Search in sources :

Example 21 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPWrapUnwrapSample method main.

public static void main(String[] args) {
    if (args.length != 4) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    String wrapping_key = args[2];
    String wrapped_key = args[3];
    // key bytes
    String wrapping_keybytes = "49E3BD09F079E4F8842F1C6620FFF6EC";
    String wrapped_keybytes = "92F6355221CC38DF5F374275631C774D";
    System.out.println("wrapped_keybytes Key-1 " + wrapped_keybytes);
    System.out.println("wrapping_keybytes Key-2" + wrapping_keybytes);
    // key specification and key wrapping data
    String wrappingMethod = "Encrypt";
    String uniqueIdentifier_wrappingkey = null;
    String uniqueIdentifier_wrappedkey = null;
    String blockCipherMode = "NISTKeyWrap";
    // not required as of now
    String paddingMethod = null;
    // not required as of now
    String hashingAlgorithm = null;
    // not required as of now
    String keyRoleType = null;
    String encodingOption = "NoEncoding";
    // initiate KMIP session
    KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
    // KMIP attributes for to declare an encrypting key
    KMIPAttributes initialAttribute = new KMIPAttributes();
    initialAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.WrapKey.getValue() | UsageMask.UnwrapKey.getValue()));
    // KMIP attribute to declare a plain key
    KMIPAttributes initialAttributes2 = new KMIPAttributes();
    initialAttributes2.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
    NAEParameterSpec spec = new NAEParameterSpec(wrapping_key, 128, initialAttribute, (KMIPSession) session);
    NAEParameterSpec spec2 = new NAEParameterSpec(wrapped_key, 128, initialAttributes2, (KMIPSession) session);
    NAEKey key3 = NAEKey.getSecretKey(wrapping_key, session);
    NAEKey key4 = NAEKey.getSecretKey(wrapped_key, session);
    // register wrapping key
    try {
        uniqueIdentifier_wrappingkey = key3.registerKey(IngrianProvider.hex2ByteArray(wrapping_keybytes), algorithm, keyFormat, spec);
    } catch (NAEException e) {
        if (e.getMessage().contains("Key already exists")) {
            System.out.println("this key already exist");
            try {
                // updating UID for wrapping key
                uniqueIdentifier_wrappingkey = key3.getUID();
            } catch (NAEException e1) {
                e1.printStackTrace();
            } catch (Exception e1) {
                e1.printStackTrace();
            }
        }
    }
    // register wrapped key
    try {
        uniqueIdentifier_wrappedkey = key4.registerKey(IngrianProvider.hex2ByteArray(wrapped_keybytes), algorithm, keyFormat, spec2);
    } catch (NAEException e) {
        if (e.getMessage().contains("Key already exists")) {
            System.out.println("this key already exist");
            try {
                // updating UID for wrapped key
                uniqueIdentifier_wrappedkey = key4.getUID();
            } catch (Exception e1) {
                e1.printStackTrace();
            }
        }
    }
    // KMIP attribute to get a wrapped key
    KMIPAttributes initialAttributes1 = new KMIPAttributes();
    initialAttributes1.add(new KMIPKeyWrapSpecification(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
    // Getting wrapped key bytes
    byte[] x = session.wrapKey(wrapped_key, initialAttributes1);
    System.out.println("Encrypted key bytes Key 1 " + IngrianProvider.byteArray2Hex(x));
    // KMIP attribute to register a new key using encrypted key bytes
    KMIPAttributes unwrapAttribute = new KMIPAttributes();
    unwrapAttribute.add(new KMIPKeyWrappingData(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
    unwrapAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
    String new_unwrapkeyuid = null;
    // register a new key using wrapped key bytes
    try {
        new_unwrapkeyuid = session.registerKey(x, algorithm, null, length, unwrapAttribute);
    } catch (NAEException e) {
        if (e.getMessage().contains("Key already exists"))
            System.out.println("this key already exist");
    }
    // Getting plain key bytes of new key
    System.out.println("Plain key bytes of Key-3 " + IngrianProvider.byteArray2Hex(session.getKeyBytes(new_unwrapkeyuid)));
    session.closeSession();
}
Also used : KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) NAEException(com.ingrian.security.nae.NAEException) NAEKey(com.ingrian.security.nae.NAEKey) KMIPKeyWrapSpecification(com.ingrian.security.nae.KMIPKeyWrapSpecification) KMIPKeyWrappingData(com.ingrian.security.nae.KMIPKeyWrappingData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) NAEException(com.ingrian.security.nae.NAEException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Example 22 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class HMACSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.err.println("Usage: java HMACSample user password hmacKeyName");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
    System.out.println("Data to mac \"" + dataToMac + "\"");
    NAESession session = null;
    try {
        // create HMAC key on the server
        // create NAE Session: pass in Key Manager user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // create key which is exportable and deletable,
        // key owner is passed in Key Manager user.
        // For HmacSHA1 key length 160 bits
        // For HmacSHA256 key length is 256 bits
        // For HmacSHA384 key length is 384 bits
        // For HmacSHA512 key length is 512 bits
        NAEParameterSpec spec = new NAEParameterSpec(keyName, true, true, 160, session);
        KeyGenerator kg = KeyGenerator.getInstance("HmacSHA1", "IngrianProvider");
        kg.init(spec);
        SecretKey secret_key = kg.generateKey();
        // get the handle to created key
        NAEKey key = NAEKey.getSecretKey(keyName, session);
        // create MAC instance to get the message authentication code
        Mac mac = Mac.getInstance("HmacSHA1", "IngrianProvider");
        mac.init(key);
        byte[] macValue = mac.doFinal(dataToMac.getBytes());
        // create MAC instance to verify the message authentication code
        Mac macV = Mac.getInstance("HmacSHA1Verify", "IngrianProvider");
        macV.init(key, new MACValue(macValue));
        byte[] result = macV.doFinal(dataToMac.getBytes());
        // check verification result
        if (result.length != 1 || result[0] != 1) {
            System.out.println("Invalid MAC.");
        } else {
            System.out.println("MAC Verified OK.");
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        throw e;
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) NAEKey(com.ingrian.security.nae.NAEKey) Mac(javax.crypto.Mac) IngrianProvider(com.ingrian.security.nae.IngrianProvider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) MACValue(com.ingrian.security.nae.MACValue) SecretKey(javax.crypto.SecretKey) KeyGenerator(javax.crypto.KeyGenerator) NAESession(com.ingrian.security.nae.NAESession)

