List of usage examples for org.bouncycastle.jcajce.provider.asymmetric.ec BCECPrivateKey getD
public BigInteger getD()
From source file:ca.trustpoint.m2m.ecqv.EcqvProvider.java
License:Apache License
/** * Generate reconstruction data for an implicit certificate In the terminology of sec4, * ephemeralPublicKey is referenced as Ru * * @param identifyingInfo the identity portion of the implicit certificate * @param ephemeralPublicKey the requesters ephemeral public key * @param issuerPrivateKey the issuers private key * * @return reconstruction data associated with the implicit certificate * * @throws NoSuchAlgorithmException From Bouncy Castle * @throws InvalidAlgorithmParameterException From Bouncy Castle * @throws NoSuchProviderException From Bouncy Castle * @throws IOException/*from w ww . j av a 2s . c om*/ */ public KeyReconstructionData genReconstructionData(byte[] identifyingInfo, PublicKey ephemeralPublicKey, PrivateKey issuerPrivateKey) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException, IOException { // Reconstruction point, in point and byte format ECPoint p; byte[] reconstructionPoint; // CA's ephemeral key pair (k, kG) BCECPublicKey caEphemeralPublicKey; BCECPrivateKey caEphemeralPrivateKey; BigInteger n = curveParameters.getN(); // get the order of the curve group BigInteger r; // private key recovery data and CA ephemeral private key, respectively. BigInteger e; // Integer representation of H(Certu) BigInteger dCa = ((BCECPrivateKey) issuerPrivateKey).getD(); // Private key (point multiplier) // of the issuer. ECPoint infinity = curveParameters.getCurve().getInfinity(); // The identity point. do { // create ephemeral key pair (k, kG) KeyPairGenerator keyGen = KeyPairGenerator.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME); keyGen.initialize(curveParameters, random); KeyPair caEphemeralKeyPair = keyGen.generateKeyPair(); caEphemeralPrivateKey = (BCECPrivateKey) caEphemeralKeyPair.getPrivate(); caEphemeralPublicKey = (BCECPublicKey) caEphemeralKeyPair.getPublic(); // Compute Pu = Ru + kG // this is the reconstruction point p = ((BCECPublicKey) ephemeralPublicKey).getQ().add(caEphemeralPublicKey.getQ()); reconstructionPoint = p.getEncoded(true); // Update the digest with the implicit certificate Certu for (byte b : identifyingInfo) { digest.update(b); } // Update digest with reconstruction point data. for (byte b : reconstructionPoint) { digest.update(b); } // hash the implicit certificate Certu and compute the integer e from H(Certu) e = calculateE(n, digest.digest()).mod(n); // from sec4 S3.4 } while (p.multiply(e).add(curveParameters.getG().multiply(dCa)).equals(infinity)); // compute r = ek + dCA (mod n) r = e.multiply(caEphemeralPrivateKey.getD()).add(dCa).mod(n); return new KeyReconstructionData(reconstructionPoint, integerToOctetString(r, n)); }
From source file:com.cryptolib.CryptoObject.java
License:Open Source License
/** * Performs ECDH/*from w w w . j a v a2 s. c o m*/ */ public void createSharedEncKey(ECPublicKey key) throws CryptoSocketException { try { X9ECParameters ecP = CustomNamedCurves.getByName(curve); ECDomainParameters ecdp = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH()); ECPublicKeyParameters ecpkp = new ECPublicKeyParameters(key.getQ(), ecdp); BCECPrivateKey sk = (BCECPrivateKey) this.encKeypair.getPrivate(); ECPrivateKeyParameters ecskp = new ECPrivateKeyParameters(sk.getD(), ecdp); ECDHCBasicAgreement ba = new ECDHCBasicAgreement(); ba.init(ecskp); byte[] byteSharedSecret = ba.calculateAgreement(ecpkp).toByteArray(); byte[] byteSharedSecretSecond = new byte[byteSharedSecret.length / 2]; byte[] byteSharedSecretFirst = new byte[byteSharedSecret.length / 2]; System.arraycopy(byteSharedSecret, 0, byteSharedSecretSecond, 0, byteSharedSecretSecond.length); System.arraycopy(byteSharedSecret, byteSharedSecretSecond.length, byteSharedSecretFirst, 0, byteSharedSecretFirst.length); this.sharedSecretFirst = new SecretKeySpec(byteSharedSecretFirst, "AES"); this.sharedSecretSecond = new SecretKeySpec(byteSharedSecretSecond, "AES"); this.has_symmetric_key = true; this.enc = Cipher.getInstance("AES/GCM/NoPadding"); this.dec = Cipher.getInstance("AES/GCM/NoPadding"); } catch (IllegalStateException is) { throw new CryptoSocketException("unable to create shared encryption key, wrong state!"); } catch (NoSuchAlgorithmException nsa) { throw new CryptoSocketException("Encryption algorithm not found!"); } catch (NoSuchPaddingException nsp) { throw new CryptoSocketException("Invalid padding algorithm!"); } }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static PublicKey extractPublicKey(PrivateKey privateKey) throws CryptoException { // we only support RSA and ECDSA private keys PublicKey publicKey = null;/*from www . j a va2s . c o m*/ switch (privateKey.getAlgorithm()) { case RSA: try { KeyFactory kf = KeyFactory.getInstance(RSA, BC_PROVIDER); RSAPrivateCrtKey rsaCrtKey = (RSAPrivateCrtKey) privateKey; RSAPublicKeySpec keySpec = new RSAPublicKeySpec(rsaCrtKey.getModulus(), rsaCrtKey.getPublicExponent()); publicKey = kf.generatePublic(keySpec); } catch (NoSuchProviderException ex) { LOG.error("extractPublicKey: RSA - Caught NoSuchProviderException exception: " + ex.getMessage()); throw new CryptoException(ex); } catch (NoSuchAlgorithmException ex) { LOG.error("extractPublicKey: RSA - Caught NoSuchAlgorithmException exception: " + ex.getMessage()); throw new CryptoException(ex); } catch (InvalidKeySpecException ex) { LOG.error("extractPublicKey: RSA - Caught InvalidKeySpecException exception: " + ex.getMessage()); throw new CryptoException(ex); } break; case ECDSA: try { KeyFactory kf = KeyFactory.getInstance(ECDSA, BC_PROVIDER); BCECPrivateKey ecPrivKey = (BCECPrivateKey) privateKey; ECMultiplier ecMultiplier = new FixedPointCombMultiplier(); ECParameterSpec ecParamSpec = (ECParameterSpec) ecPrivKey.getParameters(); ECPoint ecPointQ = ecMultiplier.multiply(ecParamSpec.getG(), ecPrivKey.getD()); ECPublicKeySpec keySpec = new ECPublicKeySpec(ecPointQ, ecParamSpec); publicKey = kf.generatePublic(keySpec); } catch (NoSuchProviderException ex) { LOG.error("extractPublicKey: ECDSA - Caught NoSuchProviderException exception: " + ex.getMessage()); throw new CryptoException(ex); } catch (NoSuchAlgorithmException ex) { LOG.error( "extractPublicKey: ECDSA - Caught NoSuchAlgorithmException exception: " + ex.getMessage()); throw new CryptoException(ex); } catch (InvalidKeySpecException ex) { LOG.error("extractPublicKey: ECDSA - Caught InvalidKeySpecException exception: " + ex.getMessage()); throw new CryptoException(ex); } break; default: String msg = "Unsupported Key Algorithm: " + privateKey.getAlgorithm(); LOG.error("extractPublicKey: " + msg); throw new CryptoException(msg); } return publicKey; }
From source file:org.xdi.oxauth.model.crypto.signature.ECDSAKeyFactory.java
License:MIT License
public ECDSAKeyFactory(SignatureAlgorithm signatureAlgorithm, String dnName) throws InvalidParameterException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, SignatureException, InvalidKeyException, CertificateEncodingException { if (signatureAlgorithm == null) { throw new InvalidParameterException("The signature algorithm cannot be null"); }//from w w w .ja v a 2 s. c o m this.signatureAlgorithm = signatureAlgorithm; ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(signatureAlgorithm.getCurve().getName()); KeyPairGenerator keyGen = KeyPairGenerator.getInstance("ECDSA", "BC"); keyGen.initialize(ecSpec, new SecureRandom()); this.keyPair = keyGen.generateKeyPair(); BCECPrivateKey privateKeySpec = (BCECPrivateKey) keyPair.getPrivate(); BCECPublicKey publicKeySpec = (BCECPublicKey) keyPair.getPublic(); BigInteger x = publicKeySpec.getQ().getX().toBigInteger(); BigInteger y = publicKeySpec.getQ().getY().toBigInteger(); BigInteger d = privateKeySpec.getD(); this.ecdsaPrivateKey = new ECDSAPrivateKey(d); this.ecdsaPublicKey = new ECDSAPublicKey(signatureAlgorithm, x, y); if (StringUtils.isNotBlank(dnName)) { // Create certificate GregorianCalendar startDate = new GregorianCalendar(); // time from which certificate is valid GregorianCalendar expiryDate = new GregorianCalendar(); // time after which certificate is not valid expiryDate.add(Calendar.YEAR, 1); BigInteger serialNumber = new BigInteger(1024, new Random()); // serial number for certificate X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal principal = new X500Principal(dnName); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(principal); certGen.setNotBefore(startDate.getTime()); certGen.setNotAfter(expiryDate.getTime()); certGen.setSubjectDN(principal); // note: same as issuer certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WITHECDSA"); X509Certificate x509Certificate = certGen.generate(privateKeySpec, "BC"); this.certificate = new Certificate(signatureAlgorithm, x509Certificate); } }