/** * Generates a PBE key/IV pair from command line options. * * @param alg Symmetric algorithm for which a compatible key should be generated. * @param line Parsed command line arguments container. * @return Secret key from password. * @throws Exception On key generation errors. */ protected KeyWithIV genPbeKeyWithIV(final SymmetricAlgorithm alg, final CommandLine line) throws Exception { if (!line.hasOption(OPT_SALT)) { throw new IllegalArgumentException("Salt is required for PBE key generation."); } if (!line.hasOption(OPT_KEYSIZE)) { throw new IllegalArgumentException("Key size is required for PBE key generation."); } KeyWithIV keyWithIV = null; DigestAlgorithm digest = null; if (line.hasOption(OPT_DIGEST)) { digest = DigestAlgorithm.newInstance(line.getOptionValue(OPT_DIGEST)); } String pbeMode = null; if (line.hasOption(OPT_PBEMODE)) { pbeMode = line.getOptionValue(OPT_PBEMODE).toLowerCase(); } final int keySize = Integer.parseInt(line.getOptionValue(OPT_KEYSIZE)); int ivSize = 0; if (!line.hasOption(OPT_IV)) { // Generate an IV from the password if none specified ivSize = alg.getBlockSize() * BITS_IN_BYTE; } final PbeKeyGenerator keyGen = new PbeKeyGenerator(alg); final char[] pass = line.getOptionValue(OPT_PBE).toCharArray(); final byte[] salt = hexConv.toBytes(line.getOptionValue(OPT_SALT)); if ("pkcs12".equals(pbeMode)) { if (digest == null) { throw new IllegalArgumentException("pkcs12 requires a digest algorithm"); } System.err.println("Generating PKCS#12 PBE key."); keyWithIV = keyGen.generatePkcs12(pass, keySize, ivSize, digest, salt); } else if ("pkcs5s1".equals(pbeMode)) { if (digest == null) { throw new IllegalArgumentException("pkcs5s1 requires a digest algorithm"); } System.err.println("Generating PKCS#5 v1 PBE key."); keyWithIV = keyGen.generatePkcs5v1(pass, keySize, ivSize, digest, salt); } else if ("openssl".equals(pbeMode)) { System.err.println("Generating OpenSSL PBE key."); keyWithIV = keyGen.generateOpenssl(pass, keySize, ivSize, salt); } else { // Default is pkcs5s2 System.err.println("Generating PKCS#5 v2 PBE key."); keyWithIV = keyGen.generatePkcs5v2(pass, keySize, ivSize, salt); } System.err.println("Key: " + hexConv.fromBytes(keyWithIV.getKey().getEncoded())); if (keyWithIV.getIV().length > 0) { System.err.println("IV: " + hexConv.fromBytes(keyWithIV.getIV())); } return keyWithIV; }
/** * Initialize the given symmetric algorithm in preparation for an encryption or decryption * operation. * * @param alg Algorith to initialize. * @param line Parsed command line arguments container. * @throws Exception On errors. */ protected void initAlgorithm(final SymmetricAlgorithm alg, final CommandLine line) throws Exception { if (line.hasOption(OPT_KEY)) { alg.setKey(readKey(line)); if (line.hasOption(OPT_IV)) { alg.setIV(hexConv.toBytes(line.getOptionValue(OPT_IV))); } } else if (line.hasOption(OPT_PBE)) { final KeyWithIV keyWithIV = genPbeKeyWithIV(alg, line); alg.setKey(keyWithIV.getKey()); if (line.hasOption(OPT_IV)) { alg.setIV(hexConv.toBytes(line.getOptionValue(OPT_IV))); } else if (keyWithIV.getIV().length > 0) { alg.setIV(keyWithIV.getIV()); } } else { throw new IllegalArgumentException( "Either -key or -pbe is required for encryption or decryption."); } }