Example 26 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class ECCSignSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.err.println("Usage: java ECCSignSample user password keyname");
System.exit(-1);
}
String userName = args[0];
String password = args[1];
String keyName = args[2];
// Add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// Get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
// Data to sign
String dataForSignature = "testdata for ECC Sign Test";
String signAlgo = "SHA256withECDSA";
NAESession session = null;
try {
// Creates NAESession: pass in NAE user and password
session = NAESession.getSession(userName, password.toCharArray());
// Creates a signature object for sign operation
Signature sig = Signature.getInstance(signAlgo, "IngrianProvider");
// Sign data
// Creates NAEPrivateKey object
NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
// Initializes the signature object for signing
sig.initSign(privKey);
sig.update(dataForSignature.getBytes());
byte[] signature = sig.sign();
System.out.println("ECCKey Sign Operation: SUCCESS");
// Creates a signature object for signVerify operation
Signature sigVer = Signature.getInstance(signAlgo, "IngrianProvider");
// Verify signature
// Get NAEPublicKey
NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
// Initializes Signature object for signature verification
sigVer.initVerify(pubKey);
sigVer.update(dataForSignature.getBytes());
if (!sigVer.verify(signature)) {
System.out.println("Signature Verification: FAILED");
} else {
System.out.println("Signature Verification: SUCCESS");
}
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
Also used :
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
Signature(java.security.Signature)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
NAESession(com.ingrian.security.nae.NAESession)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
Example 27 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class FPEEncryptionDecryptionSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 6) {
System.err.println("Usage: java FPEEncryptionDecryptionSample user password keyname IV TweakAlgorithm(Optional) TweakData(Optional)");
System.err.println("Mention null for optional parameter if you don't want to pass it");
/*
* Usage: keyname Supports AES Non-versioned key
* Usage: IV Must be 56 bytes Hex format string for AES key. IV must be of cardinality-10 that means each two characters (byte) of HEX IV must be 00-09
* IV must be provided when length of the data exceeds 56 bytes. FPE algorithm breaks the long data into 56 s-integer blocks and
* uses block chaining algorithm very similar to CBC mode to encrypt and chain the long data.
* when length of the data does not exceed MAXb value, the IV must be absent.
* Usage: TweakAlgorithm(Optional) must be from SHA1, SHA256 or None
* Usage: TweakData(Optional) If, tweak data algorithm is 'None' or absent,
the value must be HEX encoded string representing 64 bit long. In case of valid tweak Algorithm,
the tweak data value can be any ASCII string (not necessarily HEX).
Tweak Data is first processed using Tweak Hash Algorithm and the result is truncated to 64 bits
for input to the FPE algorithm
*/
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
String _iv = args[3];
String tweakAlgo = null;
if (!args[4].contains("null")) {
tweakAlgo = args[4];
}
String tweakData = null;
if (!args[5].contains("null")) {
tweakData = args[5];
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
System.out.println(provider.getInfo());
}
String dataToEncrypt = "36253865463254715234987125394785127934571235487631254876512837451827635487123564875216384728347";
System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
NAESession session = null;
try {
// create NAE Session: pass in Key Manager user name and password
session = NAESession.getSession(username, password.toCharArray());
// Get SecretKey (just a handle to it, key data does not leave the Key Manager
NAEKey key = NAEKey.getSecretKey(keyName, session);
byte[] iv = null;
NAESecureRandom rng;
iv = IngrianProvider.hex2ByteArray(_iv);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
// Initializes IV and tweak parameters
NAEIvAndTweakDataParameter ivtweak = null;
ivtweak = new NAEIvAndTweakDataParameter(ivSpec, tweakData, tweakAlgo);
// get a cipher
Cipher encryptCipher = Cipher.getInstance("FPE/AES/CARD10", "IngrianProvider");
// initialize cipher to encrypt.
