Search in sources :

Example 1 with KeyGenAlgorithm

use of org.mozilla.jss.crypto.KeyGenAlgorithm in project jss by dogtagpki.

the class EncryptedContentInfo method decrypt.

/**
 * Decrypts the content of an EncryptedContentInfo encrypted with a
 * PBE key.
 *
 * @param pass The password to use in generating the PBE decryption key.
 * @param charToByteConverter The converter for converting the password
 *      characters into bytes.  May be null to use the default.
 * @return The decrypted contents of the EncryptedContentInfo. The contents
 *      are first unpadded using the PKCS padding mechanism.
 */
public byte[] decrypt(Password pass, KeyGenerator.CharToByteConverter charToByteConverter) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException {
    if (encryptedContent == null) {
        return null;
    }
    // get the key gen parameters
    AlgorithmIdentifier algid = contentEncryptionAlgorithm;
    KeyGenAlgorithm kgAlg = KeyGenAlgorithm.fromOID(algid.getOID());
    if (!(kgAlg instanceof PBEAlgorithm)) {
        throw new NoSuchAlgorithmException("KeyGenAlgorithm is not a" + " PBE algorithm");
    }
    ASN1Value params = algid.getParameters();
    if (params == null) {
        throw new InvalidAlgorithmParameterException("PBE algorithms require parameters");
    }
    PBEParameter pbeParams;
    if (params instanceof PBEParameter) {
        pbeParams = (PBEParameter) params;
    } else {
        byte[] encodedParams = ASN1Util.encode(params);
        pbeParams = (PBEParameter) ASN1Util.decode(PBEParameter.getTemplate(), encodedParams);
    }
    PBEKeyGenParams kgp = new PBEKeyGenParams(pass, pbeParams.getSalt(), pbeParams.getIterations());
    try {
        // compute the key and IV
        CryptoToken token = CryptoManager.getInstance().getInternalCryptoToken();
        KeyGenerator kg = token.getKeyGenerator(kgAlg);
        if (charToByteConverter != null) {
            kg.setCharToByteConverter(charToByteConverter);
        }
        kg.initialize(kgp);
        SymmetricKey key = kg.generate();
        // compute algorithm parameters
        EncryptionAlgorithm encAlg = ((PBEAlgorithm) kgAlg).getEncryptionAlg();
        AlgorithmParameterSpec algParams = null;
        Class<?>[] paramClasses = encAlg.getParameterClasses();
        for (int i = 0; i < paramClasses.length; i++) {
            if (paramClasses[i].equals(javax.crypto.spec.IvParameterSpec.class)) {
                algParams = new IVParameterSpec(kg.generatePBE_IV());
                break;
            } else if (paramClasses[i].equals(RC2ParameterSpec.class)) {
                algParams = new RC2ParameterSpec(key.getStrength(), kg.generatePBE_IV());
                break;
            }
        }
        // perform the decryption
        Cipher cipher = token.getCipherContext(encAlg);
        cipher.initDecrypt(key, algParams);
        return Cipher.unPad(cipher.doFinal(encryptedContent.toByteArray()));
    } finally {
        kgp.clear();
    }
}
Also used : PBEParameter(org.mozilla.jss.pkix.primitive.PBEParameter) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) CryptoToken(org.mozilla.jss.crypto.CryptoToken) IVParameterSpec(org.mozilla.jss.crypto.IVParameterSpec) SymmetricKey(org.mozilla.jss.crypto.SymmetricKey) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier) PBEKeyGenParams(org.mozilla.jss.crypto.PBEKeyGenParams) ASN1Value(org.mozilla.jss.asn1.ASN1Value) PBEAlgorithm(org.mozilla.jss.crypto.PBEAlgorithm) KeyGenAlgorithm(org.mozilla.jss.crypto.KeyGenAlgorithm) EncryptionAlgorithm(org.mozilla.jss.crypto.EncryptionAlgorithm) RC2ParameterSpec(javax.crypto.spec.RC2ParameterSpec) Cipher(org.mozilla.jss.crypto.Cipher) KeyGenerator(org.mozilla.jss.crypto.KeyGenerator) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)

Example 2 with KeyGenAlgorithm

use of org.mozilla.jss.crypto.KeyGenAlgorithm in project jss by dogtagpki.

the class EncryptedPrivateKeyInfo method decrypt.

