javax.crypto.Cipher Scala Examples
The following examples show how to use javax.crypto.Cipher.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
Example 1
| Source File: Enigma.scala From matcher with MIT License | 6 votes |
|
package com.wavesplatform.dex.crypto
import java.nio.charset.StandardCharsets
import java.security.NoSuchAlgorithmException
import java.security.spec.InvalidKeySpecException
import javax.crypto.spec.{PBEKeySpec, SecretKeySpec}
import javax.crypto.{Cipher, SecretKeyFactory}
import scala.util.control.NonFatal
object Enigma {
private[this] val KeySalt = "0495c728-1614-41f6-8ac3-966c22b4a62d".getBytes(StandardCharsets.UTF_8)
private[this] val AES = "AES"
private[this] val Algorithm = AES + "/ECB/PKCS5Padding"
private[this] val HashingIterations = 999999
private[this] val KeySizeBits = 128
def hashPassword(password: Array[Char],
salt: Array[Byte],
iterations: Int = HashingIterations,
keyLength: Int = KeySizeBits,
hashingAlgorithm: String = "PBKDF2WithHmacSHA512"): Array[Byte] =
try {
val keyFactory = SecretKeyFactory.getInstance(hashingAlgorithm)
val keySpec = new PBEKeySpec(password, salt, iterations, keyLength)
val key = keyFactory.generateSecret(keySpec)
key.getEncoded
} catch {
case e @ (_: NoSuchAlgorithmException | _: InvalidKeySpecException) => throw new RuntimeException("Password hashing error", e)
}
def prepareDefaultKey(password: String): SecretKeySpec = new SecretKeySpec(hashPassword(password.toCharArray, KeySalt), AES)
def encrypt(key: SecretKeySpec, bytes: Array[Byte]): Array[Byte] =
try {
val cipher = Cipher.getInstance(Algorithm)
cipher.init(Cipher.ENCRYPT_MODE, key)
cipher.doFinal(bytes)
} catch {
case NonFatal(e) => throw new RuntimeException("Encrypt error", e)
}
def decrypt(key: SecretKeySpec, encryptedBytes: Array[Byte]): Array[Byte] =
try {
val cipher: Cipher = Cipher.getInstance(Algorithm)
cipher.init(Cipher.DECRYPT_MODE, key)
cipher.doFinal(encryptedBytes)
} catch {
case NonFatal(e) => throw new RuntimeException("Decrypt error", e)
}
}
Example 2
| Source File: RSAUtils.scala From Linkis with Apache License 2.0 | 5 votes |
|
package com.webank.wedatasphere.linkis.common.utils
import java.security.{KeyPair, KeyPairGenerator, PrivateKey, PublicKey}
import javax.crypto.Cipher
import org.apache.commons.codec.binary.Hex
import org.apache.commons.net.util.Base64
object RSAUtils {
private implicit val keyPair = genKeyPair(1024)
def genKeyPair(keyLength: Int): KeyPair = {
val keyPair = KeyPairGenerator.getInstance("RSA")
keyPair.initialize(keyLength)
keyPair.generateKeyPair()
}
def getDefaultPublicKey(): String = {
new String(Base64.encodeBase64(keyPair.getPublic.getEncoded))
}
def encrypt(data: Array[Byte], publicKey: PublicKey): Array[Byte] = {
val cipher = Cipher.getInstance("RSA")
cipher.init(Cipher.ENCRYPT_MODE, publicKey)
cipher.doFinal(data)
}
def encrypt(data: Array[Byte]): Array[Byte] = encrypt(data, keyPair.getPublic)
def decrypt(data: String, privateKey: PrivateKey): Array[Byte] = {
val dataBytes = Hex.decodeHex(data.toCharArray)
decrypt(dataBytes, privateKey)
}
def decrypt(data: String): Array[Byte] = decrypt(data, keyPair.getPrivate)
def decrypt(data: Array[Byte], privateKey: PrivateKey): Array[Byte] = {
val cipher = Cipher.getInstance("RSA")
cipher.init(Cipher.DECRYPT_MODE, privateKey)
cipher.doFinal(data)
}
def decrypt(data: Array[Byte]): Array[Byte] = decrypt(data, keyPair.getPrivate)
}
Example 3
| Source File: CipherBench.scala From tsec with MIT License | 5 votes |
|
package tsec
import java.util.concurrent.TimeUnit
import javax.crypto
import javax.crypto.Cipher
import cats.effect.IO
import org.openjdk.jmh.annotations._
import tsec.cipher.symmetric._
import tsec.cipher.symmetric.bouncy._
import tsec.cipher.symmetric.jca.{SecretKey, AES256GCM => JAESGCM}
import tsec.cipher.symmetric.libsodium.{AES256GCM, CryptoSecretBox, SodiumKey, XChacha20AEAD}
import tsec.common._
import tsec.libsodium._
@State(Scope.Thread)
@BenchmarkMode(Array(Mode.Throughput))
@OutputTimeUnit(TimeUnit.MILLISECONDS)
class CipherBench {
import CipherBench._
