Java Code Examples for javax.crypto.KeyAgreement#init()
The following examples show how to use
javax.crypto.KeyAgreement#init() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DhTest.java From wycheproof with Apache License 2.0 | 7 votes |
|
/** Check that key agreement using DH works. */
@SuppressWarnings("InsecureCryptoUsage")
@Test
public void testDh() throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
DHParameterSpec dhparams = ike2048();
keyGen.initialize(dhparams);
KeyPair keyPairA = keyGen.generateKeyPair();
KeyPair keyPairB = keyGen.generateKeyPair();
KeyAgreement kaA = KeyAgreement.getInstance("DH");
KeyAgreement kaB = KeyAgreement.getInstance("DH");
kaA.init(keyPairA.getPrivate());
kaB.init(keyPairB.getPrivate());
kaA.doPhase(keyPairB.getPublic(), true);
kaB.doPhase(keyPairA.getPublic(), true);
byte[] kAB = kaA.generateSecret();
byte[] kBA = kaB.generateSecret();
assertEquals(TestUtil.bytesToHex(kAB), TestUtil.bytesToHex(kBA));
}
Example 2
| Source File: TestDH.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1,
KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception {
SecretKey key1;
ka1.init(kp1.getPrivate());
ka1.doPhase(kp2.getPublic(), true);
System.out.println("Derive " + algorithm + " using SunJCE...");
key1 = ka1.generateSecret(algorithm);
ka2.init(kp1.getPrivate());
ka2.doPhase(kp2.getPublic(), true);
System.out.println("Derive " + algorithm + " using PKCS#11...");
SecretKey key2 = ka2.generateSecret(algorithm);
byte[] b1 = key1.getEncoded();
byte[] b2 = key2.getEncoded();
if (Arrays.equals(b1, b2) == false) {
System.out.println(b1.length + " bytes: " + toString(b1));
System.out.println(b2.length + " bytes: " + toString(b2));
throw new Exception(algorithm + " secret mismatch");
}
}
Example 3
| Source File: TestECDH2.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
private static void testKeyAgreement(KeyPair kpA, KeyPair kpB, Provider p)
throws Exception {
KeyAgreement ka1 = KeyAgreement.getInstance("ECDH", p);
ka1.init(kpA.getPrivate());
ka1.doPhase(kpB.getPublic(), true);
byte[] s1 = ka1.generateSecret();
KeyAgreement ka2 = KeyAgreement.getInstance("ECDH", p);
ka2.init(kpB.getPrivate());
ka2.doPhase(kpA.getPublic(), true);
byte[] s2 = ka2.generateSecret();
if (Arrays.equals(s1, s2) == false) {
System.out.println("expected: " + toString(s1));
System.out.println("actual: " + toString(s2));
throw new Exception("Generated secrets do not match");
}
}
Example 4
| Source File: KAKeyDerivation.java From Bytecoder with Apache License 2.0 | 6 votes |
|
/**
* Handle the TLSv1-1.2 objects, which don't use the HKDF algorithms.
*/
private SecretKey t12DeriveKey(String algorithm,
AlgorithmParameterSpec params) throws IOException {
try {
KeyAgreement ka = KeyAgreement.getInstance(algorithmName);
ka.init(localPrivateKey);
ka.doPhase(peerPublicKey, true);
SecretKey preMasterSecret
= ka.generateSecret("TlsPremasterSecret");
SSLMasterKeyDerivation mskd
= SSLMasterKeyDerivation.valueOf(
context.negotiatedProtocol);
if (mskd == null) {
// unlikely
throw new SSLHandshakeException(
"No expected master key derivation for protocol: "
+ context.negotiatedProtocol.name);
}
SSLKeyDerivation kd = mskd.createKeyDerivation(
context, preMasterSecret);
return kd.deriveKey("MasterSecret", params);
} catch (GeneralSecurityException gse) {
throw (SSLHandshakeException) new SSLHandshakeException(
"Could not generate secret").initCause(gse);
}
}
Example 5
| Source File: EcdhKeyAgreementAlgorithm.java From Jose4j with Apache License 2.0 | 6 votes |
|
private byte[] generateEcdhSecret(PrivateKey privateKey, PublicKey publicKey, ProviderContext providerContext) throws JoseException
{
String keyAgreementProvider = providerContext.getSuppliedKeyProviderContext().getKeyAgreementProvider();
KeyAgreement keyAgreement = getKeyAgreement(keyAgreementProvider);
try
{
keyAgreement.init(privateKey);
keyAgreement.doPhase(publicKey, true);
}
catch (java.security.InvalidKeyException e)
{
throw new InvalidKeyException("Invalid Key for " + getJavaAlgorithm() + " key agreement." ,e);
}
return keyAgreement.generateSecret();
}
Example 6
| Source File: ECDHCrypt.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
SecretKey getAgreedSecret(
PublicKey peerPublicKey) throws SSLHandshakeException {
try {
KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
ka.init(privateKey);
ka.doPhase(peerPublicKey, true);
return ka.generateSecret("TlsPremasterSecret");
} catch (GeneralSecurityException e) {
throw (SSLHandshakeException) new SSLHandshakeException(
"Could not generate secret").initCause(e);
}
}
Example 7
| Source File: DHCrypt.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
/**
* Get the secret data that has been agreed on through Diffie-Hellman
* key agreement protocol. Note that in the two party protocol, if
* the peer keys are already known, no other data needs to be sent in
* order to agree on a secret. That is, a secured message may be
* sent without any mandatory round-trip overheads.