/**
 * Decrypts an EncryptedPrivateKeyInfo that was encrypted with a PBE
 *  algorithm.  The algorithm and its parameters are extracted from
 *  the EncryptedPrivateKeyInfo.
 *
 * @param pass The password to use to generate the PBE key.
 * @param charToByteConverter The converter to change the password
 *      characters to bytes.  If null, the default conversion is used.
 */
public PrivateKeyInfo decrypt(Password pass, KeyGenerator.CharToByteConverter charToByteConverter) throws NotInitializedException, NoSuchAlgorithmException, InvalidBERException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException, CharConversionException {
    // get the key gen parameters
    AlgorithmIdentifier algid = encryptionAlgorithm;
    KeyGenAlgorithm kgAlg = KeyGenAlgorithm.fromOID(algid.getOID());
    if (!(kgAlg instanceof PBEAlgorithm)) {
        throw new NoSuchAlgorithmException("KeyGenAlgorithm is not a " + "PBE algorithm");
    }
    ASN1Value params = algid.getParameters();
    if (params == null) {
        throw new InvalidAlgorithmParameterException("PBE algorithms require parameters");
    }
    PBEParameter pbeParams;
    if (params instanceof PBEParameter) {
        pbeParams = (PBEParameter) params;
    } else {
        byte[] encodedParams = ASN1Util.encode(params);
        pbeParams = (PBEParameter) ASN1Util.decode(PBEParameter.getTemplate(), encodedParams);
    }
    PBEKeyGenParams kgp = new PBEKeyGenParams(pass, pbeParams.getSalt(), pbeParams.getIterations());
    // compute the key and IV
    CryptoToken token = CryptoManager.getInstance().getInternalCryptoToken();
    KeyGenerator kg = token.getKeyGenerator(kgAlg);
    if (charToByteConverter != null) {
        kg.setCharToByteConverter(charToByteConverter);
    }
    kg.initialize(kgp);
    SymmetricKey key = kg.generate();
    // compute algorithm parameters
    EncryptionAlgorithm encAlg = ((PBEAlgorithm) kgAlg).getEncryptionAlg();
    AlgorithmParameterSpec algParams = null;
    Class<?>[] paramClasses = encAlg.getParameterClasses();
    for (int i = 0; i < paramClasses.length; i++) {
        if (paramClasses[i].equals(javax.crypto.spec.IvParameterSpec.class)) {
            algParams = new IVParameterSpec(kg.generatePBE_IV());
            break;
        }
    }
    // perform the decryption
    Cipher cipher = token.getCipherContext(encAlg);
    cipher.initDecrypt(key, algParams);
    byte[] decrypted = Cipher.unPad(cipher.doFinal(encryptedData.toByteArray()));
    return (PrivateKeyInfo) ASN1Util.decode(PrivateKeyInfo.getTemplate(), decrypted);
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) CryptoToken(org.mozilla.jss.crypto.CryptoToken) IVParameterSpec(org.mozilla.jss.crypto.IVParameterSpec) SymmetricKey(org.mozilla.jss.crypto.SymmetricKey) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) PBEKeyGenParams(org.mozilla.jss.crypto.PBEKeyGenParams) ASN1Value(org.mozilla.jss.asn1.ASN1Value) PBEAlgorithm(org.mozilla.jss.crypto.PBEAlgorithm) KeyGenAlgorithm(org.mozilla.jss.crypto.KeyGenAlgorithm) EncryptionAlgorithm(org.mozilla.jss.crypto.EncryptionAlgorithm) Cipher(org.mozilla.jss.crypto.Cipher) KeyGenerator(org.mozilla.jss.crypto.KeyGenerator) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)

Example 3 with KeyGenAlgorithm

use of org.mozilla.jss.crypto.KeyGenAlgorithm in project jss by dogtagpki.

the class EncryptedContentInfo method decrypt.

