List of usage examples for javax.crypto KeyAgreement generateSecret
public final SecretKey generateSecret(String algorithm) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException
From source file:MainClass.java
public static void main(String[] args) throws Exception { String s = "F488FD584E49DBCD20B49DE49107366B336C380D451D0F7C88" + "11111111111111111111111111111111111111111111111111" + "11111111111111111111111111111111111111111111111111" + "11111111111111111111111111111111111111111111111111" + "11111111111111111111111111111111111111111111111111" + "2F78C7"; BigInteger base = BigInteger.valueOf(2); BigInteger modulous = new BigInteger(s, 16); DHParameterSpec skipParameterSpec = new DHParameterSpec(modulous, base); KeyPairGenerator kpg1 = KeyPairGenerator.getInstance("DH"); kpg1.initialize(skipParameterSpec);//from w w w.j a v a 2s. com KeyPair kp1 = kpg1.generateKeyPair(); KeyAgreement ka1 = KeyAgreement.getInstance("DH"); DHPrivateKey privateKey1 = (DHPrivateKey) kp1.getPrivate(); DHPublicKey publicKey1 = (DHPublicKey) kp1.getPublic(); ka1.init(privateKey1); System.out.println("1 is using " + publicKey1.getY() + " for its public key"); KeyPairGenerator kpg2 = KeyPairGenerator.getInstance("DH"); kpg2.initialize(skipParameterSpec); KeyPair kp2 = kpg2.generateKeyPair(); KeyAgreement ka2 = KeyAgreement.getInstance("DH"); DHPrivateKey privateKey2 = (DHPrivateKey) kp2.getPrivate(); DHPublicKey publicKey2 = (DHPublicKey) kp2.getPublic(); ka2.init(privateKey2); System.out.println("2 is using " + publicKey2.getY() + "for its public key"); // Use the KeyAgreement object of 1 to generate its shared key ka1.doPhase(publicKey2, true); SecretKey sharedKey1 = ka1.generateSecret("DES"); System.out.println("1 is using " + new String(sharedKey1.getEncoded()) + " as its DES session key"); // Use the KeyAgreement object of 2 to generate its shared key ka2.doPhase(publicKey1, true); SecretKey sharedKey2 = ka2.generateSecret("DES"); System.out.println("2 is using " + new String(sharedKey2.getEncoded()) + "as its DES session key"); }
From source file:com.zf.decipher.DataEn.java
private static byte[] getSecretKey(byte[] publicKey, byte[] privateKey) throws Exception { KeyFactory keyFactory = KeyFactory.getInstance("DH"); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(publicKey); PublicKey pubKey = keyFactory.generatePublic(x509KeySpec); PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(privateKey); PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec); KeyAgreement keyAgree = KeyAgreement.getInstance(keyFactory.getAlgorithm()); keyAgree.init(priKey);/*from w w w. j ava 2s .c o m*/ keyAgree.doPhase(pubKey, true); return keyAgree.generateSecret(AES).getEncoded(); }
From source file:org.apache.abdera2.common.security.DHBase.java
public Key generateSecret() throws NoSuchAlgorithmException, InvalidKeyException { KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(keyPair.getPrivate());/* w w w. j a v a 2s . c o m*/ ka.doPhase(publicKey, true); return ka.generateSecret("DESede"); }
From source file:org.apache.abdera2.common.security.DHBase.java
public Key generateSecret(String alg) throws NoSuchAlgorithmException, InvalidKeyException { KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(keyPair.getPrivate());/*from www. jav a 2 s. c om*/ ka.doPhase(publicKey, true); return ka.generateSecret(alg); }
From source file:org.apache.geode.internal.cache.tier.sockets.HandShake.java
private Cipher getEncryptCipher(String dhSKAlgo, PublicKey publicKey) throws Exception { try {/* w w w. ja v a2 s . co m*/ if (_encrypt == null) { KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(dhPrivateKey); ka.doPhase(publicKey, true); Cipher encrypt; int keysize = getKeySize(dhSKAlgo); int blocksize = getBlockSize(dhSKAlgo); if (keysize == -1 || blocksize == -1) { SecretKey sKey = ka.generateSecret(dhSKAlgo); encrypt = Cipher.getInstance(dhSKAlgo); encrypt.init(Cipher.ENCRYPT_MODE, sKey); } else { String dhAlgoStr = getDhAlgoStr(dhSKAlgo); byte[] sKeyBytes = ka.generateSecret(); SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, dhAlgoStr); IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize); encrypt = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding"); encrypt.init(Cipher.ENCRYPT_MODE, sks, ivps); } _encrypt = encrypt; } } catch (Exception ex) { throw ex; } return _encrypt; }
From source file:org.apache.geode.internal.cache.tier.sockets.HandShake.java
private Cipher getDecryptCipher(String dhSKAlgo, PublicKey publicKey) throws Exception { if (_decrypt == null) { try {//from w w w. j a va2 s . c om KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(dhPrivateKey); ka.doPhase(publicKey, true); Cipher decrypt; int keysize = getKeySize(dhSKAlgo); int blocksize = getBlockSize(dhSKAlgo); if (keysize == -1 || blocksize == -1) { SecretKey sKey = ka.generateSecret(dhSKAlgo); decrypt = Cipher.getInstance(dhSKAlgo); decrypt.init(Cipher.DECRYPT_MODE, sKey); } else { String algoStr = getDhAlgoStr(dhSKAlgo); byte[] sKeyBytes = ka.generateSecret(); SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, algoStr); IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize); decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding"); decrypt.init(Cipher.DECRYPT_MODE, sks, ivps); } _decrypt = decrypt; } catch (Exception ex) { throw ex; } } return _decrypt; }
