List of usage examples for org.bouncycastle.crypto PBEParametersGenerator PKCS5PasswordToBytes
public static byte[] PKCS5PasswordToBytes(char[] password)
From source file:edu.wisc.doit.tcrypt.BouncyCastleFileEncrypter.java
License:Apache License
protected ParametersWithIV generateParameters() throws InvalidCipherTextException, IOException { //Generate a random password final byte[] passwordBytes = new byte[PASSWORD_LENGTH]; SECURE_RANDOM.nextBytes(passwordBytes); final byte[] passwordBase64Bytes = Base64.encodeBase64(passwordBytes); final String passwordBase64String = new String(passwordBase64Bytes, CHARSET); //Generate a random salt final byte[] saltBytes = new byte[SALT_LENGTH]; SECURE_RANDOM.nextBytes(saltBytes);//from w ww. j av a2 s .c o m //Generate key & iv final OpenSSLPBEParametersGenerator generator = new OpenSSLPBEParametersGenerator(); generator.init(PBEParametersGenerator.PKCS5PasswordToBytes(passwordBase64String.toCharArray()), saltBytes); return (ParametersWithIV) generator.generateDerivedParameters(KEY_LENGTH, IV_LENGTH); }
From source file:foam.util.Password.java
License:Open Source License
/** * Helper function to hash the password that takes in the salt, key size, and number of iterations * @param password password to has/* w w w . ja v a 2 s.c o m*/ * @param salt random salt * @param keySize key size * @param iterations number of iterations * @return hashed password containing the salt. Format salt:hash */ private static String hash(String password, byte[] salt, int keySize, int iterations) { PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(); generator.init(PBEParametersGenerator.PKCS5PasswordToBytes(password.toCharArray()), salt, iterations); byte[] key = ((KeyParameter) generator.generateDerivedParameters(keySize)).getKey(); return String.format("%s:%s", encode(salt), encode(key)); }
From source file:org.apache.cloudstack.server.auth.PBKDF2UserAuthenticator.java
License:Apache License
public String encode(String password, byte[] salt, int rounds) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException { PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(); generator.init(PBEParametersGenerator.PKCS5PasswordToBytes(password.toCharArray()), salt, rounds); return format("%s:%s:%d", encode(salt), encode(((KeyParameter) generator.generateDerivedParameters(s_keylen)).getKey()), rounds); }
From source file:org.jruby.ext.openssl.impl.pem.PEMUtilities.java
License:Open Source License
private static SecretKey getKey(char[] password, String algorithm, int keyLength, byte[] salt, boolean des2) { OpenSSLPBEParametersGenerator pGen = new OpenSSLPBEParametersGenerator(); pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt); KeyParameter keyParam;/*from w ww. j a v a 2 s . c o m*/ keyParam = (KeyParameter) pGen.generateDerivedParameters(keyLength * 8); byte[] key = keyParam.getKey(); if (des2 && key.length >= 24) { // For DES2, we must copy first 8 bytes into the last 8 bytes. System.arraycopy(key, 0, key, 16, 8); } return new SecretKeySpec(key, algorithm); }
From source file:org.jruby.ext.openssl.PKCS5.java
License:Open Source License
private static RubyString generatePBEKey(final Ruby runtime, final char[] pass, final byte[] salt, final int iter, final int keySize) { PBEParametersGenerator generator = new PKCS5S2ParametersGenerator(); generator.init(PBEParametersGenerator.PKCS5PasswordToBytes(pass), salt, iter); CipherParameters params = generator.generateDerivedParameters(keySize * 8); return StringHelper.newString(runtime, ((KeyParameter) params).getKey()); }
From source file:org.jruby.ext.openssl.x509store.BouncyCastleASN1FormatHandler.java
License:LGPL
