Example 11 with SecretKeyFactory
use of javax.crypto.SecretKeyFactory in project orientdb by orientechnologies.
the class ODESEncryption method configure.
public OEncryption configure(final String iOptions) {
initialized = false;
if (iOptions == null)
throw new OSecurityException("DES encryption has been selected, but no key was found. Please configure it by passing the key as property at database create/open. The property key is: '" + OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey() + "'");
try {
final byte[] key = OBase64Utils.decode(iOptions);
final DESKeySpec desKeySpec = new DESKeySpec(key);
final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM_NAME);
theKey = keyFactory.generateSecret(desKeySpec);
cipher = Cipher.getInstance(TRANSFORMATION);
} catch (Exception e) {
throw OException.wrapException(new OInvalidStorageEncryptionKeyException("Cannot initialize DES encryption with current key. Assure the key is a BASE64 - 64 bits long"), e);
}
this.initialized = true;
return this;
}
Also used :
OInvalidStorageEncryptionKeyException(com.orientechnologies.orient.core.exception.OInvalidStorageEncryptionKeyException)
OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException)
DESKeySpec(javax.crypto.spec.DESKeySpec)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException)
OInvalidStorageEncryptionKeyException(com.orientechnologies.orient.core.exception.OInvalidStorageEncryptionKeyException)
OException(com.orientechnologies.common.exception.OException)
Example 12 with SecretKeyFactory
use of javax.crypto.SecretKeyFactory in project robovm by robovm.
the class PKCS12KeyStoreSpi method unwrapKey.
protected PrivateKey unwrapKey(AlgorithmIdentifier algId, byte[] data, char[] password, boolean wrongPKCS12Zero) throws IOException {
ASN1ObjectIdentifier algorithm = algId.getAlgorithm();
try {
if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
PBEKeySpec pbeSpec = new PBEKeySpec(password);
PrivateKey out;
SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm.getId(), bcProvider);
PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
SecretKey k = keyFact.generateSecret(pbeSpec);
((BCPBEKey) k).setTryWrongPKCS12Zero(wrongPKCS12Zero);
Cipher cipher = Cipher.getInstance(algorithm.getId(), bcProvider);
cipher.init(Cipher.UNWRAP_MODE, k, defParams);
// we pass "" as the key algorithm type as it is unknown at this point
return (PrivateKey) cipher.unwrap(data, "", Cipher.PRIVATE_KEY);
} else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
PBES2Parameters alg = PBES2Parameters.getInstance(algId.getParameters());
PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId(), bcProvider);
SecretKey k = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), func.getIterationCount().intValue(), SecretKeyUtil.getKeySize(alg.getEncryptionScheme().getAlgorithm())));
Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId(), bcProvider);
cipher.init(Cipher.UNWRAP_MODE, k, new IvParameterSpec(ASN1OctetString.getInstance(alg.getEncryptionScheme().getParameters()).getOctets()));
// we pass "" as the key algorithm type as it is unknown at this point
return (PrivateKey) cipher.unwrap(data, "", Cipher.PRIVATE_KEY);
}
} catch (Exception e) {
throw new IOException("exception unwrapping private key - " + e.toString());
}
throw new IOException("exception unwrapping private key - cannot recognise: " + algorithm);
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
PBES2Parameters(org.bouncycastle.asn1.pkcs.PBES2Parameters)
PrivateKey(java.security.PrivateKey)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SecretKey(javax.crypto.SecretKey)
PKCS12PBEParams(org.bouncycastle.asn1.pkcs.PKCS12PBEParams)
BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey)
PBKDF2Params(org.bouncycastle.asn1.pkcs.PBKDF2Params)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Example 13 with SecretKeyFactory
use of javax.crypto.SecretKeyFactory in project robovm by robovm.
the class PKCS12KeyStoreSpi method calculatePbeMac.
private static byte[] calculatePbeMac(ASN1ObjectIdentifier oid, byte[] salt, int itCount, char[] password, boolean wrongPkcs12Zero, byte[] data) throws Exception {
SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider);
PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount);
PBEKeySpec pbeSpec = new PBEKeySpec(password);
BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec);
key.setTryWrongPKCS12Zero(wrongPkcs12Zero);
Mac mac = Mac.getInstance(oid.getId(), bcProvider);
mac.init(key, defParams);
mac.update(data);
return mac.doFinal();
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Mac(javax.crypto.Mac)
Example 14 with SecretKeyFactory
use of javax.crypto.SecretKeyFactory in project robovm by robovm.
the class PKCS12KeyStoreSpi method cryptData.
protected byte[] cryptData(boolean forEncryption, AlgorithmIdentifier algId, char[] password, boolean wrongPKCS12Zero, byte[] data) throws IOException {
String algorithm = algId.getAlgorithm().getId();
PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
PBEKeySpec pbeSpec = new PBEKeySpec(password);
try {
SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, bcProvider);
PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec);
key.setTryWrongPKCS12Zero(wrongPKCS12Zero);
Cipher cipher = Cipher.getInstance(algorithm, bcProvider);
int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
cipher.init(mode, key, defParams);
return cipher.doFinal(data);
} catch (Exception e) {
throw new IOException("exception decrypting data - " + e.toString());
}
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
PKCS12PBEParams(org.bouncycastle.asn1.pkcs.PKCS12PBEParams)
BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
BEROctetString(org.bouncycastle.asn1.BEROctetString)
Cipher(javax.crypto.Cipher)
IOException(java.io.IOException)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
Example 15 with SecretKeyFactory
use of javax.crypto.SecretKeyFactory in project robovm by robovm.
the class mySecretKeyFactory method testSecretKeyFactory10.
