List of usage examples for org.bouncycastle.jce ECGOST3410NamedCurveTable getParameterSpec
public static ECNamedCurveParameterSpec getParameterSpec(String name)
From source file:org.cesecore.certificates.util.AlgorithmToolsTest.java
License:Open Source License
@Test public void testGetKeySpecificationGOST3410() throws Exception { assumeTrue(AlgorithmTools.isGost3410Enabled()); final String keyspec = CesecoreConfiguration.getExtraAlgSubAlgName("gost3410", "B"); KeyPairGenerator keygen = KeyPairGenerator.getInstance("ECGOST3410", "BC"); AlgorithmParameterSpec ecSpec = ECGOST3410NamedCurveTable.getParameterSpec(keyspec); keygen.initialize(ecSpec);/*from w w w .java 2s . com*/ KeyPair keys = keygen.generateKeyPair(); assertEquals(keyspec, AlgorithmTools.getKeySpecification(keys.getPublic())); }
From source file:org.cesecore.keys.util.KeyTools.java
License:Open Source License
/** * Generates a keypair/*from w ww . java 2 s . co m*/ * * @param keySpec * string specification of keys to generate, typical value is 2048 for RSA keys, * 1024 for DSA keys, secp256r1 for ECDSA keys, or null if algspec is to be used. * @param algSpec * AlgorithmParameterSpec of keys to generate, typically an EXParameterSpec for EC keys, or null if keySpec is to be used. * @param keyAlg * algorithm of keys to generate, typical value is RSA, DSA or ECDSA, see AlgorithmConstants.KEYALGORITHM_XX * * @see org.cesecore.certificates.util.core.model.AlgorithmConstants * @see org.bouncycastle.asn1.x9.X962NamedCurves * @see org.bouncycastle.asn1.nist.NISTNamedCurves * @see org.bouncycastle.asn1.sec.SECNamedCurves * * @return KeyPair the generated keypair * @throws InvalidAlgorithmParameterException * @see org.cesecore.certificates.util.AlgorithmConstants#KEYALGORITHM_RSA */ public static KeyPair genKeys(final String keySpec, final AlgorithmParameterSpec algSpec, final String keyAlg) throws InvalidAlgorithmParameterException { if (log.isTraceEnabled()) { log.trace(">genKeys(" + keySpec + ", " + keyAlg + ")"); } KeyPairGenerator keygen; try { keygen = KeyPairGenerator.getInstance(keyAlg, BouncyCastleProvider.PROVIDER_NAME); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("Algorithm " + keyAlg + "was not recognized.", e); } catch (NoSuchProviderException e) { throw new IllegalStateException("BouncyCastle was not found as a provider.", e); } if (StringUtils.equals(keyAlg, AlgorithmConstants.KEYALGORITHM_ECDSA)) { AlgorithmParameterSpec ecSpec = null; if ((keySpec != null) && !StringUtils.equals(keySpec, "implicitlyCA")) { log.debug("Generating named curve ECDSA key pair: " + keySpec); // We have EC keys ECGenParameterSpec bcSpec = new ECGenParameterSpec(keySpec); keygen.initialize(bcSpec, new SecureRandom()); // The old code should work in BC v1.50b6 and later, but in vesions prior to that the below produces a key with explicit parameter encoding instead of named curves. // There is a test for this in KeyToolsTest.testGenKeysECDSAx9 // ecSpec = ECNamedCurveTable.getParameterSpec(keySpec); // if (ecSpec == null) { // throw new InvalidAlgorithmParameterException("keySpec " + keySpec + " is invalid for ECDSA."); // } // keygen.initialize(ecSpec, new SecureRandom()); } else if (algSpec != null) { log.debug("Generating ECDSA key pair from AlgorithmParameterSpec: " + algSpec); ecSpec = algSpec; keygen.initialize(ecSpec, new SecureRandom()); } else if (StringUtils.equals(keySpec, "implicitlyCA")) { log.debug("Generating implicitlyCA encoded ECDSA key pair"); // If the keySpec is null, we have "implicitlyCA" defined EC parameters // The parameters were already installed when we installed the provider // We just make sure that ecSpec == null here keygen.initialize(ecSpec, new SecureRandom()); } else { throw new InvalidAlgorithmParameterException("No keySpec no algSpec and no implicitlyCA specified"); } } else if (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECGOST3410)) { AlgorithmParameterSpec ecSpec = null; if (keySpec != null) { log.debug("Generating keys from given key specifications : " + keySpec); ecSpec = ECGOST3410NamedCurveTable.getParameterSpec(keySpec); if (ecSpec == null) throw new InvalidAlgorithmParameterException( "Key specification " + keySpec + " is invalid for ECGOST3410"); } else if (algSpec != null) { log.debug("Generating keys from given algorithm parameters : " + algSpec); ecSpec = algSpec; } else { throw new InvalidAlgorithmParameterException("No key or algorithm specifications"); } keygen.initialize(ecSpec, new SecureRandom()); } else if (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_DSTU4145)) { AlgorithmParameterSpec ecSpec = null; if (keySpec != null) { log.debug("Generating keys from given key specifications : " + keySpec); ecSpec = dstuOidToAlgoParams(keySpec); if (ecSpec == null) throw new InvalidAlgorithmParameterException( "Key specification " + keySpec + " is invalid for DSTU4145"); } else if (algSpec != null) { log.debug("Generating keys from given algorithm parameters : " + algSpec); ecSpec = algSpec; } else { throw new InvalidAlgorithmParameterException("No key or algorithm specifications"); } keygen.initialize(ecSpec, new SecureRandom()); } else if (keySpec.startsWith("DSA")) { // DSA key with "DSA" in keyspec final int keysize = Integer.parseInt(keySpec.substring(3)); keygen.initialize(keysize); } else { // RSA or DSA key where keyspec is simply the key length final int keysize = Integer.parseInt(keySpec); keygen.initialize(keysize); } final KeyPair keys = keygen.generateKeyPair(); if (log.isDebugEnabled()) { final PublicKey pk = keys.getPublic(); final int len = getKeyLength(pk); log.debug("Generated " + keys.getPublic().getAlgorithm() + " keys with length " + len); } log.trace("<genKeys()"); return keys; }
From source file:org.cesecore.keys.util.KeyToolsTest.java
License:Open Source License
@Test public void testGenKeysGOSTAlgorithmSpec() throws Exception { assumeTrue(AlgorithmTools.isGost3410Enabled()); log.trace(">testGenKeysGOSTAlgorithmSpec"); KeyPairGenerator keygen = KeyPairGenerator.getInstance("ECGOST3410", "BC"); final String keyspec = CesecoreConfiguration.getExtraAlgSubAlgName("gost3410", "B"); AlgorithmParameterSpec ecSpec = ECGOST3410NamedCurveTable.getParameterSpec(keyspec); keygen.initialize(ecSpec);/*from w w w. ja v a2s .c om*/ KeyPair keys = keygen.generateKeyPair(); assertEquals(AlgorithmConstants.KEYALGORITHM_ECGOST3410, keys.getPublic().getAlgorithm()); String spec = AlgorithmTools.getKeySpecification(keys.getPublic()); assertEquals(keyspec, spec); ECPublicKey ecpub = (ECPublicKey) keys.getPublic(); java.security.spec.ECParameterSpec sunsp = ecpub.getParams(); sunsp.getCurve(); // return value not tested // Nothing to do here, the gost parameter seem to behave similarly to EC parameter AlgorithmParameterSpec paramspec = KeyTools.getKeyGenSpec(keys.getPublic()); KeyPair keys2 = KeyTools.genKeys(null, paramspec, AlgorithmConstants.KEYALGORITHM_ECGOST3410); KeyPair keys3 = KeyTools.genKeys(keyspec, AlgorithmConstants.KEYALGORITHM_ECGOST3410); assertEquals(AlgorithmConstants.KEYALGORITHM_ECGOST3410, keys2.getPublic().getAlgorithm()); assertEquals(AlgorithmConstants.KEYALGORITHM_ECGOST3410, keys3.getPublic().getAlgorithm()); ECPublicKey pk1 = (ECPublicKey) keys.getPublic(); ECPublicKey pk2 = (ECPublicKey) keys2.getPublic(); ECPublicKey pk3 = (ECPublicKey) keys3.getPublic(); // Verify that it's the same key size int len1 = KeyTools.getKeyLength(pk1); int len2 = KeyTools.getKeyLength(pk2); int len3 = KeyTools.getKeyLength(pk3); assertEquals(len1, len2); assertEquals(len1, len3); // Verify that the domain parameters are the same ECParameterSpec ecs1 = pk1.getParams(); ECParameterSpec ecs2 = pk2.getParams(); ECParameterSpec ecs3 = pk3.getParams(); assertEquals(ecs1.getCofactor(), ecs2.getCofactor()); assertEquals(ecs1.getOrder(), ecs2.getOrder()); assertEquals(ecs1.getCurve(), ecs2.getCurve()); assertEquals(ecs1.getCofactor(), ecs3.getCofactor()); assertEquals(ecs1.getOrder(), ecs3.getOrder()); assertEquals(ecs1.getCurve(), ecs3.getCurve()); // Verify