Search in sources :

Example 1 with NAEPermission

use of com.ingrian.security.nae.NAEPermission in project CipherTrust_Application_Protection by thalescpl-io.

the class RSAKeySample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        System.err.println("Usage: java RSAKeySample user password keyname group");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    String group = args[3];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    NAESession session = null;
    try {
        // create NAE Session: pass in Key Manager user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // Configure the key permissions to be granted to NAE group.
        NAEPermission permission = new NAEPermission(group);
        // add permission to sign
        permission.setSign(true);
        // add permission to verify signature
        permission.setSignV(true);
        NAEPermission[] permissions = { permission };
        // create key pair which is exportable and deletable
        // key owner is Key Manager user, default key length 1024 bits and
        // permissions granted to sign and verify
        NAEParameterSpec rsaParamSpec = new NAEParameterSpec(keyName, true, true, session, permissions);
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "IngrianProvider");
        kpg.initialize(rsaParamSpec);
        KeyPair pair = kpg.generateKeyPair();
        // Get public key data from Key Manager
        NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
        byte[] pubKeyData = pubKey.export();
        System.out.println("Exported public key: " + pubKey.getName());
        // Export private key data (contains both public and private key data)
        NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
        byte[] privKeyData = privKey.export();
        // Delete the key pair from Key Manager
        pubKey.delete();
        // Import the key pair back to the Key Manager
        // key pair name is keyName+"Dup", keys are exportable and not deletable
        NAEParameterSpec spec_dup = new NAEParameterSpec(keyName + "Dup", true, false, session);
        // private key contains both public and private key data
        privKey.importKey(privKeyData, "RSA", spec_dup);
        System.out.println("Imported key data; Duplicate Key pair " + privKey.getName() + " is created on NAE Server.");
        // Export private key data in PKCS#8 format and create JCE key
        NAEPrivateKey prKey = NAEKey.getPrivateKey(keyName + "Dup", session);
        PrivateKey jcePrivateKey = prKey.exportJCEKey();
        // Export public key data in PKCS#5 format and create JCE key
        NAEPublicKey publKey = NAEKey.getPublicKey(keyName + "Dup", session);
        PublicKey jcePublicKey = publKey.exportJCEKey();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    } finally {
        if (session != null)
            // Close NAESession
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KeyPair(java.security.KeyPair) NAEPermission(com.ingrian.security.nae.NAEPermission) PrivateKey(java.security.PrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) PublicKey(java.security.PublicKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) NAESession(com.ingrian.security.nae.NAESession)

Example 2 with NAEPermission

use of com.ingrian.security.nae.NAEPermission in project CipherTrust_Application_Protection by thalescpl-io.

the class WrapKeySample method createKeyPair.

private static KeyPair createKeyPair(NAESession session, String group, String keyName) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
    // Generate an RSA 2048 Public/Private Key pair on the Key Manager.
    // Set the key permissions to the set of permissions granted to NAE group.
    NAEPermission permission = new NAEPermission(group);
    // Add permission to sign.
    permission.setSign(true);
    // Add permission to verify signature.
    permission.setSignV(true);
    NAEPermission[] permissions = { permission };
    // Create an exportable and deletable key pair where the
    // key owner is the Key Manager user, the key length is 2048 bits and
    // permissions grant sign and sign verify operations.
    NAEParameterSpec rsaParamSpec = new NAEParameterSpec(keyName, true, true, 2048, session, permissions);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "IngrianProvider");
    kpg.initialize(rsaParamSpec);
    KeyPair pair = kpg.generateKeyPair();
    return pair;
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KeyPair(java.security.KeyPair) NAEPermission(com.ingrian.security.nae.NAEPermission) KeyPairGenerator(java.security.KeyPairGenerator)

Example 3 with NAEPermission

use of com.ingrian.security.nae.NAEPermission in project CipherTrust_Application_Protection by thalescpl-io.

