Example 6 with EncryptedPrivateKeyInfo
use of org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo in project jruby-openssl by jruby.
the class PEMInputOutput method derivePrivateKeyPBES2.
private static PrivateKey derivePrivateKeyPBES2(EncryptedPrivateKeyInfo eIn, AlgorithmIdentifier algId, char[] password) throws GeneralSecurityException, InvalidCipherTextException {
PBES2Parameters pbeParams = PBES2Parameters.getInstance((ASN1Sequence) algId.getParameters());
CipherParameters cipherParams = extractPBES2CipherParams(password, pbeParams);
EncryptionScheme scheme = pbeParams.getEncryptionScheme();
BufferedBlockCipher cipher;
if (scheme.getAlgorithm().equals(PKCSObjectIdentifiers.RC2_CBC)) {
RC2CBCParameter rc2Params = RC2CBCParameter.getInstance(scheme);
byte[] iv = rc2Params.getIV();
CipherParameters param = new ParametersWithIV(cipherParams, iv);
cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new RC2Engine()));
cipher.init(false, param);
} else {
byte[] iv = ASN1OctetString.getInstance(scheme.getParameters()).getOctets();
CipherParameters param = new ParametersWithIV(cipherParams, iv);
cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESedeEngine()));
cipher.init(false, param);
}
byte[] data = eIn.getEncryptedData();
byte[] out = new byte[cipher.getOutputSize(data.length)];
int len = cipher.processBytes(data, 0, data.length, out, 0);
len += cipher.doFinal(out, len);
byte[] pkcs8 = new byte[len];
System.arraycopy(out, 0, pkcs8, 0, len);
// It seems to work for both RSA and DSA.
KeyFactory fact = SecurityHelper.getKeyFactory("RSA");
return fact.generatePrivate(new PKCS8EncodedKeySpec(pkcs8));
}
Also used :
PBES2Parameters(org.bouncycastle.asn1.pkcs.PBES2Parameters)
EncryptionScheme(org.bouncycastle.asn1.pkcs.EncryptionScheme)
PaddedBufferedBlockCipher(org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)
RC2Engine(org.bouncycastle.crypto.engines.RC2Engine)
RC2CBCParameter(org.bouncycastle.asn1.pkcs.RC2CBCParameter)
CipherParameters(org.bouncycastle.crypto.CipherParameters)
ParametersWithIV(org.bouncycastle.crypto.params.ParametersWithIV)
BufferedBlockCipher(org.bouncycastle.crypto.BufferedBlockCipher)
PaddedBufferedBlockCipher(org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
CBCBlockCipher(org.bouncycastle.crypto.modes.CBCBlockCipher)
DESedeEngine(org.bouncycastle.crypto.engines.DESedeEngine)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
KeyFactory(java.security.KeyFactory)
Example 7 with EncryptedPrivateKeyInfo
use of org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo in project jruby-openssl by jruby.
the class PEMInputOutput method derivePrivateKeyPBES1.
private static PrivateKey derivePrivateKeyPBES1(EncryptedPrivateKeyInfo eIn, AlgorithmIdentifier algId, char[] password) throws GeneralSecurityException, IOException {
// From BC's PEMReader
PKCS12PBEParams pkcs12Params = PKCS12PBEParams.getInstance(algId.getParameters());
PBEKeySpec pbeSpec = new PBEKeySpec(password);
PBEParameterSpec pbeParams = new PBEParameterSpec(pkcs12Params.getIV(), pkcs12Params.getIterations().intValue());
String algorithm = ASN1Registry.o2a(algId.getAlgorithm());
algorithm = (algorithm.split("-"))[0];
SecretKeyFactory secKeyFactory = SecurityHelper.getSecretKeyFactory(algorithm);
Cipher cipher = SecurityHelper.getCipher(algorithm);
cipher.init(Cipher.DECRYPT_MODE, secKeyFactory.generateSecret(pbeSpec), pbeParams);
PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(cipher.doFinal(eIn.getEncryptedData())));
KeyFactory keyFactory = getKeyFactory(pInfo.getPrivateKeyAlgorithm());
return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pInfo.getEncoded()));
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
PKCS12PBEParams(org.bouncycastle.asn1.pkcs.PKCS12PBEParams)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
BufferedBlockCipher(org.bouncycastle.crypto.BufferedBlockCipher)
CBCBlockCipher(org.bouncycastle.crypto.modes.CBCBlockCipher)
PaddedBufferedBlockCipher(org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)
Cipher(javax.crypto.Cipher)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
EncryptedPrivateKeyInfo(org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
KeyFactory(java.security.KeyFactory)
Example 8 with EncryptedPrivateKeyInfo
use of org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo in project XobotOS by xamarin.
the class EncryptedPrivateKeyInfo method toASN1Object.
/**
* Produce an object suitable for an ASN1OutputStream.
