Examples with PBEParameter org.mozilla.jss.pkix.primitive.PBEParameter used on opensource projects

Example 1 with PBEParameter

use of org.mozilla.jss.pkix.primitive.PBEParameter in project jss by dogtagpki.

the class EncryptedContentInfo method createPBE.

// /////////////////////////////////////////////////////////////////////
// Crypto shortcuts
// /////////////////////////////////////////////////////////////////////
/**
 * Creates a new EncryptedContentInfo, where the data is encrypted
 * with a password-based key.
 *
 * @param pbeAlg The algorithm for generating a symmetric key from
 *      a password, salt, and iteration count.
 * @param password The password to use in generating the key.
 * @param salt The salt to use in generating the key.
 * @param iterationCount The number of hashing iterations to perform
 *      while generating the key.
 * @param charToByteConverter The mechanism for converting the characters
 *      in the password into bytes.  If null, the default mechanism
 *      will be used, which is UTF8.
 * @param toBeEncrypted The bytes to be encrypted and stored in the
 *      EncryptedContentInfo. Before they are encrypted, they will be
 *      padded using PKCS padding.
 */
public static EncryptedContentInfo createPBE(PBEAlgorithm pbeAlg, Password password, byte[] salt, int iterationCount, KeyGenerator.CharToByteConverter charToByteConverter, byte[] toBeEncrypted) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, CharConversionException {
    try {
        CryptoManager cman = CryptoManager.getInstance();
        // generate key
        CryptoToken token = cman.getInternalCryptoToken();
        KeyGenerator kg = token.getKeyGenerator(pbeAlg);
        PBEKeyGenParams pbekgParams = new PBEKeyGenParams(password, salt, iterationCount);
        if (charToByteConverter != null) {
            kg.setCharToByteConverter(charToByteConverter);
        }
        kg.initialize(pbekgParams);
        SymmetricKey key = kg.generate();
        // generate IV
        EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
        AlgorithmParameterSpec params = null;
        Class<?>[] paramClasses = encAlg.getParameterClasses();
        for (int i = 0; i < paramClasses.length; i++) {
            if (paramClasses[i].equals(javax.crypto.spec.IvParameterSpec.class)) {
                params = new IVParameterSpec(kg.generatePBE_IV());
                break;
            } else if (paramClasses[i].equals(RC2ParameterSpec.class)) {
                params = new RC2ParameterSpec(key.getStrength(), kg.generatePBE_IV());
                break;
            }
        }
        // perform encryption
        Cipher cipher = token.getCipherContext(encAlg);
        cipher.initEncrypt(key, params);
        byte[] encrypted = cipher.doFinal(Cipher.pad(toBeEncrypted, encAlg.getBlockSize()));
        // make encryption algorithm identifier
        PBEParameter pbeParam = new PBEParameter(salt, iterationCount);
        AlgorithmIdentifier encAlgID = new AlgorithmIdentifier(pbeAlg.toOID(), pbeParam);
        // create EncryptedContentInfo
        EncryptedContentInfo encCI = new EncryptedContentInfo(ContentInfo.DATA, encAlgID, new OCTET_STRING(encrypted));
        return encCI;
    } catch (IllegalBlockSizeException e) {
        throw new RuntimeException("IllegalBlockSizeException in EncryptedContentInfo" + ".createPBE: " + e.getMessage(), e);
    } catch (BadPaddingException e) {
        throw new RuntimeException("BadPaddingException in EncryptedContentInfo" + ".createPBE: " + e.getMessage(), e);
    }
}

Example 2 with PBEParameter

use of org.mozilla.jss.pkix.primitive.PBEParameter in project jss by dogtagpki.

the class EncryptedContentInfo method createPBE.

