List of usage examples for org.bouncycastle.crypto.digests SHA256Digest getDigestSize
public int getDigestSize()
From source file:com.github.horrorho.inflatabledonkey.file.KeyBlobCurve25519Unwrap.java
License:Open Source License
public static Optional<byte[]> curve25519Unwrap(byte[] myPublicKey, byte[] myPrivateKey, byte[] otherPublicKey, byte[] wrappedKey) { SHA256Digest sha256 = new SHA256Digest(); byte[] shared = Curve25519.agreement(otherPublicKey, myPrivateKey); logger.debug("-- curve25519Unwrap() - shared agreement: 0x{}", Hex.toHexString(shared)); // Stripped down NIST SP 800-56A KDF. byte[] counter = new byte[] { 0x00, 0x00, 0x00, 0x01 }; byte[] hash = new byte[sha256.getDigestSize()]; sha256.reset();// ww w .jav a 2 s. c o m sha256.update(counter, 0, counter.length); sha256.update(shared, 0, shared.length); sha256.update(otherPublicKey, 0, otherPublicKey.length); sha256.update(myPublicKey, 0, myPublicKey.length); sha256.doFinal(hash, 0); logger.debug("-- curve25519Unwrap() - kek: {}", Hex.toHexString(hash)); return RFC3394Wrap.unwrapAES(hash, wrappedKey); }
From source file:com.github.horrorho.inflatabledonkey.pcs.xfile.FileKeyAssistant.java
License:Open Source License
public static Optional<byte[]> curve25519Unwrap(byte[] myPublicKey, byte[] myPrivateKey, byte[] otherPublicKey, byte[] wrappedKey) { SHA256Digest sha256 = new SHA256Digest(); byte[] shared = Curve25519.agreement(otherPublicKey, myPrivateKey); byte[] pad = new byte[] { 0x00, 0x00, 0x00, 0x01 }; byte[] hash = new byte[sha256.getDigestSize()]; sha256.reset();//from ww w.j a v a2 s . c o m sha256.update(pad, 0, pad.length); sha256.update(shared, 0, shared.length); sha256.update(otherPublicKey, 0, otherPublicKey.length); sha256.update(myPublicKey, 0, myPublicKey.length); sha256.doFinal(hash, 0); return AESWrap.unwrap(hash, wrappedKey); }
From source file:com.github.horrorho.liquiddonkey.cloud.keybag.FileKeyFactory.java
License:Open Source License
ByteString unwrapCurve25519(KeyBag keyBag, int protectionClass, ByteString key, AESWrap aesWrap, SHA256Digest sha256) { if (key.size() != 0x48) { logger.warn("-- unwrapCurve25519() > bad key length: {}", Bytes.hex(key)); return null; }//from w w w.ja v a2 s. c om byte[] myPrivateKey = keyBag.classKey(protectionClass, "KEY").toByteArray(); if (myPrivateKey == null) { logger.warn("-- unwrapCurve25519() > no KEY key for protection class: {}", protectionClass); return null; } byte[] myPublicKey = keyBag.classKey(protectionClass, "PBKY").toByteArray(); if (myPublicKey == null) { logger.warn("-- unwrapCurve25519() > no PBKY key for protection class: {}", protectionClass); return null; } byte[] otherPublicKey = key.substring(0, 32).toByteArray(); byte[] shared = Curve25519.create().agreement(otherPublicKey, myPrivateKey); byte[] pad = new byte[] { 0x00, 0x00, 0x00, 0x01 }; byte[] hash = new byte[sha256.getDigestSize()]; sha256.reset(); sha256.update(pad, 0, pad.length); sha256.update(shared, 0, shared.length); sha256.update(otherPublicKey, 0, otherPublicKey.length); sha256.update(myPublicKey, 0, myPublicKey.length); sha256.doFinal(hash, 0); try { return ByteString.copyFrom(aesWrap.unwrap(hash, key.substring(0x20, key.size()).toByteArray())); } catch (IllegalStateException | InvalidCipherTextException ex) { logger.warn("-- unwrapCurve25519() > failed to unwrap key: {} protection class: {} exception: {}", Bytes.hex(key), protectionClass, ex); return null; } }
From source file:com.ipseorama.webapp.baddtls.CertHolder.java
public static String getPrint(org.bouncycastle.asn1.x509.Certificate fpc) throws IOException { StringBuilder b = new StringBuilder(); byte[] enc = fpc.getEncoded(); SHA256Digest d = new SHA256Digest(); d.update(enc, 0, enc.length);// w ww. ja v a2 s .c o m byte[] result = new byte[d.getDigestSize()]; d.doFinal(result, 0); for (byte r : result) { String dig = Integer.toHexString((0xff) & r).toUpperCase(); if (dig.length() == 1) { b.append('0'); } b.append(dig).append(":"); } b.deleteCharAt(b.length() - 1); return b.toString(); }
From source file:com.password.locker.crypto.SecureCryptoImpl.java
License:Open Source License
