Example 16 with NAEPrivateKey
use of com.ingrian.security.nae.NAEPrivateKey in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPGenKeys method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
int length = Integer.valueOf(args[3]);
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// create KMIP Session - specify client X.509 certificate and keystore password
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
KeyPair sunPair = null;
try {
// verify Key Manager supports key pair generation
if (!queryKeyGen(session)) {
System.err.println("Key Manager does not support key pair generation");
System.exit(0);
}
deleteIfNecessary(NAEKey.getPublicKey(args[2].trim() + Config.s_publicKeyGenSuffix, session));
deleteIfNecessary(NAEKey.getPrivateKey(args[2].trim() + Config.s_privateKeyGenSuffix, session));
RSAKeyPairGenerator keyGen = new RSAKeyPairGenerator();
NAEParameterSpec spec = new NAEParameterSpec(args[2].trim(), length, (KMIPAttributes) null, session);
keyGen.initialize(spec, null);
sunPair = keyGen.generateKeyPair();
PrivateKey priv = sunPair.getPrivate();
PublicKey pub = sunPair.getPublic();
NAEPrivateKey naePriv = (NAEPrivateKey) priv;
NAEPublicKey naePub = (NAEPublicKey) pub;
System.out.println("\n\n----------------------------\n");
System.out.println("Key length = " + length);
System.out.println("Private key name : " + naePriv.getName());
System.out.println("Private key format : " + naePriv.getFormat());
System.out.println("Private key algorithm : " + naePriv.getAlgorithm());
System.out.println("Private key encoded length : " + naePriv.getKeySize());
System.out.println("Public key name : " + naePub.getName());
System.out.println("Public key format : " + naePub.getFormat());
System.out.println("Public key algorithm : " + "" + naePub.getAlgorithm());
System.out.println("Public key encoded length : " + naePub.getKeySize());
/* ((NAEPrivateKey)priv).delete();
((NAEPublicKey)pub).delete();*/
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KeyPair(java.security.KeyPair)
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
PrivateKey(java.security.PrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
PublicKey(java.security.PublicKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
RSAKeyPairGenerator(com.ingrian.security.nae.RSAKeyPairGenerator)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
NAEException(com.ingrian.security.nae.NAEException)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 17 with NAEPrivateKey
use of com.ingrian.security.nae.NAEPrivateKey in project CipherTrust_Application_Protection by thalescpl-io.
the class ECCKeySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.err.println("Usage: java ECCKeySample user password keyName groupName");
System.exit(-1);
}
String userName = args[0];
String password = args[1];
String keyName = args[2];
String groupName = args[3];
// KeyImportName must be unique each time importKey API is used.
String keyImportName = keyName + "_Import";
String algorithm = "EC";
// Add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// Get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
NAESession session = null;
try {
// Creates NAESession: pass in NAE user and password
session = NAESession.getSession(userName, password.toCharArray());
// Configure the key permissions to be granted to NAE group.
NAEPermission permission = new NAEPermission(groupName);
// Add permission to sign
permission.setSign(true);
// Add permission to verify signature
permission.setSignV(true);
NAEPermission[] permissions = { permission };
// Creates ECCParameterSpec to generate ECC key pair which is exportable, deletable, non-versioned and
// prime256v1 curve ID
// Permissions granted to sign and verify
ECCParameterSpec spec1 = new ECCParameterSpec(keyName, true, true, false, null, session, permissions, ECCParameterSpec.CurveId.prime256v1);
// Creates the ECC KeyPair generator object
KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", "IngrianProvider");
// Initializes KeyPair generator with ECCParameterSpec
generator.initialize(spec1);
// Creates the Key Pair for ECC key
KeyPair pair = generator.generateKeyPair();
System.out.println("Created ECC key: " + keyName);
// Exports public key data from Key Manager
NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
byte[] pubKeyData = pubKey.export();
System.out.println("Exported public key: " + pubKey.getName());
// Creates NAEPrivateKey object
NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
// Exports private key data in default format i.e. PEM-PKCS#1
byte[] privKeyData = privKey.export();
boolean exportAllVersion = false;
// Exports private key data in PEM-PKCS#8 format
// If exportAllVersion is set to true, the following export API will export all key versions
KeyExportData[] privKeyExport_PKCS8 = privKey.export(exportAllVersion, "PEM-PKCS#8");
for (KeyExportData keyExportDataPKCS8 : privKeyExport_PKCS8) {
System.out.println("Private Key exported in PKCS#8 format:\n " + keyExportDataPKCS8.getKeyData());
}
// Exports private key data in PEM-SEC1 format
// If exportAllVersion is set to true, the following export API will export all key versions
KeyExportData[] privKeyExport_SEC1 = privKey.export(exportAllVersion, "PEM-SEC1");
for (KeyExportData keyExportDataSEC1 : privKeyExport_SEC1) {
System.out.println("Private Key exported in PEM-SEC1 format:\n" + keyExportDataSEC1.getKeyData());
}
// Delete the key pair from Key Manager
pubKey.delete();
// Creates a ECCParameterSpec to import ECC key
// Keys are exportable, deletable and non-versioned
ECCParameterSpec importSpec = new ECCParameterSpec(keyImportName, true, true, false, null, session, null, null);
// Imports the key to the Key Manager
NAEKey.importKey(privKeyData, algorithm, importSpec);
System.out.println("Imported the key " + keyImportName + " on the Key Manager.");
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
Also used :
KeyPair(java.security.KeyPair)
NAEPermission(com.ingrian.security.nae.NAEPermission)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KeyPairGenerator(java.security.KeyPairGenerator)
KeyExportData(com.ingrian.security.nae.KeyExportData)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
ECCParameterSpec(com.ingrian.security.nae.ECCParameterSpec)
NAESession(com.ingrian.security.nae.NAESession)
Example 18 with NAEPrivateKey
use of com.ingrian.security.nae.NAEPrivateKey in project CipherTrust_Application_Protection by thalescpl-io.
