Java Code Examples for javax.crypto.SecretKey

The following examples show how to use javax.crypto.SecretKey. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
@Test
public void explicitWrappingAlgorithmPkcs2() throws GeneralSecurityException {
    Map<String, String> desc = new HashMap<>();
    desc.put(WrappedRawMaterials.KEY_WRAPPING_ALGORITHM, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
    
    AsymmetricStaticProvider prov = new AsymmetricStaticProvider(encryptionPair, sigPair, desc);
    
    EncryptionMaterials eMat = prov.getEncryptionMaterials(ctx);
    SecretKey encryptionKey = eMat.getEncryptionKey();
    assertThat(encryptionKey, is(not(nullValue())));
    assertEquals(sigPair.getPrivate(), eMat.getSigningKey());
    
    DecryptionMaterials dMat = prov.getDecryptionMaterials(ctx(eMat));
    assertEquals("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", eMat.getMaterialDescription().get(WrappedRawMaterials.KEY_WRAPPING_ALGORITHM));
    assertEquals(encryptionKey, dMat.getDecryptionKey());
    assertEquals(sigPair.getPublic(), dMat.getVerificationKey());
}
 
Example #2
Source Project: ToolsFinal   Author: pengjianbo   File: DES3Coder.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * 加密方法
 * @param src 源数据的字节数组
 * @param password
 * @return
 */
public static byte[] encryptMode(byte[] src, String password) {
    try {
        SecretKey deskey = new SecretKeySpec(build3DesKey(password), Algorithm);    //生成密钥
        Cipher c1 = Cipher.getInstance(Algorithm);    //实例化负责加密/解密的Cipher工具类
        c1.init(Cipher.ENCRYPT_MODE, deskey);    //初始化为加密模式
        return c1.doFinal(src);
    } catch (java.security.NoSuchAlgorithmException e1) {
        e1.printStackTrace();
    } catch (javax.crypto.NoSuchPaddingException e2) {
        e2.printStackTrace();
    } catch (java.lang.Exception e3) {
        e3.printStackTrace();
    }
    return null;
}
 
Example #3
@Test
public void explicitContentKeyLength128() throws GeneralSecurityException {
    Map<String, String> desc = new HashMap<>();
    desc.put(WrappedRawMaterials.CONTENT_KEY_ALGORITHM, "AES/128");
    
    AsymmetricStaticProvider prov = new AsymmetricStaticProvider(encryptionPair, sigPair, desc);
    
    EncryptionMaterials eMat = prov.getEncryptionMaterials(ctx);
    SecretKey encryptionKey = eMat.getEncryptionKey();
    assertThat(encryptionKey, is(not(nullValue())));
    assertEquals(16, encryptionKey.getEncoded().length); // 128 Bits
    assertEquals(sigPair.getPrivate(), eMat.getSigningKey());
    
    DecryptionMaterials dMat = prov.getDecryptionMaterials(ctx(eMat));
    assertEquals("AES", eMat.getMaterialDescription().get(WrappedRawMaterials.CONTENT_KEY_ALGORITHM));
    assertEquals(encryptionKey, dMat.getDecryptionKey());
    assertEquals(sigPair.getPublic(), dMat.getVerificationKey());
}
 
Example #4
Source Project: openjdk-jdk9   Author: AdoptOpenJDK   File: SecretKeyResolver.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Method engineResolveSecretKey
 *
 * @param element
 * @param baseURI
 * @param storage
 * @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
 *
 * @throws KeyResolverException
 */
public SecretKey engineResolveSecretKey(
    Element element, String baseURI, StorageResolver storage
) throws KeyResolverException {
    if (log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
    }

    if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
        String keyName = element.getFirstChild().getNodeValue();
        try {
            Key key = keyStore.getKey(keyName, password);
            if (key instanceof SecretKey) {
                return (SecretKey) key;
            }
        } catch (Exception e) {
            log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
        }
    }

