Java Code Examples for java.security.spec.MGF1ParameterSpec#SHA256

The following examples show how to use java.security.spec.MGF1ParameterSpec#SHA256 . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RsaUsingShaAlgorithm.java    From Jose4j with Apache License 2.0 5 votes vote down vote up
public RsaPssSha256()
{
    super(AlgorithmIdentifiers.RSA_PSS_USING_SHA256, "SHA256withRSAandMGF1");
    MGF1ParameterSpec mgf1pec = MGF1ParameterSpec.SHA256;
    PSSParameterSpec pssSpec = new PSSParameterSpec(mgf1pec.getDigestAlgorithm(), MGF1, mgf1pec, 32, TRAILER);
    setAlgorithmParameterSpec(pssSpec);
}
 
Example 2
Source File: EncryptAsymmetric.java    From java-docs-samples with Apache License 2.0 5 votes vote down vote up
public void encryptAsymmetric(
    String projectId,
    String locationId,
    String keyRingId,
    String keyId,
    String keyVersionId,
    String plaintext)
    throws IOException, GeneralSecurityException {
  // Initialize client that will be used to send requests. This client only
  // needs to be created once, and can be reused for multiple requests. After
  // completing all of your requests, call the "close" method on the client to
  // safely clean up any remaining background resources.
  try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
    // Build the key version name from the project, location, key ring, key,
    // and key version.
    CryptoKeyVersionName keyVersionName =
        CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);

    // Get the public key.
    PublicKey publicKey = client.getPublicKey(keyVersionName);

    // Convert the public PEM key to a DER key (see helper below).
    byte[] derKey = convertPemToDer(publicKey.getPem());
    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
    java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);

    // Encrypt plaintext for the 'RSA_DECRYPT_OAEP_2048_SHA256' key.
    // For other key algorithms:
    // https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html
    Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
    OAEPParameterSpec oaepParams =
        new OAEPParameterSpec(
            "SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
    cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams);
    byte[] ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
    System.out.printf("Ciphertext: %s%n", ciphertext);
  }
}
 
Example 3
Source File: SnippetsIT.java    From java-docs-samples with Apache License 2.0 5 votes vote down vote up
@Test
public void testDecryptAsymmetric() throws IOException, GeneralSecurityException {
  String plaintext = "my message";
  byte[] ciphertext;

  try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
    CryptoKeyVersionName keyVersionName =
        CryptoKeyVersionName.of(
            PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_DECRYPT_KEY_ID, "1");
    PublicKey publicKey = client.getPublicKey(keyVersionName);

    byte[] derKey = convertPemToDer(publicKey.getPem());
    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
    java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);

    Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
    OAEPParameterSpec oaepParams =
        new OAEPParameterSpec(
            "SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
    cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams);
    ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
  }

  new DecryptAsymmetric()
      .decryptAsymmetric(
          PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_DECRYPT_KEY_ID, "1", ciphertext);
  assertThat(stdOut.toString()).contains("my message");
}
 
Example 4
Source File: Encryption.java    From bisq with GNU Affero General Public License v3.0 5 votes vote down vote up
public static byte[] encryptSecretKey(SecretKey secretKey, PublicKey publicKey) throws CryptoException {
    try {
        Cipher cipher = Cipher.getInstance(ASYM_CIPHER);
        OAEPParameterSpec oaepParameterSpec = new OAEPParameterSpec("SHA-256", "MGF1",
                MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
        cipher.init(Cipher.WRAP_MODE, publicKey, oaepParameterSpec);
        return cipher.wrap(secretKey);
    } catch (Throwable e) {
        log.error("Couldn't encrypt payload", e);
        throw new CryptoException("Couldn't encrypt payload");
    }
}
 