@Benchmark
def testTSecJCA(): CipherText[JAESGCM] =
JAESGCM
.encrypt[IO](longPlaintext, AESGCMKey, Iv[JAESGCM](gcmIv))
.unsafeRunSync()
@Benchmark
def testLibSodiumAES(): CipherText[AES256GCM] =
AES256GCM
.encrypt[IO](longPlaintext, SodiumKey[AES256GCM](AESKeyRaw), Iv[AES256GCM](gcmIv))
.unsafeRunSync()
@Benchmark
def testLibSodiumXChacha20(): CipherText[XChacha20AEAD] =
XChacha20AEAD
.encrypt[IO](longPlaintext, SodiumKey[XChacha20AEAD](XChaChaKey), Iv[XChacha20AEAD](XChaChaIv))
.unsafeRunSync()
@Benchmark
def testBouncyXChacha20(): CipherText[XChaCha20Poly1305] =
XChaCha20Poly1305
.encrypt[IO](longPlaintext, BouncySecretKey[XChaCha20Poly1305](XChaChaKey), Iv[XChaCha20Poly1305](XChaChaIv))
.unsafeRunSync()
@Benchmark
def testLibSodiumXSalsa20(): CipherText[CryptoSecretBox] =
CryptoSecretBox
.encrypt[IO](longPlaintext, SodiumKey[CryptoSecretBox](XChaChaKey), Iv[CryptoSecretBox](XChaChaIv))
.unsafeRunSync()
@Benchmark
def testBouncyXSalsa20(): CipherText[XSalsa20Poly1305] =
XSalsa20Poly1305
.encrypt[IO](longPlaintext, BouncySecretKey[XSalsa20Poly1305](XChaChaKey), Iv[XSalsa20Poly1305](XChaChaIv))
.unsafeRunSync()
}
object CipherBench {
lazy val longPlaintext: PlainText = PlainText(Array.fill[Char](5000)(99).mkString.utf8Bytes)
val XChaChaIv = "07000000404142434445464748494a4b0000000000000000".hexBytesUnsafe
val XChaChaKey = "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f".hexBytesUnsafe
val fixedPTRaw = "Ladies and Gentlemen of the class of '99: If I could offer you only one " +
"tip for the future, sunscreen would be it."
val fixedPT = PlainText(fixedPTRaw.utf8Bytes)
val AESKeyRaw = "15d2d85402d913c9342967232c09d29ce5345e54ecc964963256a5d7f5328e4d".hexBytesUnsafe
val AESGCMKey = JAESGCM.unsafeBuildKey(AESKeyRaw)
val gcmIv = "a84da0b22dc35ca5e5507326".hexBytesUnsafe
}
Example 4
| Source File: Crypto.scala From dr-cla with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
package utils
import java.util.Base64
import javax.crypto.{Cipher, KeyGenerator}
import javax.inject.Inject
import play.api.Configuration
class Crypto @Inject() (configuration: Configuration) {
private val secretKey = {
val cryptoSecret = configuration.get[String]("play.http.secret.key")
val keyGenerator = KeyGenerator.getInstance("AES")
keyGenerator.init(128)
keyGenerator.generateKey()
}
def encryptAES(plainText: String): String = {
val plainTextBytes = plainText.getBytes
val cipher = Cipher.getInstance("AES")
cipher.init(Cipher.ENCRYPT_MODE, secretKey)
val encryptedButes = cipher.doFinal(plainTextBytes)
Base64.getEncoder.encodeToString(encryptedButes)
}
def decryptAES(encryptedText: String): String = {
val encryptedTextBytes = Base64.getDecoder.decode(encryptedText)
val cipher = Cipher.getInstance("AES")
cipher.init(Cipher.DECRYPT_MODE, secretKey)
val decryptedBytes = cipher.doFinal(encryptedTextBytes)
new String(decryptedBytes)
}
}
Example 5
| Source File: EncryptorActor.scala From changestream with MIT License | 5 votes |
|
package changestream.actors
import java.nio.charset.Charset
import java.util.Base64
import javax.crypto.Cipher
import javax.crypto.spec.SecretKeySpec
import akka.actor.Actor
import com.typesafe.config.{Config, ConfigFactory}
import kamon.Kamon
import org.slf4j.LoggerFactory
import spray.json._
object EncryptorActor {
case class Plaintext(message: JsObject)
case class Ciphertext(message: JsObject)
}
class EncryptorActor (
config: Config = ConfigFactory.load().getConfig("changestream.encryptor")
) extends Actor {
import EncryptorActor._
protected val log = LoggerFactory.getLogger(getClass)
protected val timingMetric = Kamon.timer("changestream.crypto_time")
private val charset = Charset.forName("UTF-8")
private val decoder = Base64.getDecoder
private val encoder = Base64.getEncoder
private val cipher = config.getString("cipher")
private val decodedKey = decoder.decode(config.getString("key"))
private val originalKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, cipher)
private val encryptEngine = Cipher.getInstance(cipher)
private val decryptEngine = Cipher.getInstance(cipher)
