Search in sources :

Example 6 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class RSAKeySample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        System.err.println("Usage: java RSAKeySample user password keyname group");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    String group = args[3];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    NAESession session = null;
    try {
        // create NAE Session: pass in Key Manager user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // Configure the key permissions to be granted to NAE group.
        NAEPermission permission = new NAEPermission(group);
        // add permission to sign
        permission.setSign(true);
        // add permission to verify signature
        permission.setSignV(true);
        NAEPermission[] permissions = { permission };
        // create key pair which is exportable and deletable
        // key owner is Key Manager user, default key length 1024 bits and
        // permissions granted to sign and verify
        NAEParameterSpec rsaParamSpec = new NAEParameterSpec(keyName, true, true, session, permissions);
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "IngrianProvider");
        kpg.initialize(rsaParamSpec);
        KeyPair pair = kpg.generateKeyPair();
        // Get public key data from Key Manager
        NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
        byte[] pubKeyData = pubKey.export();
        System.out.println("Exported public key: " + pubKey.getName());
        // Export private key data (contains both public and private key data)
        NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
        byte[] privKeyData = privKey.export();
        // Delete the key pair from Key Manager
        pubKey.delete();
        // Import the key pair back to the Key Manager
        // key pair name is keyName+"Dup", keys are exportable and not deletable
        NAEParameterSpec spec_dup = new NAEParameterSpec(keyName + "Dup", true, false, session);
        // private key contains both public and private key data
        privKey.importKey(privKeyData, "RSA", spec_dup);
        System.out.println("Imported key data; Duplicate Key pair " + privKey.getName() + " is created on NAE Server.");
        // Export private key data in PKCS#8 format and create JCE key
        NAEPrivateKey prKey = NAEKey.getPrivateKey(keyName + "Dup", session);
        PrivateKey jcePrivateKey = prKey.exportJCEKey();
        // Export public key data in PKCS#5 format and create JCE key
        NAEPublicKey publKey = NAEKey.getPublicKey(keyName + "Dup", session);
        PublicKey jcePublicKey = publKey.exportJCEKey();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    } finally {
        if (session != null)
            // Close NAESession
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KeyPair(java.security.KeyPair) NAEPermission(com.ingrian.security.nae.NAEPermission) PrivateKey(java.security.PrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) PublicKey(java.security.PublicKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) NAESession(com.ingrian.security.nae.NAESession)

Example 7 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class WrapKeySample method createKeyPair.

private static KeyPair createKeyPair(NAESession session, String group, String keyName) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
    // Generate an RSA 2048 Public/Private Key pair on the Key Manager.
    // Set the key permissions to the set of permissions granted to NAE group.
    NAEPermission permission = new NAEPermission(group);
    // Add permission to sign.
    permission.setSign(true);
    // Add permission to verify signature.
    permission.setSignV(true);
    NAEPermission[] permissions = { permission };
    // Create an exportable and deletable key pair where the
    // key owner is the Key Manager user, the key length is 2048 bits and
    // permissions grant sign and sign verify operations.
    NAEParameterSpec rsaParamSpec = new NAEParameterSpec(keyName, true, true, 2048, session, permissions);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "IngrianProvider");
    kpg.initialize(rsaParamSpec);
    KeyPair pair = kpg.generateKeyPair();
    return pair;
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KeyPair(java.security.KeyPair) NAEPermission(com.ingrian.security.nae.NAEPermission) KeyPairGenerator(java.security.KeyPairGenerator)

Example 8 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class KeyPermissionsSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        System.err.println("Usage: java KeyPermissionsSample user password keyname group");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    String group = args[3];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    NAESession session = null;
    try {
        // create NAE Session: pass in NAE user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // set the key permissions to the set of permissions granted to NAE group.
        NAEPermission permission = new NAEPermission(group);
        // add permission to encrypt
        permission.setEncrypt(true);
        // add permission to decrypt
        permission.setDecrypt(true);
        NAEPermission[] permissions = { permission };
        // set permission for encryption decryption
        // use builder pattern to make key exportable & versioned ,deletable
        NAEParameterSpec naeParamSpec = new NAEParameterSpec.Builder(keyName).withSession(session).permissions(permissions).deletable(true).exportable(true).versioned(true).keylength(256).build();
        KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
        kg.init(naeParamSpec);
        kg.generateKey();
        // retreive permissions for that key
        List<NAEPermission> linkedPermissions = NAEKey.getKeyPermissions(session, keyName);
        for (NAEPermission naePermission : linkedPermissions) {
            System.out.println(naePermission);
        }
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) NAEPermission(com.ingrian.security.nae.NAEPermission) IngrianProvider(com.ingrian.security.nae.IngrianProvider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) KeyGenerator(javax.crypto.KeyGenerator) NAESession(com.ingrian.security.nae.NAESession)

