List of usage examples for org.bouncycastle.pkcs.jcajce JcePKCSPBEOutputEncryptorBuilder JcePKCSPBEOutputEncryptorBuilder
public JcePKCSPBEOutputEncryptorBuilder(ASN1ObjectIdentifier keyEncryptionAlg)
From source file:com.aqnote.shared.cryptology.cert.io.PKCSWriter.java
License:Open Source License
public static void storePKCS12File(X509Certificate[] chain, PrivateKey key, char[] pwd, OutputStream ostream) throws Exception { if (chain == null || key == null || ostream == null) return;//ww w .j av a2 s . c o m PKCS12SafeBag[] certSafeBags = new PKCS12SafeBag[chain.length]; for (int i = chain.length - 1; i > 0; i--) { PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(chain[i]); safeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(CertificateUtil.getSubjectCN(chain[i]))); certSafeBags[i] = safeBagBuilder.build(); } X509Certificate cert = chain[0]; String subjectCN = CertificateUtil.getSubjectCN(cert); SubjectKeyIdentifier pubKeyId = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(cert.getPublicKey()); PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(cert); safeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(subjectCN)); safeBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); certSafeBags[0] = safeBagBuilder.build(); PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder(); // desEDE/id_aes256_CBC OutputEncryptor oKeyEncryptor = new JcePKCSPBEOutputEncryptorBuilder(pbeWithSHAAnd3_KeyTripleDES_CBC) .setProvider(JCE_PROVIDER).build(pwd); PKCS12SafeBagBuilder keySafeBagBuilder = new JcaPKCS12SafeBagBuilder(key, oKeyEncryptor); keySafeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(subjectCN)); keySafeBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); pfxPduBuilder.addData(keySafeBagBuilder.build()); OutputEncryptor oCertEncryptor = new JcePKCSPBEOutputEncryptorBuilder(pbeWithSHAAnd40BitRC2_CBC) .setProvider(JCE_PROVIDER).build(pwd); pfxPduBuilder.addEncryptedData(oCertEncryptor, certSafeBags); // PKCS12PfxPdu pfxPdu = pfxPduBuilder.build(new JcePKCS12MacCalculatorBuilder(idSHA1), pwd); BcPKCS12MacCalculatorBuilder builder = new BcPKCS12MacCalculatorBuilder(new SHA1Digest(), new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE)); PKCS12PfxPdu pfxPdu = pfxPduBuilder.build(builder, pwd); ostream.write(pfxPdu.getEncoded(ASN1Encoding.DER)); ostream.close(); }
From source file:com.aqnote.shared.encrypt.cert.bc.cover.PKCSWriter.java
License:Open Source License
public static void storePKCS12File(X509Certificate[] chain, PrivateKey key, char[] pwd, OutputStream ostream) throws Exception { if (chain == null || key == null || ostream == null) return;//from w w w.j av a 2 s . c o m PKCS12SafeBag[] certSafeBags = new PKCS12SafeBag[chain.length]; for (int i = chain.length - 1; i > 0; i--) { PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(chain[i]); safeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(CertificateUtil.getSubjectCN(chain[i]))); certSafeBags[i] = safeBagBuilder.build(); } X509Certificate cert = (X509Certificate) chain[0]; String subjectCN = CertificateUtil.getSubjectCN(cert); SubjectKeyIdentifier pubKeyId = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(cert.getPublicKey()); PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(cert); safeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(subjectCN)); safeBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); certSafeBags[0] = safeBagBuilder.build(); PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder(); // desEDE/id_aes256_CBC OutputEncryptor oKeyEncryptor = new JcePKCSPBEOutputEncryptorBuilder(pbeWithSHAAnd3_KeyTripleDES_CBC) .setProvider(JCE_PROVIDER).build(pwd); PKCS12SafeBagBuilder keySafeBagBuilder = new JcaPKCS12SafeBagBuilder(key, oKeyEncryptor); keySafeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(subjectCN)); keySafeBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); pfxPduBuilder.addData(keySafeBagBuilder.build()); OutputEncryptor oCertEncryptor = new JcePKCSPBEOutputEncryptorBuilder(pbeWithSHAAnd40BitRC2_CBC) .setProvider(JCE_PROVIDER).build(pwd); pfxPduBuilder.addEncryptedData(oCertEncryptor, certSafeBags); // PKCS12PfxPdu pfxPdu = pfxPduBuilder.build(new // JcePKCS12MacCalculatorBuilder(idSHA1), pwd); PKCS12PfxPdu pfxPdu = pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), pwd); ostream.write(pfxPdu.getEncoded(ASN1Encoding.DER)); ostream.close(); }
