use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPWrapUnwrapSample method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String wrapping_key = args[2];
String wrapped_key = args[3];
// key bytes
String wrapping_keybytes = "49E3BD09F079E4F8842F1C6620FFF6EC";
String wrapped_keybytes = "92F6355221CC38DF5F374275631C774D";
System.out.println("wrapped_keybytes Key-1 " + wrapped_keybytes);
System.out.println("wrapping_keybytes Key-2" + wrapping_keybytes);
// key specification and key wrapping data
String wrappingMethod = "Encrypt";
String uniqueIdentifier_wrappingkey = null;
String uniqueIdentifier_wrappedkey = null;
String blockCipherMode = "NISTKeyWrap";
// not required as of now
String paddingMethod = null;
// not required as of now
String hashingAlgorithm = null;
// not required as of now
String keyRoleType = null;
String encodingOption = "NoEncoding";
// initiate KMIP session
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// KMIP attributes for to declare an encrypting key
KMIPAttributes initialAttribute = new KMIPAttributes();
initialAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.WrapKey.getValue() | UsageMask.UnwrapKey.getValue()));
// KMIP attribute to declare a plain key
KMIPAttributes initialAttributes2 = new KMIPAttributes();
initialAttributes2.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(wrapping_key, 128, initialAttribute, (KMIPSession) session);
NAEParameterSpec spec2 = new NAEParameterSpec(wrapped_key, 128, initialAttributes2, (KMIPSession) session);
NAEKey key3 = NAEKey.getSecretKey(wrapping_key, session);
NAEKey key4 = NAEKey.getSecretKey(wrapped_key, session);
// register wrapping key
try {
uniqueIdentifier_wrappingkey = key3.registerKey(IngrianProvider.hex2ByteArray(wrapping_keybytes), algorithm, keyFormat, spec);
} catch (NAEException e) {
if (e.getMessage().contains("Key already exists")) {
System.out.println("this key already exist");
try {
// updating UID for wrapping key
uniqueIdentifier_wrappingkey = key3.getUID();
} catch (NAEException e1) {
e1.printStackTrace();
} catch (Exception e1) {
e1.printStackTrace();
}
}
}
// register wrapped key
try {
uniqueIdentifier_wrappedkey = key4.registerKey(IngrianProvider.hex2ByteArray(wrapped_keybytes), algorithm, keyFormat, spec2);
} catch (NAEException e) {
if (e.getMessage().contains("Key already exists")) {
System.out.println("this key already exist");
try {
// updating UID for wrapped key
uniqueIdentifier_wrappedkey = key4.getUID();
} catch (Exception e1) {
e1.printStackTrace();
}
}
}
// KMIP attribute to get a wrapped key
KMIPAttributes initialAttributes1 = new KMIPAttributes();
initialAttributes1.add(new KMIPKeyWrapSpecification(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
// Getting wrapped key bytes
byte[] x = session.wrapKey(wrapped_key, initialAttributes1);
System.out.println("Encrypted key bytes Key 1 " + IngrianProvider.byteArray2Hex(x));
// KMIP attribute to register a new key using encrypted key bytes
KMIPAttributes unwrapAttribute = new KMIPAttributes();
unwrapAttribute.add(new KMIPKeyWrappingData(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
unwrapAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
String new_unwrapkeyuid = null;
// register a new key using wrapped key bytes
try {
new_unwrapkeyuid = session.registerKey(x, algorithm, null, length, unwrapAttribute);
} catch (NAEException e) {
if (e.getMessage().contains("Key already exists"))
System.out.println("this key already exist");
}
// Getting plain key bytes of new key
System.out.println("Plain key bytes of Key-3 " + IngrianProvider.byteArray2Hex(session.getKeyBytes(new_unwrapkeyuid)));
session.closeSession();
}
use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.
the class HMACSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.err.println("Usage: java HMACSample user password hmacKeyName");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
System.out.println("Data to mac \"" + dataToMac + "\"");
NAESession session = null;
try {
// create HMAC key on the server
// create NAE Session: pass in Key Manager user name and password
session = NAESession.getSession(username, password.toCharArray());
// create key which is exportable and deletable,
// key owner is passed in Key Manager user.
