Example 16 with NAEKey
use of com.ingrian.security.nae.NAEKey in project CipherTrust_Application_Protection by thalescpl-io.
the class HKDFSecretKeySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 7) {
System.err.println("Usage: java HKDFSecretKeySample user password masterKeyName aesKeyName_1 aesKeyName_2 hmacKeyName_1 hmacKeyName_2 ");
System.exit(-1);
/*
* Usage description:
* masterKeyName: Master key to create the AES and Hmac keys.
* aesKeyName_1 and aesKeyName_2: AES key names to be created. These are used to determine that their key data is same
* using Encryption/Decryption operation.
* hmacKeyName_1 and hmacKeyName_2: Hmac key names to be created. These are used to determine that their key data is same
* using MAC/MACVerify operation.
*
*/
}
String username = args[0];
String password = args[1];
String masterKeyName = args[2];
String aesKeyName_1 = args[3];
String aesKeyName_2 = args[4];
String hmacKeyName_1 = args[5];
String hmacKeyName_2 = args[6];
// Add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
NAESession session = null;
try {
// Creates NAE Session: pass in NAE user name and password
session = NAESession.getSession(username, password.toCharArray());
byte[] salt = "010203".getBytes();
byte[] info = "010203".getBytes();
int size = 256;
// Creates HKDFParameterSpec for AES key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec aesSpec = new HKDFParameterSpec(aesKeyName_1, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
// Initializes key generator with parameter spec to generate the AES key
kg.init(aesSpec);
// Creates AES Key on Key Manager
NAEKey nae_key_aes_1 = (NAEKey) kg.generateKey();
System.out.println("AES Key: " + aesKeyName_1 + " generated Successfully");
// Creates HKDFParameterSpec for AES key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec aesSpec_2 = new HKDFParameterSpec(aesKeyName_2, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
// Initializes key generator with parameter spec to generate the AES key
kg.init(aesSpec_2);
// Creates AES Key on Key Manager
NAEKey nae_key_aes_2 = (NAEKey) kg.generateKey();
System.out.println("AES Key: " + aesKeyName_2 + " generated Successfully");
// Below code illustrates that two keys created using HKDF have same key data using Encryption/Decryption operation
String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
// Note: HKDF generates same key data on Key Manager but they have different default IV
// That is why we are passing the external iv when using AES in CBC mode
byte[] iv = "1234567812345678".getBytes();
IvParameterSpec ivSpec = new IvParameterSpec(iv);
// Get a cipher
Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// Initialize cipher to encrypt
encryptCipher.init(Cipher.ENCRYPT_MODE, nae_key_aes_1, ivSpec);
// Encrypt data
byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
// Get a cipher for decryption
Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// To decrypt data, initialize cipher to decrypt
decryptCipher.init(Cipher.DECRYPT_MODE, nae_key_aes_2, ivSpec);
// Decrypt data
byte[] newbuf = decryptCipher.doFinal(outbuf);
if (dataToEncrypt.equals(new String(newbuf))) {
System.out.println("AES keys generated have same key data.");
} else {
System.out.println("AES keys generated doesn't have same key data, Hence deleting both keys from Key Manager.");
nae_key_aes_1.delete();
nae_key_aes_2.delete();
}
// Below code illustrates that two keys created using HKDF have same key data using MAC/MACVerify operation
// Creates HKDFParameterSpec for HmacSHA256 key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec hamcSpec_1 = new HKDFParameterSpec(hmacKeyName_1, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
KeyGenerator kg1 = KeyGenerator.getInstance("HmacSHA256", "IngrianProvider");
// Initializes key generator with parameter spec to generate the HmacSHA256 key
kg1.init(hamcSpec_1);
// Creates HmacSHA256 key on Key Manager
NAEKey nae_key_hmac_1 = (NAEKey) kg1.generateKey();
System.out.println("Hmac Key: " + hmacKeyName_1 + " generated Successfully");
// Creates HKDFParameterSpec for HmacSHA256 key which is deletable and exportable using a master key that is available on Key Manager
HKDFParameterSpec hamcSpec_2 = new HKDFParameterSpec(hmacKeyName_2, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
// Initializes key generator with parameter spec to generate the HmacSHA256 key
kg1.init(hamcSpec_2);
// To illustrate two key bytes generated by HKDF are same
// Creates HmacSHA256 key on Key Manager
