Example 1 with EncryptedValue
use of org.bouncycastle.asn1.crmf.EncryptedValue in project xipki by xipki.
the class CmpAgentUtil method decrypt.
private static byte[] decrypt(EncryptedValue ev, char[] password) throws XiSecurityException {
AlgorithmIdentifier symmAlg = ev.getSymmAlg();
if (!PKCSObjectIdentifiers.id_PBES2.equals(symmAlg.getAlgorithm())) {
throw new XiSecurityException("unsupported symmAlg " + symmAlg.getAlgorithm().getId());
}
PBES2Parameters alg = PBES2Parameters.getInstance(symmAlg.getParameters());
PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
try {
SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId());
SecretKey key;
int iterations = func.getIterationCount().intValue();
key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), iterations, KEYSIZE_PROVIDER.getKeySize(encScheme), func.getPrf()));
key = new SecretKeySpec(key.getEncoded(), "AES");
String cipherAlgOid = alg.getEncryptionScheme().getAlgorithm().getId();
Cipher cipher = Cipher.getInstance(cipherAlgOid);
ASN1Encodable encParams = alg.getEncryptionScheme().getParameters();
GCMParameters gcmParameters = GCMParameters.getInstance(encParams);
GCMParameterSpec gcmParamSpec = new GCMParameterSpec(gcmParameters.getIcvLen() * 8, gcmParameters.getNonce());
cipher.init(Cipher.DECRYPT_MODE, key, gcmParamSpec);
return cipher.doFinal(ev.getEncValue().getOctets());
} catch (IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | InvalidKeySpecException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException ex) {
throw new XiSecurityException("Error while decrypting the EncryptedValue", ex);
}
}
Also used :
PBES2Parameters(org.bouncycastle.asn1.pkcs.PBES2Parameters)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
GCMParameterSpec(javax.crypto.spec.GCMParameterSpec)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
PBKDF2KeySpec(org.bouncycastle.jcajce.spec.PBKDF2KeySpec)
InvalidKeyException(java.security.InvalidKeyException)
GCMParameters(org.bouncycastle.asn1.cms.GCMParameters)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
PBKDF2Params(org.bouncycastle.asn1.pkcs.PBKDF2Params)
IESCipher(org.bouncycastle.jcajce.provider.asymmetric.ec.IESCipher)
BlockCipher(org.bouncycastle.crypto.BlockCipher)
CBCBlockCipher(org.bouncycastle.crypto.modes.CBCBlockCipher)
PaddedBufferedBlockCipher(org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
Example 2 with EncryptedValue
use of org.bouncycastle.asn1.crmf.EncryptedValue in project xipki by xipki.
the class CmpAgentUtil method decrypt.
private static byte[] decrypt(EncryptedValue ev, PrivateKey decKey) throws XiSecurityException {
AlgorithmIdentifier keyAlg = ev.getKeyAlg();
ASN1ObjectIdentifier keyOid = keyAlg.getAlgorithm();
byte[] symmKey;
try {
if (decKey instanceof RSAPrivateKey) {
Cipher keyCipher;
if (keyOid.equals(PKCSObjectIdentifiers.id_RSAES_OAEP)) {
// Currently we only support the default RSAESOAEPparams
if (keyAlg.getParameters() != null) {
RSAESOAEPparams params = RSAESOAEPparams.getInstance(keyAlg.getParameters());
ASN1ObjectIdentifier oid = params.getHashAlgorithm().getAlgorithm();
if (!oid.equals(RSAESOAEPparams.DEFAULT_HASH_ALGORITHM.getAlgorithm())) {
throw new XiSecurityException("unsupported RSAESOAEPparams.HashAlgorithm " + oid.getId());
}
oid = params.getMaskGenAlgorithm().getAlgorithm();