private val encryptFields = config.getString("encrypt-fields").toLowerCase().split(',').map(_.trim)
override def preStart() = {
encryptEngine.init(Cipher.ENCRYPT_MODE, originalKey)
decryptEngine.init(Cipher.DECRYPT_MODE, originalKey)
}
def receive = {
case Plaintext(message) =>
val timer = timingMetric.refine("mode" -> "encrypt").start()
val result = encryptFields(message)
timer.stop()
sender() ! result
case Ciphertext(message) =>
val timer = timingMetric.refine("mode" -> "decrypt").start()
val result = decryptFields(message)
timer.stop()
sender() ! result
}
private def encryptFields(message: JsObject, jsonPath: String = ""): JsObject = {
JsObject(
message.fields.map({
case (k:String, plaintextValue:JsValue) if encryptFields.contains(getNextJsonPath(jsonPath, k)) =>
val plaintextBytes = plaintextValue.compactPrint.getBytes(charset)
val cipherText = encryptEngine.doFinal(plaintextBytes)
val v = encoder.encodeToString(cipherText)
k -> JsString(v)
case (k:String, jsObj: JsObject) =>
k -> encryptFields(jsObj, getNextJsonPath(jsonPath, k))
case (k:String, v: JsValue) =>
k -> v
})
)
}
private def decryptFields(message: JsObject, jsonPath: String = ""): JsObject = {
JsObject(
message.fields.map({
case (k:String, JsString(ciphertextValue)) if encryptFields.contains(getNextJsonPath(jsonPath, k)) =>
val ciphertextBytes = decoder.decode(ciphertextValue)
val plaintextBytes = decryptEngine.doFinal(ciphertextBytes)
val v = new String(plaintextBytes, charset).parseJson
k -> v
case (k:String, jsObj: JsObject) =>
k -> decryptFields(jsObj, getNextJsonPath(jsonPath, k))
case (k:String, v: JsValue) =>
k -> v
})
)
}
private def getNextJsonPath(jsonPath: String, nextPath: String): String = {
Seq(jsonPath, nextPath).filter(_.nonEmpty).mkString(".")
}
}
Example 6
| Source File: Crypto.scala From akka-http-session with Apache License 2.0 | 5 votes |
|
package com.softwaremill.session
import java.security.MessageDigest
import java.util
import com.softwaremill.session.SessionUtil._
import javax.crypto.spec.SecretKeySpec
import javax.crypto.{Cipher, Mac}
object Crypto {
def sign_HmacSHA1_hex(message: String, secret: String): String = {
val key = secret.getBytes("UTF-8")
val mac = Mac.getInstance("HmacSHA1")
mac.init(new SecretKeySpec(key, "HmacSHA1"))
toHexString(mac.doFinal(message.getBytes("utf-8")))
}
def sign_HmacSHA256_base64_v0_5_2(message: String, secret: String): String = {
val key = secret.getBytes("UTF-8")
val mac = Mac.getInstance("HmacSHA256")
mac.init(new SecretKeySpec(key, "HmacSHA256"))
SessionUtil.toBase64_v0_5_2(mac.doFinal(message.getBytes("utf-8")))
}
def encrypt_AES(value: String, secret: String): String = {
val raw = util.Arrays.copyOf(secret.getBytes("utf-8"), 16)
val skeySpec = new SecretKeySpec(raw, "AES")
val cipher = Cipher.getInstance("AES")
cipher.init(Cipher.ENCRYPT_MODE, skeySpec)
toHexString(cipher.doFinal(value.getBytes("utf-8")))
}
def decrypt_AES(value: String, secret: String): String = {
val raw = util.Arrays.copyOf(secret.getBytes("utf-8"), 16)
val skeySpec = new SecretKeySpec(raw, "AES")
val cipher = Cipher.getInstance("AES")
cipher.init(Cipher.DECRYPT_MODE, skeySpec)
new String(cipher.doFinal(hexStringToByte(value)))
}
def hash_SHA256(value: String): String = {
val digest = MessageDigest.getInstance("SHA-256")
toHexString(digest.digest(value.getBytes("UTF-8")))
}
}
Example 7
| Source File: data.scala From redis4cats with Apache License 2.0 | 5 votes |
|
package dev.profunktor.redis4cats
import cats.effect.Sync
import cats.syntax.functor._
import dev.profunktor.redis4cats.JavaConversions._
import io.lettuce.core.{ ReadFrom => JReadFrom }
import io.lettuce.core.codec.{ ByteArrayCodec, CipherCodec, CompressionCodec, RedisCodec => JRedisCodec, StringCodec }
import io.lettuce.core.{ KeyScanCursor => JKeyScanCursor }
import javax.crypto.Cipher
import javax.crypto.spec.SecretKeySpec
object data {
final case class RedisChannel[K](underlying: K) extends AnyVal
final case class RedisCodec[K, V](underlying: JRedisCodec[K, V]) extends AnyVal