NAEKey nae_key_hmac_2 = (NAEKey) kg1.generateKey();
System.out.println("Hmac Key: " + hmacKeyName_2 + " generated Successfully");
// Creates MAC instance to get the message authentication code using first key
Mac mac = Mac.getInstance("HmacSHA256", "IngrianProvider");
mac.init(nae_key_hmac_1);
byte[] macValue = mac.doFinal(dataToMac.getBytes());
// Creates MAC instance to verify the message authentication code using second key
Mac macV = Mac.getInstance("HmacSHA256Verify", "IngrianProvider");
macV.init(nae_key_hmac_2, new MACValue(macValue));
byte[] result = macV.doFinal(dataToMac.getBytes());
// Check verification result
if (result.length != 1 || result[0] != 1) {
System.out.println("HMAC256 keys generated doesn't have same key data, Hence deleting both keys from Key Manager.");
nae_key_hmac_1.delete();
nae_key_hmac_2.delete();
} else {
System.out.println("HMAC256 Keys generated have same key data.");
}
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
Also used :
NAEKey(com.ingrian.security.nae.NAEKey)
HKDFParameterSpec(com.ingrian.security.nae.HKDFParameterSpec)
Mac(javax.crypto.Mac)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
MACValue(com.ingrian.security.nae.MACValue)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
KeyGenerator(javax.crypto.KeyGenerator)
NAESession(com.ingrian.security.nae.NAESession)
Example 17 with NAEKey
use of com.ingrian.security.nae.NAEKey in project CipherTrust_Application_Protection by thalescpl-io.
the class CryptoTool method doDelete.
/**
* Deletes a key.
* @param keyName Key name to be deleted
* @param session NAESession
* @throws Exception
* @return Returns whether the operation was successful
*/
private static boolean doDelete(String keyName, NAESession session) throws Exception {
// error checking
if (keyName == null) {
System.err.println("Missing key name");
return false;
}
// retrieve NAE key based on key name
NAEKey key = NAEKey.getSecretKey(keyName, session);
// delete the key
key.delete();
// print message to output stream
os.write("Key deleted OK\n".getBytes());
return true;
}
Also used :
NAEKey(com.ingrian.security.nae.NAEKey)
Example 18 with NAEKey
use of com.ingrian.security.nae.NAEKey in project CipherTrust_Application_Protection by thalescpl-io.
the class ECCEncryptionSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.err.println("Usage: java ECCEncryptionSample user password keyname");
System.exit(-1);
}
String userName = args[0];
String password = args[1];
String keyName = args[2];
// Add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// Get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
String dataToEncrypt = "qwerty";
String algo = "ECIESwithSHA256AES/CBC/PKCS5Padding";
String provider = "IngrianProvider";
NAEKey pubKey = null;
System.out.println("DataToEncrypt = " + dataToEncrypt);
NAESession session = null;
try {
// Creates NAESession: pass in NAE user and password
session = NAESession.getSession(userName, password.toCharArray());
// Creates the IvParameterSpec object
IvParameterSpec ivSpec = new IvParameterSpec("1234567812345678".getBytes());
// Gets public key to encrypt data (just a key handle , key data does not leave the Key Manager)
pubKey = NAEKey.getPublicKey(keyName, session);
// Creates a encryption cipher
Cipher encryptCipher = Cipher.getInstance(algo, provider);
// Initializes the cipher to encrypt the data
encryptCipher.init(Cipher.ENCRYPT_MODE, pubKey, ivSpec);
// Encrypt data
byte[] encryptedText = encryptCipher.doFinal(dataToEncrypt.getBytes());
System.out.println("Encrypted Text: " + IngrianProvider.byteArray2Hex(encryptedText));
// Creates a decryption cipher object
Cipher decryptCipher = Cipher.getInstance(algo, provider);
// Get private key to decrypt data (just a key handle , key data does not leave the Key Manager)
NAEKey privKey = NAEKey.getPrivateKey(keyName, session);
// Initializes the cipher to decrypt data
decryptCipher.init(Cipher.DECRYPT_MODE, privKey, ivSpec);
// Decrypt data
byte[] decryptedText = decryptCipher.doFinal(encryptedText);
System.out.println("Decrypted text: " + IngrianProvider.toString(decryptedText));
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
Also used :
NAEKey(com.ingrian.security.nae.NAEKey)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
NAESession(com.ingrian.security.nae.NAESession)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
Example 19 with NAEKey
use of com.ingrian.security.nae.NAEKey in project CipherTrust_Application_Protection by thalescpl-io.
the class FPEEncryptionDecryptionSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 6) {
System.err.println("Usage: java FPEEncryptionDecryptionSample user password keyname IV TweakAlgorithm(Optional) TweakData(Optional)");
System.err.println("Mention null for optional parameter if you don't want to pass it");
/*
* Usage: keyname Supports AES Non-versioned key
* Usage: IV Must be 56 bytes Hex format string for AES key. IV must be of cardinality-10 that means each two characters (byte) of HEX IV must be 00-09
* IV must be provided when length of the data exceeds 56 bytes. FPE algorithm breaks the long data into 56 s-integer blocks and
* uses block chaining algorithm very similar to CBC mode to encrypt and chain the long data.
* when length of the data does not exceed MAXb value, the IV must be absent.
* Usage: TweakAlgorithm(Optional) must be from SHA1, SHA256 or None
* Usage: TweakData(Optional) If, tweak data algorithm is 'None' or absent,
the value must be HEX encoded string representing 64 bit long. In case of valid tweak Algorithm,
the tweak data value can be any ASCII string (not necessarily HEX).
Tweak Data is first processed using Tweak Hash Algorithm and the result is truncated to 64 bits
for input to the FPE algorithm
*/
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
String _iv = args[3];
String tweakAlgo = null;
if (!args[4].contains("null")) {
tweakAlgo = args[4];
}
String tweakData = null;
if (!args[5].contains("null")) {
tweakData = args[5];
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
System.out.println(provider.getInfo());
}
String dataToEncrypt = "36253865463254715234987125394785127934571235487631254876512837451827635487123564875216384728347";
System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
NAESession session = null;
try {
// create NAE Session: pass in Key Manager user name and password
session = NAESession.getSession(username, password.toCharArray());
// Get SecretKey (just a handle to it, key data does not leave the Key Manager
NAEKey key = NAEKey.getSecretKey(keyName, session);
byte[] iv = null;
NAESecureRandom rng;
iv = IngrianProvider.hex2ByteArray(_iv);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
// Initializes IV and tweak parameters
NAEIvAndTweakDataParameter ivtweak = null;
ivtweak = new NAEIvAndTweakDataParameter(ivSpec, tweakData, tweakAlgo);
// get a cipher
Cipher encryptCipher = Cipher.getInstance("FPE/AES/CARD10", "IngrianProvider");
// initialize cipher to encrypt.