Example 23 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPSecretDataSample method main.

public static void main(String[] args) throws Exception {
    if (args.length < 2) {
        usage();
    }
    String keyName = args.length == 3 ? args[2] : "KMIPSecretData";
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
    try {
        // generate the secret data (the bytes of a public key)
        // For IBM Java, change the provider from "SUN/SunRsaSign" to "IBMJCE"
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "SunRsaSign");
        SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
        keyGen.initialize(1024, random);
        KeyPair keyPair = keyGen.generateKeyPair();
        PublicKey pub = keyPair.getPublic();
        byte[] data = pub.getEncoded();
        // create NAE Session: pass in Key Manager user name and password
        // KMIPSession session  = KMIPSession.getSession(new NAEClientCertificate( args[0],  args[1]));
        // create secret data managed object ParameterSpec
        KMIPAttributes initialAttributes = new KMIPAttributes();
        initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Verify.getValue()));
        NAEParameterSpec spec = new NAEParameterSpec(keyName, 1024, (KMIPAttributes) initialAttributes, session);
        // create the secret data object as a KMIP secret data Password type
        KMIPSecretData secretDataManagedObject = new KMIPSecretData(keyName, KMIPSecretData.SecretDataType.Password, session);
        // register the secret data bytes
        secretDataManagedObject.register(data, spec);
        // now export() a copy of the secret data back from the Key Manager
        byte[] exportedSecretData = secretDataManagedObject.export();
        // compare the original and exported bytes
        if ((exportedSecretData != null) && Arrays.equals(exportedSecretData, data))
            System.out.println("Exported secret data equals original");
        else {
            System.out.println("Uh-oh!");
        }
        // print the bytes and close the session
        System.out.println("original: " + TTLVUtil.toHexString(data));
        System.out.println("exported: " + TTLVUtil.toHexString(exportedSecretData));
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KeyPair(java.security.KeyPair) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) PublicKey(java.security.PublicKey) SecureRandom(java.security.SecureRandom) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) KeyPairGenerator(java.security.KeyPairGenerator) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Example 24 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class MultiplePropertyFileSample method main.

