Search in sources :

Example 26 with IngrianProvider

use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.

the class ECCSignSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.err.println("Usage: java ECCSignSample user password keyname");
        System.exit(-1);
    }
    String userName = args[0];
    String password = args[1];
    String keyName = args[2];
    // Add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // Get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    // Data to sign
    String dataForSignature = "testdata for ECC Sign Test";
    String signAlgo = "SHA256withECDSA";
    NAESession session = null;
    try {
        // Creates NAESession: pass in NAE user and password
        session = NAESession.getSession(userName, password.toCharArray());
        // Creates a signature object for sign operation
        Signature sig = Signature.getInstance(signAlgo, "IngrianProvider");
        // Sign data
        // Creates NAEPrivateKey object
        NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
        // Initializes the signature object for signing
        sig.initSign(privKey);
        sig.update(dataForSignature.getBytes());
        byte[] signature = sig.sign();
        System.out.println("ECCKey Sign Operation: SUCCESS");
        // Creates a signature object for signVerify operation
        Signature sigVer = Signature.getInstance(signAlgo, "IngrianProvider");
        // Verify signature
        // Get NAEPublicKey
        NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
        // Initializes Signature object for signature verification
        sigVer.initVerify(pubKey);
        sigVer.update(dataForSignature.getBytes());
        if (!sigVer.verify(signature)) {
            System.out.println("Signature Verification: FAILED");
        } else {
            System.out.println("Signature Verification: SUCCESS");
        }
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    } finally {
        if (session != null)
            // Close NAESession
            session.closeSession();
    }
}
Also used : NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) Signature(java.security.Signature) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) NAESession(com.ingrian.security.nae.NAESession) IngrianProvider(com.ingrian.security.nae.IngrianProvider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider)

Example 27 with IngrianProvider

use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.

the class FPEEncryptionDecryptionSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 6) {
        System.err.println("Usage: java FPEEncryptionDecryptionSample user password keyname IV TweakAlgorithm(Optional) TweakData(Optional)");
        System.err.println("Mention null for optional parameter if you don't want to pass it");
        /*
             * Usage: keyname Supports AES Non-versioned key
             * Usage: IV Must be 56 bytes Hex format string for AES key. IV must be of cardinality-10 that means each two characters (byte) of HEX IV must be 00-09
             * 		  IV must be provided when length of the data exceeds 56 bytes. FPE algorithm breaks the long data into 56 s-integer blocks and 
             * 		  uses block chaining algorithm very similar to CBC mode to encrypt and chain the long data.
             * 		  when length of the data does not exceed MAXb value, the IV must be absent.
             * Usage: TweakAlgorithm(Optional) must be from SHA1, SHA256 or None
             * Usage: TweakData(Optional) If, tweak data algorithm is 'None' or absent, 
           	 	    the value must be HEX encoded string representing 64 bit long. In case of valid tweak Algorithm,
            		the tweak data value can be any ASCII string (not necessarily HEX). 
            		Tweak Data is first processed using Tweak Hash Algorithm and the result is truncated to 64 bits
            		for input to the FPE algorithm
            */
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    String _iv = args[3];
    String tweakAlgo = null;
    if (!args[4].contains("null")) {
        tweakAlgo = args[4];
    }
    String tweakData = null;
    if (!args[5].contains("null")) {
        tweakData = args[5];
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (Provider provider : providers) {
        System.out.println(provider.getInfo());
    }
    String dataToEncrypt = "36253865463254715234987125394785127934571235487631254876512837451827635487123564875216384728347";
    System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
    NAESession session = null;
    try {
        // create NAE Session: pass in Key Manager user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // Get SecretKey (just a handle to it, key data does not leave the Key Manager
        NAEKey key = NAEKey.getSecretKey(keyName, session);
        byte[] iv = null;
        NAESecureRandom rng;
        iv = IngrianProvider.hex2ByteArray(_iv);
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
        // Initializes IV and tweak parameters
        NAEIvAndTweakDataParameter ivtweak = null;
        ivtweak = new NAEIvAndTweakDataParameter(ivSpec, tweakData, tweakAlgo);
        // get a cipher
        Cipher encryptCipher = Cipher.getInstance("FPE/AES/CARD10", "IngrianProvider");
        // initialize cipher to encrypt.
        encryptCipher.init(Cipher.ENCRYPT_MODE, key, ivtweak);
        // encrypt data
        byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
        System.out.println("encrypted data data  \"" + new String(outbuf) + "\"");
        Cipher decryptCipher = Cipher.getInstance("FPE/AES/CARD10", "IngrianProvider");
        // to decrypt data, initialize cipher to decrypt
        decryptCipher.init(Cipher.DECRYPT_MODE, key, ivtweak);
        // decrypt data
        byte[] newbuf = decryptCipher.doFinal(outbuf);
        System.out.println("Decrypted data  \"" + new String(newbuf) + "\"");
        // close the session
        session.closeSession();
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        throw e;
    } finally {
        if (session != null) {
            session.closeSession();
        }
    }
}
Also used : NAEKey(com.ingrian.security.nae.NAEKey) NAESecureRandom(com.ingrian.security.nae.NAESecureRandom) NAEIvAndTweakDataParameter(com.ingrian.security.nae.NAEIvAndTweakDataParameter) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) NAESession(com.ingrian.security.nae.NAESession) IngrianProvider(com.ingrian.security.nae.IngrianProvider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider)