    log.log(java.util.logging.Level.FINE, "I can't");
    return null;
}
 
Example #5
Source Project: weMessage   Author: RomanScott   File: AESCrypto.java    License: GNU Affero General Public License v3.0 6 votes vote down vote up
/**
 * A function that generates password-based AES & HMAC keys. It prints out exceptions but
 * doesn't throw them since none should be encountered. If they are
 * encountered, the return value is null.
 *
 * @param password The password to derive the keys from.
 * @return The AES & HMAC keys.
 * @throws GeneralSecurityException if AES is not implemented on this system,
 *                                  or a suitable RNG is not available
 */
public static SecretKeys generateKeyFromPassword(String password, byte[] salt) throws GeneralSecurityException {
    fixPrng();
    //Get enough random bytes for both the AES key and the HMAC key:
    KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt,
            PBE_ITERATION_COUNT, AES_KEY_LENGTH_BITS + HMAC_KEY_LENGTH_BITS);
    SecretKeyFactory keyFactory = SecretKeyFactory
            .getInstance(PBE_ALGORITHM);
    byte[] keyBytes = keyFactory.generateSecret(keySpec).getEncoded();

    // Split the random bytes into two parts:
    byte[] confidentialityKeyBytes = copyOfRange(keyBytes, 0, AES_KEY_LENGTH_BITS /8);
    byte[] integrityKeyBytes = copyOfRange(keyBytes, AES_KEY_LENGTH_BITS /8, AES_KEY_LENGTH_BITS /8 + HMAC_KEY_LENGTH_BITS /8);

    //Generate the AES key
    SecretKey confidentialityKey = new SecretKeySpec(confidentialityKeyBytes, CIPHER);

    //Generate the HMAC key
    SecretKey integrityKey = new SecretKeySpec(integrityKeyBytes, HMAC_ALGORITHM);

    return new SecretKeys(confidentialityKey, integrityKey);
}
 
Example #6
Source Project: jdk8u60   Author: chenghanpeng   File: TestKeyMaterial.java    License: GNU General Public License v2.0 6 votes vote down vote up
private static void match(int lineNumber, byte[] out, Object res)
        throws Exception {
    if ((out == null) || (res == null)) {
        if (out != res) {
            throw new Exception("null mismatch line " + lineNumber);
        } else {
            return;
        }
    }
    byte[] b;
    if (res instanceof SecretKey) {
        b = ((SecretKey)res).getEncoded();
    } else if (res instanceof IvParameterSpec) {
        b = ((IvParameterSpec)res).getIV();
    } else {
        throw new Exception(res.getClass().getName());
    }
    if (Arrays.equals(out, b) == false) {
        throw new Exception("mismatch line " + lineNumber);
    }
}
 
Example #7
Source Project: protools   Author: SeanDragon   File: ToolMAC.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * HmacSHA384加密
 *
 * @param data
 *         待加密数据
 * @param key
 *         密钥
 *
 * @return byte[] 消息摘要
 *
 * @throws Exception
 */
public static byte[] encodeHmacSHA384(byte[] data, byte[] key)
        throws NoSuchAlgorithmException, InvalidKeyException {

    // 还原密钥
    SecretKey secretKey = new SecretKeySpec(key, "HmacSHA384");

    // 实例化Mac
    Mac mac = Mac.getInstance(secretKey.getAlgorithm());

    // 初始化Mac
    mac.init(secretKey);