From source file:com.vvote.thirdparty.ximix.util.BLSKeyStore.java
License:Apache License
/** * Return the key store object as a PKCS#12 byte array. * * @param password the password to use to encrypt the key data. * @return an array of bytes representing the encoding. * @throws IOException on a conversion to ASN.1 encoding error. * @throws GeneralSecurityException if there is an issue encrypting the key data. *//*from ww w. jav a 2 s . c o m*/ public synchronized byte[] getEncoded(char[] password) throws IOException, GeneralSecurityException { KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC"); EllipticCurve curve = new EllipticCurve( new ECFieldFp( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839")), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b ECParameterSpec spec = new ECParameterSpec(curve, ECPointUtil.decodePoint(curve, Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307"), // n 1); // h // TODO: neeed an EC key for the node ECPrivateKeySpec priKeySpec = new ECPrivateKeySpec( new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d spec); try { OutputEncryptor encOut = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC) .setProvider("BC").build(password); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder(); for (String keyID : sharedPrivateKeyMap.keySet()) { PrivateKey sigKey = fact.generatePrivate(priKeySpec); SubjectPublicKeyInfo pubKey = this.fetchPublicKey(keyID); PKCS12SafeBagBuilder eeCertBagBuilder = new PKCS12SafeBagBuilder( createCertificate(keyID, sequenceNoMap.get(keyID), sigKey)); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(keyID)); SubjectKeyIdentifier pubKeyId = extUtils.createSubjectKeyIdentifier(pubKey); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); PKCS12SafeBagBuilder keyBagBuilder = new PKCS12SafeBagBuilder(PrivateKeyInfoFactory .createPrivateKeyInfo(sharedPrivateKeyMap.get(keyID), paramsMap.get(keyID)), encOut); keyBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(keyID)); keyBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); builder.addEncryptedData( new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC) .setProvider("BC").build(password), new PKCS12SafeBag[] { eeCertBagBuilder.build() }); builder.addData(keyBagBuilder.build()); } PKCS12PfxPdu pfx = builder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), password); return pfx.getEncoded(ASN1Encoding.DL); } catch (PKCSException e) { throw new GeneralSecurityException("Unable to create key store: " + e.getMessage(), e); } catch (OperatorCreationException e) { throw new GeneralSecurityException("Unable to create operator: " + e.getMessage(), e); } }
From source file:craterdog.security.RsaCertificateManager.java
License:Open Source License
@Override public String encodePrivateKey(PrivateKey key, char[] password) { logger.entry();/*from w ww . ja v a2 s .c om*/ try (StringWriter swriter = new StringWriter(); PemWriter pwriter = new PemWriter(swriter)) { OutputEncryptor encryptor = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes128_CBC) .setProvider(PROVIDER_NAME).build(password); PKCS8Generator generator = new JcaPKCS8Generator(key, encryptor); pwriter.writeObject(generator); pwriter.flush(); String result = swriter.toString(); logger.exit(); return result; } catch (IOException | OperatorCreationException e) { RuntimeException exception = new RuntimeException( "An unexpected exception occurred while attempting to encode a private key.", e); throw logger.throwing(exception); } }
From source file:org.cryptoworkshop.ximix.node.crypto.key.BLSKeyManager.java
License:Apache License