From source file:org.apache.geode.internal.cache.tier.sockets.HandShake.java
public static Properties readCredentials(DataInputStream dis, DataOutputStream dos, DistributedSystem system, SecurityService securityService) throws GemFireSecurityException, IOException { boolean requireAuthentication = securityService.isClientSecurityRequired(); Properties credentials = null; try {/*from ww w. j av a 2 s . c om*/ byte secureMode = dis.readByte(); throwIfMissingRequiredCredentials(requireAuthentication, secureMode != CREDENTIALS_NONE); if (secureMode == CREDENTIALS_NORMAL) { if (requireAuthentication) { credentials = DataSerializer.readProperties(dis); } else { DataSerializer.readProperties(dis); // ignore the credentials } } else if (secureMode == CREDENTIALS_DHENCRYPT) { boolean sendAuthentication = dis.readBoolean(); InternalLogWriter securityLogWriter = (InternalLogWriter) system.getSecurityLogWriter(); // Get the symmetric encryption algorithm to be used String skAlgo = DataSerializer.readString(dis); // Get the public key of the other side byte[] keyBytes = DataSerializer.readByteArray(dis); byte[] challenge = null; PublicKey pubKey = null; if (requireAuthentication) { // Generate PublicKey from encoded form X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFact = KeyFactory.getInstance("DH"); pubKey = keyFact.generatePublic(x509KeySpec); // Send the public key to other side keyBytes = dhPublicKey.getEncoded(); challenge = new byte[64]; random.nextBytes(challenge); // If the server has to also authenticate itself then // sign the challenge from client. if (sendAuthentication) { // Get the challenge string from client byte[] clientChallenge = DataSerializer.readByteArray(dis); if (privateKeyEncrypt == null) { throw new AuthenticationFailedException( LocalizedStrings.HandShake_SERVER_PRIVATE_KEY_NOT_AVAILABLE_FOR_CREATING_SIGNATURE .toLocalizedString()); } // Sign the challenge from client and send it to the client Signature sig = Signature.getInstance(privateKeySignAlgo); sig.initSign(privateKeyEncrypt); sig.update(clientChallenge); byte[] signedBytes = sig.sign(); dos.writeByte(REPLY_OK); DataSerializer.writeByteArray(keyBytes, dos); // DataSerializer.writeString(privateKeyAlias, dos); DataSerializer.writeString(privateKeySubject, dos); DataSerializer.writeByteArray(signedBytes, dos); securityLogWriter.fine("HandShake: sent the signed client challenge"); } else { // These two lines should not be moved before the if{} statement in // a common block for both if...then...else parts. This is to handle // the case when an AuthenticationFailedException is thrown by the // if...then part when sending the signature. dos.writeByte(REPLY_OK); DataSerializer.writeByteArray(keyBytes, dos); } // Now send the server challenge DataSerializer.writeByteArray(challenge, dos); securityLogWriter.fine("HandShake: sent the public key and challenge"); dos.flush(); // Read and decrypt the credentials byte[] encBytes = DataSerializer.readByteArray(dis); KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(dhPrivateKey); ka.doPhase(pubKey, true); Cipher decrypt; int keysize = getKeySize(skAlgo); int blocksize = getBlockSize(skAlgo); if (keysize == -1 || blocksize == -1) { SecretKey sKey = ka.generateSecret(skAlgo); decrypt = Cipher.getInstance(skAlgo); decrypt.init(Cipher.DECRYPT_MODE, sKey); } else { String algoStr = getDhAlgoStr(skAlgo); byte[] sKeyBytes = ka.generateSecret(); SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, algoStr); IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize); decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding"); decrypt.init(Cipher.DECRYPT_MODE, sks, ivps); } byte[] credentialBytes = decrypt.doFinal(encBytes); ByteArrayInputStream bis = new ByteArrayInputStream(credentialBytes); DataInputStream dinp = new DataInputStream(bis); credentials = DataSerializer.readProperties(dinp); byte[] challengeRes = DataSerializer.readByteArray(dinp); // Check the challenge string if (!Arrays.equals(challenge, challengeRes)) { throw new AuthenticationFailedException( LocalizedStrings.HandShake_MISMATCH_IN_CHALLENGE_BYTES_MALICIOUS_CLIENT .toLocalizedString()); } dinp.close(); } else { if (sendAuthentication) { // Read and ignore the client challenge DataSerializer.readByteArray(dis); } dos.writeByte(REPLY_AUTH_NOT_REQUIRED); dos.flush(); } } else if (secureMode == SECURITY_MULTIUSER_NOTIFICATIONCHANNEL) { // hitesh there will be no credential CCP will get credential(Principal) using // ServerConnection.. logger.debug("readCredential where multiuser mode creating callback connection"); } } catch (IOException ex) { throw ex; } catch (GemFireSecurityException ex) { throw ex; } catch (Exception ex) { throw new AuthenticationFailedException( LocalizedStrings.HandShake_FAILURE_IN_READING_CREDENTIALS.toLocalizedString(), ex); } return credentials; }