use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.
the class CustomLoggerSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.err.println("Usage: java CustomLoggerSample user password keyname");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider(new JavaUtilLogger()));
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
System.out.println("Data to mac \"" + dataToMac + "\"");
NAESession session = null;
try {
// create HMAC key on the Key Manager
// create NAE Session: pass in Key Manager user name and password
session = NAESession.getSession(username, password.toCharArray());
// create key which is exportable and deletable,
// key owner is passed in Key Manager user.
// For HmacSHA1 key length 160 bits
// For HmacSHA256 key length is 256 bits
// For HmacSHA384 key length is 384 bits
// For HmacSHA512 key length is 512 bits
NAEParameterSpec spec = new NAEParameterSpec(keyName, true, true, 160, session);
KeyGenerator kg = KeyGenerator.getInstance("HmacSHA1", "IngrianProvider");
kg.init(spec);
SecretKey secret_key = kg.generateKey();
// get the handle to created key
NAEKey key = NAEKey.getSecretKey(keyName, session);
// create MAC instance to get the message authentication code
Mac mac = Mac.getInstance("HmacSHA1", "IngrianProvider");
mac.init(key);
byte[] macValue = mac.doFinal(dataToMac.getBytes());
// create MAC instance to verify the message authentication code
Mac macV = Mac.getInstance("HmacSHA1Verify", "IngrianProvider");
macV.init(key, new MACValue(macValue));
byte[] result = macV.doFinal(dataToMac.getBytes());
// check verification result
if (result.length != 1 || result[0] != 1) {
System.out.println("Invalid MAC.");
} else {
System.out.println("MAC Verified OK.");
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
throw e;
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.
the class CryptoTool method doGenerate.
/**
* Generates a key based on the input parameters.
* @param keyName Key name to use
* @param algName Algorith name to use
* @param session NAESession
* @param exportable Signifies whether the generated key is exportable
* @param deletable Signifies whether the generate key is deletable
* @param size Key size
* @throws Exception
* @return Returns whether the operation was successful
*/
private static boolean doGenerate(String keyName, String algName, NAESession session, boolean exportable, boolean deletable, int size) throws Exception {
// error checking
if (keyName == null) {
System.err.println("Missing key name");
return false;
}
if (algName == null) {
System.err.println("Missing algorithm name");
return false;
}
// Create key generator and use it to create the key
if (!"RSA".equalsIgnoreCase(algName)) {
KeyGenerator kg = KeyGenerator.getInstance(algName, "IngrianProvider");
kg.init(new NAEParameterSpec(keyName, exportable, deletable, size, session));
kg.generateKey();
} else {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(algName, "IngrianProvider");
kpg.initialize(new NAEParameterSpec(keyName, exportable, deletable, size, session));
kpg.genKeyPair();
}
os.write("Key generated OK\n".getBytes());
return true;
}
use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCreateAndEncryptSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 5) {
usage();
}
String keyName = args[4];
int keyLength = 256;
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession kmipSession = null;
NAESession naeSession = null;
try {
// create KMIP Session - specify client X.509 certificate and keystore password
kmipSession = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key custom attributes
NAEKey key;
try {
/* does the key exist? if so, delete it */
/* get..Key method is merely a placeholder for a managed object
* with that name. */
key = NAEKey.getSecretKey(keyName, kmipSession);
/* getUID() will throw an exception if the key does not exist */
if (key.getUID() != null) {
System.out.println("Deleting key " + keyName + " with UID=" + key.getUID());
key.delete();
}
} catch (NAEException missing) {
if (missing.getMessage().equals("Key not found on server.")) {
System.out.println("Key did not exist");
} else
throw missing;
}
/* create a secret key using KMIP JCE key generator */
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
Calendar c = Calendar.getInstance();
initialAttributes.addDate(KMIPAttribute.ActivationDate, c);
NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) initialAttributes, kmipSession);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
SecretKey secretKey = kg.generateKey();
System.out.println("Created key " + ((NAEKey) secretKey).getName());
/* Once created, you may operate on the KMIP key. For example,
* add a KMIP group attribute to the KMIP - not required, just include
* as a sample of KMIP operations on the key */
KMIPAttributes ka = new KMIPAttributes();
ka.add(KMIPAttribute.ObjectGroup, 0, "group1");
secretKey = NAEKey.getSecretKey(keyName);
NAESecretKey sk = NAEKey.getSecretKey(keyName, kmipSession);
sk.addKMIPAttributes(ka);
/* Now use the NAEKey created for encryption using an NAESession
* to a Key Manager server. Essentially this is the same code as the
* SecretKeyEncryptionSample.java program
* Nothing new is required to use the KMIP-created key on the
* Key Manager server.
*/
// create NAE XML Session: pass in NAE user name and password
naeSession = NAESession.getSession(args[2], args[3].toCharArray());
// Get SecretKey (just a handle to it, key data does not leave the server
// Note: KMIP keys objects need to be re-retrieved on the XML session
key = NAEKey.getSecretKey(keyName, naeSession);
// get IV
NAESecureRandom rng = new NAESecureRandom(naeSession);
byte[] iv = new byte[16];
rng.nextBytes(iv);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
// get a cipher
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// initialize cipher to encrypt.
