Search in sources :

Example 26 with NAESession

use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.

the class FPEEncryptionDecryptionSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 6) {
        System.err.println("Usage: java FPEEncryptionDecryptionSample user password keyname IV TweakAlgorithm(Optional) TweakData(Optional)");
        System.err.println("Mention null for optional parameter if you don't want to pass it");
        /*
             * Usage: keyname Supports AES Non-versioned key
             * Usage: IV Must be 56 bytes Hex format string for AES key. IV must be of cardinality-10 that means each two characters (byte) of HEX IV must be 00-09
             * 		  IV must be provided when length of the data exceeds 56 bytes. FPE algorithm breaks the long data into 56 s-integer blocks and 
             * 		  uses block chaining algorithm very similar to CBC mode to encrypt and chain the long data.
             * 		  when length of the data does not exceed MAXb value, the IV must be absent.
             * Usage: TweakAlgorithm(Optional) must be from SHA1, SHA256 or None
             * Usage: TweakData(Optional) If, tweak data algorithm is 'None' or absent, 
           	 	    the value must be HEX encoded string representing 64 bit long. In case of valid tweak Algorithm,
            		the tweak data value can be any ASCII string (not necessarily HEX). 
            		Tweak Data is first processed using Tweak Hash Algorithm and the result is truncated to 64 bits
            		for input to the FPE algorithm
            */
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    String _iv = args[3];
    String tweakAlgo = null;
    if (!args[4].contains("null")) {
        tweakAlgo = args[4];
    }
    String tweakData = null;
    if (!args[5].contains("null")) {
        tweakData = args[5];
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (Provider provider : providers) {
        System.out.println(provider.getInfo());
    }
    String dataToEncrypt = "36253865463254715234987125394785127934571235487631254876512837451827635487123564875216384728347";
    System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
    NAESession session = null;
    try {
        // create NAE Session: pass in Key Manager user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // Get SecretKey (just a handle to it, key data does not leave the Key Manager
        NAEKey key = NAEKey.getSecretKey(keyName, session);
        byte[] iv = null;
        NAESecureRandom rng;
        iv = IngrianProvider.hex2ByteArray(_iv);
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
        // Initializes IV and tweak parameters
        NAEIvAndTweakDataParameter ivtweak = null;
        ivtweak = new NAEIvAndTweakDataParameter(ivSpec, tweakData, tweakAlgo);
        // get a cipher
        Cipher encryptCipher = Cipher.getInstance("FPE/AES/CARD10", "IngrianProvider");
        // initialize cipher to encrypt.
        encryptCipher.init(Cipher.ENCRYPT_MODE, key, ivtweak);
        // encrypt data
        byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
        System.out.println("encrypted data data  \"" + new String(outbuf) + "\"");
        Cipher decryptCipher = Cipher.getInstance("FPE/AES/CARD10", "IngrianProvider");
        // to decrypt data, initialize cipher to decrypt
        decryptCipher.init(Cipher.DECRYPT_MODE, key, ivtweak);
        // decrypt data
        byte[] newbuf = decryptCipher.doFinal(outbuf);
        System.out.println("Decrypted data  \"" + new String(newbuf) + "\"");
        // close the session
        session.closeSession();
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        throw e;
    } finally {
        if (session != null) {
            session.closeSession();
        }
    }
}
Also used : NAEKey(com.ingrian.security.nae.NAEKey) NAESecureRandom(com.ingrian.security.nae.NAESecureRandom) NAEIvAndTweakDataParameter(com.ingrian.security.nae.NAEIvAndTweakDataParameter) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) NAESession(com.ingrian.security.nae.NAESession) IngrianProvider(com.ingrian.security.nae.IngrianProvider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider)

Example 27 with NAESession

use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.

the class AESGCMEncryptionDecryptionSample method main.