if (!oid.equals(RSAESOAEPparams.DEFAULT_MASK_GEN_FUNCTION.getAlgorithm())) {
throw new XiSecurityException("unsupported RSAESOAEPparams.MaskGenAlgorithm " + oid.getId());
}
oid = params.getPSourceAlgorithm().getAlgorithm();
if (!params.getPSourceAlgorithm().equals(RSAESOAEPparams.DEFAULT_P_SOURCE_ALGORITHM)) {
throw new XiSecurityException("unsupported RSAESOAEPparams.PSourceAlgorithm " + oid.getId());
}
}
keyCipher = Cipher.getInstance("RSA/NONE/OAEPPADDING");
} else if (keyOid.equals(PKCSObjectIdentifiers.rsaEncryption)) {
keyCipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING");
} else {
throw new XiSecurityException("unsupported keyAlg " + keyOid.getId());
}
keyCipher.init(Cipher.DECRYPT_MODE, decKey);
symmKey = keyCipher.doFinal(ev.getEncSymmKey().getOctets());
} else if (decKey instanceof ECPrivateKey) {
ASN1Sequence params = ASN1Sequence.getInstance(keyAlg.getParameters());
final int n = params.size();
for (int i = 0; i < n; i++) {
if (!keyOid.equals(ObjectIdentifiers.Secg.id_ecies_specifiedParameters)) {
throw new XiSecurityException("unsupported keyAlg " + keyOid.getId());
}
ASN1TaggedObject to = (ASN1TaggedObject) params.getObjectAt(i);
int tag = to.getTagNo();
if (tag == 0) {
// KDF
AlgorithmIdentifier algId = AlgorithmIdentifier.getInstance(to.getObject());
if (ObjectIdentifiers.Misc.id_iso18033_kdf2.equals(algId.getAlgorithm())) {
AlgorithmIdentifier hashAlgorithm = AlgorithmIdentifier.getInstance(algId.getParameters());
if (!hashAlgorithm.getAlgorithm().equals(HashAlgo.SHA1.getOid())) {
throw new XiSecurityException("unsupported KeyDerivationFunction.HashAlgorithm " + hashAlgorithm.getAlgorithm().getId());
}
} else {
throw new XiSecurityException("unsupported KeyDerivationFunction " + algId.getAlgorithm().getId());
}
} else if (tag == 1) {
// SymmetricEncryption
AlgorithmIdentifier algId = AlgorithmIdentifier.getInstance(to.getObject());
if (!ObjectIdentifiers.Secg.id_aes128_cbc_in_ecies.equals(algId.getAlgorithm())) {
throw new XiSecurityException("unsupported SymmetricEncryption " + algId.getAlgorithm().getId());
}
} else if (tag == 2) {
// MessageAuthenticationCode
AlgorithmIdentifier algId = AlgorithmIdentifier.getInstance(to.getObject());
if (ObjectIdentifiers.Secg.id_hmac_full_ecies.equals(algId.getAlgorithm())) {
AlgorithmIdentifier hashAlgorithm = AlgorithmIdentifier.getInstance(algId.getParameters());
if (!hashAlgorithm.getAlgorithm().equals(HashAlgo.SHA1.getOid())) {
throw new XiSecurityException("unsupported MessageAuthenticationCode.HashAlgorithm " + hashAlgorithm.getAlgorithm().getId());
}
} else {
throw new XiSecurityException("unsupported MessageAuthenticationCode " + algId.getAlgorithm().getId());
}
}
}
int aesKeySize = 128;
byte[] iv = new byte[16];
AlgorithmParameterSpec spec = new IESParameterSpec(null, null, aesKeySize, aesKeySize, iv);
BlockCipher cbcCipher = new CBCBlockCipher(new AESEngine());
IESCipher keyCipher = new IESCipher(new IESEngine(new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()), new HMac(DigestFactory.createSHA1()), new PaddedBufferedBlockCipher(cbcCipher)), 16);
// no random is required
keyCipher.engineInit(Cipher.DECRYPT_MODE, decKey, spec, null);
byte[] encSymmKey = ev.getEncSymmKey().getOctets();
/*
* BouncyCastle expects the input ephemeralPublicKey | symmetricCiphertext | macTag.