@Override public void writeDSAPrivateKey(Writer _out, DSAPrivateKey obj, String algo, char[] f) throws IOException { BufferedWriter out = makeBuffered(_out); ByteArrayInputStream bIn = new ByteArrayInputStream(getEncoded(obj)); ASN1InputStream aIn = new ASN1InputStream(bIn); PrivateKeyInfo info = new PrivateKeyInfo((ASN1Sequence) aIn.readObject()); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream aOut = new ASN1OutputStream(bOut); DSAParameter p = DSAParameter.getInstance(info.getAlgorithmId().getParameters()); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERInteger(0)); v.add(new DERInteger(p.getP())); v.add(new DERInteger(p.getQ())); v.add(new DERInteger(p.getG())); BigInteger x = obj.getX();//w w w . j a v a 2s . com BigInteger y = p.getG().modPow(x, p.getP()); v.add(new DERInteger(y)); v.add(new DERInteger(x)); aOut.writeObject(new DERSequence(v)); byte[] encoding = bOut.toByteArray(); if (algo != null && f != null) { byte[] salt = new byte[8]; byte[] encData = null; random.nextBytes(salt); OpenSSLPBEParametersGenerator pGen = new OpenSSLPBEParametersGenerator(); pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(f), salt); SecretKey secretKey = null; if (algo.equalsIgnoreCase("DESede/CBC/PKCS5Padding")) { // generate key int keyLength = 24; KeyParameter param = (KeyParameter) pGen.generateDerivedParameters(keyLength * 8); secretKey = new SecretKeySpec(param.getKey(), "DESede"); } else { throw new IOException("unknown algorithm in write_DSAPrivateKey: " + algo); } // cipher try { Cipher c = Cipher.getInstance("DESede/CBC/PKCS5Padding"); c.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(salt)); encData = c.doFinal(encoding); } catch (Exception e) { throw new IOException("exception using cipher: " + e.toString()); } // write the data out.write(BEF_G + PEM_STRING_DSA + AFT); out.newLine(); out.write("Proc-Type: 4,ENCRYPTED"); out.newLine(); out.write("DEK-Info: DES-EDE3-CBC,"); writeHexEncoded(out, salt); out.newLine(); out.newLine(); writeEncoded(out, encData); out.write(BEF_E + PEM_STRING_DSA + AFT); out.flush(); } else { out.write(BEF_G + PEM_STRING_DSA + AFT); out.newLine(); writeEncoded(out, encoding); out.write(BEF_E + PEM_STRING_DSA + AFT); out.newLine(); out.flush(); } }
From source file:org.jruby.ext.openssl.x509store.BouncyCastleASN1FormatHandler.java
License:LGPL
@Override public void writeRSAPrivateKey(Writer _out, RSAPrivateCrtKey obj, String algo, char[] f) throws IOException { assert (obj != null); BufferedWriter out = makeBuffered(_out); RSAPrivateKeyStructure keyStruct = new RSAPrivateKeyStructure(obj.getModulus(), obj.getPublicExponent(), obj.getPrivateExponent(), obj.getPrimeP(), obj.getPrimeQ(), obj.getPrimeExponentP(), obj.getPrimeExponentQ(), obj.getCrtCoefficient()); // convert to bytearray ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream aOut = new ASN1OutputStream(bOut); aOut.writeObject(keyStruct);/*from ww w . j av a2 s .c o m*/ aOut.close(); byte[] encoding = bOut.toByteArray(); if (algo != null && f != null) { byte[] salt = new byte[8]; byte[] encData = null; random.nextBytes(salt); OpenSSLPBEParametersGenerator pGen = new OpenSSLPBEParametersGenerator(); pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(f), salt); SecretKey secretKey = null; if (algo.startsWith("DES")) { // generate key int keyLength = 24; if (algo.equalsIgnoreCase("DESEDE")) { algo = "DESede/CBC/PKCS5Padding"; } KeyParameter param = (KeyParameter) pGen.generateDerivedParameters(keyLength * 8); secretKey = new SecretKeySpec(param.getKey(), algo.split("/")[0]); } else { throw new IOException("unknown algorithm `" + algo + "' in write_DSAPrivateKey"); } // cipher try { Cipher c = Cipher.getInstance(algo); c.