final case class NodeId(value: String) extends AnyVal
final case class KeyScanCursor[K](underlying: JKeyScanCursor[K]) extends AnyVal {
def keys: List[K] = underlying.getKeys.asScala.toList
def cursor: String = underlying.getCursor
}
object RedisCodec {
val Ascii: RedisCodec[String, String] = RedisCodec(StringCodec.ASCII)
val Utf8: RedisCodec[String, String] = RedisCodec(StringCodec.UTF8)
val Bytes: RedisCodec[Array[Byte], Array[Byte]] = RedisCodec(ByteArrayCodec.INSTANCE)
def decryptSupplier[F[_]: Sync](key: SecretKeySpec): F[CipherCodec.CipherSupplier] =
cipherSupplier[F](key, Cipher.DECRYPT_MODE)
private def cipherSupplier[F[_]: Sync](key: SecretKeySpec, mode: Int): F[CipherCodec.CipherSupplier] = {
val mkCipher =
F.delay {
val cipher: Cipher = Cipher.getInstance("AES/CBC/PKCS5Padding")
cipher.init(mode, key)
cipher
}
mkCipher.map { cipher =>
new CipherCodec.CipherSupplier {
override def get(kd: CipherCodec.KeyDescriptor): Cipher = cipher
}
}
}
}
object ReadFrom {
val Master = JReadFrom.MASTER
val MasterPreferred = JReadFrom.MASTER_PREFERRED
val Nearest = JReadFrom.NEAREST
val Replica = JReadFrom.REPLICA
val ReplicaPreferred = JReadFrom.REPLICA_PREFERRED
}
}
Example 8
| Source File: CipherUtil.scala From spark-highcharts with Apache License 2.0 | 5 votes |
|
package com.knockdata.spark.utils
import java.security.MessageDigest
import javax.crypto.Cipher
import javax.crypto.spec.{IvParameterSpec, SecretKeySpec}
import sun.misc.{BASE64Decoder, BASE64Encoder}
object CipherUtil {
val cipherName = "AES/CBC/PKCS5Padding"
val ivspec = new IvParameterSpec(Array[Byte](0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0))
def getKey(key: String): Array[Byte] = {
val raw = MessageDigest.getInstance("MD5").digest(key.getBytes)
raw
}
def encrypt(key: String, password: String): String = {
val spec = new SecretKeySpec(getKey(key), "AES")
val cipher = Cipher.getInstance(cipherName)
cipher.init(Cipher.ENCRYPT_MODE, spec, ivspec)
val encrypted = cipher.doFinal(password.getBytes("UTF8"))
new BASE64Encoder().encode(encrypted)
}
def decrypt(key: String, encryptedPassword: String): String = {
val spec = new SecretKeySpec(getKey(key), "AES")
val cipher = Cipher.getInstance(cipherName)
cipher.init(Cipher.DECRYPT_MODE, spec, ivspec)
val encrypted = new BASE64Decoder().decodeBuffer(encryptedPassword)
val decrypted = cipher.doFinal(encrypted)
new String(decrypted, "UTF8")
}
}
Example 9
| Source File: D3ESCBC.scala From OUTDATED_ledger-wallet-android with MIT License | 5 votes |
|
package co.ledger.wallet.core.crypto
import javax.crypto.Cipher
import javax.crypto.spec.{SecretKeySpec, IvParameterSpec}
class D3ESCBC(secret: Array[Byte], IV: Option[Array[Byte]] = None) {
Crypto.ensureSpongyIsInserted()
if (IV.isDefined && IV.get.length != 8) {
throw new IllegalArgumentException("Initialization Vector must be a 8 bytes array")
}
private[this] val iv = new IvParameterSpec(IV.getOrElse(Array[Byte](0, 0, 0, 0, 0, 0, 0, 0)))
private[this] val cipher = Cipher.getInstance("DESede/CBC/NoPadding", "BC")
private[this] val secretKey = new SecretKeySpec(secret, "DESede")
def encrypt(byte: Array[Byte]): Array[Byte] = {
Crypto.ensureSpongyIsInserted()
cipher.init(Cipher.ENCRYPT_MODE, secretKey, iv)
cipher.doFinal(byte)
}
def decrypt(byte: Array[Byte]): Array[Byte] = {
Crypto.ensureSpongyIsInserted()
cipher.init(Cipher.DECRYPT_MODE, secretKey, iv)
cipher.doFinal(byte)
}
}
Example 10
| Source File: Crypto.scala From akka-http-extensions with Mozilla Public License 2.0 | 5 votes |
|
package akka.http.extensions.security
import java.security.MessageDigest
import javax.crypto.Cipher
import javax.crypto.spec.{IvParameterSpec, SecretKeySpec}
import org.apache.commons.codec.binary.Base64
object CryptoConfig {
implicit def fromString(secret:String): CryptoConfig = CryptoConfig(secret)
}
case class CryptoConfig( secret: String, transformation: String = "AES/CTR/NoPadding")
class CryptoException(val message: String = null, val throwable: Throwable = null)
extends RuntimeException(message, throwable)
trait Encryption {
def algorithm:String
