Search in sources :

Example 91 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project jdk8u_jdk by JetBrains.

the class PBESealedObject method runTest.

// Have a generic throws Exception as it can throw many different exceptions
public boolean runTest(Provider p, String algo, PrintStream out) throws Exception {
    byte[] salt = new byte[8];
    int ITERATION_COUNT = 1000;
    AlgorithmParameters pbeParams = null;
    String baseAlgo = new StringTokenizer(algo, "/").nextToken().toUpperCase();
    boolean isAES = baseAlgo.contains("AES");
    try {
        // Initialization
        Cipher ci = Cipher.getInstance(algo, p);
        new Random().nextBytes(salt);
        AlgorithmParameterSpec aps = new PBEParameterSpec(salt, ITERATION_COUNT);
        SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
        SecretKey key = skf.generateSecret(new PBEKeySpec("Secret Lover".toCharArray()));
        // Seal
        if (isAES) {
            ci.init(Cipher.ENCRYPT_MODE, key);
            pbeParams = ci.getParameters();
        } else {
            ci.init(Cipher.ENCRYPT_MODE, key, aps);
        }
        SealedObject so = new SealedObject(key, ci);
        // Unseal and compare
        if (isAES) {
            ci.init(Cipher.DECRYPT_MODE, key, pbeParams);
        } else {
            ci.init(Cipher.DECRYPT_MODE, key, aps);
        }
        SecretKey unsealedKey;
        unsealedKey = (SecretKey) so.getObject(ci);
        if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) {
            return false;
        }
        unsealedKey = (SecretKey) so.getObject(key);
        if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) {
            return false;
        }
        unsealedKey = (SecretKey) so.getObject(key, "SunJCE");
        return Arrays.equals(unsealedKey.getEncoded(), key.getEncoded());
    } catch (InvalidKeyException ex) {
        if (baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256")) {
            out.println("Expected exception , keyStrength > 128 within" + algo);
            return true;
        }
        throw ex;
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SealedObject(javax.crypto.SealedObject) InvalidKeyException(java.security.InvalidKeyException) StringTokenizer(java.util.StringTokenizer) SecretKey(javax.crypto.SecretKey) Random(java.util.Random) Cipher(javax.crypto.Cipher) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) AlgorithmParameters(java.security.AlgorithmParameters)

Example 92 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project jdk8u_jdk by JetBrains.

the class PBMacDoFinalVsUpdate method getSecretKey.

/**
     * Get SecretKey for the given PBKDF2 algorithm.
     *
     * @param thePBKDF2Algorithm - PBKDF2 algorithm
     * @return SecretKey according to thePBKDF2Algorithm
     * @throws NoSuchAlgorithmException
     * @throws InvalidKeySpecException
     */
protected SecretKey getSecretKey(String thePBKDF2Algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException {
    // Prepare salt
    // PKCS #5 v2.1 recommendation
    byte[] salt = new byte[64];
    new SecureRandom().nextBytes(salt);
    // Generate secret key
    PBEKeySpec pbeKeySpec = new PBEKeySpec("A #pwd# implied to be hidden!".toCharArray(), salt, 1000, 128);
    SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(thePBKDF2Algorithm);
    return keyFactory.generateSecret(pbeKeySpec);
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecureRandom(java.security.SecureRandom) SecretKeyFactory(javax.crypto.SecretKeyFactory)

Example 93 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project jdk8u_jdk by JetBrains.

the class TestCipherKeyWrapperPBEKey method runTest.

