Search in sources :

Example 16 with NAEPublicKey

use of com.ingrian.security.nae.NAEPublicKey in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPCertLocateSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // import the certificate
        NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
        byte[] c = Hex.decodeHex(certBytes.toCharArray());
        NAECertificate.importCertificate(c, null, spec);
        // This set holds the managed object unique identifiers (UIDs)
        Set<String> managedObjectIdentifiers;
        // Locate managed objects with ObjectType Certificate and crypto length = 2048
        // and Issuer Distinguished Name = "CN=KMIP,OU=OASIS,O=TEST,C=US"
        // by adding the KMIPAttribute name and the value to a KMIPAttributes
        // object
        KMIPAttributes queryAttributes = new KMIPAttributes();
        queryAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        queryAttributes.add(KMIPAttribute.ObjectType, ObjectType.ObjectTypes.Certificate);
        // Have the session locate the keys matching the queryAttributes:
        managedObjectIdentifiers = session.locate(queryAttributes);
        System.out.println("Managed objects with attributes rsa, 2048:");
        for (String uid : managedObjectIdentifiers) {
            System.out.println("Managed object Unique Identifier: " + uid);
            // get the objects as Java client NAEKeys or KMIPSecretData objects
            // (Note: Secret Data doesn't have KMIP attributes of
            // algorithm or length, and will not be found by this query,
            // but is included here for completeness.
            Object managedObject = session.getManagedObject(uid);
            if (managedObject instanceof KMIPTemplate)
                break;
            if (managedObject instanceof NAEPublicKey)
                System.out.println(((NAEPublicKey) managedObject).getName());
            else if (managedObject instanceof NAEPrivateKey)
                System.out.println(((NAEPrivateKey) managedObject).getName());
            else if (managedObject instanceof NAESecretKey)
                System.out.println(((NAESecretKey) managedObject).getName());
            else if (managedObject instanceof KMIPSecretData) {
                System.out.println(((KMIPSecretData) managedObject).getName());
            } else if (managedObject instanceof NAECertificate) {
                System.out.println("Object is a certificate");
                System.out.println(((NAECertificate) managedObject).getName());
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAECertificate(com.ingrian.security.nae.NAECertificate) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) KMIPTemplate(com.ingrian.security.nae.KMIPTemplate)

Example 17 with NAEPublicKey

use of com.ingrian.security.nae.NAEPublicKey in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPGenKeys method main.

public static void main(String[] args) {
    if (args.length != 4) {
        usage();
    }
    int length = Integer.valueOf(args[3]);
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // create KMIP Session - specify client X.509 certificate and keystore password
    KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
    KeyPair sunPair = null;
    try {
        // verify Key Manager supports key pair generation
        if (!queryKeyGen(session)) {
            System.err.println("Key Manager does not support key pair generation");
            System.exit(0);
        }
        deleteIfNecessary(NAEKey.getPublicKey(args[2].trim() + Config.s_publicKeyGenSuffix, session));
        deleteIfNecessary(NAEKey.getPrivateKey(args[2].trim() + Config.s_privateKeyGenSuffix, session));
        RSAKeyPairGenerator keyGen = new RSAKeyPairGenerator();
        NAEParameterSpec spec = new NAEParameterSpec(args[2].trim(), length, (KMIPAttributes) null, session);
        keyGen.initialize(spec, null);
        sunPair = keyGen.generateKeyPair();
        PrivateKey priv = sunPair.getPrivate();
        PublicKey pub = sunPair.getPublic();
        NAEPrivateKey naePriv = (NAEPrivateKey) priv;
        NAEPublicKey naePub = (NAEPublicKey) pub;
        System.out.println("\n\n----------------------------\n");
        System.out.println("Key length = " + length);
        System.out.println("Private key name           : " + naePriv.getName());
        System.out.println("Private key format         : " + naePriv.getFormat());
        System.out.println("Private key algorithm      : " + naePriv.getAlgorithm());
        System.out.println("Private key encoded length : " + naePriv.getKeySize());
        System.out.println("Public key name            : " + naePub.getName());
        System.out.println("Public key format          : " + naePub.getFormat());
        System.out.println("Public key algorithm      : " + "" + naePub.getAlgorithm());
        System.out.println("Public key encoded length  : " + naePub.getKeySize());
    /* ((NAEPrivateKey)priv).delete();
            ((NAEPublicKey)pub).delete();*/
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KeyPair(java.security.KeyPair) NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) PrivateKey(java.security.PrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) PublicKey(java.security.PublicKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) RSAKeyPairGenerator(com.ingrian.security.nae.RSAKeyPairGenerator) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) NAEException(com.ingrian.security.nae.NAEException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Example 18 with NAEPublicKey

use of com.ingrian.security.nae.NAEPublicKey in project CipherTrust_Application_Protection by thalescpl-io.