    // 执行消息摘要
    return mac.doFinal(data);
}
 
Example #8
Source Project: openjdk-jdk8u-backup   Author: AdoptOpenJDK   File: PBKDF2Core.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Returns a specification (key material) of the given key
 * in the requested format.
 *
 * @param key the key
 *
 * @param keySpec the requested format in which the key material shall be
 * returned
 *
 * @return the underlying key specification (key material) in the
 * requested format
 *
 * @exception InvalidKeySpecException if the requested key
 * specification is inappropriate for the given key, or the
 * given key cannot be processed (e.g., the given key has an
 * unrecognized algorithm or format).
 */
protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
    throws InvalidKeySpecException {
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        // Check if requested key spec is amongst the valid ones
        if ((keySpecCl != null)
            && PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
            javax.crypto.interfaces.PBEKey pKey =
                (javax.crypto.interfaces.PBEKey) key;
            return new PBEKeySpec
                (pKey.getPassword(), pKey.getSalt(),
                 pKey.getIterationCount(), pKey.getEncoded().length*8);
        } else {
            throw new InvalidKeySpecException("Invalid key spec");
        }
    } else {
        throw new InvalidKeySpecException("Invalid key " +
                                           "format/algorithm");
    }
}
 
Example #9
Source Project: openjdk-jdk8u-backup   Author: AdoptOpenJDK   File: Des3DkCrypto.java    License: GNU General Public License v2.0 6 votes vote down vote up
protected Cipher getCipher(byte[] key, byte[] ivec, int mode)
    throws GeneralSecurityException {
    // NoSuchAlgorithException
    SecretKeyFactory factory = SecretKeyFactory.getInstance("desede");

    // InvalidKeyException
    KeySpec spec = new DESedeKeySpec(key, 0);

    // InvalidKeySpecException
    SecretKey secretKey = factory.generateSecret(spec);

    // IV
    if (ivec == null) {
        ivec = ZERO_IV;
    }

    // NoSuchAlgorithmException, NoSuchPaddingException
    // NoSuchProviderException
    Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding");
    IvParameterSpec encIv = new IvParameterSpec(ivec, 0, ivec.length);

    // InvalidKeyException, InvalidAlgorithParameterException
    cipher.init(mode, secretKey, encIv);

    return cipher;
}
 
Example #10
Source Project: gocd   Author: gocd   File: UsageStatisticsControllerV3.java    License: Apache License 2.0 6 votes vote down vote up
public String getEncryptedUsageStatistics(Request request, Response response) throws Exception {
    HttpLocalizedOperationResult result = new HttpLocalizedOperationResult();

    Map<String, Object> body = readRequestBodyAsJSON(request);
    String signature = (String) body.get(SIGNATURE_KEY);
    String publicKey = (String) body.get(SUBORDINATE_PUBLIC_KEY);

    boolean isVerified = verifySignatureAndPublicKey(signature, publicKey, result);

    if (isVerified) {
        SecretKey secretKey = EncryptionHelper.generateAESKey();
        String aesEncryptedData = EncryptionHelper.encryptUsingAES(secretKey, getUsageStatistics(request, response));
        String rsaEncryptedKey = EncryptionHelper.encryptUsingRSA(Base64.getEncoder().encodeToString(secretKey.getEncoded()), publicKey);

        return jsonizeAsTopLevelObject(request, writer -> EncryptedDataRepresenter.toJSON(writer, aesEncryptedData, rsaEncryptedKey));
    }

    return renderHTTPOperationResult(result, request, response);
}
 
Example #11
Source Project: java-trader   Author: zhugf   File: EncryptionUtil.java    License: Apache License 2.0 6 votes vote down vote up
private static Cipher getPBECipher(byte[] salt, int cipherMode) throws Exception
{
    String MYPBEALG = "PBEWithSHA1AndDESede";
    int count = 32;// hash iteration count

    // Create PBE parameter set
    PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, count);
    PBEKeySpec pbeKeySpec = new PBEKeySpec(KEY_PASSWORD);
    SecretKeyFactory keyFac = SecretKeyFactory.getInstance(MYPBEALG);
    SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);

    Cipher pbeCipher = Cipher.getInstance(MYPBEALG);

    // Initialize PBE Cipher with key and parameters
    pbeCipher.init(cipherMode, pbeKey, pbeParamSpec);
    return pbeCipher;
}
 
