Search in sources :

Example 26 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project jdk8u_jdk by JetBrains.

the class HmacPKCS12PBESHA1 method engineInit.

/**
     * Initializes the HMAC with the given secret key and algorithm parameters.
     *
     * @param key the secret key.
     * @param params the algorithm parameters.
     *
     * @exception InvalidKeyException if the given key is inappropriate for
     * initializing this MAC.
     * @exception InvalidAlgorithmParameterException if the given algorithm
     * parameters are inappropriate for this MAC.
     */
protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey = (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        // maybe null if unspecified
        salt = pbeKey.getSalt();
        // maybe 0 if unspecified
        iCount = pbeKey.getIterationCount();
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) || !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i = 0; i < passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException("IterationCount must be a positive number");
    }
    byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt, iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
Also used : SecretKey(javax.crypto.SecretKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 27 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project GeoGig by boundlessgeo.

the class Remote method decryptPassword.

public static String decryptPassword(String password) {
    try {
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
        SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));
        Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
        pbeCipher.init(Cipher.DECRYPT_MODE, key, new PBEParameterSpec(SALT, 20));
        return new String(pbeCipher.doFinal(Base64.decode(password)));
    } catch (Exception e) {
        return password;
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecretKey(javax.crypto.SecretKey) Cipher(javax.crypto.Cipher) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) MalformedURLException(java.net.MalformedURLException)

Example 28 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project symmetric-ds by JumpMind.

the class SecurityService method initializeCipher.

protected void initializeCipher(Cipher cipher, int mode) throws Exception {
    AlgorithmParameterSpec paramSpec = Cipher.getMaxAllowedParameterSpec(cipher.getAlgorithm());
    if (paramSpec instanceof PBEParameterSpec || (paramSpec == null && cipher.getAlgorithm().startsWith("PBE"))) {
        paramSpec = new PBEParameterSpec(SecurityConstants.SALT, SecurityConstants.ITERATION_COUNT);
        cipher.init(mode, secretKey, paramSpec);
    } else if (paramSpec instanceof IvParameterSpec) {
        paramSpec = new IvParameterSpec(SecurityConstants.SALT);
        cipher.init(mode, secretKey, paramSpec);
    } else {
        cipher.init(mode, secretKey, (AlgorithmParameterSpec) null);
    }
}
Also used : IvParameterSpec(javax.crypto.spec.IvParameterSpec) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 29 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project Lucee by lucee.

the class Cryptor method _crypt.

private static byte[] _crypt(byte[] input, String key, String algorithm, byte[] ivOrSalt, int iterations, boolean doDecrypt) throws PageException {
    byte[] result = null;
    Key secretKey = null;
    AlgorithmParameterSpec params = null;
    String algo = algorithm;
    boolean isFBM = false, isPBE = StringUtil.startsWithIgnoreCase(algo, "PBE");
    int ivsLen = 0, algoDelimPos = algorithm.indexOf('/');
    if (algoDelimPos > -1) {
        algo = algorithm.substring(0, algoDelimPos);
        isFBM = !StringUtil.startsWithIgnoreCase(algorithm.substring(algoDelimPos + 1), "ECB");
    }
    try {
        Cipher cipher = Cipher.getInstance(algorithm);
        if (ivOrSalt == null) {
            if (isPBE || isFBM) {
                ivsLen = cipher.getBlockSize();
                ivOrSalt = new byte[ivsLen];
                if (doDecrypt)
                    System.arraycopy(input, 0, ivOrSalt, 0, ivsLen);
                else
                    secureRandom.nextBytes(ivOrSalt);
            }
        }
        if (isPBE) {
            secretKey = SecretKeyFactory.getInstance(algorithm).generateSecret(new PBEKeySpec(key.toCharArray()));
            // set Salt and Iterations for PasswordBasedEncryption
            params = new PBEParameterSpec(ivOrSalt, iterations > 0 ? iterations : DEFAULT_ITERATIONS);
        } else {
            secretKey = new SecretKeySpec(Coder.decode(Coder.ENCODING_BASE64, key), algo);
            if (isFBM)
                // set Initialization Vector for non-ECB Feedback Mode
                params = new IvParameterSpec(ivOrSalt);
        }
        if (doDecrypt) {
            cipher.init(Cipher.DECRYPT_MODE, secretKey, params);
            result = cipher.doFinal(input, ivsLen, input.length - ivsLen);
        } else {
            cipher.init(Cipher.ENCRYPT_MODE, secretKey, params);
            result = new byte[ivsLen + cipher.getOutputSize(input.length)];
            if (ivsLen > 0)
                System.arraycopy(ivOrSalt, 0, result, 0, ivsLen);
            cipher.doFinal(input, 0, input.length, result, ivsLen);
        }
        return result;
    } catch (Throwable t) {
        ExceptionUtil.rethrowIfNecessary(t);
        throw Caster.toPageException(t);
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecretKeySpec(javax.crypto.spec.SecretKeySpec) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) Key(java.security.Key) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 30 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project ORCID-Source by ORCID.

the class DesEncrypter method initDesEncrypter.

private void initDesEncrypter(final String passPhrase) {
    try {
        // Create the key
        KeySpec keySpec = new PBEKeySpec(passPhrase.toCharArray(), salt, iterationCount);
        SecretKey key = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(keySpec);
        ecipher = Cipher.getInstance(key.getAlgorithm());
        dcipher = Cipher.getInstance(key.getAlgorithm());
        // Prepare the parameter to the ciphers
        AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt, iterationCount);
        // Create the ciphers
        ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
        dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
    } catch (GeneralSecurityException e) {
        LOGGER.trace("DesEncrypter.creation failed", e);
        throw new ApplicationException("DesEncrypter creation failed", e);
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecretKey(javax.crypto.SecretKey) ApplicationException(org.orcid.core.exception.ApplicationException) KeySpec(java.security.spec.KeySpec) PBEKeySpec(javax.crypto.spec.PBEKeySpec) GeneralSecurityException(java.security.GeneralSecurityException) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Aggregations

PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)58 SecretKey (javax.crypto.SecretKey)36 Cipher (javax.crypto.Cipher)34 PBEKeySpec (javax.crypto.spec.PBEKeySpec)33 SecretKeyFactory (javax.crypto.SecretKeyFactory)27 IvParameterSpec (javax.crypto.spec.IvParameterSpec)14 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13 KeyStoreException (java.security.KeyStoreException)11 UnrecoverableKeyException (java.security.UnrecoverableKeyException)11 CertificateException (java.security.cert.CertificateException)11 InvalidKeyException (java.security.InvalidKeyException)10 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)9 CipherParameters (org.bouncycastle.crypto.CipherParameters)9 KeyParameter (org.bouncycastle.crypto.params.KeyParameter)9 ParametersWithIV (org.bouncycastle.crypto.params.ParametersWithIV)9 IOException (java.io.IOException)8 AlgorithmParameters (java.security.AlgorithmParameters)8 SecureRandom (java.security.SecureRandom)8 CertificateEncodingException (java.security.cert.CertificateEncodingException)8 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)8