Examples with RSAPublicKey java.security.interfaces.RSAPublicKey used on opensource projects

Example 71 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project wycheproof by google.

the class RsaKeyTest method testDefaultKeySize.

/**
 * Checks the default key size used for RSA key generation.
 *
 * <p>This test fails if the default key size for RSA is below the minimum recommendation of NIST
 * SP 800-57 part1 revision 4, Table 2, page 53 in
 * http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf . NIST recommends
 * a minimal security strength of 112 bits for keys used until 2030. This translates to a minimal
 * key size of 2048 bits.
 *
 * <p>Enisa, Algorithms, key size and parameters report – 2014, Section 3.6
 * https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014 Enisa,
 * also suggests that 2048-bit RSA keys provide a security strength of about 112 bits. However,
 * the recommendation for near term systems is more conservative than NIST. Enisa recommends a
 * minimal key size of 3072 bits.
 *
 * <p>ECRYPT II Yearly Report on Algorithms and Keysizes (2011-2012), Section 13.3
 * http://www.ecrypt.eu.org/ecrypt2/documents/D.SPA.20.pdf Suggests at least 2432 bits for new
 * keys and at least 1024 bits for legacy keys.
 *
 * <p>All the references above clearly state that keys smaller than 2048 bits should only be used
 * in legacy cases. Therefore, it seems wrong to use a default key size smaller than 2048 bits. If
 * a user really wants a small RSA key then such a choice should be made by explicitly providing
 * the desired key length during the initalization of the KeyPairGenerator.
 *
 * <p>According to https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html every
 * implementation of the Java platform is required to implement RSA with both 1024 and 2048 bit
 * key sizes. Hence a 2048 bit default should not lead to compatibility problems.
 */
@NoPresubmitTest(providers = { ProviderType.OPENJDK }, bugs = { "b/33190530" })
@Test
public void testDefaultKeySize() throws Exception {
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    KeyPair keypair = keyGen.genKeyPair();
    RSAPublicKey pub = (RSAPublicKey) keypair.getPublic();
    int keySizeInBits = pub.getModulus().bitLength();
    System.out.println("testDefaultSize: keysize=" + keySizeInBits);
    checkKeyPair(keypair, keySizeInBits);
    if (keySizeInBits < 2048) {
        fail("RSA default key size too small:" + keySizeInBits);
    }
}

Example 72 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project wycheproof by google.

the class RsaKeyTest method checkKeyPair.

private void checkKeyPair(KeyPair keypair, int keySizeInBits) throws Exception {
    RSAPublicKey pub = (RSAPublicKey) keypair.getPublic();
    RSAPrivateKey priv = (RSAPrivateKey) keypair.getPrivate();
    if (priv instanceof RSAPrivateCrtKey) {
        checkPrivateCrtKey((RSAPrivateCrtKey) priv, keySizeInBits);
    } else {
        // Using a CRT key leads to 6-7 times better performance than not using the CRT.
        // Such a perfomance loss makes a library almost useless. Thus we consider this
        // a bug.
        fail("Expecting an RSAPrivateCrtKey instead of " + priv.getClass().getName());
    }
    checkPublicKey(pub);
    assertEquals(pub.getModulus(), priv.getModulus());
}

Example 73 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project wycheproof by google.

the class RsaSignatureTest method testBasic.

@Test
public void testBasic() throws Exception {
    String algorithm = "SHA256WithRSA";
    String hashAlgorithm = "SHA-256";
    String message = "Hello";
    int keysize = 2048;
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    keyGen.initialize(keysize);
    KeyPair keyPair = keyGen.generateKeyPair();
    RSAPublicKey pub = (RSAPublicKey) keyPair.getPublic();
    RSAPrivateKey priv = (RSAPrivateKey) keyPair.getPrivate();
    byte[] messageBytes = message.getBytes("UTF-8");
    Signature signer = Signature.getInstance(algorithm);
    Signature verifier = Signature.getInstance(algorithm);
    signer.initSign(priv);
    signer.update(messageBytes);
    byte[] signature = signer.sign();
    verifier.initVerify(pub);
    verifier.update(messageBytes);
    assertTrue(verifier.verify(signature));
    // Extract some parameters.
    byte[] rawHash = MessageDigest.getInstance(hashAlgorithm).digest(messageBytes);
    // Print keys and signature, so that it can be used to generate new test vectors.
    System.out.println("Message:" + message);
    System.out.println("Hash:" + TestUtil.bytesToHex(rawHash));
    System.out.println("Public key:");
    System.out.println("Modulus:" + pub.getModulus().toString());
    System.out.println("E:" + pub.getPublicExponent().toString());
    System.out.println("encoded:" + TestUtil.bytesToHex(pub.getEncoded()));
    System.out.println("Private key:");
    System.out.println("D:" + priv.getPrivateExponent().toString());
    System.out.println("encoded:" + TestUtil.bytesToHex(priv.getEncoded()));
    System.out.println("Signature:" + TestUtil.bytesToHex(signature));
}