public static void main(String[] args) {
    if (args.length != 7) {
        System.err.println("Usage: java AESGCMEncryptionDecryptionSample user password keyname " + "authTagLength iv aad data");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    int authTagLength = Integer.parseInt(args[3]);
    String iv = args[4];
    String aad = args[5];
    String data = args[6];
    /**
     * Note: For AES-GCM algorithm, same combination of nonce (IV) and key must not be reused
     * during encryption/decryption operations.
     */
    byte[] ivBytes = IngrianProvider.hex2ByteArray(iv);
    byte[] aadBytes = IngrianProvider.hex2ByteArray(aad);
    byte[] dataBytes = data.getBytes();
    System.out.println("iv: " + IngrianProvider.byteArray2Hex(ivBytes));
    System.out.println("AAD: " + IngrianProvider.byteArray2Hex(aadBytes));
    NAESession session = null;
    try {
        session = NAESession.getSession(username, password.toCharArray(), "hello".toCharArray());
        NAEKey key = NAEKey.getSecretKey(keyName, session);
        GCMParameterSpec spec = new GCMParameterSpec(authTagLength, ivBytes, aadBytes);
        Cipher encryptCipher = NAECipher.getNAECipherInstance("AES/GCM/NoPadding", "IngrianProvider");
        encryptCipher.init(Cipher.ENCRYPT_MODE, key, spec);
        byte[] encrypt = null;
        encrypt = encryptCipher.doFinal(dataBytes);
        System.out.println("Encrypt: " + IngrianProvider.byteArray2Hex(encrypt));
        Cipher decryptCipher = NAECipher.getNAECipherInstance("AES/GCM/NoPadding", "IngrianProvider");
        decryptCipher.init(Cipher.DECRYPT_MODE, key, spec);
        byte[] decrypt = decryptCipher.doFinal(encrypt);
        System.out.println("data: " + new String(decrypt));
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        // releasing session
        if (session != null) {
            session.closeSession();
        }
    }
}
Also used : NAEKey(com.ingrian.security.nae.NAEKey) GCMParameterSpec(com.ingrian.security.nae.GCMParameterSpec) NAECipher(com.ingrian.security.nae.NAECipher) Cipher(javax.crypto.Cipher) NAESession(com.ingrian.security.nae.NAESession)

Example 28 with NAESession

use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.

the class BulkOperationSample method main.

public static void main(String[] args) {
    if (args.length != 4) {
        System.out.println("Usage: java BulkOperationSample <username>" + " <password>" + " <keyname> <datafile>");
        System.exit(-1);
    }
    String userName = args[0];
    String password = args[1];
    String keyName = args[2];
    String fileName = args[3];
    NAESession session = null;
    try {
        // Getting session and key
        session = NAESession.getSession(userName, password.toCharArray());
        NAEKey key = NAEKey.getSecretKey(keyName, session);
        // Getting instance for the bulk operation. Should be called
        // whenever bulk operation needs to be performed.
        AbstractNAECipher encryptCipher = NAECipher.getInstanceForBulkData("AES/GCM/NoPadding", "IngrianProvider");
        // read the contents from the file and write into the arrays
        readContentsFromFileAndWriteToArrays(fileName);
        // initializing the cipher for encrypt operation
        encryptCipher.init(Cipher.ENCRYPT_MODE, key, spec[0]);
        // Map to store exceptions while encryption
        Map<Integer, String> encryptedErrorMap = new HashMap<Integer, String>();
        // performing bulk operation
        byte[][] encryptedData = encryptCipher.doFinalBulk(data, spec, encryptedErrorMap);
        // displaying the encrypted data
        displayData(encryptedData, "Encrypted data");
        // cipher instance for decryption
        AbstractNAECipher decryptCipher = NAECipher.getInstanceForBulkData("AES/GCM/NoPadding", "IngrianProvider");
        // initializing the cipher for decrypt operation
        decryptCipher.init(Cipher.DECRYPT_MODE, key, spec[0]);
        // Map to store exceptions while decryption
        Map<Integer, String> decryptedErrorMap = new HashMap<Integer, String>();
        // performing bulk operation
        byte[][] decryptedData = decryptCipher.doFinalBulk(encryptedData, spec, decryptedErrorMap);
        // displaying the decrypted data
        displayData(decryptedData, "Decrypted Data ");
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        // releasing session
        if (session != null) {
            session.closeSession();
        }
    }
}
Also used : NAEKey(com.ingrian.security.nae.NAEKey) AbstractNAECipher(com.ingrian.security.nae.AbstractNAECipher) HashMap(java.util.HashMap) NAESession(com.ingrian.security.nae.NAESession) IOException(java.io.IOException)