* So we have to convert it from the following ASN.1 structure
* <pre>
* ECIES-Ciphertext-Value ::= SEQUENCE {
* ephemeralPublicKey ECPoint,
* symmetricCiphertext OCTET STRING,
* macTag OCTET STRING
* }
*
* ECPoint ::= OCTET STRING
* </pre>
*/
ASN1Sequence seq = DERSequence.getInstance(encSymmKey);
byte[] ephemeralPublicKey = DEROctetString.getInstance(seq.getObjectAt(0)).getOctets();
byte[] symmetricCiphertext = DEROctetString.getInstance(seq.getObjectAt(1)).getOctets();
byte[] macTag = DEROctetString.getInstance(seq.getObjectAt(2)).getOctets();
byte[] bcInput = new byte[ephemeralPublicKey.length + symmetricCiphertext.length + macTag.length];
System.arraycopy(ephemeralPublicKey, 0, bcInput, 0, ephemeralPublicKey.length);
int offset = ephemeralPublicKey.length;
System.arraycopy(symmetricCiphertext, 0, bcInput, offset, symmetricCiphertext.length);
offset += symmetricCiphertext.length;
System.arraycopy(macTag, 0, bcInput, offset, macTag.length);
symmKey = keyCipher.engineDoFinal(bcInput, 0, bcInput.length);
} else {
throw new XiSecurityException("unsupported decryption key type " + decKey.getClass().getName());
}
AlgorithmIdentifier symmAlg = ev.getSymmAlg();
ASN1ObjectIdentifier symmAlgOid = symmAlg.getAlgorithm();
if (!symmAlgOid.equals(NISTObjectIdentifiers.id_aes128_GCM)) {
// currently we only support AES128-GCM
throw new XiSecurityException("unsupported symmAlg " + symmAlgOid.getId());
}
GCMParameters params = GCMParameters.getInstance(symmAlg.getParameters());
Cipher dataCipher = Cipher.getInstance(symmAlgOid.getId());
AlgorithmParameterSpec algParams = new GCMParameterSpec(params.getIcvLen() << 3, params.getNonce());
dataCipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(symmKey, "AES"), algParams);
byte[] encValue = ev.getEncValue().getOctets();
return dataCipher.doFinal(encValue);
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException ex) {
throw new XiSecurityException("Error while decrypting the EncryptedValue", ex);
}
}
Also used :
RSAESOAEPparams(org.bouncycastle.asn1.pkcs.RSAESOAEPparams)
HMac(org.bouncycastle.crypto.macs.HMac)
IESCipher(org.bouncycastle.jcajce.provider.asymmetric.ec.IESCipher)
GCMParameterSpec(javax.crypto.spec.GCMParameterSpec)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IESEngine(org.bouncycastle.crypto.engines.IESEngine)
ECDHBasicAgreement(org.bouncycastle.crypto.agreement.ECDHBasicAgreement)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
CBCBlockCipher(org.bouncycastle.crypto.modes.CBCBlockCipher)
ECPrivateKey(java.security.interfaces.ECPrivateKey)
AESEngine(org.bouncycastle.crypto.engines.AESEngine)
PaddedBufferedBlockCipher(org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
BlockCipher(org.bouncycastle.crypto.BlockCipher)
CBCBlockCipher(org.bouncycastle.crypto.modes.CBCBlockCipher)
PaddedBufferedBlockCipher(org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)
IESParameterSpec(org.bouncycastle.jce.spec.IESParameterSpec)
InvalidKeyException(java.security.InvalidKeyException)
GCMParameters(org.bouncycastle.asn1.cms.GCMParameters)
KDF2BytesGenerator(org.bouncycastle.crypto.generators.KDF2BytesGenerator)
IESCipher(org.bouncycastle.jcajce.provider.asymmetric.ec.IESCipher)
BlockCipher(org.bouncycastle.crypto.BlockCipher)
CBCBlockCipher(org.bouncycastle.crypto.modes.CBCBlockCipher)
PaddedBufferedBlockCipher(org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Example 3 with EncryptedValue
use of org.bouncycastle.asn1.crmf.EncryptedValue in project xipki by xipki.
the class PbmMacCmpCaClient method decrypt.
