use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.
the class JSSSecretKeyFactorySpi method engineGetKeySpec.
@Override
public KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpec) throws InvalidKeySpecException {
try {
if (!(key instanceof SecretKeyFacade)) {
throw new InvalidKeySpecException("key is not a JSS key");
}
SymmetricKey symkey = ((SecretKeyFacade) key).key;
byte[] keyBits = symkey.getKeyData();
SymmetricKey.Type keyType = symkey.getType();
if (keySpec.equals(DESedeKeySpec.class)) {
if (keyType != SymmetricKey.Type.DES3) {
throw new InvalidKeySpecException("key/spec mismatch: " + keyType + " key, DESede spec");
}
return new DESedeKeySpec(keyBits);
} else if (keySpec.equals(DESKeySpec.class)) {
if (keyType != SymmetricKey.Type.DES) {
throw new InvalidKeySpecException("key/spec mismatch: " + keyType + " key, DES spec");
}
return new DESKeySpec(keyBits);
} else if (keySpec.equals(SecretKeySpec.class)) {
return new SecretKeySpec(keyBits, keyType.toString());
} else {
throw new InvalidKeySpecException("Unsupported key spec: " + keySpec.getName());
}
} catch (SymmetricKey.NotExtractableException e) {
throw new InvalidKeySpecException("Key is not extractable: " + e.getMessage(), e);
} catch (InvalidKeyException e) {
// a real key, this should never happen.
throw new InvalidKeySpecException("Invalid key: " + e.getMessage(), e);
}
}
use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.
the class JSSSecretKeyFactorySpi method main.
public static void main(String[] args) {
try {
CryptoManager.initialize(".");
CryptoManager cm = CryptoManager.getInstance();
CryptoToken tok = cm.getInternalCryptoToken();
cm.setThreadToken(tok);
org.mozilla.jss.crypto.KeyGenerator keygen = tok.getKeyGenerator(KeyGenAlgorithm.DES3);
SymmetricKey symk = keygen.generate();
SecretKeyFacade origKey = new SecretKeyFacade(symk);
JSSSecretKeyFactorySpi fact = new JSSSecretKeyFactorySpi(KeyGenAlgorithm.DES3);
DESedeKeySpec kspec = (DESedeKeySpec) fact.engineGetKeySpec(origKey, DESedeKeySpec.class);
SecretKeyFacade newKey = (SecretKeyFacade) fact.engineGenerateSecret(kspec);
org.mozilla.jss.crypto.Cipher cipher = tok.getCipherContext(EncryptionAlgorithm.DES3_ECB);
cipher.initEncrypt(origKey.key);
String original = "Hello, World!!!!";
byte[] cipherText = cipher.doFinal(original.getBytes("UTF-8"));
System.out.println("ciphertext is " + cipherText.length + " bytes");
cipher.initDecrypt(newKey.key);
byte[] plainText = cipher.doFinal(cipherText);
System.out.println("recovered plaintext is " + plainText.length + " bytes");
String recovered = new String(plainText, "UTF-8");
System.out.println("Recovered '" + recovered + "'");
if (!recovered.equals(original)) {
throw new Exception("recovered string is different from original");
}
char[] pw = "foobarpw".toCharArray();
byte[] salt = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 };
int iterationCount = 2;
// generate a PBE key the old-fashioned way
keygen = tok.getKeyGenerator(PBEAlgorithm.PBE_SHA1_DES3_CBC);
PBEKeyGenParams jssKeySpec = new PBEKeyGenParams(pw, salt, iterationCount);
keygen.initialize(jssKeySpec);
symk = keygen.generate();
byte[] keydata = symk.getKeyData();
// generate a PBE key with the JCE
SecretKeyFactory keyFact = SecretKeyFactory.getInstance("PBEWithSHA1AndDESede", "Mozilla-JSS");
newKey = (SecretKeyFacade) keyFact.generateSecret(jssKeySpec);
byte[] newkeydata = newKey.key.getKeyData();
if (!java.util.Arrays.equals(keydata, newkeydata)) {
throw new Exception("generated PBE keys are different");
}
System.out.println("generated PBE keys are the same");
/* XXX JDK 1.4 ONLY
// now try with a JDK 1.4 PBEKeySpec
PBEKeySpec keySpec = new PBEKeySpec(pw, salt, iterationCount);
newKey = (SecretKeyFacade) keyFact.generateSecret(keySpec);
if( ! java.util.Arrays.equals(keydata, newKey.key.getKeyData()) ) {
throw new Exception("generated PBE keys are different");
}
System.out.println("generated PBE keys are the same");
*/
System.exit(0);
} catch (Throwable t) {
t.printStackTrace();
System.exit(-1);
}
}
Aggregations