List of usage examples for org.bouncycastle.cms CMSEnvelopedDataGenerator generate
public CMSEnvelopedData generate(CMSTypedData content, OutputEncryptor contentEncryptor) throws CMSException
From source file:be.e_contract.mycarenet.etee.Sealer.java
License:Open Source License
private byte[] encrypt(byte[] data) throws CertificateEncodingException, CMSException, IOException { CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator(); for (X509Certificate destinationCertificate : this.destinationCertificates) { cmsEnvelopedDataGenerator/*from w w w. j a v a 2 s .c o m*/ .addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(destinationCertificate) .setProvider(BouncyCastleProvider.PROVIDER_NAME)); } CMSTypedData cmsTypedData = new CMSProcessableByteArray(data); CMSEnvelopedData cmsEnvelopedData = cmsEnvelopedDataGenerator.generate(cmsTypedData, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC) .setProvider(BouncyCastleProvider.PROVIDER_NAME).build()); return cmsEnvelopedData.getEncoded(); }
From source file:com.maiereni.host.web.util.impl.BouncyCastleEncryptorImpl.java
License:Apache License
public byte[] encryptData(@Nonnull final byte[] data) throws Exception { CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator(); JceKeyTransRecipientInfoGenerator jceKey = new JceKeyTransRecipientInfoGenerator(certificate); cmsEnvelopedDataGenerator.addRecipientInfoGenerator(jceKey); CMSTypedData msg = new CMSProcessableByteArray(data); OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider("BC") .build();/*from www .j a va2s. c o m*/ CMSEnvelopedData cmsEnvelopedData = cmsEnvelopedDataGenerator.generate(msg, encryptor); return cmsEnvelopedData.getEncoded(); }
From source file:com.silverpeas.util.cryptage.SilverCryptFactoryAsymetric.java
License:Open Source License
public byte[] goCrypting(String stringUnCrypted, String fileName) throws CryptageException { try {/*w ww . java2s . c om*/ // Chargement de la chaine crypter byte[] buffer = stringToByteArray(stringUnCrypted); // Chiffrement du document CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator(); // La variable cert correspond au certificat du destinataire // La cl publique de ce certificat servira chiffrer la cl // symtrique RecipientInfoGenerator generator = new JceKeyTransRecipientInfoGenerator(getKeys(fileName).getCert()) .setProvider("BC"); gen.addRecipientInfoGenerator(generator); // Choix de l'algorithme cl symtrique pour chiffrer le document. // AES est un standard. Vous pouvez donc l'utiliser sans crainte. // Il faut savoir qu'en france la taille maximum autorise est de 128 // bits pour les cls symtriques (ou cls secrtes) OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider("BC") .build(); CMSEnvelopedData envData = gen.generate(new CMSProcessableByteArray(buffer), encryptor); byte[] pkcs7envelopedData = envData.getEncoded(); return pkcs7envelopedData; } catch (CryptageException e) { throw e; } catch (Exception e) { throw new CryptageException("SilverCryptFactory.goCrypting", SilverpeasException.ERROR, "util.CRYPT_FAILED", e); } }
From source file:eu.inn.biometric.signature.crypto.BCCryptoProvider.java
License:Open Source License
@Override public byte[] encrypt(byte[] toEncrypt, List<X509Certificate> certs, Integer maxKeyLength) throws Exception { int keySize = Cipher.getMaxAllowedKeyLength("AES"); if (maxKeyLength != null) if (keySize > maxKeyLength) keySize = maxKeyLength;//from ww w . ja va 2s.c om String algIdentifier = CMSAlgorithm.AES128_CBC.getId(); if (keySize >= 256) algIdentifier = CMSAlgorithm.AES256_CBC.getId(); CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator(); for (X509Certificate cert : certs) gen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(cert)); CMSTypedData data = new CMSProcessableByteArray(toEncrypt); CMSEnvelopedData enveloped = gen.generate(data, new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(algIdentifier)).build()); return enveloped.getEncoded(); }
From source file:no.difi.sdp.client.internal.CreateCMSDocument.java
License:Apache License
