Example 1 with MACValue
use of com.ingrian.security.nae.MACValue in project CipherTrust_Application_Protection by thalescpl-io.
the class MultiThreadMacSample method run.
public void run() {
try {
System.out.println("[" + Thread.currentThread().getName() + "] starting sample.");
// create and initialize mac object
NAEMac mac = NAEMac.getNAEMacInstance("HmacSHA512", "IngrianProvider");
mac.init(_key);
// Generate random data to mac
SecureRandom rng = SecureRandom.getInstance("IngrianRNG", "IngrianProvider");
byte[] randomBytes = new byte[16];
rng.nextBytes(randomBytes);
String dataToMac = new String(randomBytes);
// perform the mac operation and send message string to Key Manager
mac.setMessage("client is creating mac: " + Thread.currentThread().getName());
byte[] macValue = mac.doFinal(dataToMac.getBytes());
// create and initialize mac object for verification
NAEMac macV = NAEMac.getNAEMacInstance("HmacSHA512Verify", "IngrianProvider");
macV.init(_key, new MACValue(macValue));
// perform the macV operation and send message string to Key Manager
macV.setMessage("client is verifying the mac: " + Thread.currentThread().getName());
byte[] result = macV.doFinal(dataToMac.getBytes());
// check verification result
if (result.length != 1 || result[0] != 1) {
System.out.println(Thread.currentThread().getName() + " Invalid MAC.");
} else {
System.out.println(Thread.currentThread().getName() + " MAC Verified OK.");
}
} catch (Exception e) {
System.out.println("Got exception: " + e);
e.printStackTrace();
}
}
Also used :
NAEMac(com.ingrian.security.nae.NAEMac)
SecureRandom(java.security.SecureRandom)
MACValue(com.ingrian.security.nae.MACValue)
Example 2 with MACValue
use of com.ingrian.security.nae.MACValue in project CipherTrust_Application_Protection by thalescpl-io.
the class CustomLoggerSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.err.println("Usage: java CustomLoggerSample user password keyname");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider(new JavaUtilLogger()));
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
System.out.println("Data to mac \"" + dataToMac + "\"");
NAESession session = null;
try {
// create HMAC key on the Key Manager
// create NAE Session: pass in Key Manager user name and password
session = NAESession.getSession(username, password.toCharArray());
// create key which is exportable and deletable,
// key owner is passed in Key Manager user.
// For HmacSHA1 key length 160 bits
// For HmacSHA256 key length is 256 bits
// For HmacSHA384 key length is 384 bits
// For HmacSHA512 key length is 512 bits
NAEParameterSpec spec = new NAEParameterSpec(keyName, true, true, 160, session);
KeyGenerator kg = KeyGenerator.getInstance("HmacSHA1", "IngrianProvider");
kg.init(spec);
SecretKey secret_key = kg.generateKey();
// get the handle to created key
NAEKey key = NAEKey.getSecretKey(keyName, session);
// create MAC instance to get the message authentication code
Mac mac = Mac.getInstance("HmacSHA1", "IngrianProvider");
mac.init(key);
byte[] macValue = mac.doFinal(dataToMac.getBytes());
// create MAC instance to verify the message authentication code
Mac macV = Mac.getInstance("HmacSHA1Verify", "IngrianProvider");
macV.init(key, new MACValue(macValue));
byte[] result = macV.doFinal(dataToMac.getBytes());
// check verification result
if (result.length != 1 || result[0] != 1) {
System.out.println("Invalid MAC.");
} else {
System.out.println("MAC Verified OK.");
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
throw e;
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
NAEKey(com.ingrian.security.nae.NAEKey)
Mac(javax.crypto.Mac)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
MACValue(com.ingrian.security.nae.MACValue)
SecretKey(javax.crypto.SecretKey)
KeyGenerator(javax.crypto.KeyGenerator)
NAESession(com.ingrian.security.nae.NAESession)
Example 3 with MACValue
use of com.ingrian.security.nae.MACValue in project CipherTrust_Application_Protection by thalescpl-io.
the class HKDFSecretKeySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 7) {
System.err.println("Usage: java HKDFSecretKeySample user password masterKeyName aesKeyName_1 aesKeyName_2 hmacKeyName_1 hmacKeyName_2 ");
System.exit(-1);
/*
* Usage description:
* masterKeyName: Master key to create the AES and Hmac keys.
* aesKeyName_1 and aesKeyName_2: AES key names to be created. These are used to determine that their key data is same
* using Encryption/Decryption operation.
* hmacKeyName_1 and hmacKeyName_2: Hmac key names to be created. These are used to determine that their key data is same
* using MAC/MACVerify operation.
