List of usage examples for javax.crypto SecretKeyFactory getInstance
public static final SecretKeyFactory getInstance(String algorithm) throws NoSuchAlgorithmException
From source file:net.sf.keystore_explorer.crypto.privatekey.Pkcs8Util.java
/** * Load an encrypted PKCS #8 private key from the specified stream. The * encoding of the private key may be PEM or DER. * * @param is//from w w w .j av a 2 s .c om * Stream load the encrypted private key from * @param password * Password to decrypt * @return The private key * @throws PrivateKeyUnencryptedException * If private key is unencrypted * @throws PrivateKeyPbeNotSupportedException * If private key PBE algorithm is not supported * @throws CryptoException * Problem encountered while loading the private key * @throws IOException * If an I/O error occurred */ public static PrivateKey loadEncrypted(InputStream is, Password password) throws CryptoException, IOException { byte[] streamContents = ReadUtil.readFully(is); // Check pkcs #8 is not unencrypted EncryptionType encType = getEncryptionType(new ByteArrayInputStream(streamContents)); if (encType == null) { // Not a valid PKCS #8 private key throw new CryptoException(res.getString("NotValidPkcs8.exception.message")); } if (encType == UNENCRYPTED) { throw new PrivateKeyUnencryptedException(res.getString("Pkcs8IsUnencrypted.exception.message")); } byte[] encPvk = null; // Check if stream is PEM encoded PemInfo pemInfo = PemUtil.decode(new ByteArrayInputStream(streamContents)); if (pemInfo != null) { // It is - get DER from PEM encPvk = pemInfo.getContent(); } /* * If we haven't got the encrypted bytes via PEM then just use * stream contents directly (assume it is DER encoded) */ if (encPvk == null) { // Read in encrypted private key bytes encPvk = streamContents; } try { // Create encrypted private key information from bytes EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(encPvk); // Get wrapping algorithm String encAlg = epki.getAlgName(); // Check algorithm is supported if (!checkSupportedForDecrypt(encAlg)) { throw new PrivateKeyPbeNotSupportedException(encAlg, MessageFormat .format(res.getString("PrivateKeyWrappingAlgUnsupported.exception.message"), encAlg)); } // Create algorithm parameters and decryption key AlgorithmParameters encAlgParams = epki.getAlgParameters(); PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray()); SecretKeyFactory keyFact = SecretKeyFactory.getInstance(encAlg); SecretKey pbeKey = keyFact.generateSecret(pbeKeySpec); // Create cipher to create Cipher cipher = Cipher.getInstance(encAlg); // Do decryption cipher.init(Cipher.DECRYPT_MODE, pbeKey, encAlgParams); PKCS8EncodedKeySpec privateKeySpec = epki.getKeySpec(cipher); // Get encoding of private key byte[] pvkBytes = privateKeySpec.getEncoded(); // Determine private key algorithm from key bytes String privateKeyAlgorithm = getPrivateKeyAlgorithm(pvkBytes); // Use Key Factory to create private key from encoding KeyFactory keyFactory = KeyFactory.getInstance(privateKeyAlgorithm); PrivateKey pvk = keyFactory.generatePrivate(privateKeySpec); return pvk; } catch (GeneralSecurityException ex) { throw new CryptoException(res.getString("NoLoadPkcs8PrivateKey.exception.message"), ex); } }
From source file:org.chililog.server.common.CryptoUtils.java
