Example 1 with EncryptRequest
use of com.tencentcloudapi.kms.v20190118.models.EncryptRequest in project cos-java-sdk-v5 by tencentyun.
the class ContentCryptoMaterial method encryptIV.
public static byte[] encryptIV(byte[] iv, EncryptionMaterials materials, COSKeyWrapScheme kwScheme, SecureRandom srand, Provider p, QCLOUDKMS kms, CosServiceRequest req) {
if (materials.isKMSEnabled()) {
Map<String, String> matdesc = mergeMaterialDescriptions(materials, req);
EncryptRequest encryptRequest = new EncryptRequest();
try {
ObjectMapper mapper = new ObjectMapper();
encryptRequest.setEncryptionContext(mapper.writeValueAsString(matdesc));
} catch (JsonProcessingException e) {
throw new CosClientException("encrypt request set encryption context got json processing exception", e);
}
encryptRequest.setKeyId(materials.getCustomerMasterKeyId());
encryptRequest.setPlaintext(Base64.encodeAsString(iv));
EncryptResponse encryptResponse = kms.encrypt(encryptRequest);
String cipherIV = encryptResponse.getCiphertextBlob();
return cipherIV.getBytes(Charset.forName("UTF-8"));
}
Key kek;
if (materials.getKeyPair() != null) {
// Do envelope encryption with public key from key pair
kek = materials.getKeyPair().getPublic();
} else {
// Do envelope encryption with symmetric key
kek = materials.getSymmetricKey();
}
String keyWrapAlgo = kwScheme.getKeyWrapAlgorithm(kek);
try {
Cipher cipher = p == null ? Cipher.getInstance(keyWrapAlgo) : Cipher.getInstance(keyWrapAlgo, p);
cipher.init(Cipher.ENCRYPT_MODE, kek, srand);
return cipher.doFinal(iv);
} catch (Exception e) {
throw new CosClientException("Unable to encrypt IV", e);
}
}
Also used :
EncryptResponse(com.tencentcloudapi.kms.v20190118.models.EncryptResponse)
CosClientException(com.qcloud.cos.exception.CosClientException)
Cipher(javax.crypto.Cipher)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Key(java.security.Key)
SecretKey(javax.crypto.SecretKey)
CosClientException(com.qcloud.cos.exception.CosClientException)
IOException(java.io.IOException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
EncryptRequest(com.tencentcloudapi.kms.v20190118.models.EncryptRequest)
Example 2 with EncryptRequest
use of com.tencentcloudapi.kms.v20190118.models.EncryptRequest in project cos-java-sdk-v5 by tencentyun.
the class ContentCryptoMaterial method secureCEK.
/**
* Secure the given CEK. Note network calls are involved if the CEK is to be protected by KMS.
*
* @param cek content encrypting key to be secured
* @param materials used to provide the key-encryption-key (KEK); or if it is KMS-enabled, the
* customer master key id and material description.
* @param contentCryptoScheme the content crypto scheme
* @param p optional security provider; can be null if the default is used.
* @return a secured CEK in the form of ciphertext or ciphertext blob.
*/
private static SecuredCEK secureCEK(SecretKey cek, EncryptionMaterials materials, COSKeyWrapScheme kwScheme, SecureRandom srand, Provider p, QCLOUDKMS kms, CosServiceRequest req) {
final Map<String, String> matdesc;
if (materials.isKMSEnabled()) {
matdesc = mergeMaterialDescriptions(materials, req);
EncryptRequest encryptRequest = new EncryptRequest();
try {
ObjectMapper mapper = new ObjectMapper();
encryptRequest.setEncryptionContext(mapper.writeValueAsString(matdesc));
} catch (JsonProcessingException e) {
throw new CosClientException("encrypt request set encryption context got json processing exception", e);
}
encryptRequest.setKeyId(materials.getCustomerMasterKeyId());
encryptRequest.setPlaintext(cek.getEncoded().toString());
EncryptResponse encryptResponse = kms.encrypt(encryptRequest);
byte[] keyBlob = encryptResponse.getCiphertextBlob().getBytes();
return new KMSSecuredCEK(keyBlob, matdesc);
} else {
matdesc = materials.getMaterialsDescription();
}
Key kek;
if (materials.getKeyPair() != null) {
// Do envelope encryption with public key from key pair
kek = materials.getKeyPair().getPublic();
} else {
// Do envelope encryption with symmetric key
kek = materials.getSymmetricKey();
}
String keyWrapAlgo = kwScheme.getKeyWrapAlgorithm(kek);
try {
Cipher cipher = p == null ? Cipher.getInstance(keyWrapAlgo) : Cipher.getInstance(keyWrapAlgo, p);
cipher.init(Cipher.WRAP_MODE, kek, srand);
return new SecuredCEK(cipher.wrap(cek), keyWrapAlgo, matdesc);
} catch (Exception e) {
throw new CosClientException("Unable to encrypt symmetric key", e);
}
}
Also used :
EncryptResponse(com.tencentcloudapi.kms.v20190118.models.EncryptResponse)
CosClientException(com.qcloud.cos.exception.CosClientException)
CosClientException(com.qcloud.cos.exception.CosClientException)
IOException(java.io.IOException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
Cipher(javax.crypto.Cipher)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Key(java.security.Key)
SecretKey(javax.crypto.SecretKey)
EncryptRequest(com.tencentcloudapi.kms.v20190118.models.EncryptRequest)
Aggregations
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2
CosClientException (com.qcloud.cos.exception.CosClientException)2
EncryptRequest (com.tencentcloudapi.kms.v20190118.models.EncryptRequest)2
EncryptResponse (com.tencentcloudapi.kms.v20190118.models.EncryptResponse)2
IOException (java.io.IOException)2
Key (java.security.Key)2
Cipher (javax.crypto.Cipher)2
SecretKey (javax.crypto.SecretKey)2
