Java tutorial
/**************************************************************** * Licensed to the AOS Community (AOS) under one or more * * contributor license agreements. See the NOTICE file * * distributed with this work for additional information * * regarding copyright ownership. The AOS licenses this file * * to you under the Apache License, Version 2.0 (the * * "License"); you may not use this file except in compliance * * with the License. You may obtain a copy of the License at * * * * http://www.apache.org/licenses/LICENSE-2.0 * * * * Unless required by applicable law or agreed to in writing, * * software distributed under the License is distributed on an * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * * KIND, either express or implied. See the License for the * * specific language governing permissions and limitations * * under the License. * ****************************************************************/ package io.aos.crypto.spl05; import io.aos.crypto.spl04.Utils; import java.security.*; import java.security.spec.PKCS8EncodedKeySpec; import javax.crypto.Cipher; import javax.crypto.EncryptedPrivateKeyInfo; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.util.ASN1Dump; /** * Simple example showing how to use PBE and an EncryptedPrivateKeyInfo object. */ public class EncryptedPrivateKeyInfoExample { public static void main(String[] args) throws Exception { // generate a key pair KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC"); kpg.initialize(128, Utils.createFixedRandom()); KeyPair pair = kpg.generateKeyPair(); // wrapping step char[] password = "hello".toCharArray(); byte[] salt = new byte[20]; int iCount = 100; String pbeAlgorithm = "PBEWithSHAAnd3-KeyTripleDES-CBC"; PBEKeySpec pbeKeySpec = new PBEKeySpec(password, salt, iCount); SecretKeyFactory secretKeyFact = SecretKeyFactory.getInstance(pbeAlgorithm, "BC"); Cipher cipher = Cipher.getInstance(pbeAlgorithm, "BC"); cipher.init(Cipher.WRAP_MODE, secretKeyFact.generateSecret(pbeKeySpec)); byte[] wrappedKey = cipher.wrap(pair.getPrivate()); System.out.println( ASN1Dump.dumpAsString(new ASN1InputStream(cipher.getParameters().getEncoded()).readObject())); // create carrier EncryptedPrivateKeyInfo pInfo = new EncryptedPrivateKeyInfo(cipher.getParameters(), wrappedKey); // unwrapping step - note we only use the password pbeKeySpec = new PBEKeySpec(password); cipher = Cipher.getInstance(pInfo.getAlgName(), "BC"); cipher.init(Cipher.DECRYPT_MODE, secretKeyFact.generateSecret(pbeKeySpec), pInfo.getAlgParameters()); PKCS8EncodedKeySpec pkcs8Spec = pInfo.getKeySpec(cipher); KeyFactory keyFact = KeyFactory.getInstance("RSA", "BC"); PrivateKey privKey = keyFact.generatePrivate(pkcs8Spec); ASN1InputStream aIn = new ASN1InputStream(pkcs8Spec.getEncoded()); PrivateKeyInfo info = PrivateKeyInfo.getInstance(aIn.readObject()); System.out.println(ASN1Dump.dumpAsString(info)); System.out.println(ASN1Dump.dumpAsString(info.getPrivateKey())); if (privKey.equals(pair.getPrivate())) { System.out.println("key recovery successful"); } else { System.out.println("key recovery failed"); } } }