List of usage examples for org.bouncycastle.asn1.nist NISTObjectIdentifiers id_aes256_CBC
ASN1ObjectIdentifier id_aes256_CBC
To view the source code for org.bouncycastle.asn1.nist NISTObjectIdentifiers id_aes256_CBC.
Click Source Link
From source file:com.vvote.thirdparty.ximix.util.BLSKeyStore.java
License:Apache License
/** * Return the key store object as a PKCS#12 byte array. * * @param password the password to use to encrypt the key data. * @return an array of bytes representing the encoding. * @throws IOException on a conversion to ASN.1 encoding error. * @throws GeneralSecurityException if there is an issue encrypting the key data. *///w w w.j a va 2s .c o m public synchronized byte[] getEncoded(char[] password) throws IOException, GeneralSecurityException { KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC"); EllipticCurve curve = new EllipticCurve( new ECFieldFp( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839")), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b ECParameterSpec spec = new ECParameterSpec(curve, ECPointUtil.decodePoint(curve, Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307"), // n 1); // h // TODO: neeed an EC key for the node ECPrivateKeySpec priKeySpec = new ECPrivateKeySpec( new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d spec); try { OutputEncryptor encOut = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC) .setProvider("BC").build(password); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder(); for (String keyID : sharedPrivateKeyMap.keySet()) { PrivateKey sigKey = fact.generatePrivate(priKeySpec); SubjectPublicKeyInfo pubKey = this.fetchPublicKey(keyID); PKCS12SafeBagBuilder eeCertBagBuilder = new PKCS12SafeBagBuilder( createCertificate(keyID, sequenceNoMap.get(keyID), sigKey)); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(keyID)); SubjectKeyIdentifier pubKeyId = extUtils.createSubjectKeyIdentifier(pubKey); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); PKCS12SafeBagBuilder keyBagBuilder = new PKCS12SafeBagBuilder(PrivateKeyInfoFactory .createPrivateKeyInfo(sharedPrivateKeyMap.get(keyID), paramsMap.get(keyID)), encOut); keyBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(keyID)); keyBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); builder.addEncryptedData( new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC) .setProvider("BC").build(password), new PKCS12SafeBag[] { eeCertBagBuilder.build() }); builder.addData(keyBagBuilder.build()); } PKCS12PfxPdu pfx = builder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), password); return pfx.getEncoded(ASN1Encoding.DL); } catch (PKCSException e) { throw new GeneralSecurityException("Unable to create key store: " + e.getMessage(), e); } catch (OperatorCreationException e) { throw new GeneralSecurityException("Unable to create operator: " + e.getMessage(), e); } }
From source file:org.cesecore.certificates.ca.X509CA.java
License:Open Source License
@Override public byte[] encryptKeys(CryptoToken cryptoToken, String alias, KeyPair keypair) throws IOException, CMSException, CryptoTokenOfflineException, NoSuchAlgorithmException, NoSuchProviderException { ByteArrayOutputStream baos = new ByteArrayOutputStream(); ObjectOutputStream os = new ObjectOutputStream(baos); os.writeObject(keypair);//from w w w . j a va2 s .c o m CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); CMSEnvelopedData ed; // Creating the KeyId may just throw an exception, we will log this but store the cert and ignore the error final PublicKey pk = cryptoToken.getPublicKey(alias); byte[] keyId = KeyTools.createSubjectKeyId(pk).getKeyIdentifier(); edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(keyId, pk)); JceCMSContentEncryptorBuilder jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder( NISTObjectIdentifiers.id_aes256_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME); ed = edGen.generate(new CMSProcessableByteArray(baos.toByteArray()), jceCMSContentEncryptorBuilder.build()); log.info("Encrypted keys using key alias '" + alias + "' from Crypto Token " + cryptoToken.getId()); return ed.getEncoded(); }
From source file:org.cesecore.certificates.ca.X509CA.java
License:Open Source License
@Override public byte[] encryptData(CryptoToken cryptoToken, byte[] data, int keyPurpose) throws IOException, CMSException, CryptoTokenOfflineException, NoSuchAlgorithmException, NoSuchProviderException { CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); CMSEnvelopedData ed;/*w ww . j a v a 2 s.c o m*/ final String keyAlias = getCAToken().getAliasFromPurpose(keyPurpose); final PublicKey pk = cryptoToken.getPublicKey(keyAlias); byte[] keyId = KeyTools.createSubjectKeyId(pk).getKeyIdentifier(); edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(keyId, pk)); JceCMSContentEncryptorBuilder jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder( NISTObjectIdentifiers.id_aes256_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME); ed = edGen.generate(new CMSProcessableByteArray(data), jceCMSContentEncryptorBuilder.build()); log.info("Encrypted data using key alias '" + keyAlias + "' from Crypto Token " + cryptoToken.getId()); return ed.getEncoded(); }
