use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPDatesAndStatesSample method main.
public static void main(String[] args) throws Exception {
String keyName = null;
int keyLength = 256;
if (args.length != 3) {
usage();
}
keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create KMIP Session - specify client X.509 certificate and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key custom attributes
NAEKey key = null;
deleteIfExists(keyName, session, key);
/* create a secret key using JCE key generator */
NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) null, session);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
SecretKey secretKey = kg.generateKey();
System.out.println("Created new key " + ((NAEKey) secretKey).getName());
/* cast to NAEKey and list the default attribute names */
Set<String> defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
key = ((NAEKey) secretKey);
KMIPAttributes getState = new KMIPAttributes();
getState.add(KMIPAttribute.State);
getState.add(KMIPAttribute.ActivationDate);
getState.add(KMIPAttribute.InitialDate);
getState.add(KMIPAttribute.DeactivationDate);
KMIPAttributes gotState = key.getKMIPAttributes(getState);
System.out.println("State = " + gotState.getState());
System.out.println("InitialDate = " + sdf.format(gotState.getDate(KMIPAttribute.InitialDate).getTime()));
System.out.println("ActivationDate = " + ((gotState.getDate(KMIPAttribute.ActivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
key = ((NAEKey) secretKey);
System.out.println("Activating:");
key.activate();
gotState = key.getKMIPAttributes(getState);
defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
System.out.println("State = " + gotState.getState());
System.out.println("ActivationDate = " + ((gotState.getDate(KMIPAttribute.ActivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
// now deactivate it
Calendar c = Calendar.getInstance();
c.setTimeInMillis((gotState.getDate(KMIPAttribute.ActivationDate)).getTime().getTime());
System.out.println("Deactivating as of " + sdf.format(c.getTime()));
KMIPAttributes modDates = new KMIPAttributes();
modDates.addDate(KMIPAttribute.DeactivationDate, c);
key.addKMIPAttributes(modDates);
;
defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
gotState = key.getKMIPAttributes(getState);
System.out.println("State = " + gotState.getState());
System.out.println("Dectivation Date = " + ((gotState.getDate(KMIPAttribute.DeactivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPGenKeys method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
int length = Integer.valueOf(args[3]);
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// create KMIP Session - specify client X.509 certificate and keystore password
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
KeyPair sunPair = null;
try {
// verify Key Manager supports key pair generation
if (!queryKeyGen(session)) {
System.err.println("Key Manager does not support key pair generation");
System.exit(0);
}
deleteIfNecessary(NAEKey.getPublicKey(args[2].trim() + Config.s_publicKeyGenSuffix, session));
deleteIfNecessary(NAEKey.getPrivateKey(args[2].trim() + Config.s_privateKeyGenSuffix, session));
RSAKeyPairGenerator keyGen = new RSAKeyPairGenerator();
NAEParameterSpec spec = new NAEParameterSpec(args[2].trim(), length, (KMIPAttributes) null, session);
keyGen.initialize(spec, null);
sunPair = keyGen.generateKeyPair();
PrivateKey priv = sunPair.getPrivate();
PublicKey pub = sunPair.getPublic();
NAEPrivateKey naePriv = (NAEPrivateKey) priv;
NAEPublicKey naePub = (NAEPublicKey) pub;
System.out.println("\n\n----------------------------\n");
System.out.println("Key length = " + length);
System.out.println("Private key name : " + naePriv.getName());
System.out.println("Private key format : " + naePriv.getFormat());
System.out.println("Private key algorithm : " + naePriv.getAlgorithm());
System.out.println("Private key encoded length : " + naePriv.getKeySize());
System.out.println("Public key name : " + naePub.getName());
System.out.println("Public key format : " + naePub.getFormat());
System.out.println("Public key algorithm : " + "" + naePub.getAlgorithm());
System.out.println("Public key encoded length : " + naePub.getKeySize());
/* ((NAEPrivateKey)priv).delete();
((NAEPublicKey)pub).delete();*/
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCreateSymmetricKeySample method main.
public static void main(String[] args) throws Exception {
String keyName = null;
int keyLength = 256;
if (args.length != 3) {
usage();
}
keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create KMIP Session - specify client X.509 certificate and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
NAEKey key;
try {
/* does the key exist? if so, delete it */
/* get..Key method is merely a placeholder for a managed object
* with that name. */
key = NAEKey.getSecretKey(keyName, session);
/* getUID() will throw an exception if the key does not exist */
if (key.getUID() != null) {
// exists if Unique Identifier is not null
System.out.println("Deleting key " + keyName + " with UID=" + key.getUID());
key.delete();
}
} catch (Exception notFound) {
}
/* create a secret key on the Key Manager using JCE key generator */
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) initialAttributes, session);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
SecretKey secretKey = kg.generateKey();
System.out.println("Created key " + ((NAEKey) secretKey).getName());
/* cast to NAEKey and list the default attribute names */
Set<String> defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class ECCKeySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.err.println("Usage: java ECCKeySample user password keyName groupName");
System.exit(-1);
}
String userName = args[0];
String password = args[1];
String keyName = args[2];
String groupName = args[3];
// KeyImportName must be unique each time importKey API is used.
String keyImportName = keyName + "_Import";
String algorithm = "EC";
// Add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// Get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
NAESession session = null;
try {
// Creates NAESession: pass in NAE user and password
session = NAESession.getSession(userName, password.toCharArray());
// Configure the key permissions to be granted to NAE group.
