Example 1 with PSSSigner
use of org.bouncycastle.crypto.signers.PSSSigner in project xipki by xipki.
the class SignerUtil method createPSSRSASigner.
// CHECKSTYLE:SKIP
public static PSSSigner createPSSRSASigner(AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws XiSecurityException {
ParamUtil.requireNonNull("sigAlgId", sigAlgId);
if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) {
throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed");
}
AlgorithmIdentifier digAlgId;
try {
digAlgId = AlgorithmUtil.extractDigesetAlgFromSigAlg(sigAlgId);
} catch (NoSuchAlgorithmException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters());
AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier.getInstance(param.getMaskGenAlgorithm().getParameters());
Digest dig = getDigest(digAlgId);
Digest mfgDig = getDigest(mfgDigAlgId);
int saltSize = param.getSaltLength().intValue();
int trailerField = param.getTrailerField().intValue();
AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher;
return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField));
}
Also used :
XiSecurityException(org.xipki.security.exception.XiSecurityException)
Digest(org.bouncycastle.crypto.Digest)
RSABlindedEngine(org.bouncycastle.crypto.engines.RSABlindedEngine)
RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams)
PSSSigner(org.bouncycastle.crypto.signers.PSSSigner)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
AsymmetricBlockCipher(org.bouncycastle.crypto.AsymmetricBlockCipher)
Example 2 with PSSSigner
use of org.bouncycastle.crypto.signers.PSSSigner in project cloudbreak by hortonworks.
the class PkiUtil method generateSignature.
public static String generateSignature(String privateKeyPem, byte[] data) {
RSAKeyParameters rsaKeyParameters = CACHE.get(privateKeyPem);
if (rsaKeyParameters == null) {
try (PEMParser pEMParser = new PEMParser(new StringReader(clarifyPemKey(privateKeyPem)))) {
PEMKeyPair pemKeyPair = (PEMKeyPair) pEMParser.readObject();
KeyFactory factory = KeyFactory.getInstance("RSA");
KeySpec publicKeySpec = new X509EncodedKeySpec(pemKeyPair.getPublicKeyInfo().getEncoded());
PublicKey publicKey = factory.generatePublic(publicKeySpec);
KeySpec privateKeySpec = new PKCS8EncodedKeySpec(pemKeyPair.getPrivateKeyInfo().getEncoded());
PrivateKey privateKey = factory.generatePrivate(privateKeySpec);
KeyPair kp = new KeyPair(publicKey, privateKey);
RSAPrivateKeySpec privKeySpec = factory.getKeySpec(kp.getPrivate(), RSAPrivateKeySpec.class);
rsaKeyParameters = new RSAKeyParameters(true, privKeySpec.getModulus(), privKeySpec.getPrivateExponent());
CACHE.put(privateKeyPem, rsaKeyParameters);
} catch (NoSuchAlgorithmException | IOException | InvalidKeySpecException e) {
throw new SecurityException(e);
}
}
Signer signer = new PSSSigner(new RSAEngine(), new SHA256Digest(), SALT_LENGTH);
signer.init(true, rsaKeyParameters);
signer.update(data, 0, data.length);
try {
byte[] signature = signer.generateSignature();
return BaseEncoding.base64().encode(signature);
} catch (CryptoException e) {
throw new SecurityException(e);
}
}
Also used :
KeyPair(java.security.KeyPair)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
PrivateKey(java.security.PrivateKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
KeySpec(java.security.spec.KeySpec)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters)
Signer(org.bouncycastle.crypto.Signer)
ContentSigner(org.bouncycastle.operator.ContentSigner)
PSSSigner(org.bouncycastle.crypto.signers.PSSSigner)
PEMParser(org.bouncycastle.openssl.PEMParser)
RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec)
SHA256Digest(org.bouncycastle.crypto.digests.SHA256Digest)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
StringReader(java.io.StringReader)
PSSSigner(org.bouncycastle.crypto.signers.PSSSigner)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
CryptoException(org.bouncycastle.crypto.CryptoException)
RSAEngine(org.bouncycastle.crypto.engines.RSAEngine)
PrivateKeyFactory(org.bouncycastle.crypto.util.PrivateKeyFactory)
KeyFactory(java.security.KeyFactory)
Aggregations
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
PSSSigner (org.bouncycastle.crypto.signers.PSSSigner)2
IOException (java.io.IOException)1
StringReader (java.io.StringReader)1
KeyFactory (java.security.KeyFactory)1
KeyPair (java.security.KeyPair)1
PrivateKey (java.security.PrivateKey)1
PublicKey (java.security.PublicKey)1
RSAPublicKey (java.security.interfaces.RSAPublicKey)1
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1
KeySpec (java.security.spec.KeySpec)1
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1
RSAPrivateKeySpec (java.security.spec.RSAPrivateKeySpec)1
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)1
RSASSAPSSparams (org.bouncycastle.asn1.pkcs.RSASSAPSSparams)1
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)1
AsymmetricBlockCipher (org.bouncycastle.crypto.AsymmetricBlockCipher)1
CryptoException (org.bouncycastle.crypto.CryptoException)1
Digest (org.bouncycastle.crypto.Digest)1
Signer (org.bouncycastle.crypto.Signer)1
