Examples with DHPublicKeySpec javax.crypto.spec.DHPublicKeySpec used on opensource projects

Search in sources :

Example 16 with DHPublicKeySpec

use of javax.crypto.spec.DHPublicKeySpec in project ofbiz-framework by apache.

the class ValueLinkApi method getValueLinkPublicKey.

/**
 * Get a public key object for the ValueLink supplied public key
 * @return PublicKey object of ValueLinks's public key
 * @throws NoSuchAlgorithmException
 * @throws InvalidKeySpecException
 */
public PublicKey getValueLinkPublicKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
    // read the valuelink public key
    String publicValue = (String) props.get("payment.valuelink.publicValue");
    byte[] publicKeyBytes = StringUtil.fromHexString(publicValue);
    // initialize the parameter spec
    DHParameterSpec dhParamSpec = this.getDHParameterSpec();
    // load the valuelink public key
    KeyFactory keyFactory = KeyFactory.getInstance("DH");
    BigInteger publicKeyInt = new BigInteger(publicKeyBytes);
    DHPublicKeySpec dhPublicSpec = new DHPublicKeySpec(publicKeyInt, dhParamSpec.getP(), dhParamSpec.getG());
    PublicKey vlPublic = keyFactory.generatePublic(dhPublicSpec);
    return vlPublic;
}
Also used : PublicKey(java.security.PublicKey) DHPublicKey(javax.crypto.interfaces.DHPublicKey) BigInteger(java.math.BigInteger) DHParameterSpec(javax.crypto.spec.DHParameterSpec) DHPublicKeySpec(javax.crypto.spec.DHPublicKeySpec) SecretKeyFactory(javax.crypto.SecretKeyFactory) KeyFactory(java.security.KeyFactory)

Example 17 with DHPublicKeySpec

use of javax.crypto.spec.DHPublicKeySpec in project wycheproof by google.

the class DhTest method testSubgroupConfinement.

/**
 * Tests whether a provider accepts invalid public keys that result in predictable shared secrets.
 * This test is based on RFC 2785, Section 4 and NIST SP 800-56A, If an attacker can modify both
 * public keys in an ephemeral-ephemeral key agreement scheme then it may be possible to coerce
 * both parties into computing the same predictable shared key.
 *
 * <p>Note: the test is quite whimsical. If the prime p is not a safe prime then the provider
 * itself cannot prevent all small-subgroup attacks because of the missing parameter q in the
 * Diffie-Hellman parameters. Implementations must add additional countermeasures such as the ones
 * proposed in RFC 2785.
 *
 * <p>CVE-2016-1000346: BouncyCastle before v.1.56 did not validate the other parties public key.
 */
@SuppressWarnings("InsecureCryptoUsage")
@Test
public void testSubgroupConfinement() throws Exception {
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
    DHParameterSpec params = ike2048();
    BigInteger p = params.getP();
    BigInteger g = params.getG();
    keyGen.initialize(params);
    PrivateKey priv = keyGen.generateKeyPair().getPrivate();
    KeyAgreement ka = KeyAgreement.getInstance("DH");
    BigInteger[] weakPublicKeys = { BigInteger.ZERO, BigInteger.ONE, p.subtract(BigInteger.ONE), p, p.add(BigInteger.ONE), BigInteger.ONE.negate() };
    for (BigInteger weakKey : weakPublicKeys) {
        ka.init(priv);
        try {
            KeyFactory kf = KeyFactory.getInstance("DH");
            DHPublicKeySpec weakSpec = new DHPublicKeySpec(weakKey, p, g);
            PublicKey pub = kf.generatePublic(weakSpec);
            ka.doPhase(pub, true);
            byte[] kAB = ka.generateSecret();
            fail("Generated secrets with weak public key:" + weakKey.toString() + " secret:" + TestUtil.bytesToHex(kAB));
        } catch (GeneralSecurityException ex) {
        // this is expected
        }
    }
}
Also used : DHPrivateKey(javax.crypto.interfaces.DHPrivateKey) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) GeneralSecurityException(java.security.GeneralSecurityException) BigInteger(java.math.BigInteger) DHParameterSpec(javax.crypto.spec.DHParameterSpec) KeyPairGenerator(java.security.KeyPairGenerator) DHPublicKeySpec(javax.crypto.spec.DHPublicKeySpec) KeyAgreement(javax.crypto.KeyAgreement) KeyFactory(java.security.KeyFactory) SlowTest(com.google.security.wycheproof.WycheproofRunner.SlowTest) Test(org.junit.Test) NoPresubmitTest(com.google.security.wycheproof.WycheproofRunner.NoPresubmitTest)

Aggregations

DHPublicKeySpec (javax.crypto.spec.DHPublicKeySpec)17 KeyFactory (java.security.KeyFactory)13 DHPublicKey (javax.crypto.interfaces.DHPublicKey)12 BigInteger (java.math.BigInteger)11 PublicKey (java.security.PublicKey)11 IOException (java.io.IOException)9 DHParameterSpec (javax.crypto.spec.DHParameterSpec)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8 KeyPair (java.security.KeyPair)6 KeyPairGenerator (java.security.KeyPairGenerator)6 CertificateException (java.security.cert.CertificateException)6 KeyAgreement (javax.crypto.KeyAgreement)6 Cipher (javax.crypto.Cipher)5 X509Certificate (java.security.cert.X509Certificate)4 RSAPublicKey (java.security.interfaces.RSAPublicKey)4 X509ExtendedKeyManager (javax.net.ssl.X509ExtendedKeyManager)4 X509KeyManager (javax.net.ssl.X509KeyManager)4 GeneralSecurityException (java.security.GeneralSecurityException)3 PrivateKey (java.security.PrivateKey)3 DHPrivateKeySpec (javax.crypto.spec.DHPrivateKeySpec)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial