Search in sources :

Example 16 with SecretKeyFacade

use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.

the class JSSSecretKeyFactorySpi method engineGetKeySpec.

@Override
public KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpec) throws InvalidKeySpecException {
    try {
        if (!(key instanceof SecretKeyFacade)) {
            throw new InvalidKeySpecException("key is not a JSS key");
        }
        SymmetricKey symkey = ((SecretKeyFacade) key).key;
        byte[] keyBits = symkey.getKeyData();
        SymmetricKey.Type keyType = symkey.getType();
        if (keySpec.equals(DESedeKeySpec.class)) {
            if (keyType != SymmetricKey.Type.DES3) {
                throw new InvalidKeySpecException("key/spec mismatch: " + keyType + " key, DESede spec");
            }
            return new DESedeKeySpec(keyBits);
        } else if (keySpec.equals(DESKeySpec.class)) {
            if (keyType != SymmetricKey.Type.DES) {
                throw new InvalidKeySpecException("key/spec mismatch: " + keyType + " key, DES spec");
            }
            return new DESKeySpec(keyBits);
        } else if (keySpec.equals(SecretKeySpec.class)) {
            return new SecretKeySpec(keyBits, keyType.toString());
        } else {
            throw new InvalidKeySpecException("Unsupported key spec: " + keySpec.getName());
        }
    } catch (SymmetricKey.NotExtractableException e) {
        throw new InvalidKeySpecException("Key is not extractable: " + e.getMessage(), e);
    } catch (InvalidKeyException e) {
        // a real key, this should never happen.
        throw new InvalidKeySpecException("Invalid key: " + e.getMessage(), e);
    }
}
Also used : SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade) SecretKeySpec(javax.crypto.spec.SecretKeySpec) DESedeKeySpec(javax.crypto.spec.DESedeKeySpec) SymmetricKey(org.mozilla.jss.crypto.SymmetricKey) DESKeySpec(javax.crypto.spec.DESKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidKeyException(java.security.InvalidKeyException)

Example 17 with SecretKeyFacade

use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.

the class JSSSecretKeyFactorySpi method main.

public static void main(String[] args) {
    try {
        CryptoManager.initialize(".");
        CryptoManager cm = CryptoManager.getInstance();
        CryptoToken tok = cm.getInternalCryptoToken();
        cm.setThreadToken(tok);
        org.mozilla.jss.crypto.KeyGenerator keygen = tok.getKeyGenerator(KeyGenAlgorithm.DES3);
        SymmetricKey symk = keygen.generate();
        SecretKeyFacade origKey = new SecretKeyFacade(symk);
        JSSSecretKeyFactorySpi fact = new JSSSecretKeyFactorySpi(KeyGenAlgorithm.DES3);
        DESedeKeySpec kspec = (DESedeKeySpec) fact.engineGetKeySpec(origKey, DESedeKeySpec.class);
        SecretKeyFacade newKey = (SecretKeyFacade) fact.engineGenerateSecret(kspec);
        org.mozilla.jss.crypto.Cipher cipher = tok.getCipherContext(EncryptionAlgorithm.DES3_ECB);
        cipher.initEncrypt(origKey.key);
        String original = "Hello, World!!!!";
        byte[] cipherText = cipher.doFinal(original.getBytes("UTF-8"));
        System.out.println("ciphertext is " + cipherText.length + " bytes");
        cipher.initDecrypt(newKey.key);
        byte[] plainText = cipher.doFinal(cipherText);
        System.out.println("recovered plaintext is " + plainText.length + " bytes");
        String recovered = new String(plainText, "UTF-8");
        System.out.println("Recovered '" + recovered + "'");
        if (!recovered.equals(original)) {
            throw new Exception("recovered string is different from original");
        }
        char[] pw = "foobarpw".toCharArray();
        byte[] salt = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 };
        int iterationCount = 2;
        // generate a PBE key the old-fashioned way
        keygen = tok.getKeyGenerator(PBEAlgorithm.PBE_SHA1_DES3_CBC);
        PBEKeyGenParams jssKeySpec = new PBEKeyGenParams(pw, salt, iterationCount);
        keygen.initialize(jssKeySpec);
        symk = keygen.generate();
        byte[] keydata = symk.getKeyData();
        // generate a PBE key with the JCE
        SecretKeyFactory keyFact = SecretKeyFactory.getInstance("PBEWithSHA1AndDESede", "Mozilla-JSS");
        newKey = (SecretKeyFacade) keyFact.generateSecret(jssKeySpec);
        byte[] newkeydata = newKey.key.getKeyData();
        if (!java.util.Arrays.equals(keydata, newkeydata)) {
            throw new Exception("generated PBE keys are different");
        }
        System.out.println("generated PBE keys are the same");
        /* XXX JDK 1.4 ONLY
        // now try with a JDK 1.4 PBEKeySpec
        PBEKeySpec keySpec = new PBEKeySpec(pw, salt, iterationCount);
        newKey = (SecretKeyFacade) keyFact.generateSecret(keySpec);
        if( ! java.util.Arrays.equals(keydata, newKey.key.getKeyData()) ) {
            throw new Exception("generated PBE keys are different");
        }
        System.out.println("generated PBE keys are the same");
*/
        System.exit(0);
    } catch (Throwable t) {
        t.printStackTrace();
        System.exit(-1);
    }
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) SymmetricKey(org.mozilla.jss.crypto.SymmetricKey) CryptoManager(org.mozilla.jss.CryptoManager) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) InvocationTargetException(java.lang.reflect.InvocationTargetException) CharConversionException(java.io.CharConversionException) TokenException(org.mozilla.jss.crypto.TokenException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) TokenRuntimeException(org.mozilla.jss.crypto.TokenRuntimeException) PBEKeyGenParams(org.mozilla.jss.crypto.PBEKeyGenParams) SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade) DESedeKeySpec(javax.crypto.spec.DESedeKeySpec) SecretKeyFactory(javax.crypto.SecretKeyFactory)

Aggregations

SecretKeyFacade (org.mozilla.jss.crypto.SecretKeyFacade)17 InvalidKeyException (java.security.InvalidKeyException)11 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10 SymmetricKey (org.mozilla.jss.crypto.SymmetricKey)10 TokenException (org.mozilla.jss.crypto.TokenException)8 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)6 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)5 UnsupportedEncodingException (java.io.UnsupportedEncodingException)4 BadPaddingException (javax.crypto.BadPaddingException)4 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)4 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)4 SecretKey (javax.crypto.SecretKey)4 CryptoToken (org.mozilla.jss.crypto.CryptoToken)4 TokenRuntimeException (org.mozilla.jss.crypto.TokenRuntimeException)4 Cipher (javax.crypto.Cipher)3 DESedeKeySpec (javax.crypto.spec.DESedeKeySpec)3 SecretKeySpec (javax.crypto.spec.SecretKeySpec)3 CryptoManager (org.mozilla.jss.CryptoManager)3 NotInitializedException (org.mozilla.jss.NotInitializedException)3 CharConversionException (java.io.CharConversionException)2