Example 1 with NAEPermission
use of com.ingrian.security.nae.NAEPermission in project CipherTrust_Application_Protection by thalescpl-io.
the class RSAKeySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.err.println("Usage: java RSAKeySample user password keyname group");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
String group = args[3];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
NAESession session = null;
try {
// create NAE Session: pass in Key Manager user name and password
session = NAESession.getSession(username, password.toCharArray());
// Configure the key permissions to be granted to NAE group.
NAEPermission permission = new NAEPermission(group);
// add permission to sign
permission.setSign(true);
// add permission to verify signature
permission.setSignV(true);
NAEPermission[] permissions = { permission };
// create key pair which is exportable and deletable
// key owner is Key Manager user, default key length 1024 bits and
// permissions granted to sign and verify
NAEParameterSpec rsaParamSpec = new NAEParameterSpec(keyName, true, true, session, permissions);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "IngrianProvider");
kpg.initialize(rsaParamSpec);
KeyPair pair = kpg.generateKeyPair();
// Get public key data from Key Manager
NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
byte[] pubKeyData = pubKey.export();
System.out.println("Exported public key: " + pubKey.getName());
// Export private key data (contains both public and private key data)
NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
byte[] privKeyData = privKey.export();
// Delete the key pair from Key Manager
pubKey.delete();
// Import the key pair back to the Key Manager
// key pair name is keyName+"Dup", keys are exportable and not deletable
NAEParameterSpec spec_dup = new NAEParameterSpec(keyName + "Dup", true, false, session);
// private key contains both public and private key data
privKey.importKey(privKeyData, "RSA", spec_dup);
System.out.println("Imported key data; Duplicate Key pair " + privKey.getName() + " is created on NAE Server.");
// Export private key data in PKCS#8 format and create JCE key
NAEPrivateKey prKey = NAEKey.getPrivateKey(keyName + "Dup", session);
PrivateKey jcePrivateKey = prKey.exportJCEKey();
// Export public key data in PKCS#5 format and create JCE key
NAEPublicKey publKey = NAEKey.getPublicKey(keyName + "Dup", session);
PublicKey jcePublicKey = publKey.exportJCEKey();
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
KeyPair(java.security.KeyPair)
NAEPermission(com.ingrian.security.nae.NAEPermission)
PrivateKey(java.security.PrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
PublicKey(java.security.PublicKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KeyPairGenerator(java.security.KeyPairGenerator)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
NAESession(com.ingrian.security.nae.NAESession)
Example 2 with NAEPermission
use of com.ingrian.security.nae.NAEPermission in project CipherTrust_Application_Protection by thalescpl-io.
the class WrapKeySample method createKeyPair.
private static KeyPair createKeyPair(NAESession session, String group, String keyName) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
// Generate an RSA 2048 Public/Private Key pair on the Key Manager.
// Set the key permissions to the set of permissions granted to NAE group.
NAEPermission permission = new NAEPermission(group);
// Add permission to sign.
permission.setSign(true);
// Add permission to verify signature.
permission.setSignV(true);
NAEPermission[] permissions = { permission };
// Create an exportable and deletable key pair where the
// key owner is the Key Manager user, the key length is 2048 bits and
// permissions grant sign and sign verify operations.
NAEParameterSpec rsaParamSpec = new NAEParameterSpec(keyName, true, true, 2048, session, permissions);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "IngrianProvider");
kpg.initialize(rsaParamSpec);
KeyPair pair = kpg.generateKeyPair();
return pair;
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
KeyPair(java.security.KeyPair)
NAEPermission(com.ingrian.security.nae.NAEPermission)
KeyPairGenerator(java.security.KeyPairGenerator)
Example 3 with NAEPermission
use of com.ingrian.security.nae.NAEPermission in project CipherTrust_Application_Protection by thalescpl-io.
the class KeyPermissionsSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.err.println("Usage: java KeyPermissionsSample user password keyname group");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
String group = args[3];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
NAESession session = null;
try {
// create NAE Session: pass in NAE user name and password
session = NAESession.getSession(username, password.toCharArray());
// set the key permissions to the set of permissions granted to NAE group.