Example 5
Source File: Encryption.java    From bisq with GNU Affero General Public License v3.0 5 votes vote down vote up
public static SecretKey decryptSecretKey(byte[] encryptedSecretKey, PrivateKey privateKey) throws CryptoException {
    try {
        Cipher cipher = Cipher.getInstance(ASYM_CIPHER);
        OAEPParameterSpec oaepParameterSpec = new OAEPParameterSpec("SHA-256", "MGF1",
                MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
        cipher.init(Cipher.UNWRAP_MODE, privateKey, oaepParameterSpec);
        return (SecretKey) cipher.unwrap(encryptedSecretKey, "AES", Cipher.SECRET_KEY);
    } catch (Throwable e) {
        // errors when trying to decrypt foreign network_messages are normal
        throw new CryptoException(e);
    }
}
 
Example 6
Source File: PSSParameters.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
@Override
protected void engineInit(byte[] encoded) throws IOException {
    // first initialize with the DEFAULT values before
    // retrieving from the encoding bytes
    String mdName = DEFAULT.getDigestAlgorithm();
    MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec) DEFAULT.getMGFParameters();
    int saltLength = DEFAULT.getSaltLength();
    int trailerField = DEFAULT.getTrailerField();

    DerInputStream der = new DerInputStream(encoded);
    DerValue[] datum = der.getSequence(4);

    for (DerValue d : datum) {
        if (d.isContextSpecific((byte) 0x00)) {
            // hash algid
            mdName = AlgorithmId.parse
                (d.data.getDerValue()).getName();
        } else if (d.isContextSpecific((byte) 0x01)) {
            // mgf algid
            AlgorithmId val = AlgorithmId.parse(d.data.getDerValue());
            if (!val.getOID().equals(AlgorithmId.mgf1_oid)) {
                throw new IOException("Only MGF1 mgf is supported");
            }
            AlgorithmId params = AlgorithmId.parse(
                new DerValue(val.getEncodedParams()));
            String mgfDigestName = params.getName();
            switch (mgfDigestName) {
            case "SHA-1":
                mgfSpec = MGF1ParameterSpec.SHA1;
                break;
            case "SHA-224":
                mgfSpec = MGF1ParameterSpec.SHA224;
                break;
            case "SHA-256":
                mgfSpec = MGF1ParameterSpec.SHA256;
                break;
            case "SHA-384":
                mgfSpec = MGF1ParameterSpec.SHA384;
                break;
            case "SHA-512":
                mgfSpec = MGF1ParameterSpec.SHA512;
                break;
            case "SHA-512/224":
                mgfSpec = MGF1ParameterSpec.SHA512_224;
                break;
            case "SHA-512/256":
                mgfSpec = MGF1ParameterSpec.SHA512_256;
                break;
            default:
                throw new IOException
                    ("Unrecognized message digest algorithm " +
                    mgfDigestName);
            }
        } else if (d.isContextSpecific((byte) 0x02)) {
            // salt length
            saltLength = d.data.getDerValue().getInteger();
            if (saltLength < 0) {
                throw new IOException("Negative value for saltLength");
            }
        } else if (d.isContextSpecific((byte) 0x03)) {
            // trailer field
            trailerField = d.data.getDerValue().getInteger();
            if (trailerField != 1) {
                throw new IOException("Unsupported trailerField value " +
                trailerField);
            }
        } else {
            throw new IOException("Invalid encoded PSSParameters");
        }
    }

    this.spec = new PSSParameterSpec(mdName, "MGF1", mgfSpec,
            saltLength, trailerField);
}
 
Example 7
Source File: PSSParameters.java    From Bytecoder with Apache License 2.0 4 votes vote down vote up
@Override
protected void engineInit(byte[] encoded) throws IOException {
    // first initialize with the DEFAULT values before
    // retrieving from the encoding bytes
    String mdName = DEFAULT.getDigestAlgorithm();
    MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec) DEFAULT.getMGFParameters();
    int saltLength = DEFAULT.getSaltLength();
    int trailerField = DEFAULT.getTrailerField();