*
* <P>It is illegal to call this member function if the private key
* has not been set (or generated).
*
* @param peerPublicKey the peer's public key.
* @param keyIsValidated whether the {@code peerPublicKey} has beed
* validated
* @return the secret, which is an unsigned big-endian integer
* the same size as the Diffie-Hellman modulus.
*/
SecretKey getAgreedSecret(BigInteger peerPublicValue,
boolean keyIsValidated) throws SSLHandshakeException {
try {
KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
DHPublicKeySpec spec =
new DHPublicKeySpec(peerPublicValue, modulus, base);
PublicKey publicKey = kf.generatePublic(spec);
KeyAgreement ka = JsseJce.getKeyAgreement("DiffieHellman");
// validate the Diffie-Hellman public key
if (!keyIsValidated &&
!KeyUtil.isOracleJCEProvider(ka.getProvider().getName())) {
try {
KeyUtil.validate(spec);
} catch (InvalidKeyException ike) {
// prefer handshake_failure alert to internal_error alert
throw new SSLHandshakeException(ike.getMessage());
}
}
ka.init(privateKey);
ka.doPhase(publicKey, true);
return ka.generateSecret("TlsPremasterSecret");
} catch (GeneralSecurityException e) {
throw (SSLHandshakeException) new SSLHandshakeException(
"Could not generate secret").initCause(e);
}
}
Example 8
| Source File: Crypto.java From webauthndemo with Apache License 2.0 | 5 votes |
|
public static byte[] getS(PrivateKey privateKey, byte[] publicKey) {
try {
KeyAgreement agreement = KeyAgreement.getInstance("ECDH");
agreement.init(privateKey);
agreement.doPhase(decodePublicKey(publicKey), true);
return agreement.generateSecret();
} catch (NoSuchAlgorithmException | InvalidKeyException | IllegalStateException
| WebAuthnException e) {
throw new RuntimeException(e);
}
}
Example 9
| Source File: ValueLinkApi.java From scipio-erp with Apache License 2.0 | 5 votes |
|
/**
* Generate a key exchange key for use in encrypting the mwk
* @param privateKey The private key for the merchant
* @return byte array containing the kek
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
* @throws InvalidKeyException
*/
public byte[] generateKek(PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException {
// get the ValueLink public key
PublicKey vlPublic = this.getValueLinkPublicKey();
// generate shared secret key
KeyAgreement ka = KeyAgreement.getInstance("DH");
ka.init(privateKey);
ka.doPhase(vlPublic, true);
byte[] secretKey = ka.generateSecret();
if (debug) {
Debug.logInfo("Secret Key : " + StringUtil.toHexString(secretKey) + " / " + secretKey.length, module);
}
// generate 3DES from secret key using VL algorithm (KEK)
MessageDigest md = MessageDigest.getInstance("SHA1");
byte[] digest = md.digest(secretKey);
byte[] des2 = getByteRange(digest, 0, 16);
byte[] first8 = getByteRange(des2, 0, 8);
byte[] kek = copyBytes(des2, first8, 0);
if (debug) {
Debug.logInfo("Generated KEK : " + StringUtil.toHexString(kek) + " / " + kek.length, module);
}
return kek;
}
Example 10
| Source File: ECDHCrypt.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
SecretKey getAgreedSecret(
PublicKey peerPublicKey) throws SSLHandshakeException {
try {
KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
ka.init(privateKey);
ka.doPhase(peerPublicKey, true);
return ka.generateSecret("TlsPremasterSecret");
} catch (GeneralSecurityException e) {
throw (SSLHandshakeException) new SSLHandshakeException(
"Could not generate secret").initCause(e);
}
}
Example 11
| Source File: ECDHCrypt.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
SecretKey getAgreedSecret(
PublicKey peerPublicKey) throws SSLHandshakeException {
try {
KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
ka.init(privateKey);
ka.doPhase(peerPublicKey, true);
return ka.generateSecret("TlsPremasterSecret");