NAEPermission permission = new NAEPermission(group);
// add permission to encrypt
permission.setEncrypt(true);
// add permission to decrypt
permission.setDecrypt(true);
NAEPermission[] permissions = { permission };
// set permission for encryption decryption
// use builder pattern to make key exportable & versioned ,deletable
NAEParameterSpec naeParamSpec = new NAEParameterSpec.Builder(keyName).withSession(session).permissions(permissions).deletable(true).exportable(true).versioned(true).keylength(256).build();
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(naeParamSpec);
kg.generateKey();
// retreive permissions for that key
List<NAEPermission> linkedPermissions = NAEKey.getKeyPermissions(session, keyName);
for (NAEPermission naePermission : linkedPermissions) {
System.out.println(naePermission);
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
NAEPermission(com.ingrian.security.nae.NAEPermission)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
KeyGenerator(javax.crypto.KeyGenerator)
NAESession(com.ingrian.security.nae.NAESession)
Example 4 with NAEPermission
use of com.ingrian.security.nae.NAEPermission in project CipherTrust_Application_Protection by thalescpl-io.
the class ECCKeySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.err.println("Usage: java ECCKeySample user password keyName groupName");
System.exit(-1);
}
String userName = args[0];
String password = args[1];
String keyName = args[2];
String groupName = args[3];
// KeyImportName must be unique each time importKey API is used.
String keyImportName = keyName + "_Import";
String algorithm = "EC";
// Add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// Get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
NAESession session = null;
try {
// Creates NAESession: pass in NAE user and password
session = NAESession.getSession(userName, password.toCharArray());
// Configure the key permissions to be granted to NAE group.
NAEPermission permission = new NAEPermission(groupName);
// Add permission to sign
permission.setSign(true);
// Add permission to verify signature
permission.setSignV(true);
NAEPermission[] permissions = { permission };
// Creates ECCParameterSpec to generate ECC key pair which is exportable, deletable, non-versioned and
// prime256v1 curve ID
// Permissions granted to sign and verify
ECCParameterSpec spec1 = new ECCParameterSpec(keyName, true, true, false, null, session, permissions, ECCParameterSpec.CurveId.prime256v1);
// Creates the ECC KeyPair generator object
KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", "IngrianProvider");
// Initializes KeyPair generator with ECCParameterSpec
generator.initialize(spec1);
// Creates the Key Pair for ECC key
KeyPair pair = generator.generateKeyPair();
System.out.println("Created ECC key: " + keyName);
// Exports public key data from Key Manager
NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
byte[] pubKeyData = pubKey.export();
System.out.println("Exported public key: " + pubKey.getName());
// Creates NAEPrivateKey object
NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
// Exports private key data in default format i.e. PEM-PKCS#1
byte[] privKeyData = privKey.export();
boolean exportAllVersion = false;
// Exports private key data in PEM-PKCS#8 format
// If exportAllVersion is set to true, the following export API will export all key versions
KeyExportData[] privKeyExport_PKCS8 = privKey.export(exportAllVersion, "PEM-PKCS#8");
for (KeyExportData keyExportDataPKCS8 : privKeyExport_PKCS8) {
System.out.println("Private Key exported in PKCS#8 format:\n " + keyExportDataPKCS8.getKeyData());
}
// Exports private key data in PEM-SEC1 format
// If exportAllVersion is set to true, the following export API will export all key versions
KeyExportData[] privKeyExport_SEC1 = privKey.export(exportAllVersion, "PEM-SEC1");
for (KeyExportData keyExportDataSEC1 : privKeyExport_SEC1) {
System.out.println("Private Key exported in PEM-SEC1 format:\n" + keyExportDataSEC1.getKeyData());
}
// Delete the key pair from Key Manager
pubKey.delete();
// Creates a ECCParameterSpec to import ECC key
// Keys are exportable, deletable and non-versioned
ECCParameterSpec importSpec = new ECCParameterSpec(keyImportName, true, true, false, null, session, null, null);
// Imports the key to the Key Manager
NAEKey.importKey(privKeyData, algorithm, importSpec);
System.out.println("Imported the key " + keyImportName + " on the Key Manager.");
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
Also used :
KeyPair(java.security.KeyPair)
NAEPermission(com.ingrian.security.nae.NAEPermission)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KeyPairGenerator(java.security.KeyPairGenerator)
KeyExportData(com.ingrian.security.nae.KeyExportData)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
ECCParameterSpec(com.ingrian.security.nae.ECCParameterSpec)
NAESession(com.ingrian.security.nae.NAESession)
Example 5 with NAEPermission
use of com.ingrian.security.nae.NAEPermission in project CipherTrust_Application_Protection by thalescpl-io.