def encrypt(value: String, config:CryptoConfig): String
def decrypt(value: String, config:CryptoConfig): String
}
object AES extends Encryption {
val algorithm = "AES"
protected def secretKeyWithSha256(privateKey: String) = {
val messageDigest = MessageDigest.getInstance("SHA-256")
messageDigest.update(privateKey.getBytes("utf-8"))
// max allowed length in bits / (8 bits to a byte)
val maxAllowedKeyLength = Cipher.getMaxAllowedKeyLength(algorithm) / 8
val raw = messageDigest.digest().slice(0, maxAllowedKeyLength)
new SecretKeySpec(raw, algorithm)
}
def encrypt(value: String, config:CryptoConfig): String = {
val skeySpec = secretKeyWithSha256(config.secret)
val cipher = Cipher.getInstance(config.transformation)
cipher.init(Cipher.ENCRYPT_MODE, skeySpec)
val encryptedValue = cipher.doFinal(value.getBytes("utf-8"))
Option(cipher.getIV) match {
case Some(iv) => s"2-${Base64.encodeBase64String(iv ++ encryptedValue)}"
case None => s"1-${Base64.encodeBase64String(encryptedValue)}"
}
}
def decrypt(value: String, config:CryptoConfig): String = value.indexOf("-") match
{
case sepIndex if sepIndex<0=> throw new CryptoException("Outdated AES version")
case sepIndex=>
val data = value.substring(sepIndex + 1, value.length())
val version = value.substring(0, sepIndex)
version match {
case "1" => decryptAES1(data, config)
case "2" => decryptAES2(data, config)
case _ => throw new CryptoException("Unknown version")
}
}
private def decryptAES2(value: String, config:CryptoConfig): String = {
val cipher = Cipher.getInstance(config.transformation)
val blockSize = cipher.getBlockSize
val data = Base64.decodeBase64(value)
val iv = data.slice(0, blockSize)
val payload = data.slice(blockSize, data.size)
val skeySpec = secretKeyWithSha256(config.secret)
cipher.init(Cipher.DECRYPT_MODE, skeySpec, new IvParameterSpec(iv))
new String(cipher.doFinal(payload), "utf-8")
}
}
Example 11
| Source File: Crypto.scala From gospeak with Apache License 2.0 | 5 votes |
|
package gospeak.libs.scala
import java.nio.ByteBuffer
import java.security.{Key, MessageDigest, SecureRandom}
import java.util.Base64
import javax.crypto.spec.IvParameterSpec
import javax.crypto.{Cipher, KeyGenerator}
import scala.util.Try
object Crypto {
private val charEnc = "UTF-8"
private val aesKeyLength = 128
private val aesTransformationString = "AES/CFB/NoPadding"
def base64Encode(message: String): String =
base64Encode(message.getBytes)
def base64Encode(message: Array[Byte]): String =
new String(Base64.getEncoder.encode(message), charEnc)
def base64Decode(base64: String): Try[String] =
base64DecodeBytes(base64).map(new String(_, charEnc))
def base64DecodeBytes(base64: String): Try[Array[Byte]] =
Try(Base64.getDecoder.decode(base64.getBytes(charEnc)))
def md5(message: String): String =
MessageDigest.getInstance("MD5").digest(message.getBytes).map("%02x".format(_)).mkString
def sha1(message: String): String =
MessageDigest.getInstance("SHA1").digest(message.getBytes).map("%02x".format(_)).mkString
def secureRandom(): Try[Double] = {
Try(SecureRandom.getInstance("SHA1PRNG")).map { sr =>
val seedByteCount = 10
val seed = sr.generateSeed(seedByteCount)
sr.setSeed(seed)
sr.nextDouble()
}
}
final case class AesSecretKey(value: String) extends Key {
override def getAlgorithm: String = "AES"
override def getFormat: String = "RAW"
override def getEncoded: Array[Byte] = base64DecodeBytes(value).get
override def toString: String = "AesSecretKey(*****)"
}
final case class AesEncrypted(cipher: String)
def aesGenerateKey(): Try[AesSecretKey] = for {
// Generate an AES key of the desired length (in bits) using an AES KeyGenerator.
keyGen <- Try(KeyGenerator.getInstance("AES"))
_ <- Try(keyGen.init(aesKeyLength))
secretKey <- Try(keyGen.generateKey)
} yield AesSecretKey(base64Encode(secretKey.getEncoded))
// adapted from https://www.owasp.org/index.php/Using_the_Java_Cryptographic_Extensions
def aesEncrypt(message: String, secretKey: AesSecretKey): Try[AesEncrypted] = {
for {
// Get a Cipher instance of the desired algorithm, mode, and padding.