public CMSDocument createCMS(byte[] bytes, Sertifikat sertifikat) { try {/* ww w . java 2 s.c o m*/ JceKeyTransRecipientInfoGenerator recipientInfoGenerator = new JceKeyTransRecipientInfoGenerator( sertifikat.getX509Certificate(), keyEncryptionScheme) .setProvider(BouncyCastleProvider.PROVIDER_NAME); CMSEnvelopedDataGenerator envelopedDataGenerator = new CMSEnvelopedDataGenerator(); envelopedDataGenerator.addRecipientInfoGenerator(recipientInfoGenerator); OutputEncryptor contentEncryptor = new JceCMSContentEncryptorBuilder(cmsEncryptionAlgorithm).build(); CMSEnvelopedData cmsData = envelopedDataGenerator.generate(new CMSProcessableByteArray(bytes), contentEncryptor); return new CMSDocument(cmsData.getEncoded()); } catch (CertificateEncodingException e) { throw new KonfigurasjonException("Feil med mottakers sertifikat", e); } catch (CMSException e) { throw new KonfigurasjonException("Kunne ikke generere Cryptographic Message Syntax for dokumentpakke", e); } catch (IOException e) { throw new RuntimeIOException(e); } }
From source file:no.digipost.api.client.util.Encrypter.java
License:Apache License
public InputStream encrypt(byte[] content) { if (key == null) { throw new DigipostClientException(ENCRYPTION_KEY_NOT_FOUND, "Trying to preencrypt but have no encryption key."); }/*from w w w.j a v a2 s . c o m*/ try { CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator(); gen.addRecipientInfoGenerator( new JceKeyTransRecipientInfoGenerator(key.publicKeyHash.getBytes(), key.publicKey)); CMSEnvelopedData d = gen.generate(new CMSProcessableByteArray(content), encryptorBuilder.build()); return new ByteArrayInputStream(d.getEncoded()); } catch (Exception e) { if (e instanceof CMSException && getRootCause(e) instanceof InvalidKeyException) { throw new DigipostClientException(FAILED_PREENCRYPTION, "Ugyldig krypteringsnkkel. (" + InvalidKeyException.class.getName() + ") Er Java Cryptographic Extensions (JCE) " + "Unlimited Strength Jurisdiction Policy Files installert? " + "Dette kan lastes ned fra http://www.oracle.com/technetwork/java/javase/downloads/ under \"Additional Resources\". " + "Plasser filene US_export_policy.jar og local_policy.jar i ${JAVA_HOME}/jre/lib/security (overskriv eksisterende).", e); } else { throw new DigipostClientException(FAILED_PREENCRYPTION, "Feil ved kryptering av innhold: " + e.getClass().getSimpleName() + " '" + e.getMessage() + "'", e); } } }
From source file:org.apache.kerby.pkix.EnvelopedDataEngine.java
License:Apache License
/** * Uses a certificate to encrypt data in a CMS EnvelopedData structure and * returns the encoded EnvelopedData as bytes. * <p/>//from w w w.ja va 2s .c o m * 'encKeyPack' contains a CMS type ContentInfo encoded according to [RFC3852]. * The contentType field of the type ContentInfo is id-envelopedData (1.2.840.113549.1.7.3). * The content field is an EnvelopedData. The contentType field for the type * EnvelopedData is id-signedData (1.2.840.113549.1.7.2). * * @param dataToEnvelope * @param certificate * @return The EnvelopedData bytes. * @throws IOException * @throws CMSException * @throws CertificateEncodingException */ public static byte[] getEnvelopedReplyKeyPack(byte[] dataToEnvelope, X509Certificate certificate) throws IOException, CMSException, CertificateEncodingException { CMSProcessableByteArray content = new CMSProcessableByteArray(dataToEnvelope); CMSEnvelopedDataGenerator envelopeGenerator = new CMSEnvelopedDataGenerator(); envelopeGenerator.addRecipientInfoGenerator( new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(certificate))); CMSEnvelopedData envdata = envelopeGenerator.generate(content, new BcCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).build()); return envdata.getEncoded(); }
From source file:org.cesecore.certificates.ca.X509CA.java
License:Open Source License
@Override public byte[] encryptKeys(CryptoToken cryptoToken, String alias, KeyPair keypair) throws IOException, CMSException, CryptoTokenOfflineException, NoSuchAlgorithmException, NoSuchProviderException { ByteArrayOutputStream baos = new ByteArrayOutputStream(); ObjectOutputStream os = new ObjectOutputStream(baos); os.writeObject(keypair);//from ww w . j ava 2 s. c o m CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); CMSEnvelopedData ed; // Creating the KeyId may just throw an exception, we will log this but store the cert and ignore the error final PublicKey pk = cryptoToken.getPublicKey(alias); byte[] keyId = KeyTools.createSubjectKeyId(pk).getKeyIdentifier(); edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(keyId, pk)); JceCMSContentEncryptorBuilder jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder( NISTObjectIdentifiers.id_aes256_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME); ed = edGen.generate(new CMSProcessableByteArray(baos.toByteArray()), jceCMSContentEncryptorBuilder.build()); log.info("Encrypted keys using key alias '" + alias + "' from Crypto Token " + cryptoToken.getId()); return ed.getEncoded(); }
