Example #1
0
 /**
  * Get the secret data that has been agreed on through Diffie-Hellman key agreement protocol. Note
  * that in the two party protocol, if the peer keys are already known, no other data needs to be
  * sent in order to agree on a secret. That is, a secured message may be sent without any
  * mandatory round-trip overheads.
  *
  * <p>It is illegal to call this member function if the private key has not been set (or
  * generated).
  *
  * @param peerPublicKey the peer's public key.
  * @returns the secret, which is an unsigned big-endian integer the same size as the
  *     Diffie-Hellman modulus.
  */
 SecretKey getAgreedSecret(BigInteger peerPublicValue) {
   try {
     KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
     DHPublicKeySpec spec = new DHPublicKeySpec(peerPublicValue, modulus, base);
     PublicKey publicKey = kf.generatePublic(spec);
     KeyAgreement ka = JsseJce.getKeyAgreement("DiffieHellman");
     ka.init(privateKey);
     ka.doPhase(publicKey, true);
     return ka.generateSecret("TlsPremasterSecret");
   } catch (GeneralSecurityException e) {
     throw new RuntimeException("Could not generate secret", e);
   }
 }
Example #2
0
  public byte[] getK() throws Exception {
    if (K == null) {
      KeyFactory myKeyFac = KeyFactory.getInstance("DH");
      DHPublicKeySpec keySpec = new DHPublicKeySpec(f, p, g);
      PublicKey yourPubKey = myKeyFac.generatePublic(keySpec);

      myKeyAgree.doPhase(yourPubKey, true);
      byte[] mySharedSecret = myKeyAgree.generateSecret();

      K = new BigInteger(mySharedSecret);
      K_array = K.toByteArray();

      // System.err.println("K.signum(): "+K.signum()+
      // " "+Integer.toHexString(mySharedSecret[0]&0xff)+
      // " "+Integer.toHexString(K_array[0]&0xff));

      K_array = mySharedSecret;
    }
    return K_array;
  }
  public static void main(String[] args) throws Exception {
    // prompt user to enter a port number

    System.out.print("Enter the port number: ");
    Scanner scan = new Scanner(System.in);
    int port = scan.nextInt();
    scan.nextLine();
    System.out.print("Enter the host name: ");
    String hostName = scan.nextLine();

    // Initialize a key pair generator with the SKIP parameters we sepcified, and genrating a pair
    // This will take a while: 5...15 seconrds

    System.out.println("Generating a Diffie-Hellman keypair: ");
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH");
    kpg.initialize(PARAMETER_SPEC);
    KeyPair keyPair = kpg.genKeyPair();
    System.out.println("key pair has been made...");

    // one the key pair has been generated, we want to listen on
    // a given port for a connection to come in
    // once we get a connection, we will get two streams, One for input
    // and one for output
    // open a port and wait for a connection

    ServerSocket ss = new ServerSocket(port);
    System.out.println("Listeining on port " + port + " ...");
    Socket socket = ss.accept();

    // use to output and input primitive data type

    DataOutputStream out = new DataOutputStream(socket.getOutputStream());

    // next thing to do is send our public key and receive client's
    // this corresponds to server step 3 and step 4 in the diagram

    System.out.println("Sending my public key...");
    byte[] keyBytes = keyPair.getPublic().getEncoded();
    out.writeInt(keyBytes.length);
    out.write(keyBytes);
    System.out.println("Server public key bytes: " + CryptoUtils.toHex(keyBytes));

    // receive the client's public key

    System.out.println("Receiving client's public key...");
    DataInputStream in = new DataInputStream(socket.getInputStream());
    keyBytes = new byte[in.readInt()];
    in.readFully(keyBytes);

    // create client's public key

    KeyFactory kf = KeyFactory.getInstance("DH");
    X509EncodedKeySpec x509Spec = new X509EncodedKeySpec(keyBytes);
    PublicKey clientPublicKey = kf.generatePublic(x509Spec);

    // print out client's public key bytes

    System.out.println(
        "Client public key bytes: " + CryptoUtils.toHex(clientPublicKey.getEncoded()));

    // we can now use the client's public key and
    // our own private key to perform the key agreement

    System.out.println("Performing the key agreement ... ");
    KeyAgreement ka = KeyAgreement.getInstance("DH");
    ka.init(keyPair.getPrivate());
    ka.doPhase(clientPublicKey, true);

    // in a chat application, each character is sendt over the wire, separetly encrypted,
    // Instead of using ECB, we are goin to use CFB, with a block size of 8 bits(1byte)
    // to send each character. We will encrypt the same character in a different way
    // each time. But in order to use CFB8, we need an IVof 8 bytes. We will create
    // that IV randomly and and send it to the client. It doesn't matter if somoene
    // eavesdrops on the IV when it is sent over the wire. it's not sensitive info

    // creating the IV and sending it corresponds to step 6 and 7

    byte[] iv = new byte[8];
    SecureRandom sr = new SecureRandom();
    sr.nextBytes(iv);
    out.write(iv);

    // we generate the secret byte array we share with the client and use it
    // to create the session key (Step 8)

    byte[] sessionKeyBytes = ka.generateSecret();

    // create the session key

    SecretKeyFactory skf = SecretKeyFactory.getInstance("DESede");
    DESedeKeySpec DESedeSpec = new DESedeKeySpec(sessionKeyBytes);
    SecretKey sessionKey = skf.generateSecret(DESedeSpec);

    // printout session key bytes

    System.out.println("Session key bytes: " + CryptoUtils.toHex(sessionKey.getEncoded()));

    // now use tha that session key and IV to create a CipherInputStream. We will use them to read
    // all character
    // that are sent to us by the client

    System.out.println("Creating the cipher stream ...");
    Cipher decrypter = Cipher.getInstance("DESede/CFB8/NoPadding");
    IvParameterSpec spec = new IvParameterSpec(iv);
    decrypter.init(Cipher.DECRYPT_MODE, sessionKey, spec);
    CipherInputStream cipherIn = new CipherInputStream(socket.getInputStream(), decrypter);

    // we just keep reading the input and print int to the screen, until -1 sent over

    int theCharacter = 0;
    theCharacter = cipherIn.read();
    while (theCharacter != -1) {
      System.out.print((char) theCharacter);
      theCharacter = cipherIn.read();
    }
    // once -1 is received we want to close up our stream and exit

    cipherIn.close();
    in.close();
    out.close();
    socket.close();
  }
 /*
 public static PublicKey readPublicKey(String filenameDer) throws Exception
 {
   byte[] keyBytes = readAllBytes(filenameDer);
   return readPublicKey(keyBytes);
 }*/
 public static PublicKey readPublicKey(byte[] keyBytes) throws Exception {
   KeyFactory keyFactory = newKeyFactory();
   X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
   return keyFactory.generatePublic(spec);
 }