use of com.ingrian.security.nae.KMIPSession in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPEncryptAndDecrypt method main.
public static void main(String[] args) {
if (args.length < 6) {
checkUsage();
}
String certAlias = args[0];
String certPassword = args[1];
String keyName = args[2];
int tagLength = Integer.parseInt(args[3]);
/**
* Note: For AES-GCM algorithm, same combination of nonce (IV) and key must not be reused
* during encryption/decryption operations.
*/
String iv = args[4];
String data = args[5];
KMIPSession session = null;
try {
// opening a valid kmip session
session = KMIPSession.getSession(new NAEClientCertificate(certAlias, certPassword.toCharArray()));
// taking instance for GCM. Check KMIPCipher Javadoc for rest of algorithm
KMIPCipher cipher = KMIPCipher.getInstance("AES/GCM/NoPadding");
// creating a spec for GCM. Check KMIPGCMSpec Javadoc for valid values
KMIPGCMSpec spec = new KMIPGCMSpec(tagLength, iv.getBytes());
// initializing kmip cipher with the given key name, spec and session
// in encrypt mode. Can pass UID in place of keyname. Check other
// overloaded methods.
cipher.init(KMIPCipher.ENCRYPT_MODE, keyName, spec, session);
// Perform cipher operation and return the result in KMIPCryptoResult
// object. This object also consist of IV in case iv is not passed
// in other algos.
KMIPCryptoResult result = cipher.doFinal(data.getBytes());
// encrypted result in hex
System.out.println(IngrianProvider.byteArray2Hex(result.getData()));
// taking GCM cipher instance for decryption. Check KMIPCipher Javadoc
// for rest of algorithm
KMIPCipher deCipher = KMIPCipher.getInstance("AES/GCM/NoPadding");
// initializing kmip cipher with the given key name, spec and session
// in decrypt mode. Can pass UID in place of keyname in other
// overloaded methods.
deCipher.init(KMIPCipher.DECRYPT_MODE, keyName, spec, session);
// returns decrypted result
KMIPCryptoResult decResult = deCipher.doFinal(result.getData());
// printing decryption result.
System.out.println(new String(decResult.getData()));
} catch (Exception e) {
e.printStackTrace();
} finally {
session.closeSession();
}
}
use of com.ingrian.security.nae.KMIPSession in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPGetCustomAttribute method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// Create session to KMIP port based on authentication by an
// NAEClientCertificate
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// KMIPAttribute set to hold unique Key Manager identifiers for
// located keys
Set<String> managedObjectIdentifiers;
// This instance of KMIPAttributes will be used as the KMIP
// attributes and
// values to be searched for
KMIPAttributes locateAttributes = new KMIPAttributes();
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
// This instance of KMIPAttributes will specify the set of KMIP
// attributes
// to be returned from the Key Manager
// KMIPAttributes addAttributes = new KMIPAttributes();
// addAttributes.add("x-String", 1, "Hello");
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
// implied
getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
// null
// value
getAttributes.add(KMIPAttribute.CryptographicLength);
getAttributes.add(KMIPAttribute.ObjectType);
getAttributes.add(KMIPAttribute.ContactInformation);
getAttributes.add(KMIPAttribute.Digest);
getAttributes.add(KMIPAttribute.InitialDate);
getAttributes.add(KMIPAttribute.Link);
getAttributes.add(KMIPAttribute.ObjectGroup);
String custattrib = args[3];
if (custattrib.contains("#")) {
String[] attrs = custattrib.split("#");
for (String atr : attrs) {
getAttributes.add(atr);
}
} else {
getAttributes.add(custattrib);
}
// Locate the keys with matching attributes
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
// for each object found, query all the non-custom attributes
for (String uid : managedObjectIdentifiers) {
Object serverManagedObject = session.getManagedObject(uid);
if (serverManagedObject == null)
// not a key
continue;
if (isKey(serverManagedObject)) {
// NAEKey is the superclass of public/private and secret
// keys
NAEKey key;
if (serverManagedObject instanceof NAEPublicKey)
key = (NAEPublicKey) serverManagedObject;
else if (serverManagedObject instanceof NAEPrivateKey)
key = (NAEPrivateKey) serverManagedObject;
else
key = (NAESecretKey) serverManagedObject;
locateAttributes.getAttributes();
// retrieve and print the key's attributes
if (key.getName().equals(args[2])) {
// key.addKMIPAttributes(addAttributes);
System.out.println("\tName: \t" + key.getName());
KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
// printKeyInfo(returnedAttributes);
printCustomAttribute(returnedAttributes);
}
} else if (serverManagedObject instanceof KMIPSecretData) {
// KMIPSecretData managed objects do not inherit from
// NAEKey
// coerce to a KMIPSecretData and print the name of the
// object
System.out.println(((KMIPSecretData) serverManagedObject).getName());
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.KMIPSession in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPGetSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// Create session to KMIP port based on authentication by an NAEClientCertificate
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// KMIPAttribute set to hold unique Key Manager identifiers for located keys
Set<String> managedObjectIdentifiers;
// This instance of KMIPAttributes will be used as the KMIP attributes and
// values to be searched for
KMIPAttributes locateAttributes = new KMIPAttributes();
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
// This instance of KMIPAttributes will specify the set of KMIP attributes
// to be returned from the Key Manager
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
// implied null value
getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
