal(dataToMac.getBytes());
// Check verification result
if (result.length != 1 || result[0] != 1) {
System.out.println("HMAC256 keys generated doesn't have same key data, Hence deleting both keys from Key Manager.");
nae_key_hmac_1.delete();
nae_key_hmac_2.delete();
} else {
System.out.println("HMAC256 Keys generated have same key data.");
}
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
Also used :
NAEKey(com.ingrian.security.nae.NAEKey)
HKDFParameterSpec(com.ingrian.security.nae.HKDFParameterSpec)
Mac(javax.crypto.Mac)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
MACValue(com.ingrian.security.nae.MACValue)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
KeyGenerator(javax.crypto.KeyGenerator)
NAESession(com.ingrian.security.nae.NAESession)
Example 20 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class RSAKeySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.err.println("Usage: java RSAKeySample user password keyname group");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
String group = args[3];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
NAESession session = null;
try {
// create NAE Session: pass in Key Manager user name and password
session = NAESession.getSession(username, password.toCharArray());
// Configure the key permissions to be granted to NAE group.
NAEPermission permission = new NAEPermission(group);
// add permission to sign
permission.setSign(true);
// add permission to verify signature
permission.setSignV(true);
NAEPermission[] permissions = { permission };
// create key pair which is exportable and deletable
// key owner is Key Manager user, default key length 1024 bits and
// permissions granted to sign and verify
NAEParameterSpec rsaParamSpec = new NAEParameterSpec(keyName, true, true, session, permissions);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "IngrianProvider");
kpg.initialize(rsaParamSpec);
KeyPair pair = kpg.generateKeyPair();
// Get public key data from Key Manager
NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
byte[] pubKeyData = pubKey.export();
System.out.println("Exported public key: " + pubKey.getName());
// Export private key data (contains both public and private key data)
NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
byte[] privKeyData = privKey.export();
// Delete the key pair from Key Manager
pubKey.delete();
// Import the key pair back to the Key Manager
// key pair name is keyName+"Dup", keys are exportable and not deletable
NAEParameterSpec spec_dup = new NAEParameterSpec(keyName + "Dup", true, false, session);
// private key contains both public and private key data
privKey.importKey(privKeyData, "RSA", spec_dup);
System.out.println("Imported key data; Duplicate Key pair " + privKey.getName() + " is created on NAE Server.");
// Export private key data in PKCS#8 format and create JCE key
NAEPrivateKey prKey = NAEKey.getPrivateKey(keyName + "Dup", session);
PrivateKey jcePrivateKey = prKey.exportJCEKey();
// Export public key data in PKCS#5 format and create JCE key
NAEPublicKey publKey = NAEKey.getPublicKey(keyName + "Dup", session);
PublicKey jcePublicKey = publKey.exportJCEKey();
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
KeyPair(java.security.KeyPair)
NAEPermission(com.ingrian.security.nae.NAEPermission)
PrivateKey(java.security.PrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
PublicKey(java.security.PublicKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KeyPairGenerator(java.security.KeyPairGenerator)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
NAESession(com.ingrian.security.nae.NAESession)
Aggregations
IngrianProvider (com.ingrian.security.nae.IngrianProvider)45
NAESession (com.ingrian.security.nae.NAESession)27
NAEKey (com.ingrian.security.nae.NAEKey)25
KMIPSession (com.ingrian.security.nae.KMIPSession)19
NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)19
Provider (java.security.Provider)19
NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)17
NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)17
NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)17
KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)16
KeyGenerator (javax.crypto.KeyGenerator)11
Cipher (javax.crypto.Cipher)10
NAEException (com.ingrian.security.nae.NAEException)9
KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)8
NAESecretKey (com.ingrian.security.nae.NAESecretKey)8
SecretKey (javax.crypto.SecretKey)8
IvParameterSpec (javax.crypto.spec.IvParameterSpec)7
NAESecureRandom (com.ingrian.security.nae.NAESecureRandom)6
KeyPair (java.security.KeyPair)6
NAEPermission (com.ingrian.security.nae.NAEPermission)5
