use of com.ingrian.security.nae.NAEPublicKey in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCertLocateSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// import the certificate
NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
byte[] c = Hex.decodeHex(certBytes.toCharArray());
NAECertificate.importCertificate(c, null, spec);
// This set holds the managed object unique identifiers (UIDs)
Set<String> managedObjectIdentifiers;
// Locate managed objects with ObjectType Certificate and crypto length = 2048
// and Issuer Distinguished Name = "CN=KMIP,OU=OASIS,O=TEST,C=US"
// by adding the KMIPAttribute name and the value to a KMIPAttributes
// object
KMIPAttributes queryAttributes = new KMIPAttributes();
queryAttributes.add(KMIPAttribute.CryptographicLength, 2048);
queryAttributes.add(KMIPAttribute.ObjectType, ObjectType.ObjectTypes.Certificate);
// Have the session locate the keys matching the queryAttributes:
managedObjectIdentifiers = session.locate(queryAttributes);
System.out.println("Managed objects with attributes rsa, 2048:");
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
Object managedObject = session.getManagedObject(uid);
if (managedObject instanceof KMIPTemplate)
break;
if (managedObject instanceof NAEPublicKey)
System.out.println(((NAEPublicKey) managedObject).getName());
else if (managedObject instanceof NAEPrivateKey)
System.out.println(((NAEPrivateKey) managedObject).getName());
else if (managedObject instanceof NAESecretKey)
System.out.println(((NAESecretKey) managedObject).getName());
else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
} else if (managedObject instanceof NAECertificate) {
System.out.println("Object is a certificate");
System.out.println(((NAECertificate) managedObject).getName());
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEPublicKey in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPGenKeys method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
int length = Integer.valueOf(args[3]);
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// create KMIP Session - specify client X.509 certificate and keystore password
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
KeyPair sunPair = null;
try {
// verify Key Manager supports key pair generation
if (!queryKeyGen(session)) {
System.err.println("Key Manager does not support key pair generation");
System.exit(0);
}
deleteIfNecessary(NAEKey.getPublicKey(args[2].trim() + Config.s_publicKeyGenSuffix, session));
deleteIfNecessary(NAEKey.getPrivateKey(args[2].trim() + Config.s_privateKeyGenSuffix, session));
RSAKeyPairGenerator keyGen = new RSAKeyPairGenerator();
NAEParameterSpec spec = new NAEParameterSpec(args[2].trim(), length, (KMIPAttributes) null, session);
keyGen.initialize(spec, null);
sunPair = keyGen.generateKeyPair();
PrivateKey priv = sunPair.getPrivate();
PublicKey pub = sunPair.getPublic();
NAEPrivateKey naePriv = (NAEPrivateKey) priv;
NAEPublicKey naePub = (NAEPublicKey) pub;
System.out.println("\n\n----------------------------\n");
System.out.println("Key length = " + length);
System.out.println("Private key name : " + naePriv.getName());
System.out.println("Private key format : " + naePriv.getFormat());
System.out.println("Private key algorithm : " + naePriv.getAlgorithm());
System.out.println("Private key encoded length : " + naePriv.getKeySize());
System.out.println("Public key name : " + naePub.getName());
System.out.println("Public key format : " + naePub.getFormat());
System.out.println("Public key algorithm : " + "" + naePub.getAlgorithm());
System.out.println("Public key encoded length : " + naePub.getKeySize());
/* ((NAEPrivateKey)priv).delete();
((NAEPublicKey)pub).delete();*/
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEPublicKey in project CipherTrust_Application_Protection by thalescpl-io.
the class ECCKeySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.err.println("Usage: java ECCKeySample user password keyName groupName");
System.exit(-1);
}
String userName = args[0];
String password = args[1];
String keyName = args[2];
String groupName = args[3];
// KeyImportName must be unique each time importKey API is used.
String keyImportName = keyName + "_Import";
String algorithm = "EC";
// Add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// Get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
NAESession session = null;
try {
// Creates NAESession: pass in NAE user and password
session = NAESession.getSession(userName, password.toCharArray());
// Configure the key permissions to be granted to NAE group.