the class IngrianKeySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.err.println("Usage: java IngrianKeySample user password keyname group");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
String group = args[3];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
System.out.println(provider.getInfo());
}
NAESession session = null;
try {
// Create AES key on NAE server
// create NAE Session: pass in NAE user name and password
session = NAESession.getSession(username, password.toCharArray());
// set the key permissions to the set of permissions granted to NAE group.
NAEPermission permission = new NAEPermission(group);
// add permission to sign
permission.setSign(true);
// add permission to verify signature
permission.setSignV(true);
NAEPermission[] permissions = { permission };
// create key pair which is exportable and deletable
// key owner is NAE user, default key length 1024 bits and
// permissions granted to sign and verify
NAEParameterSpec rsaParamSpec = new NAEParameterSpec(keyName, true, true, session, permissions);
// create key custom attributes
CustomAttributes attrs = new CustomAttributes("Attr1", "abc");
attrs.addAttribute("Attr2", "1234");
// create key which is exportable, deletable and versioned,
// with custom attributes,
// key owner is passed in NAE user and key length 128 bits
NAEParameterSpec spec = new NAEParameterSpec(keyName, true, true, true, 128, attrs, session);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
SecretKey secret_key = kg.generateKey();
NAEKey key = NAEKey.getSecretKey(keyName, session);
// Get default IV assiciated with this key
String defaultIV = key.getDefaultIV();
System.out.println("Key " + keyName + " has default IV " + defaultIV);
// Modify custom attributes.
// Create new attribute to add
CustomAttributes newAttrs = new CustomAttributes("Attr3", "ABC");
// Create list of attribute names to delete
String[] dAttrs = { "Attr1" };
key.modifyCustomAttributes(false, dAttrs, newAttrs);
// Create a new version of the key
int newVersion = key.generateVersion();
// and couple more
newVersion = key.generateVersion();
newVersion = key.generateVersion();
// retire version 1
key.modifyVersion(1, "Retired");
// restrict version 2
key.modifyVersion(2, "Restricted");
// get key instance
NAEKey newKey = NAEKey.getSecretKey(keyName, session);
// get custom attributes
CustomAttributes attributes = newKey.getCustomAttributes();
Hashtable attrTable = attributes.getAttributes();
for (Enumeration e = attrTable.keys(); e.hasMoreElements(); ) {
String name = (String) e.nextElement();
String value = (String) attrTable.get(name);
System.out.println("Key custom attribute - name: " + name + " : value: " + value);
}
if (newKey.isVersioned()) {
System.out.println("\nKey " + newKey.getName() + " is versioned.");
}
System.out.println("Number of key versions: " + newKey.getAllKeyVersions());
System.out.println("Number of active versions: " + newKey.getActiveKeyVersions());
System.out.println("Number of restricted versions: " + newKey.getRestrictedKeyVersions());
System.out.println("Number of retired versions: " + newKey.getRetiredKeyVersions());
System.out.println("Key Version: " + newKey.getKeyVersion() + "\n");
// get key info for all versions of this key
KeyInfoData[] infoData = newKey.getKeyInfoData(true);
System.out.println("Key data for each version");
for (KeyInfoData element : infoData) {
System.out.println("Key version: " + element.getKeyVersion());
System.out.println("Key fingerprint: " + element.getFingerprint());
System.out.println("Key State: " + element.getKeyVersionState());
System.out.println("Key iv: " + element.getDefaultIV() + "\n");
}
session.logEvent("Created versioned key.");
// export all versions of this key
KeyExportData[] keyData = newKey.export(true);
System.out.println("Exported key data for each version");
for (KeyExportData element : keyData) {
System.out.println("Exported Key version: " + element.getKeyVersion());
System.out.println("Exported Key fingerprint: " + element.getFingerprint());
System.out.println("Exported Key data: " + element.getKeyData() + "\n");
}
// import the key back. we can import the key only as a non-versioned key.