/**
* Test for <code>generateSecret(KeySpec keySpec)</code> and
* <code>getKeySpec(SecretKey key, Class keySpec)
* methods
* Assertion:
* throw InvalidKeySpecException if parameter is inappropriate
*/
public void testSecretKeyFactory10() throws InvalidKeyException, InvalidKeySpecException {
if (!DEFSupported) {
fail(NotSupportMsg);
return;
}
byte[] bb = new byte[24];
KeySpec ks = (defaultAlgorithm.equals(defaultAlgorithm2) ? (KeySpec) new DESKeySpec(bb) : (KeySpec) new DESedeKeySpec(bb));
KeySpec rks = null;
SecretKeySpec secKeySpec = new SecretKeySpec(bb, defaultAlgorithm);
SecretKey secKey = null;
SecretKeyFactory[] skF = createSKFac();
assertNotNull("SecretKeyFactory object were not created", skF);
for (int i = 0; i < skF.length; i++) {
try {
skF[i].generateSecret(null);
fail("generateSecret(null): InvalidKeySpecException must be thrown");
} catch (InvalidKeySpecException e) {
}
secKey = skF[i].generateSecret(ks);
try {
skF[i].getKeySpec(null, null);
fail("getKeySpec(null,null): InvalidKeySpecException must be thrown");
} catch (InvalidKeySpecException e) {
}
try {
skF[i].getKeySpec(null, ks.getClass());
fail("getKeySpec(null, Class): InvalidKeySpecException must be thrown");
} catch (InvalidKeySpecException e) {
}
try {
skF[i].getKeySpec(secKey, null);
fail("getKeySpec(secKey, null): NullPointerException or InvalidKeySpecException must be thrown");
} catch (InvalidKeySpecException e) {
// Expected
} catch (NullPointerException e) {
// Expected
}
try {
Class c;
if (defaultAlgorithm.equals(defaultAlgorithm2)) {
c = DESedeKeySpec.class;
} else {
c = DESKeySpec.class;
}
skF[i].getKeySpec(secKeySpec, c);
fail("getKeySpec(secKey, Class): InvalidKeySpecException must be thrown");
} catch (InvalidKeySpecException e) {
}
rks = skF[i].getKeySpec(secKeySpec, ks.getClass());
if (defaultAlgorithm.equals(defaultAlgorithm1)) {
assertTrue("Incorrect getKeySpec() result 1", rks instanceof DESedeKeySpec);
} else {
assertTrue("Incorrect getKeySpec() result 1", rks instanceof DESKeySpec);
}
rks = skF[i].getKeySpec(secKey, ks.getClass());
if (defaultAlgorithm.equals(defaultAlgorithm1)) {
assertTrue("Incorrect getKeySpec() result 2", rks instanceof DESedeKeySpec);
} else {
assertTrue("Incorrect getKeySpec() result 2", rks instanceof DESKeySpec);
}
}
}
Also used :
SecretKey(javax.crypto.SecretKey)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
DESKeySpec(javax.crypto.spec.DESKeySpec)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
DESedeKeySpec(javax.crypto.spec.DESedeKeySpec)
KeySpec(java.security.spec.KeySpec)
DESedeKeySpec(javax.crypto.spec.DESedeKeySpec)
DESKeySpec(javax.crypto.spec.DESKeySpec)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
Aggregations
SecretKeyFactory (javax.crypto.SecretKeyFactory)129
SecretKey (javax.crypto.SecretKey)84
PBEKeySpec (javax.crypto.spec.PBEKeySpec)75
Cipher (javax.crypto.Cipher)58
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)39
DESKeySpec (javax.crypto.spec.DESKeySpec)28
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)26
PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)26
KeySpec (java.security.spec.KeySpec)25
SecretKeySpec (javax.crypto.spec.SecretKeySpec)23
SecureRandom (java.security.SecureRandom)18
KeyStoreException (java.security.KeyStoreException)16
IOException (java.io.IOException)15
InvalidKeyException (java.security.InvalidKeyException)14
PrivateKey (java.security.PrivateKey)12
CertificateException (java.security.cert.CertificateException)12
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)12
UnrecoverableKeyException (java.security.UnrecoverableKeyException)11
Key (java.security.Key)10
KeyFactory (java.security.KeyFactory)10