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(salt)); encData = c.doFinal(encoding); } catch (Exception e) { throw new IOException("exception using cipher: " + e.toString()); } // write the data out.write(BEF_G + PEM_STRING_RSA + AFT); out.newLine(); out.write("Proc-Type: 4,ENCRYPTED"); out.newLine(); out.write("DEK-Info: DES-EDE3-CBC,"); writeHexEncoded(out, salt); out.newLine(); out.newLine(); writeEncoded(out, encData); out.write(BEF_E + PEM_STRING_RSA + AFT); out.flush(); } else { out.write(BEF_G + PEM_STRING_RSA + AFT); out.newLine(); writeEncoded(out, encoding); out.write(BEF_E + PEM_STRING_RSA + AFT); out.newLine(); out.flush(); } }
From source file:org.jruby.ext.openssl.x509store.BouncyCastleASN1FormatHandler.java
License:LGPL
/** * create the secret key needed for this object, fetching the password */// ww w . j ava 2 s. co m private SecretKey getKey(char[] k1, String algorithm, int keyLength, byte[] salt) throws IOException { char[] password = k1; if (password == null) { throw new IOException("Password is null, but a password is required"); } OpenSSLPBEParametersGenerator pGen = new OpenSSLPBEParametersGenerator(); pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt); KeyParameter param = (KeyParameter) pGen.generateDerivedParameters(keyLength * 8); return new javax.crypto.spec.SecretKeySpec(param.getKey(), algorithm); }
From source file:org.jruby.ext.openssl.x509store.PEMInputOutput.java
License:LGPL
private static CipherParameters extractPBES2CipherParams(char[] password, PBES2Parameters pbeParams) { PBKDF2Params pbkdfParams = PBKDF2Params.getInstance(pbeParams.getKeyDerivationFunc().getParameters()); int keySize = 192; if (pbkdfParams.getKeyLength() != null) { keySize = pbkdfParams.getKeyLength().intValue() * 8; }/*from w ww .ja va 2 s .co m*/ int iterationCount = pbkdfParams.getIterationCount().intValue(); byte[] salt = pbkdfParams.getSalt(); PBEParametersGenerator generator = new PKCS5S2ParametersGenerator(); generator.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt, iterationCount); return generator.generateDerivedParameters(keySize); }
From source file:org.jruby.ext.openssl.x509store.PEMInputOutput.java
License:LGPL
private static void writePemEncrypted(BufferedWriter out, String pemHeader, byte[] encoding, CipherSpec cipher, char[] passwd) throws IOException { Cipher c = cipher.getCipher(); byte[] iv = new byte[c.getBlockSize()]; random.nextBytes(iv);/* ww w .j av a 2s . com*/ byte[] salt = new byte[8]; System.arraycopy(iv, 0, salt, 0, 8); OpenSSLPBEParametersGenerator pGen = new OpenSSLPBEParametersGenerator(); pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(passwd), salt); KeyParameter param = (KeyParameter) pGen.generateDerivedParameters(cipher.getKeyLenInBits()); SecretKey secretKey = new SecretKeySpec(param.getKey(), org.jruby.ext.openssl.Cipher.Algorithm.getAlgorithmBase(c)); byte[] encData = null; try { c.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(iv)); encData = c.doFinal(encoding); } catch (InvalidKeyException ike) { if (ike.getMessage().startsWith("Invalid key length")) { throw new IOException("Invalid key length. See http://wiki.jruby.org/UnlimitedStrengthCrypto"); } throw new IOException("exception using cipher:" + ike.toString(), ike); } catch (GeneralSecurityException gse) { throw new IOException("exception using cipher: " + gse.toString(), gse); } out.write(BEF_G + pemHeader + AFT); out.newLine(); out.write("Proc-Type: 4,ENCRYPTED"); out.newLine(); out.write("DEK-Info: " + cipher.getOsslName() + ","); writeHexEncoded(out, iv); out.newLine(); out.newLine(); writeEncoded(out, encData); out.write(BEF_E + pemHeader + AFT); out.flush(); }