/** * <p>/* ww w. j a va 2 s. c om*/ * Decrypt an encrypted text string using AES. The output is the plain text string. * </p> * * @param encryptedText * encrypted text returned by <code>encrypt</code> * @param password * password used at the time of encryption * @return decrypted plain text string * @throws ChiliLogException */ public static String decryptAES(String encryptedText, String password) throws ChiliLogException { try { SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); KeySpec spec = new PBEKeySpec(password.toCharArray(), AES_ENCRYPTION_STRING_SALT, 1024, 128); SecretKey tmp = factory.generateSecret(spec); SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES"); Base64 decoder = new Base64(1000, new byte[] {}, false); byte[] encryptedTextBytes = decoder.decode(encryptedText); AlgorithmParameterSpec paramSpec = new IvParameterSpec(AES_ENCRYPTION_INTIALIZATION_VECTOR); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, secret, paramSpec); byte[] plainTextBytes = cipher.doFinal(encryptedTextBytes); return new String(plainTextBytes, "UTF-8"); } catch (Exception ex) { throw new ChiliLogException(ex, "Error attempting to decrpt. " + ex.getMessage()); } }
From source file:alfio.manager.CheckInManager.java
private static Pair<Cipher, SecretKeySpec> getCypher(String key) { try {//w w w. j a va2 s . co m SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); int iterations = 1000; int keyLength = 256; PBEKeySpec spec = new PBEKeySpec(key.toCharArray(), key.getBytes(StandardCharsets.UTF_8), iterations, keyLength); SecretKey secretKey = factory.generateSecret(spec); SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), "AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); return Pair.of(cipher, secret); } catch (GeneralSecurityException e) { throw new IllegalStateException(e); } }
From source file:org.nuclos.client.LocalUserCaches.java
private static Cipher createCipher(int mode, String password) throws GeneralSecurityException { String alg = "PBEWithSHA1AndDESede"; //BouncyCastle has better algorithms PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray()); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(alg); SecretKey secretKey = keyFactory.generateSecret(keySpec); Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede"); // TODO: A fixed salt doesn't help anything. cipher.init(mode, secretKey, new PBEParameterSpec("saltsalt".getBytes(), 2000)); return cipher; }
From source file:com.diona.fileReader.CipherUtil.java
/** * Generates the secret key to be used for encryption. The secret key is retrieved from the shared preferences if * previously calculated.//from w w w . j ava 2 s. co m * * @return A new secret key if not previously calculated. * @throws NoSuchAlgorithmException * @throws InvalidKeySpecException * @throws UnsupportedEncodingException */ private SecretKeySpec getSecretKey(final Context context) throws NoSuchAlgorithmException, InvalidKeySpecException, UnsupportedEncodingException { // final SocialWorkerSharedPreferences sharedPreferences = SocialWorkerSharedPreferences.getInstance(); // if (sharedPreferences.getSecretKey() == null) { final byte[] salt = generateRandomKeyBytes(SALT_LENGTH); final SecretKeyFactory factory = SecretKeyFactory.getInstance(SECRET_KEY_ALGORITHM); final PBEKeySpec spec = new PBEKeySpec(SECRET_KEY_PASSPHRASE.toCharArray(), salt, KEY_ITERATIONS, KEY_SIZE); final SecretKey secretKey = factory.generateSecret(spec); final SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getEncoded(), ENCRYPTION_ALGORITHM); // Set the value of the secret key in private shared preferences //sharedPreferences.setSecretKey(secretKeySpec); return secretKeySpec; /*} else { return sharedPreferences.getSecretKey(); }*/ }
From source file:eu.vital.vitalcep.collector.Collector.java
private static String decrypt(String property) throws GeneralSecurityException, IOException { SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD)); Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES"); pbeCipher.init(Cipher.DECRYPT_MODE, key, new PBEParameterSpec(SALT, 20)); return new String(Base64.getDecoder().decode(property), StandardCharsets.UTF_8); }
From source file:com.jrummyapps.busybox.signing.ZipSigner.java
