Java Code Examples for com.amazonaws.encryptionsdk.CryptoAlgorithm#getDataKeyAlgo()

The following examples show how to use com.amazonaws.encryptionsdk.CryptoAlgorithm#getDataKeyAlgo() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: KmsMasterKey.java    From aws-encryption-sdk-java with Apache License 2.0 6 votes vote down vote up 
@Override
public DataKey<KmsMasterKey> generateDataKey(final CryptoAlgorithm algorithm,
        final Map<String, String> encryptionContext) {
    final GenerateDataKeyResult gdkResult = kms_.get().generateDataKey(updateUserAgent(
            new GenerateDataKeyRequest()
                    .withKeyId(getKeyId())
                    .withNumberOfBytes(algorithm.getDataKeyLength())
                    .withEncryptionContext(encryptionContext)
                    .withGrantTokens(grantTokens_)
    ));
    final byte[] rawKey = new byte[algorithm.getDataKeyLength()];
    gdkResult.getPlaintext().get(rawKey);
    if (gdkResult.getPlaintext().remaining() > 0) {
        throw new IllegalStateException("Recieved an unexpected number of bytes from KMS");
    }
    final byte[] encryptedKey = new byte[gdkResult.getCiphertextBlob().remaining()];
    gdkResult.getCiphertextBlob().get(encryptedKey);

    final SecretKeySpec key = new SecretKeySpec(rawKey, algorithm.getDataKeyAlgo());
    return new DataKey<>(key, encryptedKey, gdkResult.getKeyId().getBytes(StandardCharsets.UTF_8), this);
}
Example 2
Source File: JceMasterKey.java    From aws-encryption-sdk-java with Apache License 2.0 6 votes vote down vote up 
@Override
public DataKey<JceMasterKey> decryptDataKey(final CryptoAlgorithm algorithm,
        final Collection<? extends EncryptedDataKey> encryptedDataKeys,
        final Map<String, String> encryptionContext)
        throws UnsupportedProviderException, AwsCryptoException {
    final List<Exception> exceptions = new ArrayList<>();
    // Find an encrypted key who's provider and info match us
    for (final EncryptedDataKey edk : encryptedDataKeys) {
        try {
            if (edk.getProviderId().equals(getProviderId())
                    && Utils.arrayPrefixEquals(edk.getProviderInformation(), keyIdBytes_, keyIdBytes_.length)) {
                final byte[] decryptedKey = jceKeyCipher_.decryptKey(edk, keyId_, encryptionContext);