the class WrapKeySample method main.
public static void main(String[] args) {
Security.addProvider(new IngrianProvider());
if (args.length != 5) {
System.err.println("Usage: java WrapKeySample user password keyToWrapName wrappingKeyName groupName");
System.exit(-1);
}
String userName = args[0];
String passWord = args[1];
String keyToWrapName = "WrapSamplePair" + args[2];
String wrappingKeyName = "WrapSampleKey" + args[3];
String groupName = args[4];
NAESession session = null;
try {
// Create an NAESession.
session = NAESession.getSession(userName, passWord.toCharArray());
NAEParameterSpec spec = new NAEParameterSpec(keyToWrapName, true, true, 256, session);
// Delete any existing keys from this sample.
NAEKey keyToDelete = NAEKey.getSecretKey(keyToWrapName, session);
deleteExistingKeys(wrappingKeyName, session, keyToDelete);
// Generate an AES key to be wrapped when exported.
KeyGenerator generator = KeyGenerator.getInstance("AES", "IngrianProvider");
// NAEEParameters to pass session
generator.init(spec);
NAEKey keyToBeWrapped = (NAEKey) generator.generateKey();
// Create a public/private RSA key pair to do the key wrapping.
// The AES key will be wrapped with the RSA Public Key, and
// later unwrapped using the RSA Private Key.
KeyPair pair = createKeyPair(session, groupName, wrappingKeyName);
NAEPublicKey publicKey = NAEKey.getPublicKey(wrappingKeyName, session);
NAEPrivateKey privateKey = NAEKey.getPrivateKey(wrappingKeyName, session);
// Init a JCE Cipher in WRAP_MODE to do the key wrapping.
Cipher cipher = Cipher.getInstance("RSA", "IngrianProvider");
cipher.init(Cipher.WRAP_MODE, publicKey, spec);
// Wrap and export the wrapped AES Key from the Key Manager
// using the cipher.wrap method.
// The key is wrapped with the Public key from the key pair
// on the Key Manager which was generated earlier.
byte[] wrappedKey = cipher.wrap(keyToBeWrapped);
System.out.println("wrapped : " + IngrianProvider.byteArray2Hex(wrappedKey));
System.out.println("Length : " + wrappedKey.length);
// Unwrap the AES key using the private key of the
// generated key pair using the SunJCE provider.
// Export the NAEPrivate key as a JCE PrivateKey.
PrivateKey prKey = privateKey.exportJCEKey();
// Initialize a Cipher based on the SunJCE provider.
// For IBM Java, change the provider from "SunJCE" to "IBMJCE"
// Note the use of PKCS1Padding.
Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding", "SunJCE");
cipher2.init(Cipher.UNWRAP_MODE, prKey);
// Unwrap the wrapped key from the bytes returned from the
// Key Manager.
Key unWrappedKey = cipher2.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY);
System.out.println("Unwrapped: " + IngrianProvider.byteArray2Hex(unWrappedKey.getEncoded()));
System.out.println("Original : " + IngrianProvider.byteArray2Hex(keyToBeWrapped.export()));
if (Arrays.equals(keyToBeWrapped.export(), unWrappedKey.getEncoded()))
System.out.println("Unwrapped key bytes equal original key bytes");
} catch (Exception e) {
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
KeyPair(java.security.KeyPair)
NAEKey(com.ingrian.security.nae.NAEKey)
PrivateKey(java.security.PrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
NoSuchProviderException(java.security.NoSuchProviderException)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Cipher(javax.crypto.Cipher)
KeyGenerator(javax.crypto.KeyGenerator)
NAESession(com.ingrian.security.nae.NAESession)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
NAEKey(com.ingrian.security.nae.NAEKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
Aggregations
NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)18
NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)18
IngrianProvider (com.ingrian.security.nae.IngrianProvider)17
KMIPSession (com.ingrian.security.nae.KMIPSession)9
NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)9
NAESession (com.ingrian.security.nae.NAESession)9
KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)8
NAEKey (com.ingrian.security.nae.NAEKey)7
Provider (java.security.Provider)7
KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)6
NAEException (com.ingrian.security.nae.NAEException)6
NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)5
NAESecretKey (com.ingrian.security.nae.NAESecretKey)5
KeyPair (java.security.KeyPair)5
PrivateKey (java.security.PrivateKey)5
PublicKey (java.security.PublicKey)4
KeyPairGenerator (java.security.KeyPairGenerator)3
Signature (java.security.Signature)3
NAECertificate (com.ingrian.security.nae.NAECertificate)2
NAEPermission (com.ingrian.security.nae.NAEPermission)2