Example #12
Source Project: openjdk-jdk8u   Author: AdoptOpenJDK   File: DOMHMACSignatureMethod.java    License: GNU General Public License v2.0 6 votes vote down vote up
byte[] sign(Key key, SignedInfo si, XMLSignContext context)
    throws InvalidKeyException, XMLSignatureException
{
    if (key == null || si == null) {
        throw new NullPointerException();
    }
    if (!(key instanceof SecretKey)) {
        throw new InvalidKeyException("key must be SecretKey");
    }
    if (hmac == null) {
        try {
            hmac = Mac.getInstance(getJCAAlgorithm());
        } catch (NoSuchAlgorithmException nsae) {
            throw new XMLSignatureException(nsae);
        }
    }
    if (outputLengthSet && outputLength < getDigestLength()) {
        throw new XMLSignatureException
            ("HMACOutputLength must not be less than " + getDigestLength());
    }
    hmac.init((SecretKey)key);
    ((DOMSignedInfo)si).canonicalize(context, new MacOutputStream(hmac));
    return hmac.doFinal();
}
 
Example #13
Source Project: jdk8u-dev-jdk   Author: frohoff   File: IntegrityHmac.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Method engineInitSign
 *
 * @param secretKey
 * @throws XMLSignatureException
 */
protected void engineInitSign(Key secretKey) throws XMLSignatureException {
    if (!(secretKey instanceof SecretKey)) {
        String supplied = secretKey.getClass().getName();
        String needed = SecretKey.class.getName();
        Object exArgs[] = { supplied, needed };

        throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
    }

    try {
        this.macAlgorithm.init(secretKey);
    } catch (InvalidKeyException ex) {
        throw new XMLSignatureException("empty", ex);
    }
}
 
Example #14
Source Project: android-java-connect-rest-sample   Author: microsoftgraph   File: SensitiveDataPreApi23.java    License: MIT License 6 votes vote down vote up
protected byte[] encrypt(byte[] data) {
    // 16 bytes is the IV size for AES256
    try {
        SecretKey key = loadKey();

        // Random IV
        SecureRandom rng = new SecureRandom();
        byte[] ivBytes = new byte[16];                                                                  // 16 bytes is the IV size for AES256
        rng.nextBytes(ivBytes);

        PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESFastEngine()));
        cipher.init(true, new ParametersWithIV(new KeyParameter(key.getEncoded()), ivBytes));

        byte[] encryptedData = cipherData(cipher, data);
        byte[] encryptedDataWithIV = new byte[encryptedData.length + ivBytes.length];                   // Make room for IV
        System.arraycopy(ivBytes, 0, encryptedDataWithIV, 0, ivBytes.length);                           // Add IV
        System.arraycopy(encryptedData, 0, encryptedDataWithIV, ivBytes.length, encryptedData.length);  // Then the encrypted data
        return encryptedDataWithIV;
    }
    catch(InvalidCipherTextException e) {
        Log.e(TAG, "Can't encrypt data", e);
    }
    return null;
}
 
Example #15
Source Project: Bytecoder   Author: mirkosertic   File: PBKDF2Core.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Returns a specification (key material) of the given key
 * in the requested format.
 *
 * @param key the key
 *
 * @param keySpec the requested format in which the key material shall be
 * returned
 *
 * @return the underlying key specification (key material) in the
 * requested format
 *
 * @exception InvalidKeySpecException if the requested key
 * specification is inappropriate for the given key, or the
 * given key cannot be processed (e.g., the given key has an
 * unrecognized algorithm or format).
 */
protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
    throws InvalidKeySpecException {
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        // Check if requested key spec is amongst the valid ones
        if ((keySpecCl != null)
            && PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
            javax.crypto.interfaces.PBEKey pKey =
                (javax.crypto.interfaces.PBEKey) key;
            return new PBEKeySpec
                (pKey.getPassword(), pKey.getSalt(),
                 pKey.getIterationCount(), pKey.getEncoded().length*8);
        } else {
            throw new InvalidKeySpecException("Invalid key spec");
        }
    } else {
        throw new InvalidKeySpecException("Invalid key " +
                                           "format/algorithm");
    }
}
 