the class KeyPermissionsSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        System.err.println("Usage: java KeyPermissionsSample user password keyname group");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    String group = args[3];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    NAESession session = null;
    try {
        // create NAE Session: pass in NAE user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // set the key permissions to the set of permissions granted to NAE group.
        NAEPermission permission = new NAEPermission(group);
        // add permission to encrypt
        permission.setEncrypt(true);
        // add permission to decrypt
        permission.setDecrypt(true);
        NAEPermission[] permissions = { permission };
        // set permission for encryption decryption
        // use builder pattern to make key exportable & versioned ,deletable
        NAEParameterSpec naeParamSpec = new NAEParameterSpec.Builder(keyName).withSession(session).permissions(permissions).deletable(true).exportable(true).versioned(true).keylength(256).build();
        KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
        kg.init(naeParamSpec);
        kg.generateKey();
        // retreive permissions for that key
        List<NAEPermission> linkedPermissions = NAEKey.getKeyPermissions(session, keyName);
        for (NAEPermission naePermission : linkedPermissions) {
            System.out.println(naePermission);
        }
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) NAEPermission(com.ingrian.security.nae.NAEPermission) IngrianProvider(com.ingrian.security.nae.IngrianProvider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) KeyGenerator(javax.crypto.KeyGenerator) NAESession(com.ingrian.security.nae.NAESession)

Example 4 with NAEPermission

use of com.ingrian.security.nae.NAEPermission in project CipherTrust_Application_Protection by thalescpl-io.

the class ECCKeySample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        System.err.println("Usage: java ECCKeySample user password keyName groupName");
        System.exit(-1);
    }
    String userName = args[0];
    String password = args[1];
    String keyName = args[2];
    String groupName = args[3];
    // KeyImportName must be unique each time importKey API is used.
    String keyImportName = keyName + "_Import";
    String algorithm = "EC";
    // Add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // Get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    NAESession session = null;
    try {
        // Creates NAESession: pass in NAE user and password
        session = NAESession.getSession(userName, password.toCharArray());
        // Configure the key permissions to be granted to NAE group.
        NAEPermission permission = new NAEPermission(groupName);
        // Add permission to sign
        permission.setSign(true);
        // Add permission to verify signature
        permission.setSignV(true);
        NAEPermission[] permissions = { permission };
        // Creates ECCParameterSpec to generate ECC key pair which is exportable, deletable, non-versioned and
        // prime256v1 curve ID
        // Permissions granted to sign and verify
        ECCParameterSpec spec1 = new ECCParameterSpec(keyName, true, true, false, null, session, permissions, ECCParameterSpec.CurveId.prime256v1);
        // Creates the ECC KeyPair generator object
        KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", "IngrianProvider");
        // Initializes KeyPair generator with ECCParameterSpec
        generator.initialize(spec1);
        // Creates the Key Pair for ECC key
        KeyPair pair = generator.generateKeyPair();
        System.out.println("Created ECC key: " + keyName);
        // Exports public key data from Key Manager
        NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
        byte[] pubKeyData = pubKey.export();
        System.out.println("Exported public key: " + pubKey.getName());
        // Creates NAEPrivateKey object
        NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
        // Exports private key data in default format i.e. PEM-PKCS#1
        byte[] privKeyData = privKey.export();
        boolean exportAllVersion = false;
        // Exports private key data in PEM-PKCS#8 format
        // If exportAllVersion is set to true, the following export API will export all key versions
        KeyExportData[] privKeyExport_PKCS8 = privKey.export(exportAllVersion, "PEM-PKCS#8");
        for (KeyExportData keyExportDataPKCS8 : privKeyExport_PKCS8) {
            System.out.println("Private Key exported in PKCS#8 format:\n " + keyExportDataPKCS8.getKeyData());
        }
        // Exports private key data in PEM-SEC1 format
        // If exportAllVersion is set to true, the following export API will export all key versions
        KeyExportData[] privKeyExport_SEC1 = privKey.export(exportAllVersion, "PEM-SEC1");
        for (KeyExportData keyExportDataSEC1 : privKeyExport_SEC1) {
            System.out.println("Private Key exported in PEM-SEC1 format:\n" + keyExportDataSEC1.getKeyData());
        }
        // Delete the key pair from Key Manager
        pubKey.delete();
        // Creates a ECCParameterSpec to import ECC key
        // Keys are exportable, deletable  and non-versioned
        ECCParameterSpec importSpec = new ECCParameterSpec(keyImportName, true, true, false, null, session, null, null);
        // Imports the key to the Key Manager
        NAEKey.importKey(privKeyData, algorithm, importSpec);
        System.out.println("Imported the key " + keyImportName + " on the Key Manager.");
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    } finally {
        if (session != null)
            // Close NAESession
            session.closeSession();
    }
}
Also used : KeyPair(java.security.KeyPair) NAEPermission(com.ingrian.security.nae.NAEPermission) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) KeyExportData(com.ingrian.security.nae.KeyExportData) IngrianProvider(com.ingrian.security.nae.IngrianProvider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) ECCParameterSpec(com.ingrian.security.nae.ECCParameterSpec) NAESession(com.ingrian.security.nae.NAESession)