// Have a generic throws Exception as it can throw many different exceptions
public boolean runTest(Provider p, String algo, PrintStream out) throws Exception {
    byte[] salt = new byte[8];
    int ITERATION_COUNT = 1000;
    AlgorithmParameters pbeParams = null;
    String baseAlgo = new StringTokenizer(algo, "/").nextToken().toUpperCase();
    boolean isAES = baseAlgo.contains("AES");
    try {
        // Initialization
        new Random().nextBytes(salt);
        AlgorithmParameterSpec aps = new PBEParameterSpec(salt, ITERATION_COUNT);
        SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
        SecretKey key = skf.generateSecret(new PBEKeySpec("Secret Key".toCharArray()));
        Cipher ci = Cipher.getInstance(algo);
        if (isAES) {
            ci.init(Cipher.WRAP_MODE, key);
            pbeParams = ci.getParameters();
        } else {
            ci.init(Cipher.WRAP_MODE, key, aps);
        }
        byte[] keyWrapper = ci.wrap(key);
        if (isAES) {
            ci.init(Cipher.UNWRAP_MODE, key, pbeParams);
        } else {
            ci.init(Cipher.UNWRAP_MODE, key, aps);
        }
        Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
        if (baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256")) {
            out.print("InvalidKeyException not thrown when keyStrength > 128");
            return false;
        }
        return (Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded()));
    } catch (InvalidKeyException ex) {
        if ((baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256"))) {
            out.println("Expected InvalidKeyException, keyStrength > 128");
            return true;
        } else {
            throw ex;
        }
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) InvalidKeyException(java.security.InvalidKeyException) StringTokenizer(java.util.StringTokenizer) SecretKey(javax.crypto.SecretKey) Random(java.util.Random) Cipher(javax.crypto.Cipher) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) Key(java.security.Key) SecretKey(javax.crypto.SecretKey) AlgorithmParameters(java.security.AlgorithmParameters)

Example 94 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project jdk8u_jdk by JetBrains.

the class PBMacBuffer method getSecretKey.

/**
     * Get SecretKey for the given PBKDF2 algorithm.
     *
     * @param thePBKDF2Algorithm - PBKDF2 algorithm
     * @return SecretKey according to thePBKDF2Algorithm
     * @throws NoSuchAlgorithmException
     * @throws InvalidKeySpecException
     */
protected SecretKey getSecretKey(String thePBKDF2Algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException {
    // Prepare salt
    // PKCS #5 v2.1 recommendation
    byte[] salt = new byte[64];
    new SecureRandom().nextBytes(salt);
    // Generate secret key
    PBEKeySpec pbeKeySpec = new PBEKeySpec("A #pwd# implied to be hidden!".toCharArray(), salt, 1000, 128);
    SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(thePBKDF2Algorithm);
    return keyFactory.generateSecret(pbeKeySpec);
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecureRandom(java.security.SecureRandom) SecretKeyFactory(javax.crypto.SecretKeyFactory)

Example 95 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project jdk8u_jdk by JetBrains.

the class AesDkCrypto method PBKDF2.

/*
     * Invoke the PKCS#5 PBKDF2 algorithm
     */
private static byte[] PBKDF2(char[] secret, byte[] salt, int count, int keyLength) throws GeneralSecurityException {
    PBEKeySpec keySpec = new PBEKeySpec(secret, salt, count, keyLength);
    SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
    SecretKey key = skf.generateSecret(keySpec);
    byte[] result = key.getEncoded();
    return result;
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecretKey(javax.crypto.SecretKey) SecretKeyFactory(javax.crypto.SecretKeyFactory)

Aggregations

PBEKeySpec (javax.crypto.spec.PBEKeySpec)110 SecretKeyFactory (javax.crypto.SecretKeyFactory)85 SecretKey (javax.crypto.SecretKey)60 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)39 Cipher (javax.crypto.Cipher)39 PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)33 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)27 KeySpec (java.security.spec.KeySpec)26 SecretKeySpec (javax.crypto.spec.SecretKeySpec)17 KeyStoreException (java.security.KeyStoreException)16 IOException (java.io.IOException)15 CertificateException (java.security.cert.CertificateException)12 UnrecoverableKeyException (java.security.UnrecoverableKeyException)11 KeyStore (java.security.KeyStore)10 CertificateEncodingException (java.security.cert.CertificateEncodingException)8 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)8 EncryptedPrivateKeyInfo (javax.crypto.EncryptedPrivateKeyInfo)8 Key (java.security.Key)7 UnsupportedEncodingException (java.io.UnsupportedEncodingException)6 InvalidKeyException (java.security.InvalidKeyException)6