    DerInputStream der = new DerInputStream(encoded);
    DerValue[] datum = der.getSequence(4);

    for (DerValue d : datum) {
        if (d.isContextSpecific((byte) 0x00)) {
            // hash algid
            mdName = AlgorithmId.parse
                (d.data.getDerValue()).getName();
        } else if (d.isContextSpecific((byte) 0x01)) {
            // mgf algid
            AlgorithmId val = AlgorithmId.parse(d.data.getDerValue());
            if (!val.getOID().equals(AlgorithmId.mgf1_oid)) {
                throw new IOException("Only MGF1 mgf is supported");
            }
            AlgorithmId params = AlgorithmId.parse(
                new DerValue(val.getEncodedParams()));
            String mgfDigestName = params.getName();
            switch (mgfDigestName) {
            case "SHA-1":
                mgfSpec = MGF1ParameterSpec.SHA1;
                break;
            case "SHA-224":
                mgfSpec = MGF1ParameterSpec.SHA224;
                break;
            case "SHA-256":
                mgfSpec = MGF1ParameterSpec.SHA256;
                break;
            case "SHA-384":
                mgfSpec = MGF1ParameterSpec.SHA384;
                break;
            case "SHA-512":
                mgfSpec = MGF1ParameterSpec.SHA512;
                break;
            case "SHA-512/224":
                mgfSpec = MGF1ParameterSpec.SHA512_224;
                break;
            case "SHA-512/256":
                mgfSpec = MGF1ParameterSpec.SHA512_256;
                break;
            default:
                throw new IOException
                    ("Unrecognized message digest algorithm " +
                    mgfDigestName);
            }
        } else if (d.isContextSpecific((byte) 0x02)) {
            // salt length
            saltLength = d.data.getDerValue().getInteger();
            if (saltLength < 0) {
                throw new IOException("Negative value for saltLength");
            }
        } else if (d.isContextSpecific((byte) 0x03)) {
            // trailer field
            trailerField = d.data.getDerValue().getInteger();
            if (trailerField != 1) {
                throw new IOException("Unsupported trailerField value " +
                trailerField);
            }
        } else {
            throw new IOException("Invalid encoded PSSParameters");
        }
    }

    this.spec = new PSSParameterSpec(mdName, "MGF1", mgfSpec,
            saltLength, trailerField);
}
 
Example 8
Source File: PSSParameters.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
@Override
protected void engineInit(byte[] encoded) throws IOException {
    // first initialize with the DEFAULT values before
    // retrieving from the encoding bytes
    String mdName = DEFAULT.getDigestAlgorithm();
    MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec) DEFAULT.getMGFParameters();
    int saltLength = DEFAULT.getSaltLength();
    int trailerField = DEFAULT.getTrailerField();

    DerInputStream der = new DerInputStream(encoded);
    DerValue[] datum = der.getSequence(4);

    for (DerValue d : datum) {
        if (d.isContextSpecific((byte) 0x00)) {
            // hash algid
            mdName = AlgorithmId.parse
                (d.data.getDerValue()).getName();
        } else if (d.isContextSpecific((byte) 0x01)) {
            // mgf algid
            AlgorithmId val = AlgorithmId.parse(d.data.getDerValue());
            if (!val.getOID().equals(AlgorithmId.mgf1_oid)) {
                throw new IOException("Only MGF1 mgf is supported");
            }
            AlgorithmId params = AlgorithmId.parse(
                new DerValue(val.getEncodedParams()));
            String mgfDigestName = params.getName();
            switch (mgfDigestName) {
            case "SHA-1":
                mgfSpec = MGF1ParameterSpec.SHA1;
                break;
            case "SHA-224":
                mgfSpec = MGF1ParameterSpec.SHA224;
                break;
            case "SHA-256":
                mgfSpec = MGF1ParameterSpec.SHA256;
                break;
            case "SHA-384":
                mgfSpec = MGF1ParameterSpec.SHA384;
                break;
            case "SHA-512":
                mgfSpec = MGF1ParameterSpec.SHA512;
                break;
            case "SHA-512/224":
                mgfSpec = MGF1ParameterSpec.SHA512_224;
                break;
            case "SHA-512/256":
                mgfSpec = MGF1ParameterSpec.SHA512_256;
                break;
            default:
                throw new IOException
                    ("Unrecognized message digest algorithm " +
                    mgfDigestName);
            }
        } else if (d.isContextSpecific((byte) 0x02)) {
            // salt length
            saltLength = d.data.getDerValue().getInteger();
            if (saltLength < 0) {
                throw new IOException("Negative value for saltLength");
            }
        } else if (d.isContextSpecific((byte) 0x03)) {
            // trailer field
            trailerField = d.data.getDerValue().getInteger();
            if (trailerField != 1) {
                throw new IOException("Unsupported trailerField value " +
                trailerField);
            }
        } else {
            throw new IOException("Invalid encoded PSSParameters");
        }
    }

    this.spec = new PSSParameterSpec(mdName, "MGF1", mgfSpec,
            saltLength, trailerField);
}
 
Example 9
Source File: RsaJceKeyCipher.java    From aws-encryption-sdk-java with Apache License 2.0 4 votes vote down vote up
RsaJceKeyCipher(PublicKey wrappingKey, PrivateKey unwrappingKey, String transformation) {
    super(wrappingKey, unwrappingKey);

    final Matcher matcher = SUPPORTED_TRANSFORMATIONS.matcher(transformation);
    if (matcher.matches()) {
        final String hashUnknownCase = matcher.group(1);
        if (hashUnknownCase != null) {
            // OAEP mode a.k.a PKCS #1v2
            final String hash = hashUnknownCase.toUpperCase();
            transformation_ = "RSA/ECB/OAEPPadding";

            final MGF1ParameterSpec mgf1Spec;
            switch (hash) {
                case "SHA-1":
                    mgf1Spec = MGF1ParameterSpec.SHA1;
                    break;
                case "SHA-224":
                    LOGGER.warning(transformation + " is not officially supported by the JceMasterKey");
                    mgf1Spec = MGF1ParameterSpec.SHA224;
                    break;
                case "SHA-256":
                    mgf1Spec = MGF1ParameterSpec.SHA256;
                    break;
                case "SHA-384":
                    mgf1Spec = MGF1ParameterSpec.SHA384;
                    break;
                case "SHA-512":
                    mgf1Spec = MGF1ParameterSpec.SHA512;
                    break;
                default:
                    throw new IllegalArgumentException("Unsupported algorithm: " + transformation);
            }
            parameterSpec_ = new OAEPParameterSpec(hash, "MGF1", mgf1Spec, PSource.PSpecified.DEFAULT);
        } else {
            // PKCS #1 v1.x
            transformation_ = transformation;
            parameterSpec_ = null;
        }
    } else {
        LOGGER.warning(transformation + " is not officially supported by the JceMasterKey");
        // Unsupported transformation, just use exactly what we are given
        transformation_ = transformation;
        parameterSpec_ = null;
    }
}
 
Example 10
Source File: RsaTest.java    From http-signatures-java with Apache License 2.0 4 votes vote down vote up
@Test
public void rsaSsaPss() throws Exception {
    final Algorithm algorithm = Algorithm.RSA_PSS;
    final AlgorithmParameterSpec spec = new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1);
    final Signer signer = new Signer(privateKey,
            new Signature("some-key-1", SigningAlgorithm.HS2019, algorithm, spec, null, Arrays.asList("date")));

    final Signature signature = signer.sign(method, uri, headers);
    // The RSASSA-PSS signature is non-deterministic, the value of the signature will be different
    // every time a signature is generated.
    final Verifier verifier = new Verifier(publicKey, signature);
    boolean verifies = verifier.verify(method, uri, headers);
    assertTrue(verifies);
}