the class ECCKeySample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        System.err.println("Usage: java ECCKeySample user password keyName groupName");
        System.exit(-1);
    }
    String userName = args[0];
    String password = args[1];
    String keyName = args[2];
    String groupName = args[3];
    // KeyImportName must be unique each time importKey API is used.
    String keyImportName = keyName + "_Import";
    String algorithm = "EC";
    // Add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // Get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    NAESession session = null;
    try {
        // Creates NAESession: pass in NAE user and password
        session = NAESession.getSession(userName, password.toCharArray());
        // Configure the key permissions to be granted to NAE group.
        NAEPermission permission = new NAEPermission(groupName);
        // Add permission to sign
        permission.setSign(true);
        // Add permission to verify signature
        permission.setSignV(true);
        NAEPermission[] permissions = { permission };
        // Creates ECCParameterSpec to generate ECC key pair which is exportable, deletable, non-versioned and
        // prime256v1 curve ID
        // Permissions granted to sign and verify
        ECCParameterSpec spec1 = new ECCParameterSpec(keyName, true, true, false, null, session, permissions, ECCParameterSpec.CurveId.prime256v1);
        // Creates the ECC KeyPair generator object
        KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", "IngrianProvider");
        // Initializes KeyPair generator with ECCParameterSpec
        generator.initialize(spec1);
        // Creates the Key Pair for ECC key
        KeyPair pair = generator.generateKeyPair();
        System.out.println("Created ECC key: " + keyName);
        // Exports public key data from Key Manager
        NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
        byte[] pubKeyData = pubKey.export();
        System.out.println("Exported public key: " + pubKey.getName());
        // Creates NAEPrivateKey object
        NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
        // Exports private key data in default format i.e. PEM-PKCS#1
        byte[] privKeyData = privKey.export();
        boolean exportAllVersion = false;
        // Exports private key data in PEM-PKCS#8 format
        // If exportAllVersion is set to true, the following export API will export all key versions
        KeyExportData[] privKeyExport_PKCS8 = privKey.export(exportAllVersion, "PEM-PKCS#8");
        for (KeyExportData keyExportDataPKCS8 : privKeyExport_PKCS8) {
            System.out.println("Private Key exported in PKCS#8 format:\n " + keyExportDataPKCS8.getKeyData());
        }
        // Exports private key data in PEM-SEC1 format
        // If exportAllVersion is set to true, the following export API will export all key versions
        KeyExportData[] privKeyExport_SEC1 = privKey.export(exportAllVersion, "PEM-SEC1");
        for (KeyExportData keyExportDataSEC1 : privKeyExport_SEC1) {
            System.out.println("Private Key exported in PEM-SEC1 format:\n" + keyExportDataSEC1.getKeyData());
        }
        // Delete the key pair from Key Manager
        pubKey.delete();
        // Creates a ECCParameterSpec to import ECC key
        // Keys are exportable, deletable  and non-versioned
        ECCParameterSpec importSpec = new ECCParameterSpec(keyImportName, true, true, false, null, session, null, null);
        // Imports the key to the Key Manager
        NAEKey.importKey(privKeyData, algorithm, importSpec);
        System.out.println("Imported the key " + keyImportName + " on the Key Manager.");
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    } finally {
        if (session != null)
            // Close NAESession
            session.closeSession();
    }
}
Also used : KeyPair(java.security.KeyPair) NAEPermission(com.ingrian.security.nae.NAEPermission) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) KeyExportData(com.ingrian.security.nae.KeyExportData) IngrianProvider(com.ingrian.security.nae.IngrianProvider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) ECCParameterSpec(com.ingrian.security.nae.ECCParameterSpec) NAESession(com.ingrian.security.nae.NAESession)

Example 19 with NAEPublicKey

use of com.ingrian.security.nae.NAEPublicKey in project CipherTrust_Application_Protection by thalescpl-io.

the class WrapKeySample method main.