/** * SecureCrypto Constructor./*from w w w. jav a 2 s . c om*/ * * @param password * password for the crypto keyspec. * * @throws InvalidAlgorithmParameterException * @throws InvalidKeyException * @throws NoSuchPaddingException * @throws NoSuchProviderException * @throws NoSuchAlgorithmException */ public SecureCryptoImpl(final char[] password) throws InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException { SHA256Digest digest = new SHA256Digest(); String s = Constants.PROPERTIES.getStringProperty(Constants.SALT_KEY, PasswordUtils.getSalt(digest)); salt = Hex.decode(s); if (salt.length != digest.getDigestSize()) { LOGGER.warn("Warning salt size is not the size of the Digest."); } //--------------------------------------------------- // Setup encryption. //--------------------------------------------------- PBEParametersGenerator pGen = new PKCS12ParametersGenerator(digest); pGen.init(PBEParametersGenerator.PKCS12PasswordToBytes(password), salt, ITERATIONS); ParametersWithIV params = (ParametersWithIV) pGen.generateDerivedParameters(KEY_LEN, IV_LEN); SecretKeySpec encKey = new SecretKeySpec(((KeyParameter) params.getParameters()).getKey(), "AES"); encryption = Cipher.getInstance(Constants.CRYPTO_ALGORITHM, new BouncyCastleProvider()); encryption.init(Cipher.ENCRYPT_MODE, encKey, new IvParameterSpec(params.getIV())); //--------------------------------------------------- // Setup decryption. //--------------------------------------------------- decryption = Cipher.getInstance(Constants.CRYPTO_SEC_KEY_SPEC, new BouncyCastleProvider()); PBEKeySpec keySpec = new PBEKeySpec(password, salt, ITERATIONS); SecretKeyFactory fact = SecretKeyFactory.getInstance(Constants.CRYPTO_SEC_KEY_SPEC, new BouncyCastleProvider()); try { decryption.init(Cipher.DECRYPT_MODE, fact.generateSecret(keySpec)); } catch (InvalidKeySpecException e) { ExceptionUtils.fatalError(SecureCryptoImpl.class, e); } Constants.PROPERTIES.addProperty(Constants.SALT_KEY, s); }
From source file:dorkbox.util.crypto.Crypto.java
License:Apache License
/** * Secure way to generate an AES key based on a password. * * @param password// w ww.j a v a2s .c o m * The password that you want to mix * @param salt * should be a RANDOM number, at least 256bits (32 bytes) in size. * @param iterationCount * should be a lot, like 10,000 * * @return the secure key to use */ public static byte[] PBKDF2(byte[] password, byte[] salt, int iterationCount) { SHA256Digest digest = new SHA256Digest(); PBEParametersGenerator pGen = new PKCS5S2ParametersGenerator(digest); pGen.init(password, salt, iterationCount); KeyParameter key = (KeyParameter) pGen.generateDerivedMacParameters(digest.getDigestSize() * 8); // *8 for bit length. // zero out the password. Arrays.fill(password, (byte) 0); return key.getKey(); }
From source file:dorkbox.util.HashUtil.java
License:Apache License
/** * gets the SHA256 hash + SALT of the specified username, as UTF-16 *//* w w w. java 2 s .co m*/ public static byte[] getSha256WithSalt(String username, byte[] saltBytes) { if (username == null) { return null; } byte[] charToBytes = Sys.charToBytes16(username.toCharArray()); byte[] userNameWithSalt = Sys.concatBytes(charToBytes, saltBytes); SHA256Digest sha256 = new SHA256Digest(); byte[] usernameHashBytes = new byte[sha256.getDigestSize()]; sha256.update(userNameWithSalt, 0, userNameWithSalt.length); sha256.doFinal(usernameHashBytes, 0); return usernameHashBytes; }
From source file:dorkbox.util.HashUtil.java
License:Apache License
/** * gets the SHA256 hash of the specified string, as UTF-16 *//*from w ww . j a v a 2s. co m*/ public static byte[] getSha256(String string) { byte[] charToBytes = Sys.charToBytes16(string.toCharArray()); SHA256Digest sha256 = new SHA256Digest(); byte[] usernameHashBytes = new byte[sha256.getDigestSize()]; sha256.update(charToBytes, 0, charToBytes.length); sha256.doFinal(usernameHashBytes, 0); return usernameHashBytes; }
From source file:dorkbox.util.HashUtil.java
License:Apache License
/** * gets the SHA256 hash of the specified byte array *///from w ww . j a v a 2s . c o m public static byte[] getSha256(byte[] bytes) { SHA256Digest sha256 = new SHA256Digest(); byte[] hashBytes = new byte[sha256.getDigestSize()]; sha256.update(bytes, 0, bytes.length); sha256.doFinal(hashBytes, 0); return hashBytes; }
From source file:dorkbox.util.HashUtil.java
License:Apache License
public static byte[] getSha256WithSalt(byte[] bytes, byte[] saltBytes) { if (bytes == null || saltBytes == null) { return null; }/*from w w w .j av a 2s. c om*/ byte[] bytesWithSalt = dorkbox.util.Sys.concatBytes(bytes, saltBytes); SHA256Digest sha256 = new SHA256Digest(); byte[] usernameHashBytes = new byte[sha256.getDigestSize()]; sha256.update(bytesWithSalt, 0, bytesWithSalt.length); sha256.doFinal(usernameHashBytes, 0); return usernameHashBytes; }