Example 28 with IngrianProvider

use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.

the class CachingSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.err.println("Usage: java CachingSample user password keyname");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    CachingSample sample = new CachingSample();
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (Provider provider : providers) {
        System.out.println(provider.getInfo());
    }
    String dataToEncrypt = "1234567812345678";
    System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
    // create NAE Session: pass in Key Manager user name and password
    MyNAEKeyCachePassphrase m = sample.new MyNAEKeyCachePassphrase();
    NAESession session = null;
    try {
        session = NAESession.getSession(username, password.toCharArray(), m.getPassphrase(null));
        // Get SecretKey (just a handle to it, key data does not leave the Key Manager
        System.out.println("KEYNAME === " + keyName);
        sample.oneShotEncrypt(session, keyName, "AES/CBC/NoPadding", dataToEncrypt, "1234567812345678");
        sample.oneShotEncrypt(session, keyName, "AES/CBC/PKCS5Padding", dataToEncrypt, "1234567812345678");
        sample.oneShotEncrypt(session, keyName, "AES/CBC/PKCS5Padding", dataToEncrypt, null);
        sample.oneShotEncrypt(session, keyName, "AES/ECB/PKCS5Padding", dataToEncrypt, null);
        sample.oneShotEncrypt(session, keyName, "AES/ECB/NoPadding", dataToEncrypt, null);
        session.printCachingDetails();
        Thread.sleep(1000);
        System.out.println("Reading cache from disk to read");
        PersistentCache p = new PersistentCache();
        ConcurrentPersistantEncryptingHashMap map = p.readFromDisk(username, session.getPassphrase());
        if (map != null) {
            System.out.println("Size cache from disk is = " + map.size());
            Set set = map.keySet();
            Iterator<String> iter = set.iterator();
            while (iter.hasNext()) {
                String o = iter.next();
                System.out.println("Key cache from disk = " + o);
                NAECachedKey n = (NAECachedKey) map.get(o);
            }
        } else {
            System.out.println("Map from disk is null");
        }
    } catch (Exception e) {
        e.printStackTrace();
        System.out.println("The Cause is " + e.getMessage() + ".");
        throw e;
    } finally {
        if (session != null) {
            session.closeSession();
        }
    }
}
Also used : Set(java.util.Set) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) ConcurrentPersistantEncryptingHashMap(com.ingrian.internal.cache.ConcurrentPersistantEncryptingHashMap) PersistentCache(com.ingrian.internal.cache.PersistentCache) NAECachedKey(com.ingrian.internal.cache.NAECachedKey) NAESession(com.ingrian.security.nae.NAESession)

Example 29 with IngrianProvider

use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPBatchSample method main.

public static void main(String[] args) throws Exception {
    KMIPSession session = null;
    int keyLength = 256;
    if (args.length != 3) {
        usage();
    }
    String keyName = args[2];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    try {
        // create KMIP Session - specify client X.509 certificate and keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create key custom attributes
        session.startBatching();
        System.out.println("Batching set to " + session.isBatching());
        for (int i = 0; i < 10; i++) {
            /* create a secret key using JCE key generator */
            NAEParameterSpec spec = new NAEParameterSpec(keyName + "-" + i, keyLength, (KMIPAttributes) null, session);
            KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
            kg.init(spec);
            kg.generateKey();
        }
        KMIPBatchResults kbr = session.flushBatch();
        for (KMIPBatchItemResult batchResult : kbr.values()) {
            if (batchResult.getStatus() == Statuses.Success) {
                System.out.println(batchResult.getOperation().getPrintName() + " : " + batchResult.getStatus().getPrintName());
                System.out.println("UIDs affected: " + batchResult.getUIDs());
            } else {
                System.out.println(batchResult.getOperation().getPrintName() + " OPERATION FAILED: " + batchResult.getStatusMessage());
            }
        }
        System.out.println("Batching set to " + session.isBatching());
        // the KMIPsession is now not in batching mode. KMIP Operations will be sent
        // to the server when the line of code is executed. Operations are shown
        // which add, modify, or delete attributes in one request, with the KMIP CADP for JAVA
        // session utilizing KMIP batching implicitly based on sets of UIDs
        KMIPAttributes queryAttributes = new KMIPAttributes();
        queryAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.aes);
        queryAttributes.add(KMIPAttribute.CryptographicLength, 256);
        // Have the session locate the keys matching the queryAttributes:
        Set<String> managedObjectIdentifiers = session.locate(queryAttributes);
        // loop through the UIDs of the matching managed objects
        KMIPAttributes addAttrs = new KMIPAttributes();
        addAttrs.add(KMIPAttribute.ContactInformation, 0, "Contact Information");
        for (String uid : managedObjectIdentifiers) {
            System.out.println("Managed object Unique Identifier: " + uid);
            // get the objects as Java client NAEKeys or KMIPSecretData objects
            // (Note: Secret Data doesn't have KMIP attributes of
            // algorithm or length, and will not be found by this query,
            // but is included here for completeness.
            Object managedObject = session.getManagedObject(uid);
            if (managedObject instanceof NAESecretKey) {
                NAESecretKey nsk = (NAESecretKey) managedObject;
                nsk.refreshKMIPInfo();
                if (nsk.getName().startsWith("KMIPBatch")) {
                    System.out.println(((NAESecretKey) managedObject).getName());
                }
                nsk.addKMIPAttributes(addAttrs);
            }
        }
        waitForInput();
        KMIPAttributes modAttrs = new KMIPAttributes();
        modAttrs.add(KMIPAttribute.ContactInformation, 0, "Modified Contact Information");
        Set<String> modUIDs = session.modifyAllAttributes(managedObjectIdentifiers, modAttrs);
        System.out.println("Modified " + modUIDs.size() + " attributes in a single request.");
        waitForInput();
        Set<String> delUIDs = session.deleteAll(new ArrayList<String>(managedObjectIdentifiers));
        System.out.println("Deleted " + delUIDs.size() + " managed objects in a single request.");
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAESecretKey(com.ingrian.security.nae.NAESecretKey) KMIPBatchItemResult(com.ingrian.security.nae.KMIPBatchItemResult) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IOException(java.io.IOException) KMIPSession(com.ingrian.security.nae.KMIPSession) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPBatchResults(com.ingrian.security.nae.KMIPBatchResults) KeyGenerator(javax.crypto.KeyGenerator)

