private static PrivateKey derivePrivateKeyPBES2(
org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn,
AlgorithmIdentifier algId,
char[] password)
throws GeneralSecurityException, InvalidCipherTextException {
PBES2Parameters pbeParams = new PBES2Parameters((ASN1Sequence) algId.getParameters());
CipherParameters cipherParams = extractPBES2CipherParams(password, pbeParams);
EncryptionScheme scheme = pbeParams.getEncryptionScheme();
BufferedBlockCipher cipher;
if (scheme.getAlgorithm().equals(PKCSObjectIdentifiers.RC2_CBC)) {
RC2CBCParameter rc2Params = new RC2CBCParameter((ASN1Sequence) scheme.getObject());
byte[] iv = rc2Params.getIV();
CipherParameters param = new ParametersWithIV(cipherParams, iv);
cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new RC2Engine()));
cipher.init(false, param);
} else {
byte[] iv = ((ASN1OctetString) scheme.getObject()).getOctets();
CipherParameters param = new ParametersWithIV(cipherParams, iv);
cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESedeEngine()));
cipher.init(false, param);
}
byte[] data = eIn.getEncryptedData();
byte[] out = new byte[cipher.getOutputSize(data.length)];
int len = cipher.processBytes(data, 0, data.length, out, 0);
len += cipher.doFinal(out, len);
byte[] pkcs8 = new byte[len];
System.arraycopy(out, 0, pkcs8, 0, len);
KeyFactory fact = KeyFactory.getInstance("RSA"); // It seems to work for both RSA and DSA.
return fact.generatePrivate(new PKCS8EncodedKeySpec(pkcs8));
}
private static PrivateKey derivePrivateKeyPBES1(
org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn,
AlgorithmIdentifier algId,
char[] password)
throws GeneralSecurityException {
PKCS12PBEParams pkcs12Params = new PKCS12PBEParams((ASN1Sequence) algId.getParameters());
PBEParameterSpec pbeParams =
new PBEParameterSpec(pkcs12Params.getIV(), pkcs12Params.getIterations().intValue());
String algorithm = ASN1Registry.o2a(algId.getAlgorithm());
algorithm = (algorithm.split("-"))[0];
Cipher cipher = OpenSSLReal.getCipherBC(algorithm); // need to use BC for PBEParameterSpec.
SecretKeyFactory fact =
OpenSSLReal.getSecretKeyFactoryBC(algorithm); // need to use BC for PKCS12PBEParams.
SecretKey key = fact.generateSecret(new PBEKeySpec(password));
cipher.init(Cipher.UNWRAP_MODE, key, pbeParams);
// wrappedKeyAlgorithm is unknown ("")
return (PrivateKey) cipher.unwrap(eIn.getEncryptedData(), "", Cipher.PRIVATE_KEY);
}
/**
* Returns a copy of the encrypted data.
*
* @returns a copy of the encrypted data.
*/
public byte[] getEncryptedData() {
return infoObj.getEncryptedData();
}
