@Override public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName) throws IOException, GeneralSecurityException { // Fetch the encryption key KeyVersion encryptionKey = keyProvider.getCurrentKey(encryptionKeyName); Preconditions.checkNotNull( encryptionKey, "No KeyVersion exists for key '%s' ", encryptionKeyName); // Generate random bytes for new key and IV CryptoCodec cc = CryptoCodec.getInstance(keyProvider.getConf()); final byte[] newKey = new byte[encryptionKey.getMaterial().length]; cc.generateSecureRandom(newKey); final byte[] iv = new byte[cc.getCipherSuite().getAlgorithmBlockSize()]; cc.generateSecureRandom(iv); // Encryption key IV is derived from new key's IV final byte[] encryptionIV = EncryptedKeyVersion.deriveIV(iv); Encryptor encryptor = cc.createEncryptor(); encryptor.init(encryptionKey.getMaterial(), encryptionIV); int keyLen = newKey.length; ByteBuffer bbIn = ByteBuffer.allocateDirect(keyLen); ByteBuffer bbOut = ByteBuffer.allocateDirect(keyLen); bbIn.put(newKey); bbIn.flip(); encryptor.encrypt(bbIn, bbOut); bbOut.flip(); byte[] encryptedKey = new byte[keyLen]; bbOut.get(encryptedKey); return new EncryptedKeyVersion( encryptionKeyName, encryptionKey.getVersionName(), iv, new KeyVersion(encryptionKey.getName(), EEK, encryptedKey)); }
@Test(timeout = 30000) public void testKeyStoreKeyProviderWithPassword() throws Exception { KeyProvider provider = new KeyStoreKeyProvider(); provider.init("jceks://" + storeFile.toURI().getPath() + "?password=" + PASSWORD); Key key = provider.getKey(ALIAS); assertNotNull(key); byte[] keyBytes = key.getEncoded(); assertEquals(keyBytes.length, KEY.length); for (int i = 0; i < KEY.length; i++) { assertEquals(keyBytes[i], KEY[i]); } }
protected byte[] decryptImp( byte[] encryptedMessage, byte[] encryptedKey, byte[] encryptedIV, String keyName) throws Exception { PrivateKey privateKey = AsymmetricKeyReader.readPrivateKey(provider.getKeyVersion(keyName).getMaterial()); // try { AsymmetricDecryptor asymmetricDecryptor = new AsymmetricDecryptor(privateKey); // byte[] receivedSecretKeyBytes ="d".getBytes(); byte[] receivedSecretKeyBytes = asymmetricDecryptor.decrypt(encryptedKey); // logger.info("receivedSecretKeyBytes:" + Hex.encodeHexString(encryptedKey )); // logger.info("Decrypted SecretKey:" + Hex.encodeHexString(receivedSecretKeyBytes)); SecretKey receivedSecretKey = new SecretKeySpec(receivedSecretKeyBytes, SECRET_KEY_ALGORITHM); // assert receivedSecretKey.getEncoded().length == SECRET_KEY_LENGTH_BITS: "Secret key is " + // receivedSecretKey.getEncoded().length + " long, expecting " + SECRET_KEY_LENGTH_BITS; // Decrypt the symmetric key initialization vector with the private key. byte[] receivedIVBytes = asymmetricDecryptor.decrypt(encryptedIV); IvParameterSpec receivedIV = new IvParameterSpec(receivedIVBytes); // Decrypt the message. SymmetricDecryptor symmetricDecryptor = new SymmetricDecryptor(receivedSecretKey, receivedIV); byte[] receivedMessageBytes = symmetricDecryptor.decrypt(encryptedMessage); // The message that was received. // System.out.printf("output message: %s\n", receivedMessage); return receivedMessageBytes; // } catch (Exception e1) { // System.out.println("Error decrypting expecption:" + e1); // } }
public static <OBJECT, KEY_TYPE> Map<KEY_TYPE, OBJECT> toMap( List<OBJECT> instantActions, KeyProvider<OBJECT, KEY_TYPE> keyProvider) { Map<KEY_TYPE, OBJECT> value = new HashMap<>(); for (OBJECT instantAction : instantActions) { value.put(keyProvider.map(instantAction), instantAction); } return value; }
@Override public KeyVersion decryptEncryptedKey(EncryptedKeyVersion encryptedKeyVersion) throws IOException, GeneralSecurityException { // Fetch the encryption key material final String encryptionKeyVersionName = encryptedKeyVersion.getEncryptionKeyVersionName(); final KeyVersion encryptionKey = keyProvider.getKeyVersion(encryptionKeyVersionName); Preconditions.checkNotNull( encryptionKey, "KeyVersion name '%s' does not exist", encryptionKeyVersionName); Preconditions.checkArgument( encryptedKeyVersion .getEncryptedKeyVersion() .getVersionName() .equals(KeyProviderCryptoExtension.EEK), "encryptedKey version name must be '%s', is '%s'", KeyProviderCryptoExtension.EEK, encryptedKeyVersion.getEncryptedKeyVersion().getVersionName()); // Encryption key IV is determined from encrypted key's IV final byte[] encryptionIV = EncryptedKeyVersion.deriveIV(encryptedKeyVersion.getEncryptedKeyIv()); CryptoCodec cc = CryptoCodec.getInstance(keyProvider.getConf()); Decryptor decryptor = cc.createDecryptor(); decryptor.init(encryptionKey.getMaterial(), encryptionIV); final KeyVersion encryptedKV = encryptedKeyVersion.getEncryptedKeyVersion(); int keyLen = encryptedKV.getMaterial().length; ByteBuffer bbIn = ByteBuffer.allocateDirect(keyLen); ByteBuffer bbOut = ByteBuffer.allocateDirect(keyLen); bbIn.put(encryptedKV.getMaterial()); bbIn.flip(); decryptor.decrypt(bbIn, bbOut); bbOut.flip(); byte[] decryptedKey = new byte[keyLen]; bbOut.get(decryptedKey); return new KeyVersion(encryptionKey.getName(), EK, decryptedKey); }