*
*/
}
String username = args[0];
String password = args[1];
String masterKeyName = args[2];
String aesKeyName_1 = args[3];
String aesKeyName_2 = args[4];
String hmacKeyName_1 = args[5];
String hmacKeyName_2 = args[6];
// Add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
NAESession session = null;
try {
// Creates NAE Session: pass in NAE user name and password
session = NAESession.getSession(username, password.toCharArray());
byte[] salt = "010203".getBytes();
byte[] info = "010203".getBytes();
int size = 256;
// Creates HKDFParameterSpec for AES key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec aesSpec = new HKDFParameterSpec(aesKeyName_1, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
// Initializes key generator with parameter spec to generate the AES key
kg.init(aesSpec);
// Creates AES Key on Key Manager
NAEKey nae_key_aes_1 = (NAEKey) kg.generateKey();
System.out.println("AES Key: " + aesKeyName_1 + " generated Successfully");
// Creates HKDFParameterSpec for AES key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec aesSpec_2 = new HKDFParameterSpec(aesKeyName_2, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
// Initializes key generator with parameter spec to generate the AES key
kg.init(aesSpec_2);
// Creates AES Key on Key Manager
NAEKey nae_key_aes_2 = (NAEKey) kg.generateKey();
System.out.println("AES Key: " + aesKeyName_2 + " generated Successfully");
// Below code illustrates that two keys created using HKDF have same key data using Encryption/Decryption operation
String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
// Note: HKDF generates same key data on Key Manager but they have different default IV
// That is why we are passing the external iv when using AES in CBC mode
byte[] iv = "1234567812345678".getBytes();
IvParameterSpec ivSpec = new IvParameterSpec(iv);
// Get a cipher
Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// Initialize cipher to encrypt
encryptCipher.init(Cipher.ENCRYPT_MODE, nae_key_aes_1, ivSpec);
// Encrypt data
byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
// Get a cipher for decryption
Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// To decrypt data, initialize cipher to decrypt
decryptCipher.init(Cipher.DECRYPT_MODE, nae_key_aes_2, ivSpec);
// Decrypt data
byte[] newbuf = decryptCipher.doFinal(outbuf);
if (dataToEncrypt.equals(new String(newbuf))) {
System.out.println("AES keys generated have same key data.");
} else {
System.out.println("AES keys generated doesn't have same key data, Hence deleting both keys from Key Manager.");
nae_key_aes_1.delete();
nae_key_aes_2.delete();
}
// Below code illustrates that two keys created using HKDF have same key data using MAC/MACVerify operation
// Creates HKDFParameterSpec for HmacSHA256 key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec hamcSpec_1 = new HKDFParameterSpec(hmacKeyName_1, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
KeyGenerator kg1 = KeyGenerator.getInstance("HmacSHA256", "IngrianProvider");
// Initializes key generator with parameter spec to generate the HmacSHA256 key
kg1.init(hamcSpec_1);
// Creates HmacSHA256 key on Key Manager
NAEKey nae_key_hmac_1 = (NAEKey) kg1.generateKey();
System.out.println("Hmac Key: " + hmacKeyName_1 + " generated Successfully");
// Creates HKDFParameterSpec for HmacSHA256 key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec hamcSpec_2 = new HKDFParameterSpec(hmacKeyName_2, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
// Initializes key generator with parameter spec to generate the HmacSHA256 key
kg1.init(hamcSpec_2);
// To illustrate two key bytes generated by HKDF are same
// Creates HmacSHA256 key on Key Manager
NAEKey nae_key_hmac_2 = (NAEKey) kg1.generateKey();
System.out.println("Hmac Key: " + hmacKeyName_2 + " generated Successfully");
// Creates MAC instance to get the message authentication code using first key
Mac mac = Mac.getInstance("HmacSHA256", "IngrianProvider");
mac.init(nae_key_hmac_1);
byte[] macValue = mac.doFinal(dataToMac.getBytes());
// Creates MAC instance to verify the message authentication code using second key
Mac macV = Mac.getInstance("HmacSHA256Verify", "IngrianProvider");
macV.init(nae_key_hmac_2, new MACValue(macValue));
byte[] result = macV.doFinal(dataToMac.getBytes());
// Check verification result
if (result.length != 1 || result[0] != 1) {
System.out.println("HMAC256 keys generated doesn't have same key data, Hence deleting both keys from Key Manager.");
nae_key_hmac_1.delete();
nae_key_hmac_2.delete();
} else {
System.out.println("HMAC256 Keys generated have same key data.");
}
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
Also used :
NAEKey(com.ingrian.security.nae.NAEKey)
HKDFParameterSpec(com.ingrian.security.nae.HKDFParameterSpec)
Mac(javax.crypto.Mac)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
MACValue(com.ingrian.security.nae.MACValue)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
KeyGenerator(javax.crypto.KeyGenerator)
NAESession(com.ingrian.security.nae.NAESession)
Example 4 with MACValue
use of com.ingrian.security.nae.MACValue in project CipherTrust_Application_Protection by thalescpl-io.
the class CryptoTool method doMACV.