aesCipherForEncryption <- Try(Cipher.getInstance(aesTransformationString))
// Generate an initialization vector for our message of the same size as the Cipher's blocksize.
iv <- Try(aesCipherForEncryption.getBlockSize).map(new Array[Byte](_))
prng <- Try(new SecureRandom())
_ = prng.nextBytes(iv)
// Initialize the Cipher instance for encryption using the key and initialization vector.
p <- Try(new IvParameterSpec(iv))
_ <- Try(aesCipherForEncryption.init(Cipher.ENCRYPT_MODE, secretKey, p))
// Use the Cipher to encrypt the message (after encoding it to a byte[] using the named Charset), and then append the encrypted data to the IV and Base64-encode the result.
m <- Try(message.getBytes(charEnc))
encrypted <- Try(aesCipherForEncryption.doFinal(m))
cipherData = ByteBuffer.allocate(iv.length + encrypted.length)
_ = cipherData.put(iv)
_ = cipherData.put(encrypted)
} yield AesEncrypted(base64Encode(cipherData.array))
}
def aesDecrypt(message: AesEncrypted, secretKey: AesSecretKey): Try[String] = {
for {
// Get a new Cipher instance of the same algorithm, mode, and padding used for encryption.
aesCipherForDecryption <- Try(Cipher.getInstance(aesTransformationString))
// Base64-decode and split the data into the IV and the encrypted data, and then initialize the cipher for decryption with the same key used for encryption (symmetric), the IV, and the encrypted data.
cipherData <- base64DecodeBytes(message.cipher).map(ByteBuffer.wrap)
iv = new Array[Byte](aesCipherForDecryption.getBlockSize)
_ <- Try(cipherData.get(iv))
encrypted = new Array[Byte](cipherData.remaining)
_ <- Try(cipherData.get(encrypted))
_ <- Try(aesCipherForDecryption.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv)))
// Use the Cipher to decrypt the data, convert it to a String using the named Charset, and display the message.
decrypted <- Try(aesCipherForDecryption.doFinal(encrypted))
} yield new String(decrypted, charEnc)
}
}
Example 12
| Source File: RSAUtils.scala From asura with MIT License | 5 votes |
|
package asura.common.util
import java.security._
import java.security.interfaces.{RSAPrivateKey, RSAPublicKey}
import java.security.spec.{PKCS8EncodedKeySpec, X509EncodedKeySpec}
import java.util
import javax.crypto.Cipher
object RSAUtils {
private val KEY_ALGORITHM = "RSA"
private val KEY_SIZE = 1024
private val PUBLIC_KEY = "RSAPublicKey"
private val PRIVATE_KEY = "RSAPrivateKey"
@throws[Exception]
def initKey(): util.Map[String, AnyRef] = {
val keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM)
keyPairGenerator.initialize(KEY_SIZE)
val keyPair = keyPairGenerator.generateKeyPair
val publicKey = keyPair.getPublic.asInstanceOf[RSAPublicKey]
val privateKey = keyPair.getPrivate.asInstanceOf[RSAPrivateKey]
val keyMap = new util.HashMap[String, AnyRef]
keyMap.put(PUBLIC_KEY, publicKey)
keyMap.put(PRIVATE_KEY, privateKey)
keyMap
}
@throws[Exception]
def encryptByPrivateKey(data: Array[Byte], key: Array[Byte]): Array[Byte] = {
val pkcs8KeySpec = new PKCS8EncodedKeySpec(key)
val keyFactory = KeyFactory.getInstance(KEY_ALGORITHM)
val privateKey = keyFactory.generatePrivate(pkcs8KeySpec)
val cipher = Cipher.getInstance(keyFactory.getAlgorithm)
cipher.init(Cipher.ENCRYPT_MODE, privateKey)
cipher.doFinal(data)
}
@throws[Exception]
def encryptByPublicKey(data: Array[Byte], key: Array[Byte]): Array[Byte] = {
val keyFactory = KeyFactory.getInstance(KEY_ALGORITHM)
val x509KeySpec = new X509EncodedKeySpec(key)
val pubKey = keyFactory.generatePublic(x509KeySpec)
val cipher = Cipher.getInstance(keyFactory.getAlgorithm)
cipher.init(Cipher.ENCRYPT_MODE, pubKey)
cipher.doFinal(data)
}
@throws[Exception]
def decryptByPrivateKey(data: Array[Byte], key: Array[Byte]): Array[Byte] = {
val pkcs8KeySpec = new PKCS8EncodedKeySpec(key)
val keyFactory = KeyFactory.getInstance(KEY_ALGORITHM)
val privateKey = keyFactory.generatePrivate(pkcs8KeySpec)
val cipher = Cipher.getInstance(keyFactory.getAlgorithm)
cipher.init(Cipher.DECRYPT_MODE, privateKey)
cipher.doFinal(data)
}
@throws[Exception]