// For HmacSHA1 key length 160 bits
// For HmacSHA256 key length is 256 bits
// For HmacSHA384 key length is 384 bits
// For HmacSHA512 key length is 512 bits
NAEParameterSpec spec = new NAEParameterSpec(keyName, true, true, 160, session);
KeyGenerator kg = KeyGenerator.getInstance("HmacSHA1", "IngrianProvider");
kg.init(spec);
SecretKey secret_key = kg.generateKey();
// get the handle to created key
NAEKey key = NAEKey.getSecretKey(keyName, session);
// create MAC instance to get the message authentication code
Mac mac = Mac.getInstance("HmacSHA1", "IngrianProvider");
mac.init(key);
byte[] macValue = mac.doFinal(dataToMac.getBytes());
// create MAC instance to verify the message authentication code
Mac macV = Mac.getInstance("HmacSHA1Verify", "IngrianProvider");
macV.init(key, new MACValue(macValue));
byte[] result = macV.doFinal(dataToMac.getBytes());
// check verification result
if (result.length != 1 || result[0] != 1) {
System.out.println("Invalid MAC.");
} else {
System.out.println("MAC Verified OK.");
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
throw e;
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPSecretDataSample method main.
public static void main(String[] args) throws Exception {
if (args.length < 2) {
usage();
}
String keyName = args.length == 3 ? args[2] : "KMIPSecretData";
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
try {
// generate the secret data (the bytes of a public key)
// For IBM Java, change the provider from "SUN/SunRsaSign" to "IBMJCE"
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "SunRsaSign");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);
KeyPair keyPair = keyGen.generateKeyPair();
PublicKey pub = keyPair.getPublic();
byte[] data = pub.getEncoded();
// create NAE Session: pass in Key Manager user name and password
// KMIPSession session = KMIPSession.getSession(new NAEClientCertificate( args[0], args[1]));
// create secret data managed object ParameterSpec
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Verify.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(keyName, 1024, (KMIPAttributes) initialAttributes, session);
// create the secret data object as a KMIP secret data Password type
KMIPSecretData secretDataManagedObject = new KMIPSecretData(keyName, KMIPSecretData.SecretDataType.Password, session);
// register the secret data bytes
secretDataManagedObject.register(data, spec);
// now export() a copy of the secret data back from the Key Manager
byte[] exportedSecretData = secretDataManagedObject.export();
// compare the original and exported bytes
if ((exportedSecretData != null) && Arrays.equals(exportedSecretData, data))
System.out.println("Exported secret data equals original");
else {
System.out.println("Uh-oh!");
}
// print the bytes and close the session
System.out.println("original: " + TTLVUtil.toHexString(data));
System.out.println("exported: " + TTLVUtil.toHexString(exportedSecretData));
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.
the class MultiplePropertyFileSample method main.
public static void main(String[] args) {
if (args.length != 6) {
System.err.println("Usage: java MultiplePropertyFileSample local_config_user local_config_password " + "local_propertyfile_path global_config_user global_config_password keyname");
System.exit(-1);
}
NAESession localsession = null;
NAESession globalsession = null;
NAESecretKey localsessionKey = null;
NAEKey globalsessionKey = null;
String data = "Test Data";
try {
localsession = NAESession.getSession(args[0], args[1].toCharArray(), new SessionLevelConfig(args[2]));
globalsession = NAESession.getSession(args[3], args[4].toCharArray());
NAEParameterSpec spec = new NAEParameterSpec(args[5], true, true, false, 192, null, localsession);
localsessionKey = generateKey(spec);
boolean isExported = exportKeyToGlobalSession(globalsession, localsessionKey);
if (isExported) {
byte[] encrytedText = encryptWithLocalConfig(data, localsessionKey);
globalsessionKey = NAEKey.getSecretKey(localsessionKey.getName(), globalsession);
byte[] decryptText = decryptWithGLobalConfig(encrytedText, globalsessionKey);
if (data.equals(new String(decryptText))) {
System.out.println("Key is exported successfully to global Key Manager.");
} else {
System.out.println("Key is not exported successfully to global Key Manager.");
}
} else {
System.out.println("Key is not exported successfully to global Key Manager.");
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (localsessionKey != null)
localsessionKey.delete();
if (globalsessionKey != null)
globalsessionKey.delete();
}
}
use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.
the class MultiplePropertyFileSample method exportKeyToGlobalSession.
static boolean exportKeyToGlobalSession(NAESessionInterface globalsessionforEn, NAEKey key) {
if (key.isExportable()) {
byte[] rawKey = key.export();
NAEKey.importKey(rawKey, key.getAlgorithm(), new NAEParameterSpec(key.getName(), true, true, false, 192, null, globalsessionforEn));
return true;
}
return false;
}
Aggregations