/** * Decrypt an encrypted PKCS 8 format private key. * * Based on ghstark's post on Aug 6, 2006 at * http://forums.sun.com/thread.jspa?threadID=758133&messageID=4330949 * * @param encryptedPrivateKey//from w w w .j a v a 2 s .c om * The raw data of the private key */ private static KeySpec decryptPrivateKey(final byte[] encryptedPrivateKey) throws GeneralSecurityException { EncryptedPrivateKeyInfo epkInfo; try { epkInfo = new EncryptedPrivateKeyInfo(encryptedPrivateKey); } catch (final IOException ex) { // Probably not an encrypted key. return null; } final String pass = "android"; final char[] password = pass.toCharArray(); final SecretKeyFactory skFactory = SecretKeyFactory.getInstance(epkInfo.getAlgName()); final Key key = skFactory.generateSecret(new PBEKeySpec(password)); final Cipher cipher = Cipher.getInstance(epkInfo.getAlgName()); cipher.init(Cipher.DECRYPT_MODE, key, epkInfo.getAlgParameters()); try { return epkInfo.getKeySpec(cipher); } catch (final InvalidKeySpecException ex) { Log.e(TAG, "Password for keyFile may be bad.", ex); return null; } }
From source file:uk.ac.ox.webauth.crypto.Des3CbcSha1Kd.java
public static void main(String[] args) throws Exception { // test the nFold with test vectors given in RFC 3961 /*// www .ja v a2 s. c o m 64-fold("012345") = 64-fold(303132333435) = be072631276b1955 */ test_nFold("012345", "303132333435", "be072631276b1955", 64); /* 56-fold("password") = 56-fold(70617373776f7264) = 78a07b6caf85fa */ test_nFold("password", "70617373776f7264", "78a07b6caf85fa", 56); /* 64-fold("Rough Consensus, and Running Code") = 64-fold(526f75676820436f6e73656e7375732c20616e642052756e6e696e6720436f6465) = bb6ed30870b7f0e0 */ test_nFold("Rough Consensus, and Running Code", "526f75676820436f6e73656e7375732c20616e642052756e6e696e6720436f6465", "bb6ed30870b7f0e0", 64); /* 168-fold("password") = 168-fold(70617373776f7264) = 59e4a8ca7c0385c3c37b3f6d2000247cb6e6bd5b3e */ test_nFold("password", "70617373776f7264", "59e4a8ca7c0385c3c37b3f6d2000247cb6e6bd5b3e", 168); /* 192-fold("MASSACHVSETTS INSTITVTE OF TECHNOLOGY") 192-fold(4d41535341434856534554545320494e53544954565445204f4620544543484e4f4c4f4759) = db3b0d8f0b061e603282b308a50841229ad798fab9540c1b */ test_nFold("MASSACHVSETTS INSTITVTE OF TECHNOLOGY", "4d41535341434856534554545320494e53544954565445204f4620544543484e4f4c4f4759", "db3b0d8f0b061e603282b308a50841229ad798fab9540c1b", 192); /* 168-fold("Q") = 168-fold(51) = 518a54a2 15a8452a 518a54a2 15a8452a 518a54a2 15 */ test_nFold("Q", "51", "518a54a215a8452a518a54a215a8452a518a54a215", 168); /* 168-fold("ba") = 168-fold(6261) = fb25d531 ae897449 9f52fd92 ea9857c4 ba24cf29 7e */ test_nFold("ba", "6261", "fb25d531ae8974499f52fd92ea9857c4ba24cf297e", 168); /* key: dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92 usage: 0000000155 DR: 935079d14490a75c3093c4a6e8c3b049c71e6ee705 DK: 925179d04591a79b5d3192c4a7e9c289b049c71f6ee604cd */ test_DR_DK("dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92", "0000000155", "935079d14490a75c3093c4a6e8c3b049c71e6ee705", "925179d04591a79b5d3192c4a7e9c289b049c71f6ee604cd"); /* key: 5e13d31c70ef765746578531cb51c15bf11ca82c97cee9f2 usage: 00000001aa DR: 9f58e5a047d894101c469845d67ae3c5249ed812f2 DK: 9e58e5a146d9942a101c469845d67a20e3c4259ed913f207 */ test_DR_DK("5e13d31c70ef765746578531cb51c15bf11ca82c97cee9f2", "00000001aa", "9f58e5a047d894101c469845d67ae3c5249ed812f2", "9e58e5a146d9942a101c469845d67a20e3c4259ed913f207"); /* key: 98e6fd8a04a4b6859b75a176540b9752bad3ecd610a252bc usage: 0000000155 DR: 12fff90c773f956d13fc2ca0d0840349dbd39908eb DK: 13fef80d763e94ec6d13fd2ca1d085070249dad39808eabf */ test_DR_DK("98e6fd8a04a4b6859b75a176540b9752bad3ecd610a252bc", "0000000155", "12fff90c773f956d13fc2ca0d0840349dbd39908eb", "13fef80d763e94ec6d13fd2ca1d085070249dad39808eabf"); /* key: 622aec25a2fe2cad7094680b7c64940280084c1a7cec92b5 usage: 00000001aa DR: f8debf05b097e7dc0603686aca35d91fd9a5516a70 DK: f8dfbf04b097e6d9dc0702686bcb3489d91fd9a4516b703e */ test_DR_DK("622aec25a2fe2cad7094680b7c64940280084c1a7cec92b5", "00000001aa", "f8debf05b097e7dc0603686aca35d91fd9a5516a70", "f8dfbf04b097e6d9dc0702686bcb3489d91fd9a4516b703e"); /* key: d3f8298ccb166438dcb9b93ee5a7629286a491f838f802fb usage: 6b65726265726f73 ("kerberos") DR: 2270db565d2a3d64cfbfdc5305d4f778a6de42d9da DK: 2370da575d2a3da864cebfdc5204d56df779a7df43d9da43 */ test_DR_DK("d3f8298ccb166438dcb9b93ee5a7629286a491f838f802fb", "6b65726265726f73", "2270db565d2a3d64cfbfdc5305d4f778a6de42d9da", "2370da575d2a3da864cebfdc5204d56df779a7df43d9da43"); /* key: c1081649ada74362e6a1459d01dfd30d67c2234c940704da usage: 0000000155 DR: 348056ec98fcc517171d2b4d7a9493af482d999175 DK: 348057ec98fdc48016161c2a4c7a943e92ae492c989175f7 */ test_DR_DK("c1081649ada74362e6a1459d01dfd30d67c2234c940704da", "0000000155", "348056ec98fcc517171d2b4d7a9493af482d999175", "348057ec98fdc48016161c2a4c7a943e92ae492c989175f7"); /* key: 5d154af238f46713155719d55e2f1f790dd661f279a7917c usage: 00000001aa DR: a8818bc367dadacbe9a6c84627fb60c294b01215e5 DK: a8808ac267dada3dcbe9a7c84626fbc761c294b01315e5c1 */ test_DR_DK("5d154af238f46713155719d55e2f1f790dd661f279a7917c", "00000001aa", "a8818bc367dadacbe9a6c84627fb60c294b01215e5", "a8808ac267dada3dcbe9a7c84626fbc761c294b01315e5c1"); /* key: 798562e049852f57dc8c343ba17f2ca1d97394efc8adc443 usage: 0000000155 DR: c813f88b3be2b2f75424ce9175fbc8483b88c8713a DK: c813f88a3be3b334f75425ce9175fbe3c8493b89c8703b49 */ test_DR_DK("798562e049852f57dc8c343ba17f2ca1d97394efc8adc443", "0000000155", "c813f88b3be2b2f75424ce9175fbc8483b88c8713a", "c813f88a3be3b334f75425ce9175fbe3c8493b89c8703b49"); /* key: 26dce334b545292f2feab9a8701a89a4b99eb9942cecd016 usage: 00000001aa DR: f58efc6f83f93e55e695fd252cf8fe59f7d5ba37ec DK: f48ffd6e83f83e7354e694fd252cf83bfe58f7d5ba37ec5d */ test_DR_DK("26dce334b545292f2feab9a8701a89a4b99eb9942cecd016", "00000001aa", "f58efc6f83f93e55e695fd252cf8fe59f7d5ba37ec", "f48ffd6e83f83e7354e694fd252cf83bfe58f7d5ba37ec5d"); SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede"); KeySpec spec = new DESedeKeySpec(new byte[24]); SecretKey secretKey = factory.generateSecret(spec); ASN1Encodable apo = new APOptions(); Des3CbcSha1Kd dcc = new Des3CbcSha1Kd(secretKey, 11); byte[] encrypted = dcc.encrypt(apo); apo = dcc.decrypt(encrypted); System.out.println("Encrypt-decrypt test successful."); }
From source file:org.owasp.webgoat.lessons.Encoding.java
/** * Convenience method for encrypting a string. * //w ww .j av a 2 s .c o m * @param str * Description of the Parameter * @param pw * Description of the Parameter * @return String the encrypted string. */ public static synchronized String decryptString(String str, String pw) { try { PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec(salt, 20); SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); Cipher passwordDecryptCipher = Cipher.getInstance("PBEWithMD5AndDES/CBC/PKCS5Padding"); char[] pass = pw.toCharArray(); SecretKey k = kf.generateSecret(new javax.crypto.spec.PBEKeySpec(pass)); passwordDecryptCipher.init(Cipher.DECRYPT_MODE, k, ps); // byte[] dec = decoder.decodeBuffer(str); byte[] dec = Base64.decodeBase64(str); byte[] utf8 = passwordDecryptCipher.doFinal(dec); return new String(utf8, "UTF-8"); } catch (Exception e) { return ("This is not an encrypted string"); } }
From source file:org.jasig.cas.extension.clearpass.EncryptedMapDecorator.java
private static Key getSecretKey(final String secretKeyAlgorithm, final String secretKey, final String salt) throws Exception { SecretKeyFactory factory = SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_ALGORITHM); KeySpec spec = new PBEKeySpec(secretKey.toCharArray(), char2byte(salt), 65536, 128); SecretKey tmp = factory.generateSecret(spec); SecretKey secret = new SecretKeySpec(tmp.getEncoded(), secretKeyAlgorithm); return secret; }