private byte[] decrypt(EncryptedValue ev) throws Exception {
AlgorithmIdentifier symmAlg = ev.getSymmAlg();
if (!PKCSObjectIdentifiers.id_PBES2.equals(symmAlg.getAlgorithm())) {
throw new Exception("unsupported symmAlg " + symmAlg.getAlgorithm().getId());
}
PBES2Parameters alg = PBES2Parameters.getInstance(symmAlg.getParameters());
PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
ASN1ObjectIdentifier encSchemaAlgOid = encScheme.getAlgorithm();
int keysizeInBit;
if (NISTObjectIdentifiers.id_aes128_GCM.equals(encSchemaAlgOid)) {
keysizeInBit = 128;
} else if (NISTObjectIdentifiers.id_aes192_GCM.equals(encSchemaAlgOid)) {
keysizeInBit = 192;
} else if (NISTObjectIdentifiers.id_aes256_GCM.equals(encSchemaAlgOid)) {
keysizeInBit = 256;
} else {
throw new Exception("unsupported encryption scheme " + encSchemaAlgOid.getId());
}
SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId());
SecretKey key;
int iterations = func.getIterationCount().intValue();
key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), iterations, keysizeInBit, func.getPrf()));
key = new SecretKeySpec(key.getEncoded(), "AES");
String cipherAlgOid = alg.getEncryptionScheme().getAlgorithm().getId();
Cipher cipher = Cipher.getInstance(cipherAlgOid);
ASN1Encodable encParams = alg.getEncryptionScheme().getParameters();
GCMParameters gcmParameters = GCMParameters.getInstance(encParams);
GCMParameterSpec gcmParamSpec = new GCMParameterSpec(gcmParameters.getIcvLen() * 8, gcmParameters.getNonce());
cipher.init(Cipher.DECRYPT_MODE, key, gcmParamSpec);
return cipher.doFinal(ev.getEncValue().getOctets());
}
Also used :
PBES2Parameters(org.bouncycastle.asn1.pkcs.PBES2Parameters)
GCMParameterSpec(javax.crypto.spec.GCMParameterSpec)
PBKDF2KeySpec(org.bouncycastle.jcajce.spec.PBKDF2KeySpec)
CMPException(org.bouncycastle.cert.cmp.CMPException)
CRMFException(org.bouncycastle.cert.crmf.CRMFException)
InvalidKeyException(java.security.InvalidKeyException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
SecretKey(javax.crypto.SecretKey)
GCMParameters(org.bouncycastle.asn1.cms.GCMParameters)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
PBKDF2Params(org.bouncycastle.asn1.pkcs.PBKDF2Params)
Cipher(javax.crypto.Cipher)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 4 with EncryptedValue
use of org.bouncycastle.asn1.crmf.EncryptedValue in project xipki by xipki.
the class SignatureCmpCaClient method decrypt.
private byte[] decrypt(EncryptedValue ev) throws Exception {
AlgorithmIdentifier keyAlg = ev.getKeyAlg();
ASN1ObjectIdentifier keyOid = keyAlg.getAlgorithm();
byte[] symmKey;
try {
if (requestorKey instanceof RSAPrivateKey) {
Cipher keyCipher;
if (keyOid.equals(PKCSObjectIdentifiers.id_RSAES_OAEP)) {
// Currently we only support the default RSAESOAEPparams
if (keyAlg.getParameters() != null) {
RSAESOAEPparams params = RSAESOAEPparams.getInstance(keyAlg.getParameters());
ASN1ObjectIdentifier oid = params.getHashAlgorithm().getAlgorithm();
if (!oid.equals(RSAESOAEPparams.DEFAULT_HASH_ALGORITHM.getAlgorithm())) {
throw new Exception("unsupported RSAESOAEPparams.HashAlgorithm " + oid.getId());
}
oid = params.getMaskGenAlgorithm().getAlgorithm();
if (!oid.equals(RSAESOAEPparams.DEFAULT_MASK_GEN_FUNCTION.getAlgorithm())) {
throw new Exception("unsupported RSAESOAEPparams.MaskGenAlgorithm " + oid.getId());
}
oid = params.getPSourceAlgorithm().getAlgorithm();
if (!params.getPSourceAlgorithm().equals(RSAESOAEPparams.DEFAULT_P_SOURCE_ALGORITHM)) {
throw new Exception("unsupported RSAESOAEPparams.PSourceAlgorithm " + oid.getId());
}
}
keyCipher = Cipher.getInstance("RSA/NONE/OAEPPADDING");
} else if (keyOid.equals(PKCSObjectIdentifiers.rsaEncryption)) {
keyCipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING");
} else {
throw new Exception("unsupported keyAlg " + keyOid.getId());
}
keyCipher.init(Cipher.DECRYPT_MODE, requestorKey);
symmKey = keyCipher.doFinal(ev.getEncSymmKey().getOctets());
} else if (requestorKey instanceof ECPrivateKey) {
ASN1Sequence params = ASN1Sequence.getInstance(keyAlg.getParameters());
final int n = params.size();
for (int i = 0; i < n; i++) {
if (!keyOid.equals(ObjectIdentifiers.id_ecies_specifiedParameters)) {