} catch (GeneralSecurityException e) {
throw (SSLHandshakeException) new SSLHandshakeException(
"Could not generate secret").initCause(e);
}
}
Example 12
| Source File: ECDHCrypt.java From hottub with GNU General Public License v2.0 | 5 votes |
|
SecretKey getAgreedSecret(
PublicKey peerPublicKey) throws SSLHandshakeException {
try {
KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
ka.init(privateKey);
ka.doPhase(peerPublicKey, true);
return ka.generateSecret("TlsPremasterSecret");
} catch (GeneralSecurityException e) {
throw (SSLHandshakeException) new SSLHandshakeException(
"Could not generate secret").initCause(e);
}
}
Example 13
| Source File: HandShake.java From gemfirexd-oss with Apache License 2.0 | 5 votes |
|
static public byte[] encryptBytes(byte[] data,String dhSKAlgo, PublicKey publicKey)
throws Exception{
try {
KeyAgreement ka = KeyAgreement.getInstance("DH");
ka.init(dhPrivateKey);
ka.doPhase(publicKey, true);
Cipher encrypt;
int keysize = getKeySize(dhSKAlgo);
int blocksize = getBlockSize(dhSKAlgo);
if (keysize == -1 || blocksize == -1) {
SecretKey sKey = ka.generateSecret(dhSKAlgo);
encrypt = Cipher.getInstance(dhSKAlgo);
encrypt.init(Cipher.ENCRYPT_MODE, sKey);
}
else {
String dhAlgoStr = getDhAlgoStr(dhSKAlgo);
byte[] sKeyBytes = ka.generateSecret();
SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, dhAlgoStr);
IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
encrypt = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
encrypt.init(Cipher.ENCRYPT_MODE, sks, ivps);
}
byte[] encBytes = encrypt.doFinal(data);
return encBytes;
} catch (Exception ex) {
throw ex;
}
}
Example 14
| Source File: DHCrypt.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Get the secret data that has been agreed on through Diffie-Hellman
* key agreement protocol. Note that in the two party protocol, if
* the peer keys are already known, no other data needs to be sent in
* order to agree on a secret. That is, a secured message may be
* sent without any mandatory round-trip overheads.
*
* <P>It is illegal to call this member function if the private key
* has not been set (or generated).
*
* @param peerPublicKey the peer's public key.
* @param keyIsValidated whether the {@code peerPublicKey} has beed
* validated
* @return the secret, which is an unsigned big-endian integer
* the same size as the Diffie-Hellman modulus.
*/
SecretKey getAgreedSecret(BigInteger peerPublicValue,
boolean keyIsValidated) throws SSLHandshakeException {
try {
KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
DHPublicKeySpec spec =
new DHPublicKeySpec(peerPublicValue, modulus, base);
PublicKey publicKey = kf.generatePublic(spec);
KeyAgreement ka = JsseJce.getKeyAgreement("DiffieHellman");
// validate the Diffie-Hellman public key
if (!keyIsValidated &&
!KeyUtil.isOracleJCEProvider(ka.getProvider().getName())) {
try {
KeyUtil.validate(spec);
} catch (InvalidKeyException ike) {
// prefer handshake_failure alert to internal_error alert
throw new SSLHandshakeException(ike.getMessage());
}
}
ka.init(privateKey);
ka.doPhase(publicKey, true);
return ka.generateSecret("TlsPremasterSecret");
} catch (GeneralSecurityException e) {
throw (SSLHandshakeException) new SSLHandshakeException(
"Could not generate secret").initCause(e);
}
}
Example 15
| Source File: DHCrypt.java From hottub with GNU General Public License v2.0 | 5 votes |
|
/**
* Get the secret data that has been agreed on through Diffie-Hellman
* key agreement protocol. Note that in the two party protocol, if
* the peer keys are already known, no other data needs to be sent in
* order to agree on a secret. That is, a secured message may be
* sent without any mandatory round-trip overheads.