Example #16
Source Project: ranger   Author: apache   File: RangerMasterKey.java    License: Apache License 2.0 6 votes vote down vote up
public SecretKey getMasterSecretKey(String password) throws Throwable {
    if (logger.isDebugEnabled()) {
        logger.debug("==> RangerMasterKey.getMasterSecretKey()");
    }
    logger.info("Getting Master Key");
    List result = getEncryptedMK();
    String encryptedPassString = null;
    byte masterKeyByte[] = null;
    if (CollectionUtils.isNotEmpty(result) && result.size() == 2) {
        masterKeyByte = (byte[]) result.get(0);
        encryptedPassString = (String) result.get(1);
    } else if (CollectionUtils.isNotEmpty(result)) {
        masterKeyByte = (byte[]) result.get(0);
    }
    if (masterKeyByte != null && masterKeyByte.length > 0) {
        if (logger.isDebugEnabled()) {
            logger.debug("<== RangerMasterKey.getMasterSecretKey()");
        }
        return decryptMasterKeySK(masterKeyByte, password, encryptedPassString);
    } else {
        throw new Exception("No Master Key Found");
    }
}
 
Example #17
Source Project: keycloak   Author: keycloak   File: KcinitDriver.java    License: Apache License 2.0 6 votes vote down vote up
public JWE createJWE() {
    String key = getEncryptionKey();
    if (key == null) {
        throw new RuntimeException(KC_SESSION_KEY + " env var not set");
    }
    byte[] aesKey = null;
    try {
        aesKey = Base64.decode(key.getBytes(StandardCharsets.UTF_8));
    } catch (IOException e) {
        throw new RuntimeException("invalid " + KC_SESSION_KEY + "env var");
    }

    JWE jwe = new JWE();
    final SecretKey aesSecret = new SecretKeySpec(aesKey, "AES");
    jwe.getKeyStorage()
            .setDecryptionKey(aesSecret);
    return jwe;
}
 
Example #18
Source Project: OneBlog   Author: zhangyd-c   File: AesUtil.java    License: GNU General Public License v3.0 6 votes vote down vote up
/**
 * 生成加密秘钥
 *
 * @return
 */
private static SecretKeySpec getSecretKey(final String password) throws NoSuchAlgorithmException {
    //返回生成指定算法密钥生成器的 KeyGenerator 对象
    KeyGenerator kg = KeyGenerator.getInstance(KEY_ALGORITHM);
    // javax.crypto.BadPaddingException: Given final block not properly padded解决方案
    // https://www.cnblogs.com/zempty/p/4318902.html - 用此法解决的
    // https://www.cnblogs.com/digdeep/p/5580244.html - 留作参考吧
    SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
    random.setSeed(password.getBytes());
    //AES 要求密钥长度为 128
    kg.init(128, random);

    //生成一个密钥
    SecretKey secretKey = kg.generateKey();
    // 转换为AES专用密钥
    return new SecretKeySpec(secretKey.getEncoded(), KEY_ALGORITHM);
}
 
Example #19
Source Project: hottub   Author: dsrg-uoft   File: PBKDF2TranslateTest.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * The key is generating by SecretKeyFactory and its value just copying
 * in the key field of MySecretKey class. So, this is real key derived
 * using the given algo.
 */
public MyPBKDF2SecretKey(String passPhrase, String algo, byte[] salt1,
        int iterationCount, int keySize)
        throws InvalidKeySpecException, NoSuchAlgorithmException {
    algorithm = algo;
    salt = salt1;
    itereationCount = iterationCount;
    pass = passPhrase;

    PBEKeySpec spec = new PBEKeySpec(passPhrase.toCharArray(), salt,
            iterationCount, keySize);

    SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(algo);

    SecretKey realKey = keyFactory.generateSecret(spec);

    keyLength = realKey.getEncoded().length;

    key = new byte[keyLength];
    System.arraycopy(realKey.getEncoded(), 0, key, 0, keyLength);
}
 
Example #20
Source Project: 365browser   Author: mogoweb   File: WebappAuthenticator.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Generates the authentication encryption key in a background thread (if necessary).
 */
private static void triggerMacKeyGeneration() {
    synchronized (sLock) {
        if (sKey != null || sMacKeyGenerator != null) {
            return;
        }

        sMacKeyGenerator = new FutureTask<SecretKey>(new Callable<SecretKey>() {
            // SecureRandomInitializer addresses the bug in SecureRandom that "TrulyRandom"
            // warns about, so this lint warning can safely be suppressed.
            @SuppressLint("TrulyRandom")
            @Override
            public SecretKey call() throws Exception {
                KeyGenerator generator = KeyGenerator.getInstance(MAC_ALGORITHM_NAME);
                SecureRandom random = new SecureRandom();
                SecureRandomInitializer.initialize(random);
                generator.init(MAC_KEY_BYTE_COUNT * 8, random);
                return generator.generateKey();
            }
        });
        AsyncTask.THREAD_POOL_EXECUTOR.execute(sMacKeyGenerator);
    }
}
 
Example #21
Source Project: AsuraFramework   Author: AsuraTeam   File: DESEncrypt.java    License: Apache License 2.0 6 votes vote down vote up
public static String DESDecrypt(final String ivString, final String keyString, final String content) {
    try {
        if (Check.isNullOrEmpty(content)) {
            return null;
        }
        IvParameterSpec iv = new IvParameterSpec(ivString.getBytes());
        DESKeySpec dks = new DESKeySpec(keyString.getBytes());
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
        SecretKey key = keyFactory.generateSecret(dks);
        Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
        cipher.init(Cipher.DECRYPT_MODE, key, iv);
        byte[] result = cipher.doFinal(hexStr2ByteArr(content));
        return new String(result, "utf-8");
    } catch (Exception e) {
        LOGGER.error("ENCRYPT ERROR:" + e);
    }
    return null;
}
 
Example #22
Source Project: openjavacard-tools   Author: OpenJavaCard   File: GPKey.java    License: GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * Return a SecretKey for a specific cipher
 * <p/>
 * Will coerce the key if required, such as for GENERIC keys.
 * <p/>
 * @param cipher for the new key
 * @return the secret key
 */
public SecretKey getSecretKey(GPKeyCipher cipher) {
    if(!isCompatible(cipher)) {
        throw new UnsupportedOperationException("Cannot use " + mCipher + " key with cipher " + cipher);
    }
    switch (cipher) {
        case DES:
            return new SecretKeySpec(enlarge(mSecret, 8), "DES");
        case DES3:
            return new SecretKeySpec(enlarge(mSecret, 24), "DESede");
        case AES:
            return new SecretKeySpec(mSecret, "AES");
        default:
            throw new IllegalArgumentException("Cannot make secret key for cipher " + cipher);
    }
}
 
Example #23
Source Project: openjdk-jdk9   Author: AdoptOpenJDK   File: PBMacBuffer.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Tests Mac.update(ByteBuffer input) method. Three test cases are
 * performed: - large ByteBuffer test case to test if the update() method
 * process a large ByteBuffer correctly; - empty ByteBuffer test case to
 * test if the update() method process an empty ByteBuffer correctly; - NULL
 * ByteBuffer test case to test if the update() method throws expected
 * IllegalArgumentException exception.
 *
 * @param theMacAlgo PBMAC algorithm to test
 * @param thePBKDF2Algo PBKDF2 algorithm to test
 * @return true - test passed; false - otherwise.
 * @throws NoSuchAlgorithmException
 * @throws InvalidKeyException
 * @throws InvalidKeySpecException
 * @see javax.crypto.Mac
 */
protected boolean doTest(String theMacAlgo, String thePBKDF2Algo)
        throws NoSuchAlgorithmException, InvalidKeyException,
        InvalidKeySpecException {
    // obtain a SecretKey using PBKDF2
    SecretKey key = getSecretKey(thePBKDF2Algo);

