private DERObject createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException { String s = "1.2.840.113549.3.2"; AlgorithmParameterGenerator algorithmparametergenerator = AlgorithmParameterGenerator.getInstance(s); AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters(); ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1")); ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream); DERObject derobject = asn1inputstream.readObject(); KeyGenerator keygenerator = KeyGenerator.getInstance(s); keygenerator.init(128); SecretKey secretkey = keygenerator.generateKey(); Cipher cipher = Cipher.getInstance(s); cipher.init(1, secretkey, algorithmparameters); byte[] abyte1 = cipher.doFinal(in); DEROctetString deroctetstring = new DEROctetString(abyte1); KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded()); DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo)); AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject); EncryptedContentInfo encryptedcontentinfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring); EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, null); ContentInfo contentinfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, env); return contentinfo.getDERObject(); }
public static void main(String[] args) { try { AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance("DSA"); paramGen.init(1024); AlgorithmParameters params = paramGen.generateParameters(); DSAParameterSpec dsaParameterSpec = params.getParameterSpec(DSAParameterSpec.class); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA"); keyPairGenerator.initialize(dsaParameterSpec); KeyPair keyPair = keyPairGenerator.generateKeyPair(); PublicKey publicKey = keyPair.getPublic(); PrivateKey privateKey = keyPair.getPrivate(); saveKey("BpubKey", publicKey); saveKey("BprivKey", privateKey); } catch (NoSuchAlgorithmException | InvalidParameterSpecException | InvalidAlgorithmParameterException e) { e.printStackTrace(); } }
/** * Generates and returns {@link DHParameterSpec}. * * @return {@link String} * @see AlgorithmParameters * @see AlgorithmParameterGenerator */ public static DHParameterSpec generateDiffieHellmanValues() throws NoSuchAlgorithmException, InvalidParameterSpecException { AlgorithmParameterGenerator parameterGenerator = AlgorithmParameterGenerator.getInstance("DH"); parameterGenerator.init(1024); AlgorithmParameters parameters = parameterGenerator.generateParameters(); return (DHParameterSpec) parameters.getParameterSpec(DHParameterSpec.class); }
/** Can be used to generate new parameters */ public static void main(String[] args) throws Exception { AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance(ALGORITHM); paramGen.init(1024); AlgorithmParameters params = paramGen.generateParameters(); DHParameterSpec dhSpec = params.getParameterSpec(DHParameterSpec.class); System.out.println("l=" + dhSpec.getL()); System.out.println("g=" + dhSpec.getG()); System.out.println("p=" + dhSpec.getP()); }
private void testParameters() throws Exception { AlgorithmParameterGenerator a = AlgorithmParameterGenerator.getInstance("DSA", "BC"); a.init(512, random); AlgorithmParameters params = a.generateParameters(); byte[] encodeParams = params.getEncoded(); AlgorithmParameters a2 = AlgorithmParameters.getInstance("DSA", "BC"); a2.init(encodeParams); // a and a2 should be equivalent! byte[] encodeParams_2 = a2.getEncoded(); if (!areEqual(encodeParams, encodeParams_2)) { fail("encode/decode parameters failed"); } DSAParameterSpec dsaP = (DSAParameterSpec) params.getParameterSpec(DSAParameterSpec.class); KeyPairGenerator g = KeyPairGenerator.getInstance("DSA", "BC"); g.initialize(dsaP, new SecureRandom()); KeyPair p = g.generateKeyPair(); PrivateKey sKey = p.getPrivate(); PublicKey vKey = p.getPublic(); Signature s = Signature.getInstance("DSA", "BC"); byte[] data = {1, 2, 3, 4, 5, 6, 7, 8, 9, 0}; s.initSign(sKey); s.update(data); byte[] sigBytes = s.sign(); s = Signature.getInstance("DSA", "BC"); s.initVerify(vKey); s.update(data); if (!s.verify(sigBytes)) { fail("DSA verification failed"); } }