*
* <P>It is illegal to call this member function if the private key
* has not been set (or generated).
*
* @param peerPublicKey the peer's public key.
* @param keyIsValidated whether the {@code peerPublicKey} has beed
* validated
* @return the secret, which is an unsigned big-endian integer
* the same size as the Diffie-Hellman modulus.
*/
SecretKey getAgreedSecret(BigInteger peerPublicValue,
boolean keyIsValidated) throws SSLHandshakeException {
try {
KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
DHPublicKeySpec spec =
new DHPublicKeySpec(peerPublicValue, modulus, base);
PublicKey publicKey = kf.generatePublic(spec);
KeyAgreement ka = JsseJce.getKeyAgreement("DiffieHellman");
// validate the Diffie-Hellman public key
if (!keyIsValidated &&
!KeyUtil.isOracleJCEProvider(ka.getProvider().getName())) {
try {
KeyUtil.validate(spec);
} catch (InvalidKeyException ike) {
// prefer handshake_failure alert to internal_error alert
throw new SSLHandshakeException(ike.getMessage());
}
}
ka.init(privateKey);
ka.doPhase(publicKey, true);
return ka.generateSecret("TlsPremasterSecret");
} catch (GeneralSecurityException e) {
throw (SSLHandshakeException) new SSLHandshakeException(
"Could not generate secret").initCause(e);
}
}
Example 16
| Source File: ECDHKeyExchange.java From Bytecoder with Apache License 2.0 | 5 votes |
|
SecretKey getAgreedSecret(
PublicKey peerPublicKey) throws SSLHandshakeException {
try {
KeyAgreement ka = KeyAgreement.getInstance("ECDH");
ka.init(privateKey);
ka.doPhase(peerPublicKey, true);
return ka.generateSecret("TlsPremasterSecret");
} catch (GeneralSecurityException e) {
throw (SSLHandshakeException) new SSLHandshakeException(
"Could not generate secret").initCause(e);
}
}
Example 17
| Source File: ECDHKeyExchange.java From openjsse with GNU General Public License v2.0 | 5 votes |
|
SecretKey getAgreedSecret(
PublicKey peerPublicKey) throws SSLHandshakeException {
try {
KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
ka.init(privateKey);
ka.doPhase(peerPublicKey, true);
return ka.generateSecret("TlsPremasterSecret");
} catch (GeneralSecurityException e) {
throw (SSLHandshakeException) new SSLHandshakeException(
"Could not generate secret").initCause(e);
}
}
Example 18
| Source File: DHCrypt.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Get the secret data that has been agreed on through Diffie-Hellman
* key agreement protocol. Note that in the two party protocol, if
* the peer keys are already known, no other data needs to be sent in
* order to agree on a secret. That is, a secured message may be
* sent without any mandatory round-trip overheads.
*
* <P>It is illegal to call this member function if the private key
* has not been set (or generated).
*
* @param peerPublicKey the peer's public key.
* @param keyIsValidated whether the {@code peerPublicKey} has beed
* validated
* @return the secret, which is an unsigned big-endian integer
* the same size as the Diffie-Hellman modulus.