From source file:org.cryptoworkshop.ximix.node.crypto.key.BLSKeyManager.java
License:Apache License
public synchronized byte[] getEncoded(char[] password) throws IOException, GeneralSecurityException { try {//from w w w .jav a2s . c o m OutputEncryptor encOut = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC) .setProvider("BC").build(password); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder(); for (String keyID : sharedPrivateKeyMap.getIDs()) { SubjectPublicKeyInfo pubKey = this.fetchPublicKey(keyID); // TODO: perhaps add CA cert and trust anchor to key store if available PKCS12SafeBagBuilder eeCertBagBuilder = new PKCS12SafeBagBuilder( createCertificate(keyID, sharedPrivateKeyMap.getShare(keyID).getSequenceNo(), (PrivateKey) nodeContext.getNodeCAStore().getKey("nodeCA", new char[0]))); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(keyID)); SubjectKeyIdentifier pubKeyId = extUtils.createSubjectKeyIdentifier(pubKey); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); PKCS12SafeBagBuilder keyBagBuilder = new PKCS12SafeBagBuilder(PrivateKeyInfoFactory .createPrivateKeyInfo(sharedPrivateKeyMap.getShare(keyID).getValue(), paramsMap.get(keyID)), encOut); keyBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(keyID)); keyBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); builder.addEncryptedData( new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC) .setProvider("BC").build(password), new PKCS12SafeBag[] { eeCertBagBuilder.build() }); builder.addData(keyBagBuilder.build()); } PKCS12PfxPdu pfx = builder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), password); return pfx.getEncoded(ASN1Encoding.DL); } catch (PKCSException e) { throw new GeneralSecurityException("Unable to create key store: " + e.getMessage(), e); } catch (OperatorCreationException e) { throw new GeneralSecurityException("Unable to create operator: " + e.getMessage(), e); } }
From source file:org.cryptoworkshop.ximix.node.crypto.key.ECKeyManager.java
License:Apache License
public synchronized byte[] getEncoded(char[] password) throws IOException, GeneralSecurityException { KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC"); try {//from w w w .j a v a2 s . co m OutputEncryptor encOut = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC) .setProvider("BC").build(password); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder(); for (String keyID : sharedPrivateKeyMap.getIDs()) { ECDomainParameters domainParams = paramsMap.get(keyID); PrivateKey privKey = fact .generatePrivate(new PKCS8EncodedKeySpec(PrivateKeyInfoFactory .createPrivateKeyInfo(new ECPrivateKeyParameters( sharedPrivateKeyMap.getShare(keyID).getValue(), domainParams)) .getEncoded())); SubjectPublicKeyInfo pubKey = this.fetchPublicKey(keyID); // TODO: perhaps add CA cert and trust anchor to key store if available PKCS12SafeBagBuilder eeCertBagBuilder = new PKCS12SafeBagBuilder( createCertificate(keyID, sharedPrivateKeyMap.getShare(keyID).getSequenceNo(), (PrivateKey) nodeContext.getNodeCAStore().getKey("nodeCA", new char[0]))); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(keyID)); SubjectKeyIdentifier pubKeyId = extUtils.createSubjectKeyIdentifier(pubKey); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey, encOut); keyBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(keyID)); keyBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); builder.addEncryptedData( new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC) .setProvider("BC").build(password), new PKCS12SafeBag[] { eeCertBagBuilder.build() }); builder.addData(keyBagBuilder.build()); } PKCS12PfxPdu pfx = builder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), password); return pfx.getEncoded(ASN1Encoding.DL); } catch (PKCSException e) { throw new GeneralSecurityException("Unable to create key store: " + e.getMessage(), e); } catch (OperatorCreationException e) { throw new GeneralSecurityException("Unable to create operator: " + e.getMessage(), e); } }
From source file:org.xwiki.crypto.password.internal.pbe.factory.BcPBES2AesCipherFactory.java
License:Open Source License
private int getAESKeySize(ASN1ObjectIdentifier algId) { if (algId.equals(NISTObjectIdentifiers.id_aes128_CBC)) { return 16; } else if (algId.equals(NISTObjectIdentifiers.id_aes192_CBC)) { return 24; } else if (algId.equals(NISTObjectIdentifiers.id_aes256_CBC)) { return 32; }/*ww w. ja va 2 s. c om*/ throw new IllegalArgumentException( "Unexpected algorithm identifier used for PBES2 AES encryption scheme: " + algId.toString()); }
From source file:org.xwiki.crypto.password.internal.pbe.factory.BcPBES2AesCipherFactory.java
License:Open Source License
private ASN1ObjectIdentifier getAESAlgoritmIdentifier(int keySize) { switch (keySize) { case 16:/*ww w . j ava2 s. c o m*/ return NISTObjectIdentifiers.id_aes128_CBC; case 24: return NISTObjectIdentifiers.id_aes192_CBC; case 32: return NISTObjectIdentifiers.id_aes256_CBC; default: throw new IllegalArgumentException( "Unexpected key size used for PBES2 AES encryption scheme: " + keySize); } }