throw new Exception("unsupported keyAlg " + keyOid.getId());
}
ASN1TaggedObject to = (ASN1TaggedObject) params.getObjectAt(i);
int tag = to.getTagNo();
if (tag == 0) {
// KDF
AlgorithmIdentifier algId = AlgorithmIdentifier.getInstance(to.getObject());
if (ObjectIdentifiers.id_iso18033_kdf2.equals(algId.getAlgorithm())) {
AlgorithmIdentifier hashAlgorithm = AlgorithmIdentifier.getInstance(algId.getParameters());
if (!hashAlgorithm.getAlgorithm().equals(ObjectIdentifiers.id_sha1)) {
throw new Exception("unsupported KeyDerivationFunction.HashAlgorithm " + hashAlgorithm.getAlgorithm().getId());
}
} else {
throw new Exception("unsupported KeyDerivationFunction " + algId.getAlgorithm().getId());
}
} else if (tag == 1) {
// SymmetricEncryption
AlgorithmIdentifier algId = AlgorithmIdentifier.getInstance(to.getObject());
if (!ObjectIdentifiers.id_aes128_cbc_in_ecies.equals(algId.getAlgorithm())) {
throw new Exception("unsupported SymmetricEncryption " + algId.getAlgorithm().getId());
}
} else if (tag == 2) {
// MessageAuthenticationCode
AlgorithmIdentifier algId = AlgorithmIdentifier.getInstance(to.getObject());
if (ObjectIdentifiers.id_hmac_full_ecies.equals(algId.getAlgorithm())) {
AlgorithmIdentifier hashAlgorithm = AlgorithmIdentifier.getInstance(algId.getParameters());
if (!hashAlgorithm.getAlgorithm().equals(ObjectIdentifiers.id_sha1)) {
throw new Exception("unsupported MessageAuthenticationCode.HashAlgorithm " + hashAlgorithm.getAlgorithm().getId());
}
} else {
throw new Exception("unsupported MessageAuthenticationCode " + algId.getAlgorithm().getId());
}
}
}
int aesKeySize = 128;
byte[] iv = new byte[16];
AlgorithmParameterSpec spec = new IESParameterSpec(null, null, aesKeySize, aesKeySize, iv);
BlockCipher cbcCipher = new CBCBlockCipher(new AESEngine());
IESCipher keyCipher = new IESCipher(new IESEngine(new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()), new HMac(DigestFactory.createSHA1()), new PaddedBufferedBlockCipher(cbcCipher)), 16);
// no random is required
keyCipher.engineInit(Cipher.DECRYPT_MODE, requestorKey, spec, null);
byte[] encSymmKey = ev.getEncSymmKey().getOctets();
/*
* BouncyCastle expects the input ephemeralPublicKey | symmetricCiphertext | macTag.
* So we have to convert it from the following ASN.1 structure
* <pre>
* ECIES-Ciphertext-Value ::= SEQUENCE {
* ephemeralPublicKey ECPoint,
* symmetricCiphertext OCTET STRING,
* macTag OCTET STRING
* }
*
* ECPoint ::= OCTET STRING
* </pre>
*/
ASN1Sequence seq = DERSequence.getInstance(encSymmKey);
byte[] ephemeralPublicKey = DEROctetString.getInstance(seq.getObjectAt(0)).getOctets();
byte[] symmetricCiphertext = DEROctetString.getInstance(seq.getObjectAt(1)).getOctets();
byte[] macTag = DEROctetString.getInstance(seq.getObjectAt(2)).getOctets();
byte[] bcInput = new byte[ephemeralPublicKey.length + symmetricCiphertext.length + macTag.length];
System.arraycopy(ephemeralPublicKey, 0, bcInput, 0, ephemeralPublicKey.length);
int offset = ephemeralPublicKey.length;
System.arraycopy(symmetricCiphertext, 0, bcInput, offset, symmetricCiphertext.length);
offset += symmetricCiphertext.length;
System.arraycopy(macTag, 0, bcInput, offset, macTag.length);
symmKey = keyCipher.engineDoFinal(bcInput, 0, bcInput.length);
} else {
throw new Exception("unsupported decryption key type " + requestorKey.getClass().getName());
}
AlgorithmIdentifier symmAlg = ev.getSymmAlg();
if (!symmAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_aes128_GCM)) {
// currently we only support AES128-GCM
throw new Exception("unsupported symmAlg " + symmAlg.getAlgorithm().getId());
}
Cipher dataCipher = Cipher.getInstance(NISTObjectIdentifiers.id_aes128_GCM.getId());
GCMParameters gcmParams = GCMParameters.getInstance(symmAlg.getParameters());
GCMParameterSpec spec = new GCMParameterSpec(gcmParams.getIcvLen() * 8, gcmParams.getNonce());
dataCipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(symmKey, "AES"), spec);
byte[] encValue = ev.getEncValue().getOctets();
return dataCipher.doFinal(encValue);
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException ex) {
throw new Exception("Error while decrypting the EncryptedValue", ex);
}
}
Also used :
RSAESOAEPparams(org.bouncycastle.asn1.pkcs.RSAESOAEPparams)