*/
SecretKey getAgreedSecret(BigInteger peerPublicValue,
boolean keyIsValidated) throws IOException {
try {
KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
DHPublicKeySpec spec =
new DHPublicKeySpec(peerPublicValue, modulus, base);
PublicKey publicKey = kf.generatePublic(spec);
KeyAgreement ka = JsseJce.getKeyAgreement("DiffieHellman");
// validate the Diffie-Hellman public key
if (!keyIsValidated &&
!KeyUtil.isOracleJCEProvider(ka.getProvider().getName())) {
try {
KeyUtil.validate(spec);
} catch (InvalidKeyException ike) {
// prefer handshake_failure alert to internal_error alert
throw new SSLHandshakeException(ike.getMessage());
}
}
ka.init(privateKey);
ka.doPhase(publicKey, true);
return ka.generateSecret("TlsPremasterSecret");
} catch (GeneralSecurityException e) {
throw new RuntimeException("Could not generate secret", e);
}
}
Example 19
| Source File: TestInterop.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
@Override
public void main(Provider prov) throws Exception {
if (prov.getService("KeyAgreement", "DH") == null) {
System.out.println("DH not supported, skipping");
return;
}
try {
System.out.println("testing generateSecret()");
DHPublicKeySpec publicSpec;
DHPrivateKeySpec privateSpec;
KeyFactory kf = KeyFactory.getInstance("DH");
KeyAgreement ka = KeyAgreement.getInstance("DH", prov);
KeyAgreement kbSunJCE = KeyAgreement.getInstance("DH", "SunJCE");
DHPrivateKeySpec privSpecA = new DHPrivateKeySpec(xa, p, g);
DHPublicKeySpec pubSpecA = new DHPublicKeySpec(ya, p, g);
PrivateKey privA = kf.generatePrivate(privSpecA);
PublicKey pubA = kf.generatePublic(pubSpecA);
DHPrivateKeySpec privSpecB = new DHPrivateKeySpec(xb, p, g);
DHPublicKeySpec pubSpecB = new DHPublicKeySpec(yb, p, g);
PrivateKey privB = kf.generatePrivate(privSpecB);
PublicKey pubB = kf.generatePublic(pubSpecB);
ka.init(privA);
ka.doPhase(pubB, true);
byte[] n1 = ka.generateSecret();
kbSunJCE.init(privB);
kbSunJCE.doPhase(pubA, true);
byte[] n2 = kbSunJCE.generateSecret();
if (Arrays.equals(n1, n2) == false) {
throw new Exception("values mismatch!");
} else {
System.out.println("values: same");
}
System.out.println("testing generateSecret(byte[], int)");
byte[] n3 = new byte[n1.length];
ka.init(privB);
ka.doPhase(pubA, true);
int n3Len = ka.generateSecret(n3, 0);
if (n3Len != n3.length) {
throw new Exception("PKCS11 Length mismatch!");
} else System.out.println("PKCS11 Length: ok");
byte[] n4 = new byte[n2.length];
kbSunJCE.init(privA);
kbSunJCE.doPhase(pubB, true);
int n4Len = kbSunJCE.generateSecret(n4, 0);
if (n4Len != n4.length) {
throw new Exception("SunJCE Length mismatch!");
} else System.out.println("SunJCE Length: ok");
if (Arrays.equals(n3, n4) == false) {
throw new Exception("values mismatch! ");
} else {
System.out.println("values: same");
}
} catch (Exception ex) {
System.out.println("Unexpected ex: " + ex);
ex.printStackTrace();
throw ex;
}
}
Example 20
| Source File: TestShort.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
@Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyAgreement", "DH") == null) {
System.out.println("DH not supported, skipping");
return;
}
try {
DHPublicKeySpec publicSpec;
DHPrivateKeySpec privateSpec;
KeyFactory kf = KeyFactory.getInstance("DH", provider);
KeyAgreement ka = KeyAgreement.getInstance("DH", provider);
PrivateKey pr1 = kf.generatePrivate(new DHPrivateKeySpec(x1, p, g));
PublicKey pu2 = kf.generatePublic(new DHPublicKeySpec(y2, p, g));
PublicKey pu3 = kf.generatePublic(new DHPublicKeySpec(y3, p, g));
ka.init(pr1);
ka.doPhase(pu2, true);
byte[] n2 = ka.generateSecret();
if (Arrays.equals(s2, n2) == false) {
throw new Exception("mismatch 2");
}
System.out.println("short ok");
ka.init(pr1);
ka.doPhase(pu3, true);
byte[] n3 = ka.generateSecret();
if (Arrays.equals(s3, n3) == false) {
throw new Exception("mismatch 3");
}
System.out.println("normal ok");
} catch (Exception ex) {
System.out.println("Unexpected Exception: " + ex);
ex.printStackTrace();
throw ex;
}
/*
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", provider);
kpg.initialize(512);
// KeyPair kp1 = kpg.generateKeyPair();
// System.out.println(kp1.getPublic());
// System.out.println(kp1.getPrivate());
while (true) {
KeyAgreement ka = KeyAgreement.getInstance("DH", provider);
ka.init(pr1);
KeyPair kp2 = kpg.generateKeyPair();
ka.doPhase(kp2.getPublic(), true);
byte[] sec = ka.generateSecret();
if (sec.length == 64) {
System.out.println(kp2.getPrivate());
System.out.println(kp2.getPublic());
System.out.println(toString(sec));
break;
}
}
/**/
}