encryptCipher.init(Cipher.ENCRYPT_MODE, key, ivtweak);
// encrypt data
byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
System.out.println("encrypted data data \"" + new String(outbuf) + "\"");
Cipher decryptCipher = Cipher.getInstance("FPE/AES/CARD10", "IngrianProvider");
// to decrypt data, initialize cipher to decrypt
decryptCipher.init(Cipher.DECRYPT_MODE, key, ivtweak);
// decrypt data
byte[] newbuf = decryptCipher.doFinal(outbuf);
System.out.println("Decrypted data \"" + new String(newbuf) + "\"");
// close the session
session.closeSession();
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
throw e;
} finally {
if (session != null) {
session.closeSession();
}
}
}
Also used :
NAEKey(com.ingrian.security.nae.NAEKey)
NAESecureRandom(com.ingrian.security.nae.NAESecureRandom)
NAEIvAndTweakDataParameter(com.ingrian.security.nae.NAEIvAndTweakDataParameter)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
NAESession(com.ingrian.security.nae.NAESession)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
Example 28 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class CachingSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.err.println("Usage: java CachingSample user password keyname");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
CachingSample sample = new CachingSample();
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
System.out.println(provider.getInfo());
}
String dataToEncrypt = "1234567812345678";
System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
// create NAE Session: pass in Key Manager user name and password
MyNAEKeyCachePassphrase m = sample.new MyNAEKeyCachePassphrase();
NAESession session = null;
try {
session = NAESession.getSession(username, password.toCharArray(), m.getPassphrase(null));
// Get SecretKey (just a handle to it, key data does not leave the Key Manager
System.out.println("KEYNAME === " + keyName);
sample.oneShotEncrypt(session, keyName, "AES/CBC/NoPadding", dataToEncrypt, "1234567812345678");
sample.oneShotEncrypt(session, keyName, "AES/CBC/PKCS5Padding", dataToEncrypt, "1234567812345678");
sample.oneShotEncrypt(session, keyName, "AES/CBC/PKCS5Padding", dataToEncrypt, null);
sample.oneShotEncrypt(session, keyName, "AES/ECB/PKCS5Padding", dataToEncrypt, null);
sample.oneShotEncrypt(session, keyName, "AES/ECB/NoPadding", dataToEncrypt, null);
session.printCachingDetails();
Thread.sleep(1000);
System.out.println("Reading cache from disk to read");
PersistentCache p = new PersistentCache();
ConcurrentPersistantEncryptingHashMap map = p.readFromDisk(username, session.getPassphrase());
if (map != null) {
System.out.println("Size cache from disk is = " + map.size());
Set set = map.keySet();
Iterator<String> iter = set.iterator();
while (iter.hasNext()) {
String o = iter.next();
System.out.println("Key cache from disk = " + o);
NAECachedKey n = (NAECachedKey) map.get(o);
}
} else {
System.out.println("Map from disk is null");
}
} catch (Exception e) {
e.printStackTrace();
System.out.println("The Cause is " + e.getMessage() + ".");
throw e;
} finally {
if (session != null) {
session.closeSession();
}
}
}
Also used :
Set(java.util.Set)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
ConcurrentPersistantEncryptingHashMap(com.ingrian.internal.cache.ConcurrentPersistantEncryptingHashMap)
PersistentCache(com.ingrian.internal.cache.PersistentCache)
NAECachedKey(com.ingrian.internal.cache.NAECachedKey)
NAESession(com.ingrian.security.nae.NAESession)
Example 29 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPBatchSample method main.
public static void main(String[] args) throws Exception {
KMIPSession session = null;
int keyLength = 256;
if (args.length != 3) {
usage();
}
String keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
try {
// create KMIP Session - specify client X.509 certificate and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key custom attributes
session.startBatching();
System.out.println("Batching set to " + session.isBatching());
for (int i = 0; i < 10; i++) {
/* create a secret key using JCE key generator */
NAEParameterSpec spec = new NAEParameterSpec(keyName + "-" + i, keyLength, (KMIPAttributes) null, session);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
kg.generateKey();
}
KMIPBatchResults kbr = session.flushBatch();
for (KMIPBatchItemResult batchResult : kbr.values()) {
if (batchResult.getStatus() == Statuses.Success) {
System.out.println(batchResult.getOperation().getPrintName() + " : " + batchResult.getStatus().getPrintName());
System.out.println("UIDs affected: " + batchResult.getUIDs());
} else {
System.out.println(batchResult.getOperation().getPrintName() + " OPERATION FAILED: " + batchResult.getStatusMessage());
}
}
System.out.println("Batching set to " + session.isBatching());
// the KMIPsession is now not in batching mode. KMIP Operations will be sent
// to the server when the line of code is executed. Operations are shown