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
// encrypt data
byte[] outbuf = cipher.doFinal(dataToEncrypt.getBytes());
// to decrypt data, initialize cipher to decrypt
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
// decrypt data
byte[] newbuf = cipher.doFinal(outbuf);
System.out.println("Decrypted data \"" + new String(newbuf) + "\"");
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (kmipSession != null)
kmipSession.closeSession();
if (naeSession != null)
naeSession.closeSession();
}
}
use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCertificateSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in Key Manager user name and password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create certificate managed object ParameterSpec
NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
// import the certificate
byte[] c = Hex.decodeHex(certBytes.toCharArray());
NAECertificate.importCertificate(c, null, spec);
// query the certificate attributes via KMIP
session.getUID(args[2]);
Set<String> attrNames = session.listKMIPAttributes(args[2]);
System.out.println("Attributes: " + attrNames);
NAECertificate cert = new NAECertificate(args[2], session);
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.CertificateIdentifier);
getAttributes.add(KMIPAttribute.ObjectType);
getAttributes.add(KMIPAttribute.CertificateIssuer);
getAttributes.add(KMIPAttribute.CertificateType);
getAttributes.add(KMIPAttribute.CertificateSubject);
KMIPAttributes gotAttributes = cert.getKMIPAttributes(getAttributes);
KMIPCertificateIdentifier certIdentifier = gotAttributes.getCertificateIdentifier();
KMIPCertificateSubject subject = gotAttributes.getCertificateSubject();
KMIPCertificateTypes certType = gotAttributes.getCertificateType();
KMIPCertificateIssuer issuer = gotAttributes.getCertificateIssuer();
ObjectTypes ot = gotAttributes.getObjectType();
if (ot != null) {
System.out.println("Object Type KMIP Attribute: " + ot.getPrintName());
} else {
System.err.println("Object Type KMIP Attribute is null.");
}
if (certType != null) {
System.out.println("Certificate Type KMIP Attribute: " + certType.getPrintName());
} else {
System.err.println("Certificate Type KMIP Attribute is null.");
}
if (certIdentifier == null) {
System.err.println("Certificate Identifier KMIP Attribute is null.");
} else {
System.out.println("Certificate Identifier KMIP Attribute:");
System.out.println("\tIssuer = " + certIdentifier.getIssuer());
System.out.println("\tSerial Number" + certIdentifier.getSerialNumber());
}
if (issuer == null) {
System.err.println("Certificate Issuer is null.");
} else {
System.out.println("Certificate Issuer:");
System.out.println("\tIssuer Distinguished Name = " + issuer.getCertificateIssuerDistinguishedName());
if (issuer.getCertificateIssuerAlternativeName() != null) {
System.out.println("\tIssuer Alternative Name = " + issuer.getCertificateIssuerAlternativeName());
}
}
if (subject == null) {
System.err.println("Certificate Subject is null.");
} else {
System.out.println("Certificate Subject:");
System.out.println("\tSubject Distinguished Name = " + subject.getCertificateSubjectDistinguishedName());
if (subject.getCertificateSubjectAlternativeName() != null) {
System.out.println("\tSubject Alternative Name = " + subject.getCertificateSubjectAlternativeName());
}
}
// now export() a copy of the certificate back from the Key Manager
byte[] exportedCert = cert.certificateExport();
// compare the original and exported bytes
if ((exportedCert != null) && Arrays.equals(Hex.decodeHex(certBytes.toCharArray()), exportedCert))
System.out.println("Exported Certificate material equals original");
else {
System.out.println("Uh-oh!");
}
// print the bytes
System.out.println("original: " + certBytes.toUpperCase());
System.out.println("exported: " + TTLVUtil.toHexString(exportedCert));
// delete the test cert and close the session
cert.delete();
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPKeyPairSample method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String privateKeyName = args[2];
String publicKeyName = args[3];
KMIPSession session = null;
try {
// generate the public/private key pairs with client-side provider
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
System.out.println("Provider: " + keyGen.getProvider().getName());
keyGen.initialize(length);
KeyPair generatedKeyPair = keyGen.generateKeyPair();
// get the key material
PrivateKey priv = generatedKeyPair.getPrivate();
PublicKey pub = generatedKeyPair.getPublic();
byte[] privKeyMaterial = priv.getEncoded();
byte[] pubKeyMaterial = pub.getEncoded();
// Register keys on the Key Manager
// create NAE Session using a client certificate
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create a spec for the public key
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Verify.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(publicKeyName, length, (KMIPAttributes) initialAttributes, session);
// create a public key - note: names must match
NAEPublicKey naePub = NAEKey.getPublicKey(publicKeyName, session);
// register the key
String pubUID = naePub.registerKey(pubKeyMaterial, algorithm, keyFormat, spec);
// print the Key Manager unique identifier for the key
System.out.println("Created public key: " + pubUID);
// do the same for the private key
initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Sign.getValue()));
spec = new NAEParameterSpec(privateKeyName, length, (KMIPAttributes) initialAttributes, session);
NAEPrivateKey naePriv = NAEKey.getPrivateKey(privateKeyName, session);
// remove PKCS#8 header from the key material
byte[] truncatedKeyMaterial = new byte[privKeyMaterial.length - 26];
System.arraycopy(privKeyMaterial, 26, truncatedKeyMaterial, 0, privKeyMaterial.length - 26);
String privUID = naePriv.registerKey(truncatedKeyMaterial, algorithm, keyFormat, spec);
System.out.println("Created private key: " + privUID);
// Set the link attribute for the keys on the Key Manager
naePriv.link(naePub);
naePub.link(naePriv);
System.out.println("Linked keys");
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Aggregations