Example 30 with IngrianProvider

use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPCertLocateSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // import the certificate
        NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
        byte[] c = Hex.decodeHex(certBytes.toCharArray());
        NAECertificate.importCertificate(c, null, spec);
        // This set holds the managed object unique identifiers (UIDs)
        Set<String> managedObjectIdentifiers;
        // Locate managed objects with ObjectType Certificate and crypto length = 2048
        // and Issuer Distinguished Name = "CN=KMIP,OU=OASIS,O=TEST,C=US"
        // by adding the KMIPAttribute name and the value to a KMIPAttributes
        // object
        KMIPAttributes queryAttributes = new KMIPAttributes();
        queryAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        queryAttributes.add(KMIPAttribute.ObjectType, ObjectType.ObjectTypes.Certificate);
        // Have the session locate the keys matching the queryAttributes:
        managedObjectIdentifiers = session.locate(queryAttributes);
        System.out.println("Managed objects with attributes rsa, 2048:");
        for (String uid : managedObjectIdentifiers) {
            System.out.println("Managed object Unique Identifier: " + uid);
            // get the objects as Java client NAEKeys or KMIPSecretData objects
            // (Note: Secret Data doesn't have KMIP attributes of
            // algorithm or length, and will not be found by this query,
            // but is included here for completeness.
            Object managedObject = session.getManagedObject(uid);
            if (managedObject instanceof KMIPTemplate)
                break;
            if (managedObject instanceof NAEPublicKey)
                System.out.println(((NAEPublicKey) managedObject).getName());
            else if (managedObject instanceof NAEPrivateKey)
                System.out.println(((NAEPrivateKey) managedObject).getName());
            else if (managedObject instanceof NAESecretKey)
                System.out.println(((NAESecretKey) managedObject).getName());
            else if (managedObject instanceof KMIPSecretData) {
                System.out.println(((KMIPSecretData) managedObject).getName());
            } else if (managedObject instanceof NAECertificate) {
                System.out.println("Object is a certificate");
                System.out.println(((NAECertificate) managedObject).getName());
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAECertificate(com.ingrian.security.nae.NAECertificate) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) KMIPTemplate(com.ingrian.security.nae.KMIPTemplate)

Aggregations

IngrianProvider (com.ingrian.security.nae.IngrianProvider)45 NAESession (com.ingrian.security.nae.NAESession)27 NAEKey (com.ingrian.security.nae.NAEKey)25 KMIPSession (com.ingrian.security.nae.KMIPSession)19 NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)19 Provider (java.security.Provider)19 NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)17 NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)17 NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)17 KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)16 KeyGenerator (javax.crypto.KeyGenerator)11 Cipher (javax.crypto.Cipher)10 NAEException (com.ingrian.security.nae.NAEException)9 KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)8 NAESecretKey (com.ingrian.security.nae.NAESecretKey)8 SecretKey (javax.crypto.SecretKey)8 IvParameterSpec (javax.crypto.spec.IvParameterSpec)7 NAESecureRandom (com.ingrian.security.nae.NAESecureRandom)6 KeyPair (java.security.KeyPair)6 NAEPermission (com.ingrian.security.nae.NAEPermission)5