public static void main(String[] args) {
    if (args.length != 6) {
        System.err.println("Usage: java MultiplePropertyFileSample local_config_user local_config_password " + "local_propertyfile_path global_config_user global_config_password keyname");
        System.exit(-1);
    }
    NAESession localsession = null;
    NAESession globalsession = null;
    NAESecretKey localsessionKey = null;
    NAEKey globalsessionKey = null;
    String data = "Test Data";
    try {
        localsession = NAESession.getSession(args[0], args[1].toCharArray(), new SessionLevelConfig(args[2]));
        globalsession = NAESession.getSession(args[3], args[4].toCharArray());
        NAEParameterSpec spec = new NAEParameterSpec(args[5], true, true, false, 192, null, localsession);
        localsessionKey = generateKey(spec);
        boolean isExported = exportKeyToGlobalSession(globalsession, localsessionKey);
        if (isExported) {
            byte[] encrytedText = encryptWithLocalConfig(data, localsessionKey);
            globalsessionKey = NAEKey.getSecretKey(localsessionKey.getName(), globalsession);
            byte[] decryptText = decryptWithGLobalConfig(encrytedText, globalsessionKey);
            if (data.equals(new String(decryptText))) {
                System.out.println("Key  is exported successfully to global Key Manager.");
            } else {
                System.out.println("Key is not exported successfully to global Key Manager.");
            }
        } else {
            System.out.println("Key is not exported successfully to global Key Manager.");
        }
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (localsessionKey != null)
            localsessionKey.delete();
        if (globalsessionKey != null)
            globalsessionKey.delete();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) NAEKey(com.ingrian.security.nae.NAEKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) SessionLevelConfig(com.ingrian.security.nae.SessionLevelConfig) NAESession(com.ingrian.security.nae.NAESession) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 25 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class MultiplePropertyFileSample method exportKeyToGlobalSession.

static boolean exportKeyToGlobalSession(NAESessionInterface globalsessionforEn, NAEKey key) {
    if (key.isExportable()) {
        byte[] rawKey = key.export();
        NAEKey.importKey(rawKey, key.getAlgorithm(), new NAEParameterSpec(key.getName(), true, true, false, 192, null, globalsessionforEn));
        return true;
    }
    return false;
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)

Aggregations

NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)25 IngrianProvider (com.ingrian.security.nae.IngrianProvider)17 KeyGenerator (javax.crypto.KeyGenerator)12 NAESession (com.ingrian.security.nae.NAESession)11 KMIPSession (com.ingrian.security.nae.KMIPSession)10 NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)10 NAEKey (com.ingrian.security.nae.NAEKey)10 KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)9 SecretKey (javax.crypto.SecretKey)7 NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)6 NAESecretKey (com.ingrian.security.nae.NAESecretKey)6 KeyPair (java.security.KeyPair)6 Provider (java.security.Provider)6 NAEPermission (com.ingrian.security.nae.NAEPermission)5 NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)5 NAEException (com.ingrian.security.nae.NAEException)4 KeyPairGenerator (java.security.KeyPairGenerator)4 PrivateKey (java.security.PrivateKey)4 PublicKey (java.security.PublicKey)4 Cipher (javax.crypto.Cipher)4