/** * @param s * @return * @throws GeneralSecurityException * @throws UnsupportedEncodingException */ public static String decrypt(final String s) throws GeneralSecurityException, UnsupportedEncodingException { String decrypted = null; try { if (s != null) { final SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); final SecretKey secretKey = secretKeyFactory.generateSecret(new PBEKeySpec(secret.toCharArray())); final Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES"); cipher.init(Cipher.DECRYPT_MODE, secretKey, new PBEParameterSpec(SALT, 20)); final byte[] stringBytes = s.getBytes("UTF-8"); final byte[] decodedBytes = Base64.decode(stringBytes, Base64.DEFAULT); final byte[] decryptedBytes = cipher.doFinal(decodedBytes); decrypted = new String(decryptedBytes, "UTF-8"); } } catch (GeneralSecurityException x) { throw x; } catch (UnsupportedEncodingException x) { throw x; } catch (Exception x) { DBG.m(x); } return decrypted; }
public void write(SecureItemTable tbl, char[] password) throws IOException { OutputStream os = new FileOutputStream(file); OutputStream xmlout; if (password.length == 0) { xmlout = os; os = null; } else { PBEKeySpec keyspec = new PBEKeySpec(password); Cipher c; try { SecretKeyFactory fac = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); SecretKey key = fac.generateSecret(keyspec); c = Cipher.getInstance("PBEWithMD5AndDES"); c.init(Cipher.ENCRYPT_MODE, key, pbeSpec); } catch (java.security.GeneralSecurityException exc) { os.close(); IOException ioe = new IOException("Security exception during write"); ioe.initCause(exc); throw ioe; } CipherOutputStream out = new CipherOutputStream(os, c); xmlout = out; } try { TransformerFactory tf = TransformerFactory.newInstance(); Transformer t = tf.newTransformer(); DOMSource src = new DOMSource(tbl.getDocument()); StringWriter writer = new StringWriter(); StreamResult sr = new StreamResult(writer); t.transform(src, sr); OutputStreamWriter osw = new OutputStreamWriter(xmlout, StandardCharsets.UTF_8); osw.write(writer.toString()); osw.close(); } catch (Exception exc) { IOException ioe = new IOException("Unable to serialize XML"); ioe.initCause(exc); throw ioe; } finally { xmlout.close(); if (os != null) os.close(); } tbl.setDirty(false); return; }
/* * Generate PBE key */ private SecretKey getPBEKey(char[] password) throws IOException { SecretKey skey = null; try { PBEKeySpec keySpec = new PBEKeySpec(password); SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE"); skey = skFac.generateSecret(keySpec); } catch (Exception e) { IOException ioe = new IOException("getSecretKey failed: " + e.getMessage()); ioe.initCause(e); throw ioe; } return skey; }
// creates an crypto object that uses PBE based DES encryption.... and yeah, DES is horrid, but // its what we've got right now Encrypter(String password) { try { // key... like the one I don't to the office... which means I get locked out post 5 KeySpec keySpec = new PBEKeySpec(password.toCharArray()); SecretKey key = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(keySpec); encryptionCipher = Cipher.getInstance(key.getAlgorithm()); decryptionCipher = Cipher.getInstance(key.getAlgorithm()); AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt, iterationCount); encryptionCipher.init(Cipher.ENCRYPT_MODE, key, paramSpec); decryptionCipher.init(Cipher.DECRYPT_MODE, key, paramSpec); } catch (Exception e) { System.out.println("Encryption Object Error: " + e); } }
public static void main(String[] args) throws Exception { // prompt user to enter a port number System.out.print("Enter the port number: "); Scanner scan = new Scanner(System.in); int port = scan.nextInt(); scan.nextLine(); System.out.print("Enter the host name: "); String hostName = scan.nextLine(); // Initialize a key pair generator with the SKIP parameters we sepcified, and genrating a pair // This will take a while: 5...15 seconrds System.out.println("Generating a Diffie-Hellman keypair: "); KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH"); kpg.initialize(PARAMETER_SPEC); KeyPair keyPair = kpg.genKeyPair(); System.out.println("key pair has been made..."); // one the key pair has been generated, we want to listen on // a given port for a connection to come in // once we get a connection, we will get two streams, One for input // and one for output // open a port and wait for a connection ServerSocket ss = new ServerSocket(port); System.out.println("Listeining on port " + port + " ..."); Socket socket = ss.accept(); // use to output and input primitive data type DataOutputStream out = new DataOutputStream(socket.getOutputStream()); // next thing to do is send our public key and receive client's // this corresponds to server step 3 and step 4 in the diagram System.out.println("Sending my public key..."); byte[] keyBytes = keyPair.getPublic().getEncoded(); out.writeInt(keyBytes.length); out.write(keyBytes); System.out.println("Server public key bytes: " + CryptoUtils.toHex(keyBytes)); // receive the client's public key System.out.println("Receiving client's public key..."); DataInputStream in = new DataInputStream(socket.getInputStream()); keyBytes = new byte[in.readInt()]; in.readFully(keyBytes); // create client's public key KeyFactory kf = KeyFactory.getInstance("DH"); X509EncodedKeySpec x509Spec = new X509EncodedKeySpec(keyBytes); PublicKey clientPublicKey = kf.generatePublic(x509Spec); // print out client's public key bytes System.out.println( "Client public key bytes: " + CryptoUtils.toHex(clientPublicKey.getEncoded())); // we can now use the client's public key and // our own private key to perform the key agreement System.out.println("Performing the key agreement ... "); KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(keyPair.getPrivate()); ka.doPhase(clientPublicKey, true); // in a chat application, each character is sendt over the wire, separetly encrypted, // Instead of using ECB, we are goin to use CFB, with a block size of 8 bits(1byte) // to send each character. We will encrypt the same character in a different way // each time. But in order to use CFB8, we need an IVof 8 bytes. We will create // that IV randomly and and send it to the client. It doesn't matter if somoene // eavesdrops on the IV when it is sent over the wire. it's not sensitive info // creating the IV and sending it corresponds to step 6 and 7 byte[] iv = new byte[8]; SecureRandom sr = new SecureRandom(); sr.nextBytes(iv); out.write(iv); // we generate the secret byte array we share with the client and use it // to create the session key (Step 8) byte[] sessionKeyBytes = ka.generateSecret(); // create the session key SecretKeyFactory skf = SecretKeyFactory.getInstance("DESede"); DESedeKeySpec DESedeSpec = new DESedeKeySpec(sessionKeyBytes); SecretKey sessionKey = skf.generateSecret(DESedeSpec); // printout session key bytes System.out.println("Session key bytes: " + CryptoUtils.toHex(sessionKey.getEncoded())); // now use tha that session key and IV to create a CipherInputStream. We will use them to read // all character // that are sent to us by the client System.out.println("Creating the cipher stream ..."); Cipher decrypter = Cipher.getInstance("DESede/CFB8/NoPadding"); IvParameterSpec spec = new IvParameterSpec(iv); decrypter.init(Cipher.DECRYPT_MODE, sessionKey, spec); CipherInputStream cipherIn = new CipherInputStream(socket.getInputStream(), decrypter); // we just keep reading the input and print int to the screen, until -1 sent over int theCharacter = 0; theCharacter = cipherIn.read(); while (theCharacter != -1) { System.out.print((char) theCharacter); theCharacter = cipherIn.read(); } // once -1 is received we want to close up our stream and exit cipherIn.close(); in.close(); out.close(); socket.close(); }
/** * Reads the raw data from the SecretKey File, creates a SecretKey from that raw data, reads the * raw data from the input File, and then decrypts and saves its contents to the output File. * * @param input the File to be read and decrypted * @param output the File the decrypted data will be saved to * @param keyFile the File the SecretKey data will be loaded from * @throws InvalidKeyException if the given key material is shorter than 8 bytes or if the given * key is inappropriate for initializing this cipher, or if this cipher is being initialized * for decryption and requires algorithm parameters that cannot be determined from the given * key, or if the given key has a keysize that exceeds the maximum allowable keysize (as * determined from the configured jurisdiction policy files). * @throws IOException if any of the files do not exist, are a directory rather than a regular * file, or for some other reason cannot be opened for reading or if an I/O error occurs. * @throws IllegalBlockSizeException if the cipher is a block cipher, no padding has been * requested (only in encryption mode), and the total input length of the data processed by * this cipher is not a multiple of block size; or if this encryption algorithm is unable to * process the input data provided. * @throws BadPaddingException if the cipher is in decryption mode, and (un)padding has been * requested, but the decrypted data is not bounded by the appropriate padding bytes. * @throws NoSuchAlgorithmException if no Provider supports a SecretKeyFactorySpi implementation * for the specified algorithm. * @throws InvalidKeySpecException if the given key specification is inappropriate for this * secret-key factory to produce a secret key. * @throws UnsupportedOperationException if algorithm is not DES or DESede */ public void decrypt(File input, File output, File keyFile) throws InvalidKeyException, IOException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, InvalidKeySpecException { if (debug) { System.out.println("Loading key..."); } FileInputStream fis = null; try { fis = new FileInputStream(keyFile); data = new byte[fis.available()]; fis.read(data); } finally { if (fis != null) { fis.close(); } } switch (Algorithm.valueOf(algorithm)) { case DES: key = SecretKeyFactory.getInstance(algorithm).generateSecret(new DESKeySpec(data)); break; case DESede: key = SecretKeyFactory.getInstance(algorithm).generateSecret(new DESedeKeySpec(data)); break; default: throw new UnsupportedOperationException("Unsupported decryption algorithm"); } if (debug) { System.out.println("Initializing decryption..."); } cipher.init(Cipher.DECRYPT_MODE, key); if (debug) { System.out.println("Reading data..."); } fis = null; try { fis = new FileInputStream(input); data = new byte[(int) input.length()]; fis.read(data); } finally { if (fis != null) { fis.close(); } } if (debug) { System.out.println("Decrypting data..."); } data = cipher.doFinal(data); if (debug) { System.out.println("Saving data..."); } FileOutputStream fos = null; try { fos = new FileOutputStream(output); fos.write(data); } finally { if (fos != null) { fos.close(); } } if (debug) { System.out.println("Decryption complete!"); } data = null; }