NAEPermission permission = new NAEPermission(groupName);
// Add permission to sign
permission.setSign(true);
// Add permission to verify signature
permission.setSignV(true);
NAEPermission[] permissions = { permission };
// Creates ECCParameterSpec to generate ECC key pair which is exportable, deletable, non-versioned and
// prime256v1 curve ID
// Permissions granted to sign and verify
ECCParameterSpec spec1 = new ECCParameterSpec(keyName, true, true, false, null, session, permissions, ECCParameterSpec.CurveId.prime256v1);
// Creates the ECC KeyPair generator object
KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", "IngrianProvider");
// Initializes KeyPair generator with ECCParameterSpec
generator.initialize(spec1);
// Creates the Key Pair for ECC key
KeyPair pair = generator.generateKeyPair();
System.out.println("Created ECC key: " + keyName);
// Exports public key data from Key Manager
NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
byte[] pubKeyData = pubKey.export();
System.out.println("Exported public key: " + pubKey.getName());
// Creates NAEPrivateKey object
NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
// Exports private key data in default format i.e. PEM-PKCS#1
byte[] privKeyData = privKey.export();
boolean exportAllVersion = false;
// Exports private key data in PEM-PKCS#8 format
// If exportAllVersion is set to true, the following export API will export all key versions
KeyExportData[] privKeyExport_PKCS8 = privKey.export(exportAllVersion, "PEM-PKCS#8");
for (KeyExportData keyExportDataPKCS8 : privKeyExport_PKCS8) {
System.out.println("Private Key exported in PKCS#8 format:\n " + keyExportDataPKCS8.getKeyData());
}
// Exports private key data in PEM-SEC1 format
// If exportAllVersion is set to true, the following export API will export all key versions
KeyExportData[] privKeyExport_SEC1 = privKey.export(exportAllVersion, "PEM-SEC1");
for (KeyExportData keyExportDataSEC1 : privKeyExport_SEC1) {
System.out.println("Private Key exported in PEM-SEC1 format:\n" + keyExportDataSEC1.getKeyData());
}
// Delete the key pair from Key Manager
pubKey.delete();
// Creates a ECCParameterSpec to import ECC key
// Keys are exportable, deletable and non-versioned
ECCParameterSpec importSpec = new ECCParameterSpec(keyImportName, true, true, false, null, session, null, null);
// Imports the key to the Key Manager
NAEKey.importKey(privKeyData, algorithm, importSpec);
System.out.println("Imported the key " + keyImportName + " on the Key Manager.");
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (session != null)
// Close NAESession
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEPublicKey in project CipherTrust_Application_Protection by thalescpl-io.
the class WrapKeySample method main.
public static void main(String[] args) {
Security.addProvider(new IngrianProvider());
if (args.length != 5) {
System.err.println("Usage: java WrapKeySample user password keyToWrapName wrappingKeyName groupName");
System.exit(-1);
}
String userName = args[0];
String passWord = args[1];
String keyToWrapName = "WrapSamplePair" + args[2];
String wrappingKeyName = "WrapSampleKey" + args[3];
String groupName = args[4];
NAESession session = null;
try {
// Create an NAESession.
session = NAESession.getSession(userName, passWord.toCharArray());
NAEParameterSpec spec = new NAEParameterSpec(keyToWrapName, true, true, 256, session);
// Delete any existing keys from this sample.
NAEKey keyToDelete = NAEKey.getSecretKey(keyToWrapName, session);
deleteExistingKeys(wrappingKeyName, session, keyToDelete);
// Generate an AES key to be wrapped when exported.
KeyGenerator generator = KeyGenerator.getInstance("AES", "IngrianProvider");
// NAEEParameters to pass session
generator.init(spec);
NAEKey keyToBeWrapped = (NAEKey) generator.generateKey();
// Create a public/private RSA key pair to do the key wrapping.
// The AES key will be wrapped with the RSA Public Key, and
// later unwrapped using the RSA Private Key.
KeyPair pair = createKeyPair(session, groupName, wrappingKeyName);
NAEPublicKey publicKey = NAEKey.getPublicKey(wrappingKeyName, session);
NAEPrivateKey privateKey = NAEKey.getPrivateKey(wrappingKeyName, session);
// Init a JCE Cipher in WRAP_MODE to do the key wrapping.
Cipher cipher = Cipher.getInstance("RSA", "IngrianProvider");
cipher.init(Cipher.WRAP_MODE, publicKey, spec);
// Wrap and export the wrapped AES Key from the Key Manager
// using the cipher.wrap method.
// The key is wrapped with the Public key from the key pair
// on the Key Manager which was generated earlier.
byte[] wrappedKey = cipher.wrap(keyToBeWrapped);
System.out.println("wrapped : " + IngrianProvider.byteArray2Hex(wrappedKey));
System.out.println("Length : " + wrappedKey.length);
// Unwrap the AES key using the private key of the
// generated key pair using the SunJCE provider.
// Export the NAEPrivate key as a JCE PrivateKey.
PrivateKey prKey = privateKey.exportJCEKey();
// Initialize a Cipher based on the SunJCE provider.
// For IBM Java, change the provider from "SunJCE" to "IBMJCE"
// Note the use of PKCS1Padding.
Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding", "SunJCE");
cipher2.init(Cipher.UNWRAP_MODE, prKey);
// Unwrap the wrapped key from the bytes returned from the
// Key Manager.
Key unWrappedKey = cipher2.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY);
System.out.println("Unwrapped: " + IngrianProvider.byteArray2Hex(unWrappedKey.getEncoded()));
System.out.println("Original : " + IngrianProvider.byteArray2Hex(keyToBeWrapped.export()));
if (Arrays.equals(keyToBeWrapped.export(), unWrappedKey.getEncoded()))
System.out.println("Unwrapped key bytes equal original key bytes");
} catch (Exception e) {
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Aggregations