// which add, modify, or delete attributes in one request, with the KMIP CADP for JAVA
// session utilizing KMIP batching implicitly based on sets of UIDs
KMIPAttributes queryAttributes = new KMIPAttributes();
queryAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.aes);
queryAttributes.add(KMIPAttribute.CryptographicLength, 256);
// Have the session locate the keys matching the queryAttributes:
Set<String> managedObjectIdentifiers = session.locate(queryAttributes);
// loop through the UIDs of the matching managed objects
KMIPAttributes addAttrs = new KMIPAttributes();
addAttrs.add(KMIPAttribute.ContactInformation, 0, "Contact Information");
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
Object managedObject = session.getManagedObject(uid);
if (managedObject instanceof NAESecretKey) {
NAESecretKey nsk = (NAESecretKey) managedObject;
nsk.refreshKMIPInfo();
if (nsk.getName().startsWith("KMIPBatch")) {
System.out.println(((NAESecretKey) managedObject).getName());
}
nsk.addKMIPAttributes(addAttrs);
}
}
waitForInput();
KMIPAttributes modAttrs = new KMIPAttributes();
modAttrs.add(KMIPAttribute.ContactInformation, 0, "Modified Contact Information");
Set<String> modUIDs = session.modifyAllAttributes(managedObjectIdentifiers, modAttrs);
System.out.println("Modified " + modUIDs.size() + " attributes in a single request.");
waitForInput();
Set<String> delUIDs = session.deleteAll(new ArrayList<String>(managedObjectIdentifiers));
System.out.println("Deleted " + delUIDs.size() + " managed objects in a single request.");
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
KMIPBatchItemResult(com.ingrian.security.nae.KMIPBatchItemResult)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IOException(java.io.IOException)
KMIPSession(com.ingrian.security.nae.KMIPSession)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPBatchResults(com.ingrian.security.nae.KMIPBatchResults)
KeyGenerator(javax.crypto.KeyGenerator)
Example 30 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCertLocateSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// import the certificate
NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
byte[] c = Hex.decodeHex(certBytes.toCharArray());
NAECertificate.importCertificate(c, null, spec);
// This set holds the managed object unique identifiers (UIDs)
Set<String> managedObjectIdentifiers;
// Locate managed objects with ObjectType Certificate and crypto length = 2048
// and Issuer Distinguished Name = "CN=KMIP,OU=OASIS,O=TEST,C=US"
// by adding the KMIPAttribute name and the value to a KMIPAttributes
// object
KMIPAttributes queryAttributes = new KMIPAttributes();
queryAttributes.add(KMIPAttribute.CryptographicLength, 2048);
queryAttributes.add(KMIPAttribute.ObjectType, ObjectType.ObjectTypes.Certificate);
// Have the session locate the keys matching the queryAttributes:
managedObjectIdentifiers = session.locate(queryAttributes);
System.out.println("Managed objects with attributes rsa, 2048:");
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
Object managedObject = session.getManagedObject(uid);
if (managedObject instanceof KMIPTemplate)
break;
if (managedObject instanceof NAEPublicKey)
System.out.println(((NAEPublicKey) managedObject).getName());
else if (managedObject instanceof NAEPrivateKey)
System.out.println(((NAEPrivateKey) managedObject).getName());
else if (managedObject instanceof NAESecretKey)
System.out.println(((NAESecretKey) managedObject).getName());
else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
} else if (managedObject instanceof NAECertificate) {
System.out.println("Object is a certificate");
System.out.println(((NAECertificate) managedObject).getName());
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
NAECertificate(com.ingrian.security.nae.NAECertificate)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
KMIPTemplate(com.ingrian.security.nae.KMIPTemplate)
Aggregations
IngrianProvider (com.ingrian.security.nae.IngrianProvider)45
NAESession (com.ingrian.security.nae.NAESession)27
NAEKey (com.ingrian.security.nae.NAEKey)25
KMIPSession (com.ingrian.security.nae.KMIPSession)19
NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)19
Provider (java.security.Provider)19
NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)17
NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)17
NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)17
KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)16
KeyGenerator (javax.crypto.KeyGenerator)11
Cipher (javax.crypto.Cipher)10
NAEException (com.ingrian.security.nae.NAEException)9
KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)8
NAESecretKey (com.ingrian.security.nae.NAESecretKey)8
SecretKey (javax.crypto.SecretKey)8
IvParameterSpec (javax.crypto.spec.IvParameterSpec)7
NAESecureRandom (com.ingrian.security.nae.NAESecureRandom)6
KeyPair (java.security.KeyPair)6
NAEPermission (com.ingrian.security.nae.NAEPermission)5