Example 5 with NAEPermission

use of com.ingrian.security.nae.NAEPermission in project CipherTrust_Application_Protection by thalescpl-io.

the class IngrianKeySample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        System.err.println("Usage: java IngrianKeySample user password keyname group");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    String group = args[3];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (Provider provider : providers) {
        System.out.println(provider.getInfo());
    }
    NAESession session = null;
    try {
        // Create AES key on NAE server
        // create NAE Session: pass in NAE user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // set the key permissions to the set of permissions granted to NAE group.
        NAEPermission permission = new NAEPermission(group);
        // add permission to sign
        permission.setSign(true);
        // add permission to verify signature
        permission.setSignV(true);
        NAEPermission[] permissions = { permission };
        // create key pair which is exportable and deletable
        // key owner is NAE user, default key length 1024 bits and
        // permissions granted to sign and verify
        NAEParameterSpec rsaParamSpec = new NAEParameterSpec(keyName, true, true, session, permissions);
        // create key custom attributes
        CustomAttributes attrs = new CustomAttributes("Attr1", "abc");
        attrs.addAttribute("Attr2", "1234");
        // create key which is exportable, deletable and versioned,
        // with custom attributes,
        // key owner is passed in NAE user and  key length 128 bits
        NAEParameterSpec spec = new NAEParameterSpec(keyName, true, true, true, 128, attrs, session);
        KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
        kg.init(spec);
        SecretKey secret_key = kg.generateKey();
        NAEKey key = NAEKey.getSecretKey(keyName, session);
        // Get default IV assiciated with this key
        String defaultIV = key.getDefaultIV();
        System.out.println("Key " + keyName + " has default IV " + defaultIV);
        // Modify custom attributes.
        // Create new attribute to add
        CustomAttributes newAttrs = new CustomAttributes("Attr3", "ABC");
        // Create list of attribute names to delete
        String[] dAttrs = { "Attr1" };
        key.modifyCustomAttributes(false, dAttrs, newAttrs);
        // Create a new version of the key
        int newVersion = key.generateVersion();
        // and couple more
        newVersion = key.generateVersion();
        newVersion = key.generateVersion();
        // retire version 1
        key.modifyVersion(1, "Retired");
        // restrict version 2
        key.modifyVersion(2, "Restricted");
        // get key instance
        NAEKey newKey = NAEKey.getSecretKey(keyName, session);
        // get custom attributes
        CustomAttributes attributes = newKey.getCustomAttributes();
        Hashtable attrTable = attributes.getAttributes();
        for (Enumeration e = attrTable.keys(); e.hasMoreElements(); ) {
            String name = (String) e.nextElement();
            String value = (String) attrTable.get(name);
            System.out.println("Key custom attribute - name: " + name + " : value: " + value);
        }
        if (newKey.isVersioned()) {
            System.out.println("\nKey " + newKey.getName() + " is versioned.");
        }
        System.out.println("Number of key versions: " + newKey.getAllKeyVersions());
        System.out.println("Number of active versions: " + newKey.getActiveKeyVersions());
        System.out.println("Number of restricted versions: " + newKey.getRestrictedKeyVersions());
        System.out.println("Number of retired versions: " + newKey.getRetiredKeyVersions());
        System.out.println("Key Version: " + newKey.getKeyVersion() + "\n");
        // get key info for all versions of this key
        KeyInfoData[] infoData = newKey.getKeyInfoData(true);
        System.out.println("Key data for each version");
        for (KeyInfoData element : infoData) {
            System.out.println("Key version: " + element.getKeyVersion());
            System.out.println("Key fingerprint: " + element.getFingerprint());
            System.out.println("Key State: " + element.getKeyVersionState());
            System.out.println("Key iv: " + element.getDefaultIV() + "\n");
        }
        session.logEvent("Created versioned key.");
