Example 71 with PBEParameterSpec
use of javax.crypto.spec.PBEParameterSpec in project jdk8u_jdk by JetBrains.
the class PBESealedObject method runTest.
// Have a generic throws Exception as it can throw many different exceptions
public boolean runTest(Provider p, String algo, PrintStream out) throws Exception {
byte[] salt = new byte[8];
int ITERATION_COUNT = 1000;
AlgorithmParameters pbeParams = null;
String baseAlgo = new StringTokenizer(algo, "/").nextToken().toUpperCase();
boolean isAES = baseAlgo.contains("AES");
try {
// Initialization
Cipher ci = Cipher.getInstance(algo, p);
new Random().nextBytes(salt);
AlgorithmParameterSpec aps = new PBEParameterSpec(salt, ITERATION_COUNT);
SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
SecretKey key = skf.generateSecret(new PBEKeySpec("Secret Lover".toCharArray()));
// Seal
if (isAES) {
ci.init(Cipher.ENCRYPT_MODE, key);
pbeParams = ci.getParameters();
} else {
ci.init(Cipher.ENCRYPT_MODE, key, aps);
}
SealedObject so = new SealedObject(key, ci);
// Unseal and compare
if (isAES) {
ci.init(Cipher.DECRYPT_MODE, key, pbeParams);
} else {
ci.init(Cipher.DECRYPT_MODE, key, aps);
}
SecretKey unsealedKey;
unsealedKey = (SecretKey) so.getObject(ci);
if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) {
return false;
}
unsealedKey = (SecretKey) so.getObject(key);
if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) {
return false;
}
unsealedKey = (SecretKey) so.getObject(key, "SunJCE");
return Arrays.equals(unsealedKey.getEncoded(), key.getEncoded());
} catch (InvalidKeyException ex) {
if (baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256")) {
out.println("Expected exception , keyStrength > 128 within" + algo);
return true;
}
throw ex;
}
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
SealedObject(javax.crypto.SealedObject)
InvalidKeyException(java.security.InvalidKeyException)
StringTokenizer(java.util.StringTokenizer)
SecretKey(javax.crypto.SecretKey)
Random(java.util.Random)
Cipher(javax.crypto.Cipher)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
AlgorithmParameters(java.security.AlgorithmParameters)
Example 72 with PBEParameterSpec
use of javax.crypto.spec.PBEParameterSpec in project jdk8u_jdk by JetBrains.
the class TestCipherKeyWrapperPBEKey method runTest.
// Have a generic throws Exception as it can throw many different exceptions
public boolean runTest(Provider p, String algo, PrintStream out) throws Exception {
byte[] salt = new byte[8];
int ITERATION_COUNT = 1000;
AlgorithmParameters pbeParams = null;
String baseAlgo = new StringTokenizer(algo, "/").nextToken().toUpperCase();
boolean isAES = baseAlgo.contains("AES");
try {
// Initialization
new Random().nextBytes(salt);
AlgorithmParameterSpec aps = new PBEParameterSpec(salt, ITERATION_COUNT);
SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
SecretKey key = skf.generateSecret(new PBEKeySpec("Secret Key".toCharArray()));
Cipher ci = Cipher.getInstance(algo);
if (isAES) {
ci.init(Cipher.WRAP_MODE, key);
pbeParams = ci.getParameters();
} else {
ci.init(Cipher.WRAP_MODE, key, aps);
}
byte[] keyWrapper = ci.wrap(key);
if (isAES) {
ci.init(Cipher.UNWRAP_MODE, key, pbeParams);
} else {
ci.init(Cipher.UNWRAP_MODE, key, aps);
}
Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
if (baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256")) {
out.print("InvalidKeyException not thrown when keyStrength > 128");
return false;
}
return (Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded()));
} catch (InvalidKeyException ex) {
if ((baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256"))) {
out.println("Expected InvalidKeyException, keyStrength > 128");
return true;
} else {
throw ex;
}
}
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
InvalidKeyException(java.security.InvalidKeyException)
StringTokenizer(java.util.StringTokenizer)
SecretKey(javax.crypto.SecretKey)
Random(java.util.Random)
Cipher(javax.crypto.Cipher)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Key(java.security.Key)
SecretKey(javax.crypto.SecretKey)
AlgorithmParameters(java.security.AlgorithmParameters)
Example 73 with PBEParameterSpec
use of javax.crypto.spec.PBEParameterSpec in project jdk8u_jdk by JetBrains.
the class EntryProtectionTest method setUp.
private void setUp() {
out.println("Using KEYSTORE_PATH:" + KEYSTORE_PATH);
Utils.createKeyStore(Utils.KeyStoreType.pkcs12, KEYSTORE_PATH, ALIAS);
Random rand = RandomFactory.getRandom();
rand.nextBytes(SALT);
out.print("Salt: ");
for (byte b : SALT) {
out.format("%02X ", b);
}
out.println("");
PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD, "PBEWithMD5AndDES", new PBEParameterSpec(SALT, ITERATION_COUNT)));
PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD, "PBEWithSHA1AndDESede", null));
PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD, "PBEWithSHA1AndRC2_40", null));
PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD, "PBEWithSHA1AndRC2_128", null));
PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD, "PBEWithSHA1AndRC4_40", null));
PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD, "PBEWithSHA1AndRC4_128", null));
}
Also used :
Random(java.util.Random)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Example 74 with PBEParameterSpec
use of javax.crypto.spec.PBEParameterSpec in project jdk8u_jdk by JetBrains.
the class TestCipherKeyWrapperTest method wrapTest.