Example 74 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project killbill by killbill.

the class KillBillAuth0Realm method loadPublicKey.

private PublicKey loadPublicKey(final String keyId) {
    final BoundRequestBuilder builder = httpClient.prepareGet(securityConfig.getShiroAuth0Url() + "/.well-known/jwks.json");
    final Response response;
    try {
        final ListenableFuture<Response> futureStatus = builder.execute(new AsyncCompletionHandler<Response>() {

            @Override
            public Response onCompleted(final Response response) throws Exception {
                return response;
            }
        });
        response = futureStatus.get(DEFAULT_TIMEOUT_SECS, TimeUnit.SECONDS);
    } catch (final TimeoutException toe) {
        throw new SignatureException("Timeout while connecting to Auth0 to fetch public keys", toe);
    } catch (final Exception e) {
        throw new SignatureException("Error while connecting to Auth0 to fetch public keys", e);
    }
    final Map<String, List<Map<String, Object>>> keysResponse;
    try {
        keysResponse = mapper.readValue(response.getResponseBodyAsStream(), new TypeReference<Map<String, List<Map<String, Object>>>>() {
        });
    } catch (final IOException e) {
        throw new SignatureException("Unable to read public keys from Auth0", e);
    }
    if (keysResponse.get("keys") == null || keysResponse.get("keys").isEmpty()) {
        throw new SignatureException("Auth0 returned no key");
    }
    final List<Map<String, Object>> newKeys = keysResponse.get("keys");
    for (final Map<String, Object> newKey : newKeys) {
        if (newKey.get("kid") == null || !newKey.get("kid").equals(keyId) || newKey.get("kty") == null) {
            continue;
        }
        final String kty = (String) newKey.get("kty");
        switch(kty) {
            case "RSA":
                final BigInteger modulus = getBigInteger(newKey.get("n"));
                final BigInteger exponent = getBigInteger(newKey.get("e"));
                if (modulus == null || exponent == null) {
                    continue;
                }
                return new RSAPublicKey() {

                    @Override
                    public BigInteger getPublicExponent() {
                        return exponent;
                    }

                    @Override
                    public String getAlgorithm() {
                        return "RSA";
                    }

                    @Override
                    public String getFormat() {
                        return "JWK";
                    }

                    @Override
                    public byte[] getEncoded() {
                        throw new UnsupportedOperationException();
                    }

                    @Override
                    public BigInteger getModulus() {
                        return modulus;
                    }
                };
            case "EC":
                final String curveName = (String) newKey.get("crv");
                final BigInteger x = getBigInteger(newKey.get("x"));
                final BigInteger y = getBigInteger(newKey.get("y"));
                if (curveName == null || x == null || y == null) {
                    continue;
                }
                final ECParameterSpec curve = EcCurve.tryGet(curveName);
                if (curve == null) {
                    continue;
                }
                final ECPoint w = new ECPoint(x, y);
                return new ECPublicKey() {

                    @Override
                    public ECPoint getW() {
                        return w;
                    }

                    @Override
                    public String getAlgorithm() {
                        return "EC";
                    }

                    @Override
                    public String getFormat() {
                        return "JWK";
                    }

                    @Override
                    public byte[] getEncoded() {
                        throw new UnsupportedOperationException();
                    }

                    @Override
                    public ECParameterSpec getParams() {
                        return curve;
                    }
                };
            default:
        }
    }
    throw new SignatureException("Could not find Auth0 public key " + keyId);
}

Example 75 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project spring-security by spring-projects.

the class RsaKeyConversionServicePostProcessorTests method convertWhenUsingConversionServiceForClasspathThenOk.

@Test
public void convertWhenUsingConversionServiceForClasspathThenOk() {
    RSAPublicKey key = this.service.convert(X509_PUBLIC_KEY_LOCATION, RSAPublicKey.class);
    assertThat(key.getModulus().bitLength()).isEqualTo(1024);
}