public static void main(String[] args) throws Exception { // // check args and get plaintext if (args.length != 1) { System.err.println("Usage: java MessageAuthenticationCodeExample text"); System.exit(1); } byte[] plainText = args[0].getBytes("UTF8"); // // get a key for the HmacMD5 algorithm System.out.println("\nStart generating key"); KeyGenerator keyGen = KeyGenerator.getInstance("HmacMD5"); SecretKey MD5key = keyGen.generateKey(); System.out.println("Finish generating key"); // // get a MAC object and update it with the plaintext Mac mac = Mac.getInstance("HmacMD5"); mac.init(MD5key); mac.update(plainText); // // print out the provider used and the MAC System.out.println("\n" + mac.getProvider().getInfo()); System.out.println("\nMAC: "); System.out.println(new String(mac.doFinal(), "UTF8")); }
private static SecretKey generateSymmetricKey() throws Exception { KeyGenerator generator = KeyGenerator.getInstance(KEY_ALGORITHM); SecureRandom random = new SecureRandom(); generator.init(KEY_LENGTH_BITS, random); logger.debug("Generate Key"); return generator.generateKey(); // return new SecretKeySpec(Hex.decodeHex("cb024600dce7148b8ddc5d6c111fbd85".toCharArray()), // KEY_ALGORITHM); }
@Override public SymmetricKey createKey() { KeyGenerator kgen; try { kgen = KeyGenerator.getInstance("AES"); kgen.init(256); final SecretKey skey = kgen.generateKey(); return new AES256SymmetricKey(skey.getEncoded()); } catch (final NoSuchAlgorithmException e) { throw new RuntimeException(e); } }
public static void main(String[] args) throws Exception { BufferedReader in = new BufferedReader(new InputStreamReader(System.in)); // get user inputted key byte[] userkey = null; do { System.out.println("Please enter a 8 character string to generate a Secret Key"); userkey = (in.readLine()).getBytes(); } while (userkey.length != 8); // create Key Generator instance and generate a secret key KeyGenerator kgen = KeyGenerator.getInstance("DES"); SecretKey skey = kgen.generateKey(); byte[] key = userkey; // Create a Secret Key based on characters entered by the user SecretKeySpec skeyspec = new SecretKeySpec(key, "DES"); // Create a cipher to encrypt with Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, skeyspec); // Get message System.out.println("Please enter a string to encrypt"); byte[] userstring = null; userstring = (in.readLine()).getBytes(); // Encrypt message with cipher byte[] encrypted = cipher.doFinal(userstring); String enc_string = new String(encrypted); System.out.println("The String is encrypted as " + enc_string); byte[] userdecrypt = null; byte[] decrypted = null; // Get user decrypt key do { System.out.println("Please enter the 8 character key to decrypt the message"); userdecrypt = (in.readLine()).getBytes(); } while (userdecrypt.length != 8); // Reinitialize Secret Key and Cipher key = userdecrypt; SecretKeySpec decryptkey = new SecretKeySpec(key, "DES"); cipher.init(Cipher.DECRYPT_MODE, decryptkey); // Decrypt message decrypted = cipher.doFinal(encrypted); if ((new String(decrypted)).equals(new String(userstring))) System.out.println("\nMessage decrypted as: " + (new String(decrypted))); else System.out.println("\nMessage was not decrypted"); }
public void generate_new_aes_key() { try { KeyGenerator localKeyGenerator = KeyGenerator.getInstance("AES"); localKeyGenerator.init(128, SecureRandom.getInstance("SHA1PRNG")); // aes_key = Base64.encodeBase64String(localKeyGenerator.generateKey().getEncoded()); aes_key = new String(Base64.encode(localKeyGenerator.generateKey().getEncoded(), Base64.DEFAULT)); } catch (NoSuchAlgorithmException localNoSuchAlgorithmException) { System.out.println(localNoSuchAlgorithmException); } return; }