From source file:org.cesecore.certificates.ca.X509CA.java
License:Open Source License
@Override public byte[] encryptData(CryptoToken cryptoToken, byte[] data, int keyPurpose) throws IOException, CMSException, CryptoTokenOfflineException, NoSuchAlgorithmException, NoSuchProviderException { CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); CMSEnvelopedData ed;// w w w . ja va2s. co m final String keyAlias = getCAToken().getAliasFromPurpose(keyPurpose); final PublicKey pk = cryptoToken.getPublicKey(keyAlias); byte[] keyId = KeyTools.createSubjectKeyId(pk).getKeyIdentifier(); edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(keyId, pk)); JceCMSContentEncryptorBuilder jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder( NISTObjectIdentifiers.id_aes256_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME); ed = edGen.generate(new CMSProcessableByteArray(data), jceCMSContentEncryptorBuilder.build()); log.info("Encrypted data using key alias '" + keyAlias + "' from Crypto Token " + cryptoToken.getId()); return ed.getEncoded(); }
From source file:org.dihedron.crypto.operations.encrypt.EncryptZipFile.java
License:Open Source License
@Deprecated public byte[] encrypt(byte[] plaintext, String provider, String url, String name, String filter) throws CryptoException { X509Certificate certificate = null; try {//from w ww . ja va 2s . c o m logger.info("starting encryption process..."); Properties configuration = new Properties(); configuration.setProperty("provider", provider); configuration.setProperty("ldap.url", url); CertificateLoader loader = CertificateLoaderFactory.makeCertificateLoader(configuration); Properties parameters = new Properties(); parameters.put("name", name); parameters.put("filter", filter); certificate = (X509Certificate) loader.loadCertificate(parameters); logger.info("certificate loaded, supports algorithm: '{}'", certificate.getPublicKey().getAlgorithm()); String[] issuerInfo = certificate.getIssuerDN().getName().split("(=|, )", -1); String[] subjectInfo = certificate.getSubjectDN().getName().split("(=|, )", -1); logger.debug("common name (CN) : '{}'", subjectInfo[3]); logger.debug("address : '{}'", subjectInfo[1]); for (int i = 0; i < issuerInfo.length; i += 2) { if (issuerInfo[i].equals("C")) { logger.debug("CountryName : '{}'", issuerInfo[i + 1]); } if (issuerInfo[i].equals("O")) { logger.debug("OrganizationName : '{}'", issuerInfo[i + 1]); } if (issuerInfo[i].equals("CN")) { logger.debug("CommonName : '{}'", issuerInfo[i + 1]); } } logger.info("certificate is valid from {} until {}, encrypting data...", certificate.getNotBefore(), certificate.getNotAfter()); CMSTypedData message = new CMSProcessableByteArray(plaintext); CMSEnvelopedDataGenerator generator = new CMSEnvelopedDataGenerator(); generator.addRecipientInfoGenerator( new JceKeyTransRecipientInfoGenerator(certificate).setProvider("BC")); CMSEnvelopedData envdata = generator.generate(message, new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider("BC").build()); // String algorithm = CMSEnvelopedDataGenerator.DES_EDE3_CBC; // int keysize = 192; // bits // CMSEnvelopedDataGenerator fact = new CMSEnvelopedDataGenerator(); // fact.addKeyTransRecipient((X509Certificate)certificate); // CMSProcessableByteArray content = new CMSProcessableByteArray(plaintext); // CMSEnvelopedData envdata = fact.generate(content, algorithm, keysize, "BC"); logger.info("... processing done!"); return envdata.getEncoded(); } catch (CMSException e) { logger.error("CMS exception", e); throw new CryptoException("error generating enveloped signature", e); } catch (IOException e) { logger.error("couldn't generate enveloped signature"); throw new CryptoException("error generating enveloped signature", e); // } catch (NoSuchAlgorithmException e) { // logger.error("no such algorithm", e); // throw new CryptoException("Invalid or unsupported algorithm specified", e); // } catch (NoSuchProviderException e) { // logger.error("so such security provider", e); // throw new CryptoException("Error accessing security provider", e); } catch (CertificateLoaderException e) { logger.error("error loading certificate", e); throw new CryptoException("error loading certificate", e); } catch (CertificateEncodingException e) { logger.error("invalid certificate encoding", e); throw new CryptoException("invalid certificate encoding", e); } }