encryptCipher.init(Cipher.ENCRYPT_MODE, key, ivtweak);
// encrypt data
byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
System.out.println("encrypted data data \"" + new String(outbuf) + "\"");
Cipher decryptCipher = Cipher.getInstance("FPE/AES/CARD10", "IngrianProvider");
// to decrypt data, initialize cipher to decrypt
decryptCipher.init(Cipher.DECRYPT_MODE, key, ivtweak);
// decrypt data
byte[] newbuf = decryptCipher.doFinal(outbuf);
System.out.println("Decrypted data \"" + new String(newbuf) + "\"");
// close the session
session.closeSession();
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
throw e;
} finally {
if (session != null) {
session.closeSession();
}
}
}
Also used :
NAEKey(com.ingrian.security.nae.NAEKey)
NAESecureRandom(com.ingrian.security.nae.NAESecureRandom)
NAEIvAndTweakDataParameter(com.ingrian.security.nae.NAEIvAndTweakDataParameter)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
NAESession(com.ingrian.security.nae.NAESession)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
Example 20 with NAEKey
use of com.ingrian.security.nae.NAEKey in project CipherTrust_Application_Protection by thalescpl-io.
the class AESGCMEncryptionDecryptionSample method main.
public static void main(String[] args) {
if (args.length != 7) {
System.err.println("Usage: java AESGCMEncryptionDecryptionSample user password keyname " + "authTagLength iv aad data");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
int authTagLength = Integer.parseInt(args[3]);
String iv = args[4];
String aad = args[5];
String data = args[6];
/**
* Note: For AES-GCM algorithm, same combination of nonce (IV) and key must not be reused
* during encryption/decryption operations.
*/
byte[] ivBytes = IngrianProvider.hex2ByteArray(iv);
byte[] aadBytes = IngrianProvider.hex2ByteArray(aad);
byte[] dataBytes = data.getBytes();
System.out.println("iv: " + IngrianProvider.byteArray2Hex(ivBytes));
System.out.println("AAD: " + IngrianProvider.byteArray2Hex(aadBytes));
NAESession session = null;
try {
session = NAESession.getSession(username, password.toCharArray(), "hello".toCharArray());
NAEKey key = NAEKey.getSecretKey(keyName, session);
GCMParameterSpec spec = new GCMParameterSpec(authTagLength, ivBytes, aadBytes);
Cipher encryptCipher = NAECipher.getNAECipherInstance("AES/GCM/NoPadding", "IngrianProvider");
encryptCipher.init(Cipher.ENCRYPT_MODE, key, spec);
byte[] encrypt = null;
encrypt = encryptCipher.doFinal(dataBytes);
System.out.println("Encrypt: " + IngrianProvider.byteArray2Hex(encrypt));
Cipher decryptCipher = NAECipher.getNAECipherInstance("AES/GCM/NoPadding", "IngrianProvider");
decryptCipher.init(Cipher.DECRYPT_MODE, key, spec);
byte[] decrypt = decryptCipher.doFinal(encrypt);
System.out.println("data: " + new String(decrypt));
} catch (Exception e) {
e.printStackTrace();
} finally {
// releasing session
if (session != null) {
session.closeSession();
}
}
}
Also used :
NAEKey(com.ingrian.security.nae.NAEKey)
GCMParameterSpec(com.ingrian.security.nae.GCMParameterSpec)
NAECipher(com.ingrian.security.nae.NAECipher)
Cipher(javax.crypto.Cipher)
NAESession(com.ingrian.security.nae.NAESession)
Aggregations
NAEKey (com.ingrian.security.nae.NAEKey)32
IngrianProvider (com.ingrian.security.nae.IngrianProvider)25
NAESession (com.ingrian.security.nae.NAESession)20
Cipher (javax.crypto.Cipher)12
KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)10
KMIPSession (com.ingrian.security.nae.KMIPSession)10
NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)10
NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)10
Provider (java.security.Provider)10
KeyGenerator (javax.crypto.KeyGenerator)9
NAEException (com.ingrian.security.nae.NAEException)8
IvParameterSpec (javax.crypto.spec.IvParameterSpec)8
NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)7
NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)7
NAESecretKey (com.ingrian.security.nae.NAESecretKey)7
SecretKey (javax.crypto.SecretKey)7
KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)5
NAECipher (com.ingrian.security.nae.NAECipher)5
NAESecureRandom (com.ingrian.security.nae.NAESecureRandom)5
GCMParameterSpec (com.ingrian.security.nae.GCMParameterSpec)3