Example 29 with NAESession

use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.

the class CachingSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.err.println("Usage: java CachingSample user password keyname");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    CachingSample sample = new CachingSample();
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (Provider provider : providers) {
        System.out.println(provider.getInfo());
    }
    String dataToEncrypt = "1234567812345678";
    System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
    // create NAE Session: pass in Key Manager user name and password
    MyNAEKeyCachePassphrase m = sample.new MyNAEKeyCachePassphrase();
    NAESession session = null;
    try {
        session = NAESession.getSession(username, password.toCharArray(), m.getPassphrase(null));
        // Get SecretKey (just a handle to it, key data does not leave the Key Manager
        System.out.println("KEYNAME === " + keyName);
        sample.oneShotEncrypt(session, keyName, "AES/CBC/NoPadding", dataToEncrypt, "1234567812345678");
        sample.oneShotEncrypt(session, keyName, "AES/CBC/PKCS5Padding", dataToEncrypt, "1234567812345678");
        sample.oneShotEncrypt(session, keyName, "AES/CBC/PKCS5Padding", dataToEncrypt, null);
        sample.oneShotEncrypt(session, keyName, "AES/ECB/PKCS5Padding", dataToEncrypt, null);
        sample.oneShotEncrypt(session, keyName, "AES/ECB/NoPadding", dataToEncrypt, null);
        session.printCachingDetails();
        Thread.sleep(1000);
        System.out.println("Reading cache from disk to read");
        PersistentCache p = new PersistentCache();
        ConcurrentPersistantEncryptingHashMap map = p.readFromDisk(username, session.getPassphrase());
        if (map != null) {
            System.out.println("Size cache from disk is = " + map.size());
            Set set = map.keySet();
            Iterator<String> iter = set.iterator();
            while (iter.hasNext()) {
                String o = iter.next();
                System.out.println("Key cache from disk = " + o);
                NAECachedKey n = (NAECachedKey) map.get(o);
            }
        } else {
            System.out.println("Map from disk is null");
        }
    } catch (Exception e) {
        e.printStackTrace();
        System.out.println("The Cause is " + e.getMessage() + ".");
        throw e;
    } finally {
        if (session != null) {
            session.closeSession();
        }
    }
}
Also used : Set(java.util.Set) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) ConcurrentPersistantEncryptingHashMap(com.ingrian.internal.cache.ConcurrentPersistantEncryptingHashMap) PersistentCache(com.ingrian.internal.cache.PersistentCache) NAECachedKey(com.ingrian.internal.cache.NAECachedKey) NAESession(com.ingrian.security.nae.NAESession)

Example 30 with NAESession

use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.