        // export all versions of this key
        KeyExportData[] keyData = newKey.export(true);
        System.out.println("Exported key data for each version");
        for (KeyExportData element : keyData) {
            System.out.println("Exported Key version: " + element.getKeyVersion());
            System.out.println("Exported Key fingerprint: " + element.getFingerprint());
            System.out.println("Exported Key data: " + element.getKeyData() + "\n");
        }
        // import the key back. we can import the key only as a non-versioned key.
        NAEParameterSpec spec_import = new NAEParameterSpec(keyName + "Import", true, true, session);
        NAEKey.importKey(IngrianProvider.hex2ByteArray(keyData[2].getKeyData()), "AES", spec_import);
        NAESecretKey importKey = NAEKey.getSecretKey(keyName + "Import", session);
        System.out.println("Imported key data; Key " + importKey.getName() + " was created on NAE Server.\n");
        // encrypt data with all key versions
        NAEKey allKey = NAEKey.getSecretKey(keyName + "#all", session);
        String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
        System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
        // get IV
        NAESecureRandom rng = new NAESecureRandom(session);
        byte[] iv = new byte[16];
        rng.nextBytes(iv);
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
        // get a cipher
        Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
        // initialize cipher to encrypt.
        encryptCipher.init(Cipher.ENCRYPT_MODE, allKey, ivSpec);
        // encrypt data
        // outbuf is an array of ciphertexts; the size of this array is number of key versions;
        // each ciphertext is the data encrypted by one version of the key:
        // result[0] is the data encrypted with the latest key version.
        byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
        byte[][] result = IngrianProvider.encryptAllResult(outbuf);
        for (byte[] element : result) {
            System.out.println("Ciphertext " + IngrianProvider.byteArray2Hex(element));
        }
        Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
        // decrypt ciphertext
        // init cipher
        NAEKey dKey = NAEKey.getSecretKey(keyName, session);
        decryptCipher.init(Cipher.DECRYPT_MODE, dKey, ivSpec);
        // will use correct key version from cipher text header
        byte[] newbuf = decryptCipher.doFinal(result[0]);
        System.out.println("Decrypted data  \"" + new String(newbuf) + "\"");
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null) {
            session.closeSession();
        }
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) NAEPermission(com.ingrian.security.nae.NAEPermission) NAEKey(com.ingrian.security.nae.NAEKey) KeyExportData(com.ingrian.security.nae.KeyExportData) IngrianProvider(com.ingrian.security.nae.IngrianProvider) CustomAttributes(com.ingrian.security.nae.CustomAttributes) KeyInfoData(com.ingrian.security.nae.KeyInfoData) KeyGenerator(javax.crypto.KeyGenerator) Enumeration(java.util.Enumeration) NAESecureRandom(com.ingrian.security.nae.NAESecureRandom) Hashtable(java.util.Hashtable) NAESecretKey(com.ingrian.security.nae.NAESecretKey) Provider(java.security.Provider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) SecretKey(javax.crypto.SecretKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) NAESession(com.ingrian.security.nae.NAESession)

Aggregations

NAEPermission (com.ingrian.security.nae.NAEPermission)6 IngrianProvider (com.ingrian.security.nae.IngrianProvider)5 NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)5 NAESession (com.ingrian.security.nae.NAESession)5 Provider (java.security.Provider)5 KeyPair (java.security.KeyPair)3 KeyPairGenerator (java.security.KeyPairGenerator)3 KeyGenerator (javax.crypto.KeyGenerator)3 KeyExportData (com.ingrian.security.nae.KeyExportData)2 NAEKey (com.ingrian.security.nae.NAEKey)2 NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)2 NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)2 SecretKey (javax.crypto.SecretKey)2 CustomAttributes (com.ingrian.security.nae.CustomAttributes)1 ECCParameterSpec (com.ingrian.security.nae.ECCParameterSpec)1 KeyInfoData (com.ingrian.security.nae.KeyInfoData)1 NAESecretKey (com.ingrian.security.nae.NAESecretKey)1 NAESecureRandom (com.ingrian.security.nae.NAESecureRandom)1 PrivateKey (java.security.PrivateKey)1 PublicKey (java.security.PublicKey)1