예제 #1
0
  /**
   * Generates a PBE key/IV pair from command line options.
   *
   * @param alg Symmetric algorithm for which a compatible key should be generated.
   * @param line Parsed command line arguments container.
   * @return Secret key from password.
   * @throws Exception On key generation errors.
   */
  protected KeyWithIV genPbeKeyWithIV(final SymmetricAlgorithm alg, final CommandLine line)
      throws Exception {
    if (!line.hasOption(OPT_SALT)) {
      throw new IllegalArgumentException("Salt is required for PBE key generation.");
    }
    if (!line.hasOption(OPT_KEYSIZE)) {
      throw new IllegalArgumentException("Key size is required for PBE key generation.");
    }

    KeyWithIV keyWithIV = null;
    DigestAlgorithm digest = null;
    if (line.hasOption(OPT_DIGEST)) {
      digest = DigestAlgorithm.newInstance(line.getOptionValue(OPT_DIGEST));
    }

    String pbeMode = null;
    if (line.hasOption(OPT_PBEMODE)) {
      pbeMode = line.getOptionValue(OPT_PBEMODE).toLowerCase();
    }

    final int keySize = Integer.parseInt(line.getOptionValue(OPT_KEYSIZE));
    int ivSize = 0;
    if (!line.hasOption(OPT_IV)) {
      // Generate an IV from the password if none specified
      ivSize = alg.getBlockSize() * BITS_IN_BYTE;
    }

    final PbeKeyGenerator keyGen = new PbeKeyGenerator(alg);
    final char[] pass = line.getOptionValue(OPT_PBE).toCharArray();
    final byte[] salt = hexConv.toBytes(line.getOptionValue(OPT_SALT));
    if ("pkcs12".equals(pbeMode)) {
      if (digest == null) {
        throw new IllegalArgumentException("pkcs12 requires a digest algorithm");
      }
      System.err.println("Generating PKCS#12 PBE key.");
      keyWithIV = keyGen.generatePkcs12(pass, keySize, ivSize, digest, salt);
    } else if ("pkcs5s1".equals(pbeMode)) {
      if (digest == null) {
        throw new IllegalArgumentException("pkcs5s1 requires a digest algorithm");
      }
      System.err.println("Generating PKCS#5 v1 PBE key.");
      keyWithIV = keyGen.generatePkcs5v1(pass, keySize, ivSize, digest, salt);
    } else if ("openssl".equals(pbeMode)) {
      System.err.println("Generating OpenSSL PBE key.");
      keyWithIV = keyGen.generateOpenssl(pass, keySize, ivSize, salt);
    } else {
      // Default is pkcs5s2
      System.err.println("Generating PKCS#5 v2 PBE key.");
      keyWithIV = keyGen.generatePkcs5v2(pass, keySize, ivSize, salt);
    }
    System.err.println("Key: " + hexConv.fromBytes(keyWithIV.getKey().getEncoded()));
    if (keyWithIV.getIV().length > 0) {
      System.err.println("IV: " + hexConv.fromBytes(keyWithIV.getIV()));
    }
    return keyWithIV;
  }
 /**
  * Creates a new instance with the given parameters.
  *
  * @param alg Symmetric algorithm used for encryption/decryption.
  * @param digest Key generation function digest.
  * @param params Key generation function salt and iteration count.
  */
 public PBES1EncryptionScheme(
     final SymmetricAlgorithm alg, final DigestAlgorithm digest, final PBEParameter params) {
   boolean valid = false;
   for (PBES1Algorithm a : PBES1Algorithm.values()) {
     if (a.getDigest().getAlgorithm().equals(digest.getAlgorithm())
         && a.getSpec().getName().equals(alg.getAlgorithm())
         && a.getSpec().getMode().equals(alg.getMode())
         && a.getSpec().getPadding().equals(alg.getPadding())) {
       valid = true;
       break;
     }
   }
   if (!valid) {
     throw new IllegalArgumentException("Invalid digest/cipher combination.");
   }
   setCipher(alg);
   generator = new PBKDF1KeyGenerator(digest, params.getSalt(), params.getIterationCount());
 }