public static void main(String[] args) {
    Security.addProvider(new IngrianProvider());
    if (args.length != 5) {
        System.err.println("Usage: java WrapKeySample user password keyToWrapName wrappingKeyName groupName");
        System.exit(-1);
    }
    String userName = args[0];
    String passWord = args[1];
    String keyToWrapName = "WrapSamplePair" + args[2];
    String wrappingKeyName = "WrapSampleKey" + args[3];
    String groupName = args[4];
    NAESession session = null;
    try {
        // Create an NAESession.
        session = NAESession.getSession(userName, passWord.toCharArray());
        NAEParameterSpec spec = new NAEParameterSpec(keyToWrapName, true, true, 256, session);
        // Delete any existing keys from this sample.
        NAEKey keyToDelete = NAEKey.getSecretKey(keyToWrapName, session);
        deleteExistingKeys(wrappingKeyName, session, keyToDelete);
        // Generate an AES key to be wrapped when exported.
        KeyGenerator generator = KeyGenerator.getInstance("AES", "IngrianProvider");
        // NAEEParameters to pass session
        generator.init(spec);
        NAEKey keyToBeWrapped = (NAEKey) generator.generateKey();
        // Create a public/private RSA key pair to do the key wrapping.
        // The AES key will be wrapped with the RSA Public Key, and
        // later unwrapped using the RSA Private Key.
        KeyPair pair = createKeyPair(session, groupName, wrappingKeyName);
        NAEPublicKey publicKey = NAEKey.getPublicKey(wrappingKeyName, session);
        NAEPrivateKey privateKey = NAEKey.getPrivateKey(wrappingKeyName, session);
        // Init a JCE Cipher in WRAP_MODE to do the key wrapping.
        Cipher cipher = Cipher.getInstance("RSA", "IngrianProvider");
        cipher.init(Cipher.WRAP_MODE, publicKey, spec);
        // Wrap and export the wrapped AES Key from the Key Manager
        // using the cipher.wrap method.
        // The key is wrapped with the Public key from the key pair
        // on the Key Manager which was generated earlier.
        byte[] wrappedKey = cipher.wrap(keyToBeWrapped);
        System.out.println("wrapped  : " + IngrianProvider.byteArray2Hex(wrappedKey));
        System.out.println("Length   : " + wrappedKey.length);
        // Unwrap the AES key using the private key of the
        // generated key pair using the SunJCE provider.
        // Export the NAEPrivate key as a JCE PrivateKey.
        PrivateKey prKey = privateKey.exportJCEKey();
        // Initialize a Cipher based on the SunJCE provider.
        // For IBM Java, change the provider from "SunJCE" to "IBMJCE"
        // Note the use of PKCS1Padding.
        Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding", "SunJCE");
        cipher2.init(Cipher.UNWRAP_MODE, prKey);
        // Unwrap the wrapped key from the bytes returned from the
        // Key Manager.
        Key unWrappedKey = cipher2.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY);
        System.out.println("Unwrapped: " + IngrianProvider.byteArray2Hex(unWrappedKey.getEncoded()));
        System.out.println("Original : " + IngrianProvider.byteArray2Hex(keyToBeWrapped.export()));
        if (Arrays.equals(keyToBeWrapped.export(), unWrappedKey.getEncoded()))
            System.out.println("Unwrapped key bytes equal original key bytes");
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KeyPair(java.security.KeyPair) NAEKey(com.ingrian.security.nae.NAEKey) PrivateKey(java.security.PrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Cipher(javax.crypto.Cipher) KeyGenerator(javax.crypto.KeyGenerator) NAESession(com.ingrian.security.nae.NAESession) Key(java.security.Key) PrivateKey(java.security.PrivateKey) NAEKey(com.ingrian.security.nae.NAEKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)

Aggregations

NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)19 NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)18 IngrianProvider (com.ingrian.security.nae.IngrianProvider)17 NAESession (com.ingrian.security.nae.NAESession)10 KMIPSession (com.ingrian.security.nae.KMIPSession)9 NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)9 KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)8 NAEKey (com.ingrian.security.nae.NAEKey)7 Provider (java.security.Provider)7 KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)6 NAEException (com.ingrian.security.nae.NAEException)6 NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)6 NAESecretKey (com.ingrian.security.nae.NAESecretKey)6 KeyPair (java.security.KeyPair)5 PrivateKey (java.security.PrivateKey)5 PublicKey (java.security.PublicKey)4 KeyPairGenerator (java.security.KeyPairGenerator)3 Signature (java.security.Signature)3 Cipher (javax.crypto.Cipher)3 NAECertificate (com.ingrian.security.nae.NAECertificate)2