Example 9 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class ByokSample method wrapKeyFromKS.

private static byte[] wrapKeyFromKS(String username, String password, String aesKeyName, String wrappingKeyName, String wrappingAlgo, byte[] publicKey, String cloudName, String hash256Path) throws Exception {
    String pemString = null;
    if (publicKey != null) {
        PemObject pemObject = new PemObject("RSA PUBLIC KEY", publicKey);
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        pemWriter.writeObject(pemObject);
        pemWriter.close();
        pemString = stringWriter.toString();
    }
    NAESession session = null;
    try {
        // create nae session
        session = NAESession.getSession(username, password.toCharArray());
        NAESecretKey secretKey = NAEKey.getSecretKey(aesKeyName, session);
        if (isKeyNameValid(secretKey))
            validateKeySize(secretKey, 256);
        else {
            createAES256Key(aesKeyName, session);
            secretKey = NAEKey.getSecretKey(aesKeyName, session);
        }
        // Need not import if publicKey is null
        if (publicKey != null) {
            // key import spec
            NAEParameterSpec rsaParamSpec = new NAEParameterSpec(wrappingKeyName, true, true, session, null);
            // import the rsa public key
            NAEPublicKey.importKey(pemString.getBytes("UTF-8"), "RSA", rsaParamSpec);
        }
        // get key handle to the imported RSA key
        NAEPublicKey pubRSAKey = NAEKey.getPublicKey(wrappingKeyName, session);
        // spec for key to be wrapped
        NAEParameterSpec aesSpec = new NAEParameterSpec(aesKeyName, true, true, 256, session);
        // setting padding format to wrap a key
        aesSpec.setWrapPaddingFormat("PKCS1.5".equals(wrappingAlgo.toUpperCase()) ? WrapFormatPadding.DEFAULT : WrapFormatPadding.valueOf(wrappingAlgo.toUpperCase()));
        // Init a JCE Cipher in WRAP_MODE to do the key wrapping.
        Cipher cipher = Cipher.getInstance("RSA", "IngrianProvider");
        cipher.init(Cipher.WRAP_MODE, pubRSAKey, aesSpec);
        byte[] wrappedByte = cipher.wrap(secretKey);
        // write hash
        if (cloudName.equalsIgnoreCase("salesforce")) {
            writeHashToTheFile(cloudName, secretKey.getKeyData(), hash256Path);
        }
        return wrappedByte;
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : PemObject(org.bouncycastle.util.io.pem.PemObject) NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) StringWriter(java.io.StringWriter) PemWriter(org.bouncycastle.util.io.pem.PemWriter) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) Cipher(javax.crypto.Cipher) NAESession(com.ingrian.security.nae.NAESession)

Example 10 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class ByokSample method createAES256Key.

private static void createAES256Key(String aesKeyName, NAESession session) throws Exception {
    NAEParameterSpec spec = new NAEParameterSpec(aesKeyName, true, true, true, 256, null, session);
    KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
    kg.init(spec);
    kg.generateKey();
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KeyGenerator(javax.crypto.KeyGenerator)

Aggregations

NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)25 IngrianProvider (com.ingrian.security.nae.IngrianProvider)17 KeyGenerator (javax.crypto.KeyGenerator)12 NAESession (com.ingrian.security.nae.NAESession)11 KMIPSession (com.ingrian.security.nae.KMIPSession)10 NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)10 NAEKey (com.ingrian.security.nae.NAEKey)10 KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)9 SecretKey (javax.crypto.SecretKey)7 NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)6 NAESecretKey (com.ingrian.security.nae.NAESecretKey)6 KeyPair (java.security.KeyPair)6 Provider (java.security.Provider)6 NAEPermission (com.ingrian.security.nae.NAEPermission)5 NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)5 NAEException (com.ingrian.security.nae.NAEException)4 KeyPairGenerator (java.security.KeyPairGenerator)4 PrivateKey (java.security.PrivateKey)4 PublicKey (java.security.PublicKey)4 Cipher (javax.crypto.Cipher)4