NAEPermission permission = new NAEPermission(groupName);
// Add permission to sign
permission.setSign(true);
// Add permission to verify signature
permission.setSignV(true);
NAEPermission[] permissions = { permission };
// Creates ECCParameterSpec to generate ECC key pair which is exportable, deletable, non-versioned and
// prime256v1 curve ID
// Permissions granted to sign and verify
ECCParameterSpec spec1 = new ECCParameterSpec(keyName, true, true, false, null, session, permissions, ECCParameterSpec.CurveId.prime256v1);
// Creates the ECC KeyPair generator object
KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", "IngrianProvider");
// Initializes KeyPair generator with ECCParameterSpec
generator.initialize(spec1);
// Creates the Key Pair for ECC key
KeyPair pair = generator.generateKeyPair();
System.out.println("Created ECC key: " + keyName);
// Exports public key data from Key Manager
NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
byte[] pubKeyData = pubKey.export();
System.out.println("Exported public key: " + pubKey.getName());
// Creates NAEPrivateKey object
NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
// Exports private key data in default format i.e. PEM-PKCS#1
byte[] privKeyData = privKey.export();
boolean exportAllVersion = false;
// Exports private key data in PEM-PKCS#8 format
// If exportAllVersion is set to true, the following export API will export all key versions
KeyExportData[] privKeyExport_PKCS8 = privKey.export(exportAllVersion, "PEM-PKCS#8");
for (KeyExportData keyExportDataPKCS8 : privKeyExport_PKCS8) {
System.out.println("Private Key exported in PKCS#8 format:\n " + keyExportDataPKCS8.getKeyData());
}
// Exports private key data in PEM-SEC1 format
// If exportAllVersion is set to true, the following export API will export all key versions
KeyExportData[] privKeyExport_SEC1 = privKey.export(exportAllVersion, "PEM-SEC1");
for (KeyExportData keyExportDataSEC1 : privKeyExport_SEC1) {
System.out.println("Private Key exported in PEM-SEC1 format:\n" + keyExportDataSEC1.getKeyData());
}
// Delete the key pair from Key Manager
pubKey.delete();
// Creates a ECCParameterSpec to import ECC key
// Keys are exportable, deletable and non-versioned
ECCParameterSpec importSpec = new ECCParameterSpec(keyImportName, true, true, false, null, session, null, null);
// Imports the key to the Key Manager
NAEKey.importKey(privKeyData, algorithm, importSpec);
System.out.println("Imported the key " + keyImportName + " on the Key Manager.");
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class WrapKeySample method main.
public static void main(String[] args) {
Security.addProvider(new IngrianProvider());
if (args.length != 5) {
System.err.println("Usage: java WrapKeySample user password keyToWrapName wrappingKeyName groupName");
System.exit(-1);
}
String userName = args[0];
String passWord = args[1];
String keyToWrapName = "WrapSamplePair" + args[2];
String wrappingKeyName = "WrapSampleKey" + args[3];
String groupName = args[4];
NAESession session = null;
try {
// Create an NAESession.
session = NAESession.getSession(userName, passWord.toCharArray());
NAEParameterSpec spec = new NAEParameterSpec(keyToWrapName, true, true, 256, session);
// Delete any existing keys from this sample.
NAEKey keyToDelete = NAEKey.getSecretKey(keyToWrapName, session);
deleteExistingKeys(wrappingKeyName, session, keyToDelete);
// Generate an AES key to be wrapped when exported.
KeyGenerator generator = KeyGenerator.getInstance("AES", "IngrianProvider");
// NAEEParameters to pass session
generator.init(spec);
NAEKey keyToBeWrapped = (NAEKey) generator.generateKey();
// Create a public/private RSA key pair to do the key wrapping.
// The AES key will be wrapped with the RSA Public Key, and
// later unwrapped using the RSA Private Key.
KeyPair pair = createKeyPair(session, groupName, wrappingKeyName);
NAEPublicKey publicKey = NAEKey.getPublicKey(wrappingKeyName, session);
NAEPrivateKey privateKey = NAEKey.getPrivateKey(wrappingKeyName, session);
// Init a JCE Cipher in WRAP_MODE to do the key wrapping.
Cipher cipher = Cipher.getInstance("RSA", "IngrianProvider");
cipher.init(Cipher.WRAP_MODE, publicKey, spec);
// Wrap and export the wrapped AES Key from the Key Manager
// using the cipher.wrap method.
// The key is wrapped with the Public key from the key pair
// on the Key Manager which was generated earlier.
byte[] wrappedKey = cipher.wrap(keyToBeWrapped);
System.out.println("wrapped : " + IngrianProvider.byteArray2Hex(wrappedKey));
System.out.println("Length : " + wrappedKey.length);
// Unwrap the AES key using the private key of the
// generated key pair using the SunJCE provider.
// Export the NAEPrivate key as a JCE PrivateKey.
PrivateKey prKey = privateKey.exportJCEKey();
// Initialize a Cipher based on the SunJCE provider.
// For IBM Java, change the provider from "SunJCE" to "IBMJCE"
// Note the use of PKCS1Padding.
Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding", "SunJCE");
cipher2.init(Cipher.UNWRAP_MODE, prKey);
// Unwrap the wrapped key from the bytes returned from the
// Key Manager.
Key unWrappedKey = cipher2.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY);
System.out.println("Unwrapped: " + IngrianProvider.byteArray2Hex(unWrappedKey.getEncoded()));
System.out.println("Original : " + IngrianProvider.byteArray2Hex(keyToBeWrapped.export()));
if (Arrays.equals(keyToBeWrapped.export(), unWrappedKey.getEncoded()))
System.out.println("Unwrapped key bytes equal original key bytes");
} catch (Exception e) {
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Aggregations