def decryptByPublicKey(data: Array[Byte], key: Array[Byte]): Array[Byte] = {
val keyFactory = KeyFactory.getInstance(KEY_ALGORITHM)
val x509KeySpec = new X509EncodedKeySpec(key)
val pubKey = keyFactory.generatePublic(x509KeySpec)
val cipher = Cipher.getInstance(keyFactory.getAlgorithm)
cipher.init(Cipher.DECRYPT_MODE, pubKey)
cipher.doFinal(data)
}
def getPrivateKey(keyMap: util.Map[String, AnyRef]): Array[Byte] = {
val key = keyMap.get(PRIVATE_KEY).asInstanceOf[Key]
key.getEncoded
}
@throws[Exception]
def getPublicKey(keyMap: util.Map[String, AnyRef]): Array[Byte] = {
val key = keyMap.get(PUBLIC_KEY).asInstanceOf[Key]
key.getEncoded
}
}
Example 13
| Source File: HasEncryption.scala From recogito2 with Apache License 2.0 | 5 votes |
|
package services.user
import javax.crypto.Cipher
import javax.crypto.spec.SecretKeySpec
import org.apache.commons.codec.binary.Base64
import java.security.MessageDigest
import java.util.Arrays
import controllers.HasConfig
trait HasEncryption { self: HasConfig =>
private val CIPHER = "AES/ECB/PKCS5Padding"
private lazy val keySpec = self.config.getOptional[String]("recogito.email.key").flatMap { key =>
if (key.isEmpty) {
None
} else {
val md = MessageDigest.getInstance("SHA-1")
val keyDigest = md.digest(key.getBytes)
Some(new SecretKeySpec(Arrays.copyOf(keyDigest, 16), "AES"))
}
}
def encrypt(plaintext: String) = keySpec match {
case Some(spec) => {
val cipher = Cipher.getInstance(CIPHER)
cipher.init(Cipher.ENCRYPT_MODE, spec)
Base64.encodeBase64String(cipher.doFinal(plaintext.getBytes("UTF-8")))
}
case None => plaintext
}
def decrypt(encrypted: String) = keySpec match {
case Some(spec) => {
val cipher = Cipher.getInstance(CIPHER)
cipher.init(Cipher.DECRYPT_MODE, spec)
new String(cipher.doFinal(Base64.decodeBase64(encrypted)))
}
case None => encrypted
}
}
Example 14
| Source File: JsonFileStorage.scala From Waves with MIT License | 5 votes |
|
package com.wavesplatform.utils
import java.io.{File, PrintWriter}
import javax.crypto.Cipher
import javax.crypto.spec.SecretKeySpec
import play.api.libs.json.{Json, Reads, Writes}
import java.util.Base64
import scala.io.Source
import scala.util.control.NonFatal
object JsonFileStorage {
private[this] val KeySalt = "0495c728-1614-41f6-8ac3-966c22b4a62d"
private[this] val AES = "AES"
private[this] val Algorithm = AES + "/ECB/PKCS5Padding"
private[this] val HashingAlgorithm = "PBKDF2WithHmacSHA512"
private[this] val HashingIterations = 999999
private[this] val KeySizeBits = 128
def prepareKey(key: String): SecretKeySpec = {
import java.security.NoSuchAlgorithmException
import java.security.spec.InvalidKeySpecException
import javax.crypto.SecretKeyFactory
import javax.crypto.spec.PBEKeySpec
def hashPassword(password: Array[Char], salt: Array[Byte], iterations: Int, keyLength: Int): Array[Byte] =
try {
val keyFactory = SecretKeyFactory.getInstance(HashingAlgorithm)
val keySpec = new PBEKeySpec(password, salt, iterations, keyLength)
val key = keyFactory.generateSecret(keySpec)
key.getEncoded
} catch {
case e @ (_: NoSuchAlgorithmException | _: InvalidKeySpecException) =>
throw new RuntimeException("Password hashing error", e)
}
new SecretKeySpec(hashPassword(key.toCharArray, KeySalt.utf8Bytes, HashingIterations, KeySizeBits), AES)
}
def save[T](value: T, path: String, key: Option[SecretKeySpec])(implicit w: Writes[T]): Unit = {
val folder = new File(path).getParentFile
if (!folder.exists()) folder.mkdirs()
val file = new PrintWriter(path)
try {
val json = Json.toJson(value).toString()
val data = key.fold(json)(k => encrypt(k, json))
file.write(data)
} finally file.close()
}
def save[T](value: T, path: String)(implicit w: Writes[T]): Unit =
save(value, path, None)
def load[T](path: String, key: Option[SecretKeySpec] = None)(implicit r: Reads[T]): T = {
val file = Source.fromFile(path)
try {
val dataStr = file.mkString
Json.parse(key.fold(dataStr)(k => decrypt(k, dataStr))).as[T]
} finally file.close()
}
def load[T](path: String)(implicit r: Reads[T]): T =
load(path, Option.empty[SecretKeySpec])(r)