/** Creates a new instance of Encrypter */ public AltEncrypter(String passPhrase) { try { SecureRandom sr = SecureRandom.getInstance("SHA1PRNG"); sr.setSeed(passPhrase.getBytes("UTF8")); KeyGenerator kGen = KeyGenerator.getInstance("DESEDE"); kGen.init(168, sr); Key key = kGen.generateKey(); cipherEncrypt = Cipher.getInstance("DESEDE/ECB/PKCS5Padding"); cipherEncrypt.init(Cipher.ENCRYPT_MODE, key); cipherDecrypt = Cipher.getInstance("DESEDE/ECB/PKCS5Padding"); cipherDecrypt.init(Cipher.DECRYPT_MODE, key); } catch (UnsupportedEncodingException e) { } catch (NoSuchPaddingException e) { } catch (NoSuchAlgorithmException e) { } catch (InvalidKeyException e) { } }
@SuppressWarnings("restriction") public String getencrypt(String p) throws Exception { String encrypted = ""; try { KeyGenerator kgen = KeyGenerator.getInstance("AES"); kgen.init(128, new SecureRandom(KEY.getBytes())); SecretKey skey = kgen.generateKey(); byte[] raw = skey.getEncoded(); SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte[] encrypt = cipher.doFinal(p.getBytes()); encrypted = new BASE64Encoder().encodeBuffer(encrypt).trim(); // System.out.println("encrypted="+encrypted); } // try catch (Exception e) { System.out.println(e); } return encrypted; // return 密文 }
public String getdecrypt(String base64) throws Exception { String decrypted = ""; try { @SuppressWarnings("restriction") byte[] b = new BASE64Decoder().decodeBuffer(base64); KeyGenerator kgen2 = KeyGenerator.getInstance("AES"); kgen2.init(128, new SecureRandom(KEY.getBytes())); SecretKey skey2 = kgen2.generateKey(); byte[] raw2 = skey2.getEncoded(); SecretKeySpec skeySpec2 = new SecretKeySpec(raw2, "AES"); Cipher cipher2 = Cipher.getInstance("AES"); cipher2.init(Cipher.DECRYPT_MODE, skeySpec2); byte[] decrypt = cipher2.doFinal(b); decrypted = new String(decrypt); // System.out.println("decrypted="+decrypted); } catch (Exception e) { System.out.println(e); } return decrypted; }
public static void main(String[] args) { try { if (args[0].equals("-genkey")) { KeyPairGenerator pairgen = KeyPairGenerator.getInstance("RSA"); SecureRandom random = new SecureRandom(); pairgen.initialize(KEYSIZE, random); KeyPair keyPair = pairgen.generateKeyPair(); ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream(args[1])); out.writeObject(keyPair.getPublic()); out.close(); out = new ObjectOutputStream(new FileOutputStream(args[2])); out.writeObject(keyPair.getPrivate()); out.close(); } else if (args[0].equals("-encrypt")) { KeyGenerator keygen = KeyGenerator.getInstance("AES"); SecureRandom random = new SecureRandom(); keygen.init(random); SecretKey key = keygen.generateKey(); // wrap with RSA public key ObjectInputStream keyIn = new ObjectInputStream(new FileInputStream(args[3])); Key publicKey = (Key) keyIn.readObject(); keyIn.close(); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.WRAP_MODE, publicKey); byte[] wrappedKey = cipher.wrap(key); DataOutputStream out = new DataOutputStream(new FileOutputStream(args[2])); out.writeInt(wrappedKey.length); out.write(wrappedKey); InputStream in = new FileInputStream(args[1]); cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, key); crypt(in, out, cipher); in.close(); out.close(); } else { DataInputStream in = new DataInputStream(new FileInputStream(args[1])); int length = in.readInt(); byte[] wrappedKey = new byte[length]; in.read(wrappedKey, 0, length); // unwrap with RSA private key ObjectInputStream keyIn = new ObjectInputStream(new FileInputStream(args[3])); Key privateKey = (Key) keyIn.readObject(); keyIn.close(); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.UNWRAP_MODE, privateKey); Key key = cipher.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY); OutputStream out = new FileOutputStream(args[2]); cipher = Cipher.getInstance("AES"); cipher.init(Cipher.DECRYPT_MODE, key); crypt(in, out, cipher); in.close(); out.close(); } } catch (IOException e) { e.printStackTrace(); } catch (GeneralSecurityException e) { e.printStackTrace(); } catch (ClassNotFoundException e) { e.printStackTrace(); } }