private void wrapTest(String transformation, String wrapAlgo, Key initKey, Key wrapKey, int keyType, boolean isPBE) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
String algo = transformation.split("/")[0];
boolean isAESBlowfish = algo.indexOf("AES") != -1 || algo.indexOf("Blowfish") != -1;
AlgorithmParameters aps = null;
AlgorithmParameterSpec pbeParams = null;
if (isPBE) {
byte[] salt = new byte[8];
int iterCnt = 1000;
new Random().nextBytes(salt);
pbeParams = new PBEParameterSpec(salt, iterCnt);
}
// Wrap & UnWrap operation
Cipher wrapCI = Cipher.getInstance(wrapAlgo);
if (isPBE && !isAESBlowfish) {
wrapCI.init(Cipher.WRAP_MODE, initKey, pbeParams);
} else if (isAESBlowfish) {
wrapCI.init(Cipher.WRAP_MODE, initKey);
aps = wrapCI.getParameters();
} else {
wrapCI.init(Cipher.WRAP_MODE, initKey);
}
out.println("keysize : " + wrapKey.getEncoded().length);
byte[] keyWrapper = wrapCI.wrap(wrapKey);
if (isPBE && !isAESBlowfish) {
wrapCI.init(Cipher.UNWRAP_MODE, initKey, pbeParams);
} else if (isAESBlowfish) {
wrapCI.init(Cipher.UNWRAP_MODE, initKey, aps);
} else {
wrapCI.init(Cipher.UNWRAP_MODE, initKey);
}
Key unwrappedKey = wrapCI.unwrap(keyWrapper, algo, keyType);
// Comparison
if (!Arrays.equals(wrapKey.getEncoded(), unwrappedKey.getEncoded())) {
throw new RuntimeException("Comparation failed testing " + transformation + ":" + wrapAlgo + ":" + keyType);
}
}
Also used :
Random(java.util.Random)
String(java.lang.String)
Cipher(javax.crypto.Cipher)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Key(java.security.Key)
SecretKey(javax.crypto.SecretKey)
AlgorithmParameters(java.security.AlgorithmParameters)
Example 75 with PBEParameterSpec
use of javax.crypto.spec.PBEParameterSpec in project jdk8u_jdk by JetBrains.
the class PKCS12SameKeyId method main.
public static void main(String[] args) throws Exception {
// Prepare a JKS keystore with many entries
new File(JKSFILE).delete();
for (int i = 0; i < SIZE; i++) {
System.err.print(".");
String cmd = "-keystore " + JKSFILE + " -storepass changeit -keypass changeit -keyalg rsa " + "-genkeypair -alias p" + i + " -dname CN=" + i;
sun.security.tools.keytool.Main.main(cmd.split(" "));
}
// Prepare EncryptedPrivateKeyInfo parameters, copied from various
// places in PKCS12KeyStore.java
AlgorithmParameters algParams = AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
AlgorithmId algid = new AlgorithmId(new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
SecretKey skey = skFac.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
// Pre-calculated keys and certs and aliases
byte[][] keys = new byte[SIZE][];
Certificate[][] certChains = new Certificate[SIZE][];
String[] aliases = new String[SIZE];
// Reads from JKS keystore and pre-calculate
KeyStore ks = KeyStore.getInstance("jks");
try (FileInputStream fis = new FileInputStream(JKSFILE)) {
ks.load(fis, PASSWORD);
}
for (int i = 0; i < SIZE; i++) {
aliases[i] = "p" + i;
byte[] enckey = cipher.doFinal(ks.getKey(aliases[i], PASSWORD).getEncoded());
keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
certChains[i] = ks.getCertificateChain(aliases[i]);
}
// Write into PKCS12 keystore. Use this overloaded version of
// setKeyEntry() to be as fast as possible, so that they would
// have same localKeyId.
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(null, PASSWORD);
for (int i = 0; i < SIZE; i++) {
p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
}
try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
p12.store(fos, PASSWORD);
}
// Check private keys still match certs
p12 = KeyStore.getInstance("pkcs12");
try (FileInputStream fis = new FileInputStream(P12FILE)) {
p12.load(fis, PASSWORD);
}
for (int i = 0; i < SIZE; i++) {
String a = "p" + i;
X509Certificate x = (X509Certificate) p12.getCertificate(a);
X500Name name = (X500Name) x.getSubjectDN();
if (!name.getCommonName().equals("" + i)) {
throw new Exception(a + "'s cert is " + name);
}
}
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
X500Name(sun.security.x509.X500Name)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
SecretKey(javax.crypto.SecretKey)
AlgorithmId(sun.security.x509.AlgorithmId)
FileOutputStream(java.io.FileOutputStream)
EncryptedPrivateKeyInfo(sun.security.pkcs.EncryptedPrivateKeyInfo)
Cipher(javax.crypto.Cipher)
File(java.io.File)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
AlgorithmParameters(java.security.AlgorithmParameters)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)101
SecretKey (javax.crypto.SecretKey)72
Cipher (javax.crypto.Cipher)65
PBEKeySpec (javax.crypto.spec.PBEKeySpec)59
SecretKeyFactory (javax.crypto.SecretKeyFactory)51
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)19
IvParameterSpec (javax.crypto.spec.IvParameterSpec)18
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)17
InvalidKeyException (java.security.InvalidKeyException)17
KeyStoreException (java.security.KeyStoreException)14
UnrecoverableKeyException (java.security.UnrecoverableKeyException)14
CertificateException (java.security.cert.CertificateException)14
AlgorithmParameters (java.security.AlgorithmParameters)12
SecureRandom (java.security.SecureRandom)12
CipherParameters (org.bouncycastle.crypto.CipherParameters)12
KeyParameter (org.bouncycastle.crypto.params.KeyParameter)12
ParametersWithIV (org.bouncycastle.crypto.params.ParametersWithIV)12
IOException (java.io.IOException)11
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)9
Key (java.security.Key)8