/** * Gets the public information for a DH key exchange or null if the parameters could not be made * * @return a PubInfo object that holds the public information for a DH key exchange or null if the * parameters could not be made */ public static PubInfo getPubParams() { try { AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance("DH"); paramGen.init(1024); AlgorithmParameters params = paramGen.generateParameters(); DHParameterSpec dhSpec = (DHParameterSpec) params.getParameterSpec(DHParameterSpec.class); BigInteger g = dhSpec.getG(); BigInteger p = dhSpec.getP(); int l = dhSpec.getL(); return new PubInfo(g, p, l); } catch (Exception e) { if (DEBUG) { System.out.println("Could not make public parameters"); } return null; } }
public static void main(String[] args) { tcount = 0; try { ServerSocket ss = new ServerSocket(4567); AlgorithmParameterGenerator gerador = AlgorithmParameterGenerator.getInstance("DH"); gerador.init(1024); AlgorithmParameters parametros = gerador.generateParameters(); DHParameterSpec dhSpec = (DHParameterSpec) parametros.getParameterSpec(DHParameterSpec.class); while (true) { Socket s = ss.accept(); tcount++; TServidor ts = new TServidor(s, tcount, dhSpec); ts.start(); } } catch (Exception e) { e.printStackTrace(); } }
private void testRandom(int size) throws Exception { AlgorithmParameterGenerator a = AlgorithmParameterGenerator.getInstance("ElGamal", "BC"); a.init(size, new SecureRandom()); AlgorithmParameters params = a.generateParameters(); byte[] encodeParams = params.getEncoded(); AlgorithmParameters a2 = AlgorithmParameters.getInstance("ElGamal", "BC"); a2.init(encodeParams); // a and a2 should be equivalent! byte[] encodeParams_2 = a2.getEncoded(); if (!areEqual(encodeParams, encodeParams_2)) { fail(this.getName() + ": encode/decode parameters failed"); } DHParameterSpec elP = (DHParameterSpec) params.getParameterSpec(DHParameterSpec.class); testGP(size, 0, elP.getG(), elP.getP()); }
AlgorithmParameters generateParameters( ASN1ObjectIdentifier encryptionOID, SecretKey encKey, SecureRandom rand) throws CMSException { try { AlgorithmParameterGenerator pGen = createAlgorithmParameterGenerator(encryptionOID); if (encryptionOID.equals(CMSAlgorithm.RC2_CBC)) { byte[] iv = new byte[8]; rand.nextBytes(iv); try { pGen.init(new RC2ParameterSpec(encKey.getEncoded().length * 8, iv), rand); } catch (InvalidAlgorithmParameterException e) { throw new CMSException("parameters generation error: " + e, e); } } return pGen.generateParameters(); } catch (NoSuchAlgorithmException e) { return null; } catch (GeneralSecurityException e) { throw new CMSException("exception creating algorithm parameter generator: " + e, e); } }
public AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm) throws NoSuchAlgorithmException { return AlgorithmParameterGenerator.getInstance(algorithm); }
public OutputEncryptor build() throws OperatorCreationException { final AlgorithmIdentifier algID; salt = new byte[20]; if (random == null) { random = new SecureRandom(); } random.nextBytes(salt); try { this.cipher = helper.createCipher(algOID.getId()); if (PEMUtilities.isPKCS5Scheme2(algOID)) { this.paramGen = helper.createAlgorithmParameterGenerator(algOID.getId()); } else { this.secKeyFact = helper.createSecretKeyFactory(algOID.getId()); } } catch (GeneralSecurityException e) { throw new OperatorCreationException(algOID + " not available: " + e.getMessage(), e); } if (PEMUtilities.isPKCS5Scheme2(algOID)) { params = paramGen.generateParameters(); try { KeyDerivationFunc scheme = new KeyDerivationFunc(algOID, ASN1Primitive.fromByteArray(params.getEncoded())); KeyDerivationFunc func = new KeyDerivationFunc( PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount)); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(func); v.add(scheme); algID = new AlgorithmIdentifier( PKCSObjectIdentifiers.id_PBES2, PBES2Parameters.getInstance(new DERSequence(v))); } catch (IOException e) { throw new OperatorCreationException(e.getMessage(), e); } key = PEMUtilities.generateSecretKeyForPKCS5Scheme2( algOID.getId(), password, salt, iterationCount); try { cipher.init(Cipher.ENCRYPT_MODE, key, params); } catch (GeneralSecurityException e) { throw new OperatorCreationException(e.getMessage(), e); } } else if (PEMUtilities.isPKCS12(algOID)) { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DEROctetString(salt)); v.add(new