                // Validate that the decrypted key length is as expected
                if (decryptedKey.length == algorithm.getDataKeyLength()) {
                    return new DataKey<>(new SecretKeySpec(decryptedKey, algorithm.getDataKeyAlgo()),
                            edk.getEncryptedDataKey(), edk.getProviderInformation(), this);
                }
            }
        } catch (final Exception ex) {
            exceptions.add(ex);
        }
    }
    throw buildCannotDecryptDksException(exceptions);
}
Example 3
Source File: StaticMasterKey.java    From aws-encryption-sdk-java with Apache License 2.0 6 votes vote down vote up 
@Override
public DataKey<StaticMasterKey> decryptDataKey(CryptoAlgorithm algorithm,
        Collection<? extends EncryptedDataKey> encryptedDataKeys,
        Map<String, String> encryptionContext)
        throws UnsupportedProviderException, AwsCryptoException {
    try {
        for (EncryptedDataKey edk :encryptedDataKeys) {
            if (keyId_.equals(new String(edk.getProviderInformation(), StandardCharsets.UTF_8))) {
                byte[] unencryptedDataKey = masterKeyDecryptionCipher_.doFinal(edk.getEncryptedDataKey());
                SecretKey key = new SecretKeySpec(unencryptedDataKey, algorithm.getDataKeyAlgo());
                return new DataKey<>(key, edk.getEncryptedDataKey(), edk.getProviderInformation(), this);
            }
        }
    } catch (GeneralSecurityException ex) {
        throw new RuntimeException(ex);
    }
    return null;
}
Example 4
Source File: KmsMasterKey.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up 
@Override
public DataKey<KmsMasterKey> decryptDataKey(final CryptoAlgorithm algorithm,
        final Collection<? extends EncryptedDataKey> encryptedDataKeys,
        final Map<String, String> encryptionContext)
        throws UnsupportedProviderException, AwsCryptoException {
    final List<Exception> exceptions = new ArrayList<>();
    for (final EncryptedDataKey edk : encryptedDataKeys) {
        try {
            final DecryptResult decryptResult = kms_.get().decrypt(updateUserAgent(
                    new DecryptRequest()
                            .withCiphertextBlob(ByteBuffer.wrap(edk.getEncryptedDataKey()))
                            .withEncryptionContext(encryptionContext)
                            .withGrantTokens(grantTokens_)));
            if (decryptResult.getKeyId().equals(id_)) {
                final byte[] rawKey = new byte[algorithm.getDataKeyLength()];
                decryptResult.getPlaintext().get(rawKey);
                if (decryptResult.getPlaintext().remaining() > 0) {
                    throw new IllegalStateException("Received an unexpected number of bytes from KMS");
                }
                return new DataKey<>(
                        new SecretKeySpec(rawKey, algorithm.getDataKeyAlgo()),
                        edk.getEncryptedDataKey(),
                        edk.getProviderInformation(), this);
            }
        } catch (final AmazonServiceException awsex) {
            exceptions.add(awsex);
        }
    }

    throw buildCannotDecryptDksException(exceptions);
}
Example 5
Source File: JceMasterKey.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up 
@Override
public DataKey<JceMasterKey> generateDataKey(final CryptoAlgorithm algorithm,
        final Map<String, String> encryptionContext) {
    final byte[] rawKey = new byte[algorithm.getDataKeyLength()];
    Utils.getSecureRandom().nextBytes(rawKey);
    EncryptedDataKey encryptedDataKey = jceKeyCipher_.encryptKey(rawKey, keyId_, providerName_, encryptionContext);
    return new DataKey<>(new SecretKeySpec(rawKey, algorithm.getDataKeyAlgo()),
            encryptedDataKey.getEncryptedDataKey(), encryptedDataKey.getProviderInformation(), this);
}
Example 6
Source File: StaticMasterKey.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up 
@Override
public DataKey<StaticMasterKey> generateDataKey(CryptoAlgorithm algorithm,
        Map<String, String> encryptionContext) {
    try {
        this.keyGenerator_ = KeyGenerator.getInstance(DATA_KEY_ENCRYPTION_ALGORITHM);
        this.keyGenerator_.init(algorithm.getDataKeyLength() * 8, SRAND);
        SecretKey key = new SecretKeySpec(keyGenerator_.generateKey().getEncoded(), algorithm.getDataKeyAlgo());
        byte[] encryptedKey = masterKeyEncryptionCipher_.doFinal(key.getEncoded());
        return new DataKey<>(key, encryptedKey, keyId_.getBytes(StandardCharsets.UTF_8), this);
    } catch (GeneralSecurityException ex) {
        throw new RuntimeException(ex);
    }
}
Example 7
Source File: StaticMasterKey.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up 
@Override
public DataKey<StaticMasterKey> encryptDataKey(CryptoAlgorithm algorithm,
        Map<String, String> encryptionContext, DataKey<?> dataKey) {
    try {
        byte[] unencryptedKey = dataKey.getKey().getEncoded();
        byte[] encryptedKey = masterKeyEncryptionCipher_.doFinal(unencryptedKey);
        SecretKey newKey = new SecretKeySpec(dataKey.getKey().getEncoded(), algorithm.getDataKeyAlgo());
        return new DataKey<>(newKey, encryptedKey, keyId_.getBytes(StandardCharsets.UTF_8), this);
    } catch (GeneralSecurityException ex) {
        throw new RuntimeException(ex);
    }
}