NAEParameterSpec spec_import = new NAEParameterSpec(keyName + "Import", true, true, session);
NAEKey.importKey(IngrianProvider.hex2ByteArray(keyData[2].getKeyData()), "AES", spec_import);
NAESecretKey importKey = NAEKey.getSecretKey(keyName + "Import", session);
System.out.println("Imported key data; Key " + importKey.getName() + " was created on NAE Server.\n");
// encrypt data with all key versions
NAEKey allKey = NAEKey.getSecretKey(keyName + "#all", session);
String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
// get IV
NAESecureRandom rng = new NAESecureRandom(session);
byte[] iv = new byte[16];
rng.nextBytes(iv);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
// get a cipher
Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// initialize cipher to encrypt.
encryptCipher.init(Cipher.ENCRYPT_MODE, allKey, ivSpec);
// encrypt data
// outbuf is an array of ciphertexts; the size of this array is number of key versions;
// each ciphertext is the data encrypted by one version of the key:
// result[0] is the data encrypted with the latest key version.
byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
byte[][] result = IngrianProvider.encryptAllResult(outbuf);
for (byte[] element : result) {
System.out.println("Ciphertext " + IngrianProvider.byteArray2Hex(element));
}
Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// decrypt ciphertext
// init cipher
NAEKey dKey = NAEKey.getSecretKey(keyName, session);
decryptCipher.init(Cipher.DECRYPT_MODE, dKey, ivSpec);
// will use correct key version from cipher text header
byte[] newbuf = decryptCipher.doFinal(result[0]);
System.out.println("Decrypted data \"" + new String(newbuf) + "\"");
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null) {
session.closeSession();
}
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
NAEPermission(com.ingrian.security.nae.NAEPermission)
NAEKey(com.ingrian.security.nae.NAEKey)
KeyExportData(com.ingrian.security.nae.KeyExportData)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
CustomAttributes(com.ingrian.security.nae.CustomAttributes)
KeyInfoData(com.ingrian.security.nae.KeyInfoData)
KeyGenerator(javax.crypto.KeyGenerator)
Enumeration(java.util.Enumeration)
NAESecureRandom(com.ingrian.security.nae.NAESecureRandom)
Hashtable(java.util.Hashtable)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
Provider(java.security.Provider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
SecretKey(javax.crypto.SecretKey)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
NAESession(com.ingrian.security.nae.NAESession)
Aggregations
NAEPermission (com.ingrian.security.nae.NAEPermission)6
IngrianProvider (com.ingrian.security.nae.IngrianProvider)5
NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)5
NAESession (com.ingrian.security.nae.NAESession)5
Provider (java.security.Provider)5
KeyPair (java.security.KeyPair)3
KeyPairGenerator (java.security.KeyPairGenerator)3
KeyGenerator (javax.crypto.KeyGenerator)3
KeyExportData (com.ingrian.security.nae.KeyExportData)2
NAEKey (com.ingrian.security.nae.NAEKey)2
NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)2
NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)2
SecretKey (javax.crypto.SecretKey)2
CustomAttributes (com.ingrian.security.nae.CustomAttributes)1
ECCParameterSpec (com.ingrian.security.nae.ECCParameterSpec)1
KeyInfoData (com.ingrian.security.nae.KeyInfoData)1
NAESecretKey (com.ingrian.security.nae.NAESecretKey)1
NAESecureRandom (com.ingrian.security.nae.NAESecureRandom)1
PrivateKey (java.security.PrivateKey)1
PublicKey (java.security.PublicKey)1