/* * Calculate the keys needed for this connection, once the session's * master secret has been calculated. Uses the master key and nonces; * the amount of keying material generated is a function of the cipher * suite that's been negotiated. * * This gets called both on the "full handshake" (where we exchanged * a premaster secret and started a new session) as well as on the * "fast handshake" (where we just resumed a pre-existing session). */ void calculateConnectionKeys(SecretKey masterKey) { /* * For both the read and write sides of the protocol, we use the * master to generate MAC secrets and cipher keying material. Block * ciphers need initialization vectors, which we also generate. * * First we figure out how much keying material is needed. */ int hashSize = cipherSuite.macAlg.size; boolean is_exportable = cipherSuite.exportable; BulkCipher cipher = cipherSuite.cipher; int expandedKeySize = is_exportable ? cipher.expandedKeySize : 0; // Which algs/params do we need to use? String keyMaterialAlg; PRF prf; if (protocolVersion.v >= ProtocolVersion.TLS12.v) { keyMaterialAlg = "SunTls12KeyMaterial"; prf = cipherSuite.prfAlg; } else { keyMaterialAlg = "SunTlsKeyMaterial"; prf = P_NONE; } String prfHashAlg = prf.getPRFHashAlg(); int prfHashLength = prf.getPRFHashLength(); int prfBlockSize = prf.getPRFBlockSize(); TlsKeyMaterialParameterSpec spec = new TlsKeyMaterialParameterSpec( masterKey, protocolVersion.major, protocolVersion.minor, clnt_random.random_bytes, svr_random.random_bytes, cipher.algorithm, cipher.keySize, expandedKeySize, cipher.ivSize, hashSize, prfHashAlg, prfHashLength, prfBlockSize); try { KeyGenerator kg = JsseJce.getKeyGenerator(keyMaterialAlg); kg.init(spec); TlsKeyMaterialSpec keySpec = (TlsKeyMaterialSpec) kg.generateKey(); clntWriteKey = keySpec.getClientCipherKey(); svrWriteKey = keySpec.getServerCipherKey(); // Return null if IVs are not supposed to be generated. // e.g. TLS 1.1+. clntWriteIV = keySpec.getClientIv(); svrWriteIV = keySpec.getServerIv(); clntMacSecret = keySpec.getClientMacKey(); svrMacSecret = keySpec.getServerMacKey(); } catch (GeneralSecurityException e) { throw new ProviderException(e); } // // Dump the connection keys as they're generated. // if (debug != null && Debug.isOn("keygen")) { synchronized (System.out) { HexDumpEncoder dump = new HexDumpEncoder(); System.out.println("CONNECTION KEYGEN:"); // Inputs: System.out.println("Client Nonce:"); printHex(dump, clnt_random.random_bytes); System.out.println("Server Nonce:"); printHex(dump, svr_random.random_bytes); System.out.println("Master Secret:"); printHex(dump, masterKey.getEncoded()); // Outputs: System.out.println("Client MAC write Secret:"); printHex(dump, clntMacSecret.getEncoded()); System.out.println("Server MAC write Secret:"); printHex(dump, svrMacSecret.getEncoded()); if (clntWriteKey != null) { System.out.println("Client write key:"); printHex(dump, clntWriteKey.getEncoded()); System.out.println("Server write key:"); printHex(dump, svrWriteKey.getEncoded()); } else { System.out.println("... no encryption keys used"); } if (clntWriteIV != null) { System.out.println("Client write IV:"); printHex(dump, clntWriteIV.getIV()); System.out.println("Server write IV:"); printHex(dump, svrWriteIV.getIV()); } else { if (protocolVersion.v >= ProtocolVersion.TLS11.v) { System.out.println("... no IV derived for this protocol"); } else { System.out.println("... no IV used for this cipher"); } } System.out.flush(); } } }
/* * Calculate the master secret from its various components. This is * used for key exchange by all cipher suites. * * The master secret is the catenation of three MD5 hashes, each * consisting of the pre-master secret and a SHA1 hash. Those three * SHA1 hashes are of (different) constant strings, the pre-master * secret, and the nonces provided by the client and the server. */ private SecretKey calculateMasterSecret( SecretKey preMasterSecret, ProtocolVersion requestedVersion) { if (debug != null && Debug.isOn("keygen")) { HexDumpEncoder dump = new HexDumpEncoder(); System.out.println("SESSION KEYGEN:"); System.out.println("PreMaster