/**
 * Decrypts the content of an EncryptedContentInfo encrypted with a
 * PBE key.
 *
 * @param pass The password to use in generating the PBE decryption key.
 * @param charToByteConverter The converter for converting the password
 *      characters into bytes.  May be null to use the default.
 * @return The decrypted contents of the EncryptedContentInfo. The contents
 *      are first unpadded using the PKCS padding mechanism.
 */
public byte[] decrypt(Password pass, KeyGenerator.CharToByteConverter charToByteConverter) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException {
    if (encryptedContent == null) {
        return null;
    }
    // get the key gen parameters
    AlgorithmIdentifier algid = contentEncryptionAlgorithm;
    KeyGenAlgorithm kgAlg = KeyGenAlgorithm.fromOID(algid.getOID());
    if (!(kgAlg instanceof PBEAlgorithm)) {
        throw new NoSuchAlgorithmException("KeyGenAlgorithm is not a" + " PBE algorithm");
    }
    ASN1Value params = algid.getParameters();
    if (params == null) {
        throw new InvalidAlgorithmParameterException("PBE algorithms require parameters");
    }
    PBEParameter pbeParams;
    if (params instanceof PBEParameter) {
        pbeParams = (PBEParameter) params;
    } else {
        byte[] encodedParams = ASN1Util.encode(params);
        pbeParams = (PBEParameter) ASN1Util.decode(PBEParameter.getTemplate(), encodedParams);
    }
    PBEKeyGenParams kgp = new PBEKeyGenParams(pass, pbeParams.getSalt(), pbeParams.getIterations());
    // compute the key and IV
    CryptoToken token = CryptoManager.getInstance().getInternalCryptoToken();
    KeyGenerator kg = token.getKeyGenerator(kgAlg);
    if (charToByteConverter != null) {
        kg.setCharToByteConverter(charToByteConverter);
    }
    kg.initialize(kgp);
    SymmetricKey key = kg.generate();
    // compute algorithm parameters
    EncryptionAlgorithm encAlg = ((PBEAlgorithm) kgAlg).getEncryptionAlg();
    AlgorithmParameterSpec algParams = null;
    Class<?>[] paramClasses = encAlg.getParameterClasses();
    for (int i = 0; i < paramClasses.length; i++) {
        if (paramClasses[i].equals(javax.crypto.spec.IvParameterSpec.class)) {
            algParams = new IVParameterSpec(kg.generatePBE_IV());
            break;
        }
    }
    // perform the decryption
    Cipher cipher = token.getCipherContext(encAlg);
    cipher.initDecrypt(key, algParams);
    return Cipher.unPad(cipher.doFinal(encryptedContent.toByteArray()));
}
Also used : PBEParameter(org.mozilla.jss.pkix.primitive.PBEParameter) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) CryptoToken(org.mozilla.jss.crypto.CryptoToken) IVParameterSpec(org.mozilla.jss.crypto.IVParameterSpec) SymmetricKey(org.mozilla.jss.crypto.SymmetricKey) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier) PBEKeyGenParams(org.mozilla.jss.crypto.PBEKeyGenParams) ASN1Value(org.mozilla.jss.asn1.ASN1Value) PBEAlgorithm(org.mozilla.jss.crypto.PBEAlgorithm) KeyGenAlgorithm(org.mozilla.jss.crypto.KeyGenAlgorithm) EncryptionAlgorithm(org.mozilla.jss.crypto.EncryptionAlgorithm) Cipher(org.mozilla.jss.crypto.Cipher) KeyGenerator(org.mozilla.jss.crypto.KeyGenerator) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)

Aggregations

InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)3 ASN1Value (org.mozilla.jss.asn1.ASN1Value)3 Cipher (org.mozilla.jss.crypto.Cipher)3 CryptoToken (org.mozilla.jss.crypto.CryptoToken)3 EncryptionAlgorithm (org.mozilla.jss.crypto.EncryptionAlgorithm)3 IVParameterSpec (org.mozilla.jss.crypto.IVParameterSpec)3 KeyGenAlgorithm (org.mozilla.jss.crypto.KeyGenAlgorithm)3 KeyGenerator (org.mozilla.jss.crypto.KeyGenerator)3 PBEAlgorithm (org.mozilla.jss.crypto.PBEAlgorithm)3 PBEKeyGenParams (org.mozilla.jss.crypto.PBEKeyGenParams)3 SymmetricKey (org.mozilla.jss.crypto.SymmetricKey)3 AlgorithmIdentifier (org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)2 PBEParameter (org.mozilla.jss.pkix.primitive.PBEParameter)2 RC2ParameterSpec (javax.crypto.spec.RC2ParameterSpec)1