// /////////////////////////////////////////////////////////////////////
// Crypto shortcuts
// /////////////////////////////////////////////////////////////////////
/**
 * Creates a new EncryptedContentInfo, where the data is encrypted
 * with a password-based key.
 *
 * @param pbeAlg The algorithm for generating a symmetric key from
 *      a password, salt, and iteration count.
 * @param password The password to use in generating the key.
 * @param salt The salt to use in generating the key.
 * @param iterationCount The number of hashing iterations to perform
 *      while generating the key.
 * @param charToByteConverter The mechanism for converting the characters
 *      in the password into bytes.  If null, the default mechanism
 *      will be used, which is UTF8.
 * @param toBeEncrypted The bytes to be encrypted and stored in the
 *      EncryptedContentInfo. Before they are encrypted, they will be
 *      padded using PKCS padding.
 */
public static EncryptedContentInfo createPBE(PBEAlgorithm pbeAlg, Password password, byte[] salt, int iterationCount, KeyGenerator.CharToByteConverter charToByteConverter, byte[] toBeEncrypted) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, CharConversionException {
    try {
        CryptoManager cman = CryptoManager.getInstance();
        // generate key
        CryptoToken token = cman.getInternalCryptoToken();
        KeyGenerator kg = token.getKeyGenerator(pbeAlg);
        PBEKeyGenParams pbekgParams = new PBEKeyGenParams(password, salt, iterationCount);
        if (charToByteConverter != null) {
            kg.setCharToByteConverter(charToByteConverter);
        }
        kg.initialize(pbekgParams);
        SymmetricKey key = kg.generate();
        // generate IV
        EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
        AlgorithmParameterSpec params = null;
        Class<?>[] paramClasses = encAlg.getParameterClasses();
        for (int i = 0; i < paramClasses.length; i++) {
            if (paramClasses[i].equals(IVParameterSpec.class)) {
                params = new IVParameterSpec(kg.generatePBE_IV());
                break;
            }
        }
        // perform encryption
        Cipher cipher = token.getCipherContext(encAlg);
        cipher.initEncrypt(key, params);
        byte[] encrypted = cipher.doFinal(Cipher.pad(toBeEncrypted, encAlg.getBlockSize()));
        // make encryption algorithm identifier
        PBEParameter pbeParam = new PBEParameter(salt, iterationCount);
        AlgorithmIdentifier encAlgID = new AlgorithmIdentifier(pbeAlg.toOID(), pbeParam);
        // create EncryptedContentInfo
        EncryptedContentInfo encCI = new EncryptedContentInfo(ContentInfo.DATA, encAlgID, new OCTET_STRING(encrypted));
        return encCI;
    } catch (IllegalBlockSizeException e) {
        throw new RuntimeException("IllegalBlockSizeException in EncryptedContentInfo" + ".createPBE: " + e.getMessage(), e);
    } catch (BadPaddingException e) {
        throw new RuntimeException("BadPaddingException in EncryptedContentInfo" + ".createPBE: " + e.getMessage(), e);
    }
}

Example 3 with PBEParameter

use of org.mozilla.jss.pkix.primitive.PBEParameter in project jss by dogtagpki.

the class EncryptedContentInfo method decrypt.

/**
 * Decrypts the content of an EncryptedContentInfo encrypted with a
 * PBE key.
 *
 * @param pass The password to use in generating the PBE decryption key.
 * @param charToByteConverter The converter for converting the password
 *      characters into bytes.  May be null to use the default.
 * @return The decrypted contents of the EncryptedContentInfo. The contents
 *      are first unpadded using the PKCS padding mechanism.
 */
public byte[] decrypt(Password pass, KeyGenerator.CharToByteConverter charToByteConverter) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException {
    if (encryptedContent == null) {
        return null;
    }
    // get the key gen parameters
    AlgorithmIdentifier algid = contentEncryptionAlgorithm;
    KeyGenAlgorithm kgAlg = KeyGenAlgorithm.fromOID(algid.getOID());
    if (!(kgAlg instanceof PBEAlgorithm)) {
        throw new NoSuchAlgorithmException("KeyGenAlgorithm is not a" + " PBE algorithm");
    }
    ASN1Value params = algid.getParameters();
    if (params == null) {
        throw new InvalidAlgorithmParameterException("PBE algorithms require parameters");
    }
    PBEParameter pbeParams;
    if (params instanceof PBEParameter) {
        pbeParams = (PBEParameter) params;
    } else {
        byte[] encodedParams = ASN1Util.encode(params);
        pbeParams = (PBEParameter) ASN1Util.decode(PBEParameter.getTemplate(), encodedParams);
    }
    PBEKeyGenParams kgp = new PBEKeyGenParams(pass, pbeParams.getSalt(), pbeParams.getIterations());
    try {
        // compute the key and IV
        CryptoToken token = CryptoManager.getInstance().getInternalCryptoToken();
        KeyGenerator kg = token.getKeyGenerator(kgAlg);
        if (charToByteConverter != null) {
            kg.setCharToByteConverter(charToByteConverter);
        }
        kg.initialize(kgp);
        SymmetricKey key = kg.generate();
        // compute algorithm parameters
        EncryptionAlgorithm encAlg = ((PBEAlgorithm) kgAlg).getEncryptionAlg();
        AlgorithmParameterSpec algParams = null;
        Class<?>[] paramClasses = encAlg.getParameterClasses();
        for (int i = 0; i < paramClasses.length; i++) {
            if (paramClasses[i].equals(javax.crypto.spec.IvParameterSpec.class)) {
                algParams = new IVParameterSpec(kg.generatePBE_IV());
                break;
            } else if (paramClasses[i].equals(RC2ParameterSpec.class)) {
                algParams = new RC2ParameterSpec(key.getStrength(), kg.generatePBE_IV());
                break;
            }
        }
        // perform the decryption
        Cipher cipher = token.getCipherContext(encAlg);
        cipher.initDecrypt(key, algParams);
        return Cipher.unPad(cipher.doFinal(encryptedContent.toByteArray()));
    } finally {
        kgp.clear();
    }
}