private[this] def encrypt(key: SecretKeySpec, value: String): String = {
try {
val cipher: Cipher = Cipher.getInstance(Algorithm)
cipher.init(Cipher.ENCRYPT_MODE, key)
new String(Base64.getEncoder.encode(cipher.doFinal(value.utf8Bytes)))
} catch {
case NonFatal(e) =>
throw new RuntimeException("File storage encrypt error", e)
}
}
private[this] def decrypt(key: SecretKeySpec, encryptedValue: String): String = {
try {
val cipher: Cipher = Cipher.getInstance(Algorithm)
cipher.init(Cipher.DECRYPT_MODE, key)
new String(cipher.doFinal(Base64.getDecoder.decode(encryptedValue)))
} catch {
case NonFatal(e) =>
throw new RuntimeException("File storage decrypt error", e)
}
}
}
Example 15
| Source File: crypto.scala From pfps-shopping-cart with Apache License 2.0 | 5 votes |
|
package shop.algebras
import cats.effect.Sync
import cats.implicits._
import javax.crypto.spec.{ PBEKeySpec, SecretKeySpec }
import javax.crypto.{ Cipher, SecretKeyFactory }
import shop.config.data.PasswordSalt
import shop.domain.auth._
trait Crypto {
def encrypt(value: Password): EncryptedPassword
def decrypt(value: EncryptedPassword): Password
}
object LiveCrypto {
def make[F[_]: Sync](secret: PasswordSalt): F[Crypto] =
Sync[F]
.delay {
val salt = secret.value.value.value.getBytes("UTF-8")
val keySpec = new PBEKeySpec("password".toCharArray(), salt, 65536, 256)
val factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1")
val bytes = factory.generateSecret(keySpec).getEncoded
val sKeySpec = new SecretKeySpec(bytes, "AES")
val eCipher = EncryptCipher(Cipher.getInstance("AES"))
eCipher.value.init(Cipher.ENCRYPT_MODE, sKeySpec)
val dCipher = DecryptCipher(Cipher.getInstance("AES"))
dCipher.value.init(Cipher.DECRYPT_MODE, sKeySpec)
(eCipher, dCipher)
}
.map {
case (ec, dc) =>
new LiveCrypto(ec, dc)
}
}
final class LiveCrypto private (
eCipher: EncryptCipher,
dCipher: DecryptCipher
) extends Crypto {
// Workaround for PostgreSQL ERROR: invalid byte sequence for encoding "UTF8": 0x00
private val Key = "=DownInAHole="
def encrypt(password: Password): EncryptedPassword = {
val bytes = password.value.getBytes("UTF-8")
val result = new String(eCipher.value.doFinal(bytes), "UTF-8")
val removeNull = result.replaceAll("\\u0000", Key)
EncryptedPassword(removeNull)
}
def decrypt(password: EncryptedPassword): Password = {
val bytes = password.value.getBytes("UTF-8")
val result = new String(dCipher.value.doFinal(bytes), "UTF-8")
val insertNull = result.replaceAll(Key, "\\u0000")
Password(insertNull)
}
}
Example 16
| Source File: auth.scala From pfps-shopping-cart with Apache License 2.0 | 5 votes |
|
package shop.domain
import eu.timepit.refined.types.string.NonEmptyString
import io.circe._
import io.estatico.newtype.macros.newtype
import java.util.UUID
import javax.crypto.Cipher
import scala.util.control.NoStackTrace
object auth {
@newtype case class UserId(value: UUID)
@newtype case class UserName(value: String)
@newtype case class Password(value: String)
@newtype case class EncryptedPassword(value: String)
@newtype case class EncryptCipher(value: Cipher)
@newtype case class DecryptCipher(value: Cipher)
// --------- user registration -----------
@newtype case class UserNameParam(value: NonEmptyString) {
def toDomain: UserName = UserName(value.value.toLowerCase)
}
@newtype case class PasswordParam(value: NonEmptyString) {
def toDomain: Password = Password(value.value)
}
case class CreateUser(
username: UserNameParam,
password: PasswordParam
)
case class UserNameInUse(username: UserName) extends NoStackTrace
case class InvalidUserOrPassword(username: UserName) extends NoStackTrace
case object UnsupportedOperation extends NoStackTrace
case object TokenNotFound extends NoStackTrace
// --------- user login -----------
case class LoginUser(
username: UserNameParam,
password: PasswordParam
)
// --------- admin auth -----------
@newtype case class ClaimContent(uuid: UUID)
object ClaimContent {
implicit val jsonDecoder: Decoder[ClaimContent] =
Decoder.forProduct1("uuid")(ClaimContent.apply)
}
}