HMac(org.bouncycastle.crypto.macs.HMac)
IESCipher(org.bouncycastle.jcajce.provider.asymmetric.ec.IESCipher)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
GCMParameterSpec(javax.crypto.spec.GCMParameterSpec)
BadPaddingException(javax.crypto.BadPaddingException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
IESEngine(org.bouncycastle.crypto.engines.IESEngine)
ECDHBasicAgreement(org.bouncycastle.crypto.agreement.ECDHBasicAgreement)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
CBCBlockCipher(org.bouncycastle.crypto.modes.CBCBlockCipher)
AESEngine(org.bouncycastle.crypto.engines.AESEngine)
PaddedBufferedBlockCipher(org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)
BlockCipher(org.bouncycastle.crypto.BlockCipher)
CBCBlockCipher(org.bouncycastle.crypto.modes.CBCBlockCipher)
PaddedBufferedBlockCipher(org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)
IESParameterSpec(org.bouncycastle.jce.spec.IESParameterSpec)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
CMPException(org.bouncycastle.cert.cmp.CMPException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
BadPaddingException(javax.crypto.BadPaddingException)
GCMParameters(org.bouncycastle.asn1.cms.GCMParameters)
KDF2BytesGenerator(org.bouncycastle.crypto.generators.KDF2BytesGenerator)
IESCipher(org.bouncycastle.jcajce.provider.asymmetric.ec.IESCipher)
BlockCipher(org.bouncycastle.crypto.BlockCipher)
CBCBlockCipher(org.bouncycastle.crypto.modes.CBCBlockCipher)
Cipher(javax.crypto.Cipher)
PaddedBufferedBlockCipher(org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Example 5 with EncryptedValue
use of org.bouncycastle.asn1.crmf.EncryptedValue in project LinLong-Java by zhenwei1108.
the class EncryptedValueBuilder method encryptData.
private EncryptedValue encryptData(byte[] data) throws CRMFException {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream eOut = encryptor.getOutputStream(bOut);
try {
eOut.write(data);
eOut.close();
} catch (IOException e) {
throw new CRMFException("cannot process data: " + e.getMessage(), e);
}
AlgorithmIdentifier intendedAlg = null;
AlgorithmIdentifier symmAlg = encryptor.getAlgorithmIdentifier();
DERBitString encSymmKey;
try {
wrapper.generateWrappedKey(encryptor.getKey());
encSymmKey = new DERBitString(wrapper.generateWrappedKey(encryptor.getKey()));
} catch (OperatorException e) {
throw new CRMFException("cannot wrap key: " + e.getMessage(), e);
}
AlgorithmIdentifier keyAlg = wrapper.getAlgorithmIdentifier();
ASN1OctetString valueHint = null;
DERBitString encValue = new DERBitString(bOut.toByteArray());
return new EncryptedValue(intendedAlg, symmAlg, encSymmKey, keyAlg, valueHint, encValue);
}
Also used :
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
OutputStream(java.io.OutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
DERBitString(com.github.zhenwei.core.asn1.DERBitString)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
EncryptedValue(com.github.zhenwei.pkix.util.asn1.crmf.EncryptedValue)
OperatorException(com.github.zhenwei.pkix.operator.OperatorException)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Aggregations
GCMParameterSpec (javax.crypto.spec.GCMParameterSpec)5
SecretKeySpec (javax.crypto.spec.SecretKeySpec)5
GCMParameters (org.bouncycastle.asn1.cms.GCMParameters)5
InvalidKeyException (java.security.InvalidKeyException)3
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)3
BlockCipher (org.bouncycastle.crypto.BlockCipher)3
CBCBlockCipher (org.bouncycastle.crypto.modes.CBCBlockCipher)3
PaddedBufferedBlockCipher (org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)3
IESCipher (org.bouncycastle.jcajce.provider.asymmetric.ec.IESCipher)3
PBKDF2KeySpec (org.bouncycastle.jcajce.spec.PBKDF2KeySpec)3
ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)2
DERBitString (com.github.zhenwei.core.asn1.DERBitString)2
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)2
OperatorException (com.github.zhenwei.pkix.operator.OperatorException)2
EncryptedValue (com.github.zhenwei.pkix.util.asn1.crmf.EncryptedValue)2
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)2
Cipher (javax.crypto.Cipher)2
PBES2Parameters (org.bouncycastle.asn1.pkcs.PBES2Parameters)2
