@Override
    public EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
        throws IOException, GeneralSecurityException {
      // Fetch the encryption key
      KeyVersion encryptionKey = keyProvider.getCurrentKey(encryptionKeyName);
      Preconditions.checkNotNull(
          encryptionKey, "No KeyVersion exists for key '%s' ", encryptionKeyName);
      // Generate random bytes for new key and IV

      CryptoCodec cc = CryptoCodec.getInstance(keyProvider.getConf());
      final byte[] newKey = new byte[encryptionKey.getMaterial().length];
      cc.generateSecureRandom(newKey);
      final byte[] iv = new byte[cc.getCipherSuite().getAlgorithmBlockSize()];
      cc.generateSecureRandom(iv);
      // Encryption key IV is derived from new key's IV
      final byte[] encryptionIV = EncryptedKeyVersion.deriveIV(iv);
      Encryptor encryptor = cc.createEncryptor();
      encryptor.init(encryptionKey.getMaterial(), encryptionIV);
      int keyLen = newKey.length;
      ByteBuffer bbIn = ByteBuffer.allocateDirect(keyLen);
      ByteBuffer bbOut = ByteBuffer.allocateDirect(keyLen);
      bbIn.put(newKey);
      bbIn.flip();
      encryptor.encrypt(bbIn, bbOut);
      bbOut.flip();
      byte[] encryptedKey = new byte[keyLen];
      bbOut.get(encryptedKey);
      return new EncryptedKeyVersion(
          encryptionKeyName,
          encryptionKey.getVersionName(),
          iv,
          new KeyVersion(encryptionKey.getName(), EEK, encryptedKey));
    }
Exemplo n.º 2
0
 @Test(timeout = 30000)
 public void testKeyStoreKeyProviderWithPassword() throws Exception {
   KeyProvider provider = new KeyStoreKeyProvider();
   provider.init("jceks://" + storeFile.toURI().getPath() + "?password=" + PASSWORD);
   Key key = provider.getKey(ALIAS);
   assertNotNull(key);
   byte[] keyBytes = key.getEncoded();
   assertEquals(keyBytes.length, KEY.length);
   for (int i = 0; i < KEY.length; i++) {
     assertEquals(keyBytes[i], KEY[i]);
   }
 }
  protected byte[] decryptImp(
      byte[] encryptedMessage, byte[] encryptedKey, byte[] encryptedIV, String keyName)
      throws Exception {

    PrivateKey privateKey =
        AsymmetricKeyReader.readPrivateKey(provider.getKeyVersion(keyName).getMaterial());
    // try {
    AsymmetricDecryptor asymmetricDecryptor = new AsymmetricDecryptor(privateKey);
    // byte[] receivedSecretKeyBytes ="d".getBytes();

    byte[] receivedSecretKeyBytes = asymmetricDecryptor.decrypt(encryptedKey);

    // logger.info("receivedSecretKeyBytes:" + Hex.encodeHexString(encryptedKey ));
    // logger.info("Decrypted SecretKey:" + Hex.encodeHexString(receivedSecretKeyBytes));

    SecretKey receivedSecretKey = new SecretKeySpec(receivedSecretKeyBytes, SECRET_KEY_ALGORITHM);
    // assert receivedSecretKey.getEncoded().length == SECRET_KEY_LENGTH_BITS: "Secret key is " +
    // receivedSecretKey.getEncoded().length + " long, expecting " + SECRET_KEY_LENGTH_BITS;
    // Decrypt the symmetric key initialization vector with the private key.
    byte[] receivedIVBytes = asymmetricDecryptor.decrypt(encryptedIV);
    IvParameterSpec receivedIV = new IvParameterSpec(receivedIVBytes);

    // Decrypt the message.
    SymmetricDecryptor symmetricDecryptor = new SymmetricDecryptor(receivedSecretKey, receivedIV);
    byte[] receivedMessageBytes = symmetricDecryptor.decrypt(encryptedMessage);

    // The message that was received.
    // System.out.printf("output message: %s\n", receivedMessage);
    return receivedMessageBytes;
    // } catch (Exception e1) {
    //     System.out.println("Error decrypting expecption:" + e1);
    // }
  }
Exemplo n.º 4
0
 public static <OBJECT, KEY_TYPE> Map<KEY_TYPE, OBJECT> toMap(
     List<OBJECT> instantActions, KeyProvider<OBJECT, KEY_TYPE> keyProvider) {
   Map<KEY_TYPE, OBJECT> value = new HashMap<>();
   for (OBJECT instantAction : instantActions) {
     value.put(keyProvider.map(instantAction), instantAction);
   }
   return value;
 }
    @Override
    public KeyVersion decryptEncryptedKey(EncryptedKeyVersion encryptedKeyVersion)
        throws IOException, GeneralSecurityException {
      // Fetch the encryption key material
      final String encryptionKeyVersionName = encryptedKeyVersion.getEncryptionKeyVersionName();
      final KeyVersion encryptionKey = keyProvider.getKeyVersion(encryptionKeyVersionName);
      Preconditions.checkNotNull(
          encryptionKey, "KeyVersion name '%s' does not exist", encryptionKeyVersionName);
      Preconditions.checkArgument(
          encryptedKeyVersion
              .getEncryptedKeyVersion()
              .getVersionName()
              .equals(KeyProviderCryptoExtension.EEK),
          "encryptedKey version name must be '%s', is '%s'",
          KeyProviderCryptoExtension.EEK,
          encryptedKeyVersion.getEncryptedKeyVersion().getVersionName());

      // Encryption key IV is determined from encrypted key's IV
      final byte[] encryptionIV =
          EncryptedKeyVersion.deriveIV(encryptedKeyVersion.getEncryptedKeyIv());

      CryptoCodec cc = CryptoCodec.getInstance(keyProvider.getConf());
      Decryptor decryptor = cc.createDecryptor();
      decryptor.init(encryptionKey.getMaterial(), encryptionIV);
      final KeyVersion encryptedKV = encryptedKeyVersion.getEncryptedKeyVersion();
      int keyLen = encryptedKV.getMaterial().length;
      ByteBuffer bbIn = ByteBuffer.allocateDirect(keyLen);
      ByteBuffer bbOut = ByteBuffer.allocateDirect(keyLen);
      bbIn.put(encryptedKV.getMaterial());
      bbIn.flip();
      decryptor.decrypt(bbIn, bbOut);
      bbOut.flip();
      byte[] decryptedKey = new byte[keyLen];
      bbOut.get(decryptedKey);
      return new KeyVersion(encryptionKey.getName(), EK, decryptedKey);
    }