ASN1Integer(iterationCount)); algID = new AlgorithmIdentifier(algOID, PKCS12PBEParams.getInstance(new DERSequence(v))); try { PBEKeySpec pbeSpec = new PBEKeySpec(password); PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount); key = secKeyFact.generateSecret(pbeSpec); cipher.init(Cipher.ENCRYPT_MODE, key, defParams); } catch (GeneralSecurityException e) { throw new OperatorCreationException(e.getMessage(), e); } } else { throw new OperatorCreationException("unknown algorithm: " + algOID, null); } return new OutputEncryptor() { public AlgorithmIdentifier getAlgorithmIdentifier() { return algID; } public OutputStream getOutputStream(OutputStream encOut) { return new CipherOutputStream(encOut, cipher); } public GenericKey getKey() { return new JceGenericKey(algID, key); } }; }
private void run(String mode) throws Exception { DHParameterSpec dhSkipParamSpec; if (mode.equals("GENERATE_DH_PARAMS")) { // Some central authority creates new DH parameters System.out.println("Creating Diffie-Hellman parameters (takes VERY long) ..."); AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance("DH"); paramGen.init(512); AlgorithmParameters params = paramGen.generateParameters(); dhSkipParamSpec = (DHParameterSpec) params.getParameterSpec(DHParameterSpec.class); } else { // use some pre-generated, default DH parameters System.out.println("Using SKIP Diffie-Hellman parameters"); dhSkipParamSpec = new DHParameterSpec(skip1024Modulus, skip1024Base); } /* * Alice creates her own DH key pair, using the DH parameters from * above */ System.out.println("ALICE: Generate DH keypair ..."); KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH"); aliceKpairGen.initialize(dhSkipParamSpec); KeyPair aliceKpair = aliceKpairGen.generateKeyPair(); // Alice creates and initializes her DH KeyAgreement object System.out.println("ALICE: Initialization ..."); KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH"); aliceKeyAgree.init(aliceKpair.getPrivate()); // Alice encodes her public key, and sends it over to Bob. byte[] alicePubKeyEnc = aliceKpair.getPublic().getEncoded(); /* * Let's turn over to Bob. Bob has received Alice's public key * in encoded format. * He instantiates a DH public key from the encoded key material. */ KeyFactory bobKeyFac = KeyFactory.getInstance("DH"); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(alicePubKeyEnc); PublicKey alicePubKey = bobKeyFac.generatePublic(x509KeySpec); /* * Bob gets the DH parameters associated with Alice's public key. * He must use the same parameters when he generates his own key * pair. */ DHParameterSpec dhParamSpec = ((DHPublicKey) alicePubKey).getParams(); // Bob creates his own DH key pair System.out.println("BOB: Generate DH keypair ..."); KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH"); bobKpairGen.initialize(dhParamSpec); KeyPair bobKpair = bobKpairGen.generateKeyPair(); // Bob creates and initializes his DH KeyAgreement object System.out.println("BOB: Initialization ..."); KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH"); bobKeyAgree.init(bobKpair.getPrivate()); // Bob encodes his public key, and sends it over to Alice. byte[] bobPubKeyEnc = bobKpair.getPublic().getEncoded(); /* * Alice uses Bob's public key for the first (and only) phase * of her version of the DH * protocol. * Before she can do so, she has to instantiate a DH public key * from Bob's encoded key material. */ KeyFactory aliceKeyFac = KeyFactory.getInstance("DH"); x509KeySpec = new X509EncodedKeySpec(bobPubKeyEnc); PublicKey bobPubKey = aliceKeyFac.generatePublic(x509KeySpec); System.out.println("ALICE: Execute PHASE1 ..."); aliceKeyAgree.doPhase(bobPubKey, true); /* * Bob uses Alice's public key for the first (and only) phase * of his version of the DH * protocol. */ System.out.println("BOB: Execute PHASE1 ..."); bobKeyAgree.doPhase(alicePubKey, true); /* * At this stage, both Alice and Bob have completed the DH key * agreement protocol. * Both generate the (same) shared secret. */ byte[] aliceSharedSecret = aliceKeyAgree.generateSecret(); int aliceLen = aliceSharedSecret.length; byte[] bobSharedSecret = new byte[aliceLen]; int bobLen; try { // show example of what happens if you // provide an output buffer that is too short bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 1); } catch (ShortBufferException e) { System.out.println(e.getMessage()); } // provide output buffer of required size bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 0); System.out.println("Alice secret: " + toHexString(aliceSharedSecret)); System.out.println("Bob secret: " + toHexString(bobSharedSecret)); if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret)) throw new Exception("Shared secrets differ"); System.out.println("Shared secrets are the same"); /* * Now let's return the shared secret as a SecretKey object * and use it for encryption. First, we generate SecretKeys for the * "DES" algorithm (based on the raw shared secret data) and * then we use DES in ECB mode * as the encryption algorithm. DES in ECB mode does not require any * parameters. * * Then we use DES in CBC mode, which requires an initialization * vector (IV) parameter. In CBC mode, you need to initialize the * Cipher object with an IV, which can be supplied using the * javax.crypto.spec.IvParameterSpec class. Note that you have to use * the same IV for encryption and decryption: If you use a different * IV for decryption than you used for encryption, decryption will * fail. * * NOTE: If you do not specify an IV when you initialize the * Cipher object for encryption, the underlying implementation * will generate a random one, which you have to retrieve using the * javax.crypto.Cipher.getParameters() method, which returns an * instance of java.security.AlgorithmParameters. You need to transfer * the contents of that object (e.g., in encoded format, obtained via * the AlgorithmParameters.getEncoded() method) to the party who will * do the decryption. When initializing the Cipher for decryption, * the (reinstantiated) AlgorithmParameters object must be passed to * the Cipher.init() method. */ System.out.println("Return shared secret as SecretKey object ..."); // Bob // NOTE: The call to bobKeyAgree.generateSecret above reset the key // agreement object, so we call doPhase again prior to another // generateSecret call bobKeyAgree.doPhase(alicePubKey, true); SecretKey bobDesKey = bobKeyAgree.generateSecret("DES"); // Alice // NOTE: The call to aliceKeyAgree.generateSecret above reset the key // agreement object, so we call doPhase again prior to another // generateSecret call aliceKeyAgree.doPhase(bobPubKey, true); SecretKey aliceDesKey = aliceKeyAgree.generateSecret("DES"); /* * Bob encrypts, using DES in ECB mode */ Cipher bobCipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); bobCipher.init(Cipher.ENCRYPT_MODE, bobDesKey); byte[] cleartext = "This is just an example".getBytes(); byte[] ciphertext = bobCipher.doFinal(cleartext); /* * Alice decrypts, using DES in ECB mode */ Cipher aliceCipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); aliceCipher.init(Cipher.DECRYPT_MODE, aliceDesKey); byte[] recovered = aliceCipher.doFinal(ciphertext); if (!java.util.Arrays.equals(cleartext, recovered)) throw new Exception("DES in CBC mode recovered text is " + "different from cleartext"); System.out.println("DES in ECB mode recovered text is " + "same as cleartext"); /* * Bob encrypts, using DES in CBC mode */ bobCipher = Cipher.getInstance("DES/CBC/PKCS5Padding"); bobCipher.init(Cipher.ENCRYPT_MODE, bobDesKey); cleartext = "This is just an example".getBytes(); ciphertext = bobCipher.doFinal(cleartext); // Retrieve the parameter that was used, and transfer it to Alice in // encoded format byte[] encodedParams = bobCipher.getParameters().getEncoded(); /* * Alice decrypts, using DES in CBC mode */ // Instantiate AlgorithmParameters object from parameter encoding // obtained from Bob AlgorithmParameters params = AlgorithmParameters.getInstance("DES"); params.init(encodedParams); aliceCipher = Cipher.getInstance("DES/CBC/PKCS5Padding"); aliceCipher.init(Cipher.DECRYPT_MODE, aliceDesKey, params); recovered = aliceCipher.doFinal(ciphertext); if (!java.util.Arrays.equals(cleartext, recovered)) throw new Exception("DES in CBC mode recovered text is " + "different from cleartext"); System.out.println("DES in CBC mode recovered text is " + "same as cleartext"); }