public synchronized byte[] getEncoded(char[] password) throws IOException, GeneralSecurityException { try {/*from ww w . j ava 2s . c om*/ OutputEncryptor encOut = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC) .setProvider("BC").build(password); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder(); for (String keyID : sharedPrivateKeyMap.getIDs()) { SubjectPublicKeyInfo pubKey = this.fetchPublicKey(keyID); // TODO: perhaps add CA cert and trust anchor to key store if available PKCS12SafeBagBuilder eeCertBagBuilder = new PKCS12SafeBagBuilder( createCertificate(keyID, sharedPrivateKeyMap.getShare(keyID).getSequenceNo(), (PrivateKey) nodeContext.getNodeCAStore().getKey("nodeCA", new char[0]))); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(keyID)); SubjectKeyIdentifier pubKeyId = extUtils.createSubjectKeyIdentifier(pubKey); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); PKCS12SafeBagBuilder keyBagBuilder = new PKCS12SafeBagBuilder(PrivateKeyInfoFactory .createPrivateKeyInfo(sharedPrivateKeyMap.getShare(keyID).getValue(), paramsMap.get(keyID)), encOut); keyBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(keyID)); keyBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); builder.addEncryptedData( new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC) .setProvider("BC").build(password), new PKCS12SafeBag[] { eeCertBagBuilder.build() }); builder.addData(keyBagBuilder.build()); } PKCS12PfxPdu pfx = builder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), password); return pfx.getEncoded(ASN1Encoding.DL); } catch (PKCSException e) { throw new GeneralSecurityException("Unable to create key store: " + e.getMessage(), e); } catch (OperatorCreationException e) { throw new GeneralSecurityException("Unable to create operator: " + e.getMessage(), e); } }
From source file:org.cryptoworkshop.ximix.node.crypto.key.ECKeyManager.java
License:Apache License
public synchronized byte[] getEncoded(char[] password) throws IOException, GeneralSecurityException { KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC"); try {/*from ww w .j a v a 2 s . c o m*/ OutputEncryptor encOut = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC) .setProvider("BC").build(password); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder(); for (String keyID : sharedPrivateKeyMap.getIDs()) { ECDomainParameters domainParams = paramsMap.get(keyID); PrivateKey privKey = fact .generatePrivate(new PKCS8EncodedKeySpec(PrivateKeyInfoFactory .createPrivateKeyInfo(new ECPrivateKeyParameters( sharedPrivateKeyMap.getShare(keyID).getValue(), domainParams)) .getEncoded())); SubjectPublicKeyInfo pubKey = this.fetchPublicKey(keyID); // TODO: perhaps add CA cert and trust anchor to key store if available PKCS12SafeBagBuilder eeCertBagBuilder = new PKCS12SafeBagBuilder( createCertificate(keyID, sharedPrivateKeyMap.getShare(keyID).getSequenceNo(), (PrivateKey) nodeContext.getNodeCAStore().getKey("nodeCA", new char[0]))); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(keyID)); SubjectKeyIdentifier pubKeyId = extUtils.createSubjectKeyIdentifier(pubKey); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey, encOut); keyBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(keyID)); keyBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); builder.addEncryptedData( new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC) .setProvider("BC").build(password), new PKCS12SafeBag[] { eeCertBagBuilder.build() }); builder.addData(keyBagBuilder.build()); } PKCS12PfxPdu pfx = builder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), password); return pfx.getEncoded(ASN1Encoding.DL); } catch (PKCSException e) { throw new GeneralSecurityException("Unable to create key store: " + e.getMessage(), e); } catch (OperatorCreationException e) { throw new GeneralSecurityException("Unable to create operator: " + e.getMessage(), e); } }
From source file:org.xipki.commons.security.pkcs11.emulator.PrivateKeyCryptor.java
License:Open Source License
PrivateKeyCryptor(final char[] password) throws P11TokenException { ParamUtil.requireNonNull("password", password); JcePKCSPBEOutputEncryptorBuilder eb = new JcePKCSPBEOutputEncryptorBuilder(ALGO); eb.setProvider("BC"); eb.setIterationCount(ITERATION_COUNT); try {//from w w w . j av a2 s .c om encryptor = eb.build(password); } catch (OperatorCreationException ex) { throw new P11TokenException(ex.getMessage(), ex); } JcePKCSPBEInputDecryptorProviderBuilder db = new JcePKCSPBEInputDecryptorProviderBuilder(); decryptorProvider = db.build(password); }