Secret:"); printHex(dump, preMasterSecret.getEncoded()); // Nonces are dumped with connection keygen, no // benefit to doing it twice } // What algs/params do we need to use? String masterAlg; PRF prf; if (protocolVersion.v >= ProtocolVersion.TLS12.v) { masterAlg = "SunTls12MasterSecret"; prf = cipherSuite.prfAlg; } else { masterAlg = "SunTlsMasterSecret"; prf = P_NONE; } String prfHashAlg = prf.getPRFHashAlg(); int prfHashLength = prf.getPRFHashLength(); int prfBlockSize = prf.getPRFBlockSize(); TlsMasterSecretParameterSpec spec = new TlsMasterSecretParameterSpec( preMasterSecret, protocolVersion.major, protocolVersion.minor, clnt_random.random_bytes, svr_random.random_bytes, prfHashAlg, prfHashLength, prfBlockSize); SecretKey masterSecret; try { KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg); kg.init(spec); masterSecret = kg.generateKey(); } catch (GeneralSecurityException e) { // For RSA premaster secrets, do not signal a protocol error // due to the Bleichenbacher attack. See comments further down. if (!preMasterSecret.getAlgorithm().equals("TlsRsaPremasterSecret")) { throw new ProviderException(e); } if (debug != null && Debug.isOn("handshake")) { System.out.println("RSA master secret generation error:"); e.printStackTrace(System.out); System.out.println("Generating new random premaster secret"); } if (requestedVersion != null) { preMasterSecret = RSAClientKeyExchange.generateDummySecret(requestedVersion); } else { preMasterSecret = RSAClientKeyExchange.generateDummySecret(protocolVersion); } // recursive call with new premaster secret return calculateMasterSecret(preMasterSecret, null); } // if no version check requested (client side handshake), or version // information is not available (not an RSA premaster secret), // return master secret immediately. if ((requestedVersion == null) || !(masterSecret instanceof TlsMasterSecret)) { return masterSecret; } // we have checked the ClientKeyExchange message when reading TLS // record, the following check is necessary to ensure that // JCE provider does not ignore the checking, or the previous // checking process bypassed the premaster secret version checking. TlsMasterSecret tlsKey = (TlsMasterSecret) masterSecret; int major = tlsKey.getMajorVersion(); int minor = tlsKey.getMinorVersion(); if ((major < 0) || (minor < 0)) { return masterSecret; } // check if the premaster secret version is ok // the specification says that it must be the maximum version supported // by the client from its ClientHello message. However, many // implementations send the negotiated version, so accept both // for SSL v3.0 and TLS v1.0. // NOTE that we may be comparing two unsupported version numbers, which // is why we cannot use object reference equality in this special case. ProtocolVersion premasterVersion = ProtocolVersion.valueOf(major, minor); boolean versionMismatch = (premasterVersion.v != requestedVersion.v); /* * we never checked the client_version in server side * for TLS v1.0 and SSL v3.0. For compatibility, we * maintain this behavior. */ if (versionMismatch && requestedVersion.v <= ProtocolVersion.TLS10.v) { versionMismatch = (premasterVersion.v != protocolVersion.v); } if (versionMismatch == false) { // check passed, return key return masterSecret; } // Due to the Bleichenbacher attack, do not signal a protocol error. // Generate a random premaster secret and continue with the handshake, // which will fail when verifying the finished messages. // For more information, see comments in PreMasterSecret. if (debug != null && Debug.isOn("handshake")) { System.out.println( "RSA PreMasterSecret version error: expected" + protocolVersion + " or " + requestedVersion + ", decrypted: " + premasterVersion); System.out.println("Generating new random premaster secret"); } preMasterSecret = RSAClientKeyExchange.generateDummySecret(requestedVersion); // recursive call with new premaster secret return calculateMasterSecret(preMasterSecret, null); }