Examples with NAEParameterSpec com.ingrian.security.nae.NAEParameterSpec used on opensource projects

Example 21 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPWrapUnwrapSample method main.

public static void main(String[] args) {
    if (args.length != 4) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    String wrapping_key = args[2];
    String wrapped_key = args[3];
    // key bytes
    String wrapping_keybytes = "49E3BD09F079E4F8842F1C6620FFF6EC";
    String wrapped_keybytes = "92F6355221CC38DF5F374275631C774D";
    System.out.println("wrapped_keybytes Key-1 " + wrapped_keybytes);
    System.out.println("wrapping_keybytes Key-2" + wrapping_keybytes);
    // key specification and key wrapping data
    String wrappingMethod = "Encrypt";
    String uniqueIdentifier_wrappingkey = null;
    String uniqueIdentifier_wrappedkey = null;
    String blockCipherMode = "NISTKeyWrap";
    // not required as of now
    String paddingMethod = null;
    // not required as of now
    String hashingAlgorithm = null;
    // not required as of now
    String keyRoleType = null;
    String encodingOption = "NoEncoding";
    // initiate KMIP session
    KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
    // KMIP attributes for to declare an encrypting key
    KMIPAttributes initialAttribute = new KMIPAttributes();
    initialAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.WrapKey.getValue() | UsageMask.UnwrapKey.getValue()));
    // KMIP attribute to declare a plain key
    KMIPAttributes initialAttributes2 = new KMIPAttributes();
    initialAttributes2.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
    NAEParameterSpec spec = new NAEParameterSpec(wrapping_key, 128, initialAttribute, (KMIPSession) session);
    NAEParameterSpec spec2 = new NAEParameterSpec(wrapped_key, 128, initialAttributes2, (KMIPSession) session);
    NAEKey key3 = NAEKey.getSecretKey(wrapping_key, session);
    NAEKey key4 = NAEKey.getSecretKey(wrapped_key, session);
    // register wrapping key
    try {
        uniqueIdentifier_wrappingkey = key3.registerKey(IngrianProvider.hex2ByteArray(wrapping_keybytes), algorithm, keyFormat, spec);
    } catch (NAEException e) {
        if (e.getMessage().contains("Key already exists")) {
            System.out.println("this key already exist");
            try {
                // updating UID for wrapping key
                uniqueIdentifier_wrappingkey = key3.getUID();
            } catch (NAEException e1) {
                e1.printStackTrace();
            } catch (Exception e1) {
                e1.printStackTrace();
            }
        }
    }
    // register wrapped key
    try {
        uniqueIdentifier_wrappedkey = key4.registerKey(IngrianProvider.hex2ByteArray(wrapped_keybytes), algorithm, keyFormat, spec2);
    } catch (NAEException e) {
        if (e.getMessage().contains("Key already exists")) {
            System.out.println("this key already exist");
            try {
                // updating UID for wrapped key
                uniqueIdentifier_wrappedkey = key4.getUID();
            } catch (Exception e1) {
                e1.printStackTrace();
            }
        }
    }
    // KMIP attribute to get a wrapped key
    KMIPAttributes initialAttributes1 = new KMIPAttributes();
    initialAttributes1.add(new KMIPKeyWrapSpecification(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
    // Getting wrapped key bytes
    byte[] x = session.wrapKey(wrapped_key, initialAttributes1);
    System.out.println("Encrypted key bytes Key 1 " + IngrianProvider.byteArray2Hex(x));
    // KMIP attribute to register a new key using encrypted key bytes
    KMIPAttributes unwrapAttribute = new KMIPAttributes();
    unwrapAttribute.add(new KMIPKeyWrappingData(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
    unwrapAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
    String new_unwrapkeyuid = null;
    // register a new key using wrapped key bytes
    try {
        new_unwrapkeyuid = session.registerKey(x, algorithm, null, length, unwrapAttribute);
    } catch (NAEException e) {
        if (e.getMessage().contains("Key already exists"))
            System.out.println("this key already exist");
    }
    // Getting plain key bytes of new key
    System.out.println("Plain key bytes of Key-3 " + IngrianProvider.byteArray2Hex(session.getKeyBytes(new_unwrapkeyuid)));
    session.closeSession();
}