* <pre>
* EncryptedPrivateKeyInfo ::= SEQUENCE {
* encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
* encryptedData EncryptedData
* }
*
* EncryptedData ::= OCTET STRING
*
* KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
* ... -- For local profiles
* }
* </pre>
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(algId);
v.add(data);
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Example 9 with EncryptedPrivateKeyInfo
use of org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo in project jruby-openssl by jruby.
the class PEMInputOutput method readPrivateKey.
/**
* c: PEM_read_PrivateKey + PEM_read_bio_PrivateKey
* CAUTION: KeyPair#getPublic() may be null.
*/
public static KeyPair readPrivateKey(final Reader in, char[] passwd) throws PasswordRequiredException, IOException {
final String BEG_STRING_ECPRIVATEKEY = BEF_G + PEM_STRING_ECPRIVATEKEY;
final String BEG_STRING_PKCS8INF = BEF_G + PEM_STRING_PKCS8INF;
final String BEG_STRING_PKCS8 = BEF_G + PEM_STRING_PKCS8;
final BufferedReader reader = makeBuffered(in);
String line;
while ((line = reader.readLine()) != null) {
if (line.indexOf(BEG_STRING_RSA) != -1) {
try {
return readKeyPair(reader, passwd, "RSA", BEF_E + PEM_STRING_RSA);
} catch (Exception e) {
throw mapReadException("problem creating RSA private key: ", e);
}
} else if (line.indexOf(BEG_STRING_DSA) != -1) {
try {
return readKeyPair(reader, passwd, "DSA", BEF_E + PEM_STRING_DSA);
} catch (Exception e) {
throw mapReadException("problem creating DSA private key: ", e);
}
} else if (line.indexOf(BEG_STRING_ECPRIVATEKEY) != -1) {
try {
return readKeyPair(reader, passwd, "ECDSA", BEF_E + PEM_STRING_ECPRIVATEKEY);
} catch (Exception e) {
throw mapReadException("problem creating DSA private key: ", e);
}
} else if (line.indexOf(BEG_STRING_PKCS8INF) != -1) {
try {
byte[] bytes = readBase64Bytes(reader, BEF_E + PEM_STRING_PKCS8INF);
PrivateKeyInfo info = PrivateKeyInfo.getInstance(bytes);
String type = getPrivateKeyTypeFromObjectId(info.getPrivateKeyAlgorithm().getAlgorithm());
return org.jruby.ext.openssl.impl.PKey.readPrivateKey(((ASN1Object) info.parsePrivateKey()).getEncoded(ASN1Encoding.DER), type);
} catch (Exception e) {
throw mapReadException("problem creating private key: ", e);
}
} else if (line.indexOf(BEG_STRING_PKCS8) != -1) {
try {
byte[] bytes = readBase64Bytes(reader, BEF_E + PEM_STRING_PKCS8);
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(bytes);
AlgorithmIdentifier algId = eIn.getEncryptionAlgorithm();
PrivateKey privKey;
if (algId.getAlgorithm().toString().equals("1.2.840.113549.1.5.13")) {
// PBES2
privKey = derivePrivateKeyPBES2(eIn, algId, passwd);
} else {
privKey = derivePrivateKeyPBES1(eIn, algId, passwd);
}
return new KeyPair(null, privKey);
} catch (Exception e) {
throw mapReadException("problem creating private key: ", e);
}
}
}
return null;
}
Also used :
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
ECPrivateKey(java.security.interfaces.ECPrivateKey)
BufferedReader(java.io.BufferedReader)
EncryptedPrivateKeyInfo(org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
ASN1Object(org.bouncycastle.asn1.ASN1Object)
GeneralSecurityException(java.security.GeneralSecurityException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
CMSException(org.bouncycastle.cms.CMSException)
InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException)
IOException(java.io.IOException)
CRLException(java.security.cert.CRLException)
CertificateException(java.security.cert.CertificateException)
EncryptedPrivateKeyInfo(org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Aggregations
IOException (java.io.IOException)5
PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)5
GeneralSecurityException (java.security.GeneralSecurityException)4
KeyFactory (java.security.KeyFactory)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)4
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)4
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)3
EncryptedPrivateKeyInfo (org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo)3
PKCS8EncryptedPrivateKeyInfo (org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
KeyPair (java.security.KeyPair)2
PrivateKey (java.security.PrivateKey)2
SecretKeyFactory (javax.crypto.SecretKeyFactory)2
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)2
DEROctetString (org.bouncycastle.asn1.DEROctetString)2
DERSequence (org.bouncycastle.asn1.DERSequence)2
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)2
BufferedBlockCipher (org.bouncycastle.crypto.BufferedBlockCipher)2
CBCBlockCipher (org.bouncycastle.crypto.modes.CBCBlockCipher)2