    // Instantiate Mac object and init it with a SecretKey
    Mac theMac = Mac.getInstance(theMacAlgo);
    theMac.init(key);

    // Do large ByteBuffer test case
    if (!largeByteBufferTest(theMac)) {
        System.out.println("Large ByteBuffer test case failed.");
        return false;
    }

    // Do empty ByteBuffer test case
    if (!emptyByteBufferTest(theMac)) {
        System.out.println("Empty ByteBuffer test case failed.");
        return false;
    }

    // Do null ByteBuffer test case
    if (!nullByteBufferTest(theMac)) {
        System.out.println("NULL ByteBuffer test case failed.");
        return false;
    }

    return true;
}
 
Example #24
Source Project: hottub   Author: dsrg-uoft   File: TestPremaster.java    License: GNU General Public License v2.0 5 votes vote down vote up
private static void test(KeyGenerator kg,
        int clientVersion, int serverVersion) throws Exception {

    System.out.printf(
            "Testing RSA pre-master secret key generation between " +
            "client (0x%04X) and server(0x%04X)%n",
            clientVersion, serverVersion);
    kg.init(new TlsRsaPremasterSecretParameterSpec(
                                clientVersion, serverVersion));

    SecretKey key = kg.generateKey();
    byte[] encoded = key.getEncoded();
    if (encoded != null) {  // raw key material may be not extractable
        if (encoded.length != 48) {
            throw new Exception("length: " + encoded.length);
        }
        int v = versionOf(encoded[0], encoded[1]);
        if (clientVersion != v) {
            if (serverVersion != v || clientVersion >= 0x0302) {
                throw new Exception(String.format(
                    "version mismatch: (0x%04X) rather than (0x%04X) " +
                    "is used in pre-master secret", v, clientVersion));
            }
            System.out.printf("Use compatible version (0x%04X)%n", v);
        }
        System.out.println("Passed, version matches!");
   } else {
        System.out.println("Raw key material is not extractable");
   }
}
 
Example #25
Source Project: ID-SDK   Author: 4iot-dev   File: Util.java    License: Apache License 2.0 5 votes vote down vote up
public static byte[] doPBKDF2(byte[] password, byte[] salt, int iterations, int length)
		throws NoSuchAlgorithmException, InvalidKeySpecException {
	SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
	char[] charPassword = new char[password.length];
	for (int i = 0; i < password.length; i++) {
		charPassword[i] = (char) (password[i] & 0xFF);
	}
	KeySpec spec = new PBEKeySpec(charPassword, salt, iterations, length);
	SecretKey tmp = factory.generateSecret(spec);
	return tmp.getEncoded();
}
 
Example #26
Source Project: dragonwell8_jdk   Author: alibaba   File: TextPKCS5PaddingTest.java    License: GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    Provider provider = Security.getProvider("SunJCE");
    if (provider == null) {
        throw new RuntimeException("SunJCE provider not exist");
    }
    // generate no-padding cipher with secret key
    Cipher c = Cipher.getInstance("DES/CBC/NoPadding", provider);
    KeyGenerator kgen = KeyGenerator.getInstance("DES", provider);
    SecretKey skey = kgen.generateKey();
    // this is the improperly padded plaintext

    c.init(Cipher.ENCRYPT_MODE, skey);
    // encrypt plaintext
    byte[] cipher = c.doFinal(PLAIN_TEXT);
    AlgorithmParameters params = c.getParameters();
    // generate cipher that enforces PKCS5 padding
    c = Cipher.getInstance("DES/CBC/PKCS5Padding", provider);
    c.init(Cipher.DECRYPT_MODE, skey, params);
    try {
        c.doFinal(cipher);
        throw new RuntimeException(
                "ERROR: Expected BadPaddingException not thrown");
    } catch (BadPaddingException expected) {
        out.println("Expected BadPaddingException thrown");
    }