the class ECCKeySample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        System.err.println("Usage: java ECCKeySample user password keyName groupName");
        System.exit(-1);
    }
    String userName = args[0];
    String password = args[1];
    String keyName = args[2];
    String groupName = args[3];
    // KeyImportName must be unique each time importKey API is used.
    String keyImportName = keyName + "_Import";
    String algorithm = "EC";
    // Add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // Get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    NAESession session = null;
    try {
        // Creates NAESession: pass in NAE user and password
        session = NAESession.getSession(userName, password.toCharArray());
        // Configure the key permissions to be granted to NAE group.
        NAEPermission permission = new NAEPermission(groupName);
        // Add permission to sign
        permission.setSign(true);
        // Add permission to verify signature
        permission.setSignV(true);
        NAEPermission[] permissions = { permission };
        // Creates ECCParameterSpec to generate ECC key pair which is exportable, deletable, non-versioned and
        // prime256v1 curve ID
        // Permissions granted to sign and verify
        ECCParameterSpec spec1 = new ECCParameterSpec(keyName, true, true, false, null, session, permissions, ECCParameterSpec.CurveId.prime256v1);
        // Creates the ECC KeyPair generator object
        KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", "IngrianProvider");
        // Initializes KeyPair generator with ECCParameterSpec
        generator.initialize(spec1);
        // Creates the Key Pair for ECC key
        KeyPair pair = generator.generateKeyPair();
        System.out.println("Created ECC key: " + keyName);
        // Exports public key data from Key Manager
        NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
        byte[] pubKeyData = pubKey.export();
        System.out.println("Exported public key: " + pubKey.getName());
        // Creates NAEPrivateKey object
        NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
        // Exports private key data in default format i.e. PEM-PKCS#1
        byte[] privKeyData = privKey.export();
        boolean exportAllVersion = false;
        // Exports private key data in PEM-PKCS#8 format
        // If exportAllVersion is set to true, the following export API will export all key versions
        KeyExportData[] privKeyExport_PKCS8 = privKey.export(exportAllVersion, "PEM-PKCS#8");
        for (KeyExportData keyExportDataPKCS8 : privKeyExport_PKCS8) {
            System.out.println("Private Key exported in PKCS#8 format:\n " + keyExportDataPKCS8.getKeyData());
        }
        // Exports private key data in PEM-SEC1 format
        // If exportAllVersion is set to true, the following export API will export all key versions
        KeyExportData[] privKeyExport_SEC1 = privKey.export(exportAllVersion, "PEM-SEC1");
        for (KeyExportData keyExportDataSEC1 : privKeyExport_SEC1) {
            System.out.println("Private Key exported in PEM-SEC1 format:\n" + keyExportDataSEC1.getKeyData());
        }
        // Delete the key pair from Key Manager
        pubKey.delete();
        // Creates a ECCParameterSpec to import ECC key
        // Keys are exportable, deletable  and non-versioned
        ECCParameterSpec importSpec = new ECCParameterSpec(keyImportName, true, true, false, null, session, null, null);
        // Imports the key to the Key Manager
        NAEKey.importKey(privKeyData, algorithm, importSpec);
        System.out.println("Imported the key " + keyImportName + " on the Key Manager.");
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    } finally {
        if (session != null)
            // Close NAESession
            session.closeSession();
    }
}
Also used : KeyPair(java.security.KeyPair) NAEPermission(com.ingrian.security.nae.NAEPermission) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) KeyExportData(com.ingrian.security.nae.KeyExportData) IngrianProvider(com.ingrian.security.nae.IngrianProvider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) ECCParameterSpec(com.ingrian.security.nae.ECCParameterSpec) NAESession(com.ingrian.security.nae.NAESession)

Aggregations

NAESession (com.ingrian.security.nae.NAESession)40 IngrianProvider (com.ingrian.security.nae.IngrianProvider)27 NAEKey (com.ingrian.security.nae.NAEKey)20 Provider (java.security.Provider)19 Cipher (javax.crypto.Cipher)14 NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)11 NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)10 NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)9 KeyGenerator (javax.crypto.KeyGenerator)8 IvParameterSpec (javax.crypto.spec.IvParameterSpec)8 NAESecureRandom (com.ingrian.security.nae.NAESecureRandom)6 IOException (java.io.IOException)6 SecretKey (javax.crypto.SecretKey)6 NAECipher (com.ingrian.security.nae.NAECipher)5 NAEPermission (com.ingrian.security.nae.NAEPermission)5 NAESecretKey (com.ingrian.security.nae.NAESecretKey)5 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 GCMParameterSpec (com.ingrian.security.nae.GCMParameterSpec)3 NAEException (com.ingrian.security.nae.NAEException)3