that it is not the same key though assertFalse(pk1.getW().equals(pk2.getW())); assertFalse(pk1.getW().equals(pk3.getW())); KeyTools.testKey(keys.getPrivate(), keys.getPublic(), "BC"); byte[] signature = KeyTools.signData(keys2.getPrivate(), AlgorithmConstants.KEYALGORITHM_ECGOST3410, "Hello world ! How cool is ejbca ??".getBytes()); assertTrue(KeyTools.verifyData(keys2.getPublic(), AlgorithmConstants.KEYALGORITHM_ECGOST3410, "Hello world ! How cool is ejbca ??".getBytes(), signature)); ECPublicKeySpec ecspec = new ECPublicKeySpec(pk2.getW(), pk2.getParams()); KeyFactory.getInstance("ECGOST3410").generatePublic(ecspec); // return value not tested KeyFactory.getInstance("EC").generatePublic(ecspec); // return value not tested log.trace("<testGenKeysGOSTAlgorithmSpec"); }
From source file:org.cesecore.keys.util.KeyToolsTest.java
License:Open Source License
@Test public void testGenKeysDSTU4145AlgorithmSpec() throws Exception { assumeTrue(AlgorithmTools.isDstu4145Enabled()); log.trace(">testGenKeysDSTU4145AlgorithmSpec"); KeyPairGenerator keygen = KeyPairGenerator.getInstance("DSTU4145", "BC"); final String keyspec = CesecoreConfiguration.getExtraAlgSubAlgName("dstu4145", "233"); AlgorithmParameterSpec ecSpec = ECGOST3410NamedCurveTable.getParameterSpec(keyspec); keygen.initialize(ecSpec);// w w w . j a va 2 s . c o m KeyPair keys = keygen.generateKeyPair(); assertEquals(AlgorithmConstants.KEYALGORITHM_DSTU4145, keys.getPublic().getAlgorithm()); String spec = AlgorithmTools.getKeySpecification(keys.getPublic()); assertEquals(keyspec, spec); ECPublicKey ecpub = (ECPublicKey) keys.getPublic(); java.security.spec.ECParameterSpec sunsp = ecpub.getParams(); sunsp.getCurve(); // return value not tested // Nothing to do here, the gost parameter seem to behave similarly to EC parameter AlgorithmParameterSpec paramspec = KeyTools.getKeyGenSpec(keys.getPublic()); KeyPair keys2 = KeyTools.genKeys(null, paramspec, AlgorithmConstants.KEYALGORITHM_DSTU4145); KeyPair keys3 = KeyTools.genKeys(keyspec, AlgorithmConstants.KEYALGORITHM_DSTU4145); assertEquals(AlgorithmConstants.KEYALGORITHM_DSTU4145, keys2.getPublic().getAlgorithm()); assertEquals(AlgorithmConstants.KEYALGORITHM_DSTU4145, keys3.getPublic().getAlgorithm()); ECPublicKey pk1 = (ECPublicKey) keys.getPublic(); ECPublicKey pk2 = (ECPublicKey) keys2.getPublic(); ECPublicKey pk3 = (ECPublicKey) keys3.getPublic(); // Verify that it's the same key size int len1 = KeyTools.getKeyLength(pk1); int len2 = KeyTools.getKeyLength(pk2); int len3 = KeyTools.getKeyLength(pk3); assertEquals(len1, len2); assertEquals(len1, len3); // Verify that the domain parameters are the same ECParameterSpec ecs1 = pk1.getParams(); ECParameterSpec ecs2 = pk2.getParams(); ECParameterSpec ecs3 = pk3.getParams(); assertEquals(ecs1.getCofactor(), ecs2.getCofactor()); assertEquals(ecs1.getOrder(), ecs2.getOrder()); assertEquals(ecs1.getCurve(), ecs2.getCurve()); assertEquals(ecs1.getCofactor(), ecs3.getCofactor()); assertEquals(ecs1.getOrder(), ecs3.getOrder()); assertEquals(ecs1.getCurve(), ecs3.getCurve()); // Verify that it is not the same key though assertFalse(pk1.getW().equals(pk2.getW())); assertFalse(pk1.getW().equals(pk3.getW())); KeyTools.testKey(keys.getPrivate(), keys.getPublic(), "BC"); byte[] signature = KeyTools.signData(keys2.getPrivate(), AlgorithmConstants.KEYALGORITHM_DSTU4145, "Hello world ! How cool is ejbca ??".getBytes()); assertTrue(KeyTools.verifyData(keys2.getPublic(), AlgorithmConstants.KEYALGORITHM_DSTU4145, "Hello world ! How cool is ejbca ??".getBytes(), signature)); ECPublicKeySpec ecspec = new ECPublicKeySpec(pk2.getW(), pk2.getParams()); KeyFactory.getInstance("DSTU4145").generatePublic(ecspec); // return value not tested KeyFactory.getInstance("EC").generatePublic(ecspec); // return value not tested log.trace("<testGenKeysDSTU4145AlgorithmSpec"); }