}
 
Example #27
Source Project: openjdk-8-source   Author: keerath   File: CipherStreamClose.java    License: GNU General Public License v2.0 5 votes vote down vote up
public static Object streamDecrypt(byte[] data, SecretKey key,
    MessageDigest digest) throws Exception {

    Cipher decCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
    decCipher.init(Cipher.DECRYPT_MODE, key);
    digest.reset();
    try (ByteArrayInputStream bis = new ByteArrayInputStream(data);
        DigestInputStream dis = new DigestInputStream(bis, digest);
        CipherInputStream cis = new CipherInputStream(dis, decCipher)) {

        try (ObjectInputStream ois = new ObjectInputStream(cis)) {
            return ois.readObject();
        }
    }
}
 
Example #28
Source Project: FATE-Serving   Author: FederatedAI   File: EncryptUtils.java    License: Apache License 2.0 5 votes vote down vote up
public static byte[] hmacSha1Encrypt(String encryptText, String encryptKey) throws Exception {
    byte[] data = encryptKey.getBytes(UTF8);
    SecretKey secretKey = new SecretKeySpec(data, HMAC_SHA1);
    Mac mac = Mac.getInstance(HMAC_SHA1);
    mac.init(secretKey);

    byte[] text = encryptText.getBytes(UTF8);
    return mac.doFinal(text);
}
 
Example #29
Source Project: keycloak   Author: keycloak   File: JWETest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void externalJweAes128CbcHmacSha256Test() throws JWEException {
    String externalJwe = "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..qysUrI1iVtiG4Z4jyr7XXg.apdNSQhR7WDMg6IHf5aLVI0gGp6JuOHYmIUtflns4WHmyxOOnh_GShLI6DWaK_SiywTV5gZvZYtl8H8Iv5fTfLkc4tiDDjbdtmsOP7tqyRxVh069gU5UvEAgmCXbIKALutgYXcYe2WM4E6BIHPTSt8jXdkktFcm7XHiD7mpakZyjXsG8p3XVkQJ72WbJI_t6.Ks6gHeko7BRTZ4CFs5ijRA";
    System.out.println("External encoded content length: " + externalJwe.length());

    final SecretKey aesKey = new SecretKeySpec(AES_128_KEY, "AES");
    final SecretKey hmacKey = new SecretKeySpec(HMAC_SHA256_KEY, "HMACSHA2");

    JWE jwe = new JWE();
    jwe.getKeyStorage()
            .setCEKKey(aesKey, JWEKeyStorage.KeyUse.ENCRYPTION)
            .setCEKKey(hmacKey, JWEKeyStorage.KeyUse.SIGNATURE);

    jwe.verifyAndDecodeJwe(externalJwe);

    String decodedContent = new String(jwe.getContent(), StandardCharsets.UTF_8);

    Assert.assertEquals(PAYLOAD, decodedContent);
}
 
Example #30
Source Project: openemm   Author: agnitas-org   File: ProfileFieldEncryptor.java    License: GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * Creates a cipher according to given arguments and configuration.
 * 
 * @param mode encryption or decryption mode
 * 
 * @return initialized {@link Cipher}
 * @throws Exception 
 */
private Cipher createCipher(int mode) throws Exception {
	SecretKey key = new SecretKeySpec(this.keyProvider.getEncryptionKey(), "DES");
	
	IvParameterSpec ivectorSpecv = new IvParameterSpec(keyProvider.getEncryptionKey());
	
	Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
	cipher.init(mode, key, ivectorSpecv);
	
	return cipher;
}