Example 22 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class HMACSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.err.println("Usage: java HMACSample user password hmacKeyName");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
    System.out.println("Data to mac \"" + dataToMac + "\"");
    NAESession session = null;
    try {
        // create HMAC key on the server
        // create NAE Session: pass in Key Manager user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // create key which is exportable and deletable,
        // key owner is passed in Key Manager user.
        // For HmacSHA1 key length 160 bits
        // For HmacSHA256 key length is 256 bits
        // For HmacSHA384 key length is 384 bits
        // For HmacSHA512 key length is 512 bits
        NAEParameterSpec spec = new NAEParameterSpec(keyName, true, true, 160, session);
        KeyGenerator kg = KeyGenerator.getInstance("HmacSHA1", "IngrianProvider");
        kg.init(spec);
        SecretKey secret_key = kg.generateKey();
        // get the handle to created key
        NAEKey key = NAEKey.getSecretKey(keyName, session);
        // create MAC instance to get the message authentication code
        Mac mac = Mac.getInstance("HmacSHA1", "IngrianProvider");
        mac.init(key);
        byte[] macValue = mac.doFinal(dataToMac.getBytes());
        // create MAC instance to verify the message authentication code
        Mac macV = Mac.getInstance("HmacSHA1Verify", "IngrianProvider");
        macV.init(key, new MACValue(macValue));
        byte[] result = macV.doFinal(dataToMac.getBytes());
        // check verification result
        if (result.length != 1 || result[0] != 1) {
            System.out.println("Invalid MAC.");
        } else {
            System.out.println("MAC Verified OK.");
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        throw e;
    } finally {
        if (session != null)
            session.closeSession();
    }
}

Example 23 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPSecretDataSample method main.

public static void main(String[] args) throws Exception {
    if (args.length < 2) {
        usage();
    }
    String keyName = args.length == 3 ? args[2] : "KMIPSecretData";
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
    try {
        // generate the secret data (the bytes of a public key)
        // For IBM Java, change the provider from "SUN/SunRsaSign" to "IBMJCE"
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "SunRsaSign");
        SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
        keyGen.initialize(1024, random);
        KeyPair keyPair = keyGen.generateKeyPair();
        PublicKey pub = keyPair.getPublic();
        byte[] data = pub.getEncoded();
        // create NAE Session: pass in Key Manager user name and password
        // KMIPSession session  = KMIPSession.getSession(new NAEClientCertificate( args[0],  args[1]));
        // create secret data managed object ParameterSpec
        KMIPAttributes initialAttributes = new KMIPAttributes();
        initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Verify.getValue()));
        NAEParameterSpec spec = new NAEParameterSpec(keyName, 1024, (KMIPAttributes) initialAttributes, session);
        // create the secret data object as a KMIP secret data Password type
        KMIPSecretData secretDataManagedObject = new KMIPSecretData(keyName, KMIPSecretData.SecretDataType.Password, session);
        // register the secret data bytes
        secretDataManagedObject.register(data, spec);
        // now export() a copy of the secret data back from the Key Manager
        byte[] exportedSecretData = secretDataManagedObject.export();
        // compare the original and exported bytes
        if ((exportedSecretData != null) && Arrays.equals(exportedSecretData, data))
            System.out.println("Exported secret data equals original");
        else {
            System.out.println("Uh-oh!");
        }
        // print the bytes and close the session
        System.out.println("original: " + TTLVUtil.toHexString(data));
        System.out.println("exported: " + TTLVUtil.toHexString(exportedSecretData));
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}

Example 24 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class MultiplePropertyFileSample method main.

public static void main(String[] args) {
    if (args.length != 6) {
        System.err.println("Usage: java MultiplePropertyFileSample local_config_user local_config_password " + "local_propertyfile_path global_config_user global_config_password keyname");
        System.exit(-1);
    }
    NAESession localsession = null;
    NAESession globalsession = null;
    NAESecretKey localsessionKey = null;
    NAEKey globalsessionKey = null;
    String data = "Test Data";
    try {
        localsession = NAESession.getSession(args[0], args[1].toCharArray(), new SessionLevelConfig(args[2]));
        globalsession = NAESession.getSession(args[3], args[4].toCharArray());
        NAEParameterSpec spec = new NAEParameterSpec(args[5], true, true, false, 192, null, localsession);
        localsessionKey = generateKey(spec);
        boolean isExported = exportKeyToGlobalSession(globalsession, localsessionKey);
        if (isExported) {
            byte[] encrytedText = encryptWithLocalConfig(data, localsessionKey);
            globalsessionKey = NAEKey.getSecretKey(localsessionKey.getName(), globalsession);
            byte[] decryptText = decryptWithGLobalConfig(encrytedText, globalsessionKey);
            if (data.equals(new String(decryptText))) {
                System.out.println("Key  is exported successfully to global Key Manager.");
            } else {
                System.out.println("Key is not exported successfully to global Key Manager.");
            }
        } else {
            System.out.println("Key is not exported successfully to global Key Manager.");
        }
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (localsessionKey != null)
            localsessionKey.delete();
        if (globalsessionKey != null)
            globalsessionKey.delete();
    }
}

Example 25 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class MultiplePropertyFileSample method exportKeyToGlobalSession.

static boolean exportKeyToGlobalSession(NAESessionInterface globalsessionforEn, NAEKey key) {
    if (key.isExportable()) {
        byte[] rawKey = key.export();
        NAEKey.importKey(rawKey, key.getAlgorithm(), new NAEParameterSpec(key.getName(), true, true, false, 192, null, globalsessionforEn));
        return true;
    }
    return false;
}