getAttributes.add(KMIPAttribute.CryptographicLength);
getAttributes.add(KMIPAttribute.ObjectType);
getAttributes.add(KMIPAttribute.ContactInformation);
getAttributes.add(KMIPAttribute.Digest);
getAttributes.add(KMIPAttribute.InitialDate);
getAttributes.add(KMIPAttribute.Link);
getAttributes.add(KMIPAttribute.ObjectGroup);
// Locate the keys with matching attributes
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching key Locate criteria.");
System.out.println("\n\nKeys with attributes rsa, 2048 and their attibutes");
// for each object found, query all the non-custom attributes
for (String uid : managedObjectIdentifiers) {
System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
Object serverManagedObject = session.getManagedObject(uid);
// not a key
if (serverManagedObject == null)
continue;
if (isKey(serverManagedObject)) {
// NAEKey is the superclass of public/private and secret keys
NAEKey key;
if (serverManagedObject instanceof NAEPublicKey)
key = (NAEPublicKey) serverManagedObject;
else if (serverManagedObject instanceof NAEPrivateKey)
key = (NAEPrivateKey) serverManagedObject;
else
key = (NAESecretKey) serverManagedObject;
System.out.println("\tName: \t" + key.getName());
// retrieve and print the key's attributes
KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
printKeyInfo(returnedAttributes);
} else if (serverManagedObject instanceof KMIPSecretData) {
// KMIPSecretData managed objects do not inherit from NAEKey
// coerce to a KMIPSecretData and print the name of the object
System.out.println(((KMIPSecretData) serverManagedObject).getName());
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.KMIPSession in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPLocateSample method main.
public static void main(String[] args) throws Exception {
if (args.length < 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// This set holds the managed object unique identifiers (UIDs)
Set<String> managedObjectIdentifiers;
// Locate keys with crypto algorithm = aes and crypto length = 256
KMIPAttributes queryAttributes = new KMIPAttributes();
/*
* IMPORTANT-In case of locate by name it is compulsory to pass argument for keyName as below
* [-Name locateKeyName] where locateKeyName will be value of userInput.
* */
if (args.length > 3) {
if (args[2] != null && "-Name".equals(args[2])) {
queryAttributes.add(new Attribute(KMIPAttribute.Name, args[3]));
}
}
// Have the session locate the keys matching the queryAttributes:
managedObjectIdentifiers = session.locate(queryAttributes);
// loop through the UIDs of the matching managed objects
System.out.println("Total Keys: " + managedObjectIdentifiers.size());
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
byte[] keyMaterial = null;
Object managedObject = session.getManagedObject(uid);
// not a key
if (managedObject == null)
continue;
if (managedObject instanceof NAEPublicKey) {
System.out.println(((NAEPublicKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof NAEPrivateKey) {
System.out.println(((NAEPrivateKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof NAESecretKey) {
System.out.println(((NAESecretKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
keyMaterial = ((KMIPSecretData) managedObject).export();
} else if (managedObject instanceof NAECertificate) {
System.out.println(((NAECertificate) managedObject).getName());
keyMaterial = ((NAECertificate) managedObject).certificateExport();
}
System.out.println("Key Material = " + TTLVUtil.toHexString(keyMaterial));
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.KMIPSession in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPKeyPairSample method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String privateKeyName = args[2];
String publicKeyName = args[3];
KMIPSession session = null;
try {
// generate the public/private key pairs with client-side provider
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
System.out.println("Provider: " + keyGen.getProvider().getName());
keyGen.initialize(length);
KeyPair generatedKeyPair = keyGen.generateKeyPair();
// get the key material
PrivateKey priv = generatedKeyPair.getPrivate();
PublicKey pub = generatedKeyPair.getPublic();
byte[] privKeyMaterial = priv.getEncoded();
byte[] pubKeyMaterial = pub.getEncoded();
// Register keys on the Key Manager
// create NAE Session using a client certificate
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create a spec for the public key
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Verify.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(publicKeyName, length, (KMIPAttributes) initialAttributes, session);
// create a public key - note: names must match
NAEPublicKey naePub = NAEKey.getPublicKey(publicKeyName, session);
// register the key
String pubUID = naePub.registerKey(pubKeyMaterial, algorithm, keyFormat, spec);
// print the Key Manager unique identifier for the key
System.out.println("Created public key: " + pubUID);
// do the same for the private key
initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Sign.getValue()));
spec = new NAEParameterSpec(privateKeyName, length, (KMIPAttributes) initialAttributes, session);
NAEPrivateKey naePriv = NAEKey.getPrivateKey(privateKeyName, session);
// remove PKCS#8 header from the key material
byte[] truncatedKeyMaterial = new byte[privKeyMaterial.length - 26];
System.arraycopy(privKeyMaterial, 26, truncatedKeyMaterial, 0, privKeyMaterial.length - 26);
String privUID = naePriv.registerKey(truncatedKeyMaterial, algorithm, keyFormat, spec);
System.out.println("Created private key: " + privUID);
// Set the link attribute for the keys on the Key Manager
naePriv.link(naePub);
naePub.link(naePriv);
System.out.println("Linked keys");
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Aggregations