Example 4 with PBEParameter

use of org.mozilla.jss.pkix.primitive.PBEParameter in project jss by dogtagpki.

the class EncryptedContentInfo method decrypt.

/**
 * Decrypts the content of an EncryptedContentInfo encrypted with a
 * PBE key.
 *
 * @param pass The password to use in generating the PBE decryption key.
 * @param charToByteConverter The converter for converting the password
 *      characters into bytes.  May be null to use the default.
 * @return The decrypted contents of the EncryptedContentInfo. The contents
 *      are first unpadded using the PKCS padding mechanism.
 */
public byte[] decrypt(Password pass, KeyGenerator.CharToByteConverter charToByteConverter) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException {
    if (encryptedContent == null) {
        return null;
    }
    // get the key gen parameters
    AlgorithmIdentifier algid = contentEncryptionAlgorithm;
    KeyGenAlgorithm kgAlg = KeyGenAlgorithm.fromOID(algid.getOID());
    if (!(kgAlg instanceof PBEAlgorithm)) {
        throw new NoSuchAlgorithmException("KeyGenAlgorithm is not a" + " PBE algorithm");
    }
    ASN1Value params = algid.getParameters();
    if (params == null) {
        throw new InvalidAlgorithmParameterException("PBE algorithms require parameters");
    }
    PBEParameter pbeParams;
    if (params instanceof PBEParameter) {
        pbeParams = (PBEParameter) params;
    } else {
        byte[] encodedParams = ASN1Util.encode(params);
        pbeParams = (PBEParameter) ASN1Util.decode(PBEParameter.getTemplate(), encodedParams);
    }
    PBEKeyGenParams kgp = new PBEKeyGenParams(pass, pbeParams.getSalt(), pbeParams.getIterations());
    // compute the key and IV
    CryptoToken token = CryptoManager.getInstance().getInternalCryptoToken();
    KeyGenerator kg = token.getKeyGenerator(kgAlg);
    if (charToByteConverter != null) {
        kg.setCharToByteConverter(charToByteConverter);
    }
    kg.initialize(kgp);
    SymmetricKey key = kg.generate();
    // compute algorithm parameters
    EncryptionAlgorithm encAlg = ((PBEAlgorithm) kgAlg).getEncryptionAlg();
    AlgorithmParameterSpec algParams = null;
    Class<?>[] paramClasses = encAlg.getParameterClasses();
    for (int i = 0; i < paramClasses.length; i++) {
        if (paramClasses[i].equals(javax.crypto.spec.IvParameterSpec.class)) {
            algParams = new IVParameterSpec(kg.generatePBE_IV());
            break;
        }
    }
    // perform the decryption
    Cipher cipher = token.getCipherContext(encAlg);
    cipher.initDecrypt(key, algParams);
    return Cipher.unPad(cipher.doFinal(encryptedContent.toByteArray()));
}