/**
* Verifies a MAC value based on the input parameters. If verified,
* it prints "MAC Verified OK" to the output stream.
* @param keyName Key name to use
* @param algName Algorithm name to use
* @param macValue MAC value to use
* @param session NAESession
* @throws Exception
* @return Returns whether the operation was successful
*/
private static boolean doMACV(String keyName, String algName, byte[] macValue, NAESession session) throws Exception {
// error checking
if (keyName == null) {
System.err.println("Missing key name");
return false;
}
if (algName == null) {
System.err.println("Missing algorithm name");
return false;
}
if (macValue == null && !algName.equals("IngrianHMac")) {
System.err.println("Missing mac value to verify");
return false;
}
// retrieve secret key
SecretKey key = NAEKey.getSecretKey(keyName, session);
byte[] buffer = new byte[BUFFER_LEN];
int readBytes;
// create MAC instance
Mac mac = Mac.getInstance(algName + "Verify", "IngrianProvider");
mac.init(key, new MACValue(macValue));
// use the MAC instance to verify the input stream
while ((readBytes = is.read(buffer)) >= 0) {
mac.update(buffer, 0, readBytes);
}
byte[] result = mac.doFinal();
// to output stream
if (result.length != 1 || result[0] != 1) {
os.write("Invalid MAC\n".getBytes());
} else {
os.write("MAC Verified OK\n".getBytes());
}
return true;
}Example 5 with MACValue
use of com.ingrian.security.nae.MACValue in project CipherTrust_Application_Protection by thalescpl-io.
the class HMACSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.err.println("Usage: java HMACSample user password hmacKeyName");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
System.out.println("Data to mac \"" + dataToMac + "\"");
NAESession session = null;
try {
// create HMAC key on the server
// create NAE Session: pass in Key Manager user name and password
session = NAESession.getSession(username, password.toCharArray());
// create key which is exportable and deletable,
// key owner is passed in Key Manager user.
// For HmacSHA1 key length 160 bits
// For HmacSHA256 key length is 256 bits
// For HmacSHA384 key length is 384 bits
// For HmacSHA512 key length is 512 bits
NAEParameterSpec spec = new NAEParameterSpec(keyName, true, true, 160, session);
KeyGenerator kg = KeyGenerator.getInstance("HmacSHA1", "IngrianProvider");
kg.init(spec);
SecretKey secret_key = kg.generateKey();
// get the handle to created key
NAEKey key = NAEKey.getSecretKey(keyName, session);
// create MAC instance to get the message authentication code
Mac mac = Mac.getInstance("HmacSHA1", "IngrianProvider");
mac.init(key);
byte[] macValue = mac.doFinal(dataToMac.getBytes());
// create MAC instance to verify the message authentication code
Mac macV = Mac.getInstance("HmacSHA1Verify", "IngrianProvider");
macV.init(key, new MACValue(macValue));
byte[] result = macV.doFinal(dataToMac.getBytes());
// check verification result
if (result.length != 1 || result[0] != 1) {
System.out.println("Invalid MAC.");
} else {
System.out.println("MAC Verified OK.");
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
throw e;
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
NAEKey(com.ingrian.security.nae.NAEKey)
Mac(javax.crypto.Mac)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
MACValue(com.ingrian.security.nae.MACValue)
SecretKey(javax.crypto.SecretKey)
KeyGenerator(javax.crypto.KeyGenerator)
NAESession(com.ingrian.security.nae.NAESession)
Aggregations
MACValue (com.ingrian.security.nae.MACValue)5
Mac (javax.crypto.Mac)4
IngrianProvider (com.ingrian.security.nae.IngrianProvider)3
NAEKey (com.ingrian.security.nae.NAEKey)3
NAESession (com.ingrian.security.nae.NAESession)3
KeyGenerator (javax.crypto.KeyGenerator)3
SecretKey (javax.crypto.SecretKey)3
NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)2
Provider (java.security.Provider)2
HKDFParameterSpec (com.ingrian.security.nae.HKDFParameterSpec)1
NAEMac (com.ingrian.security.nae.NAEMac)1
SecureRandom (java.security.SecureRandom)1
Cipher (javax.crypto.Cipher)1
IvParameterSpec (javax.crypto.spec.IvParameterSpec)1
