java.security.KeyStore.SecretKeyEntry Java Examples

The following examples show how to use java.security.KeyStore.SecretKeyEntry. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ApplicationKeyStorage.java    From android_9.0.0_r45 with Apache License 2.0 6 votes vote down vote up
public void setSymmetricKeyEntry(int userId, int uid, String alias, byte[] secretKey)
        throws KeyStoreException {
    Log.i(TAG, String.format(Locale.US, "Set %d/%d/%s: %d bytes of key material",
            userId, uid, alias, secretKey.length));
    try {
        mKeyStore.setEntry(
            getInternalAlias(userId, uid, alias),
            new SecretKeyEntry(
                new SecretKeySpec(secretKey, KeyProperties.KEY_ALGORITHM_AES)),
            new KeyProtection.Builder(
                    KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
                .build());
    } catch (KeyStoreException e) {
        throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());
    }
}
 
Example #2
Source File: KeyStoreCredentialResolver.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Build a credential instance from the key store entry.
 * 
 * @param keyStoreEntry the key store entry to process
 * @param entityID the entityID to include in the credential
 * @param usage the usage type to include in the credential
 * @return the new credential instance, appropriate to the type of key store entry being processed
 * @throws SecurityException throw if there is a problem building a credential from the key store entry
 */
protected Credential buildCredential(KeyStore.Entry keyStoreEntry, String entityID, UsageType usage)
        throws SecurityException {

    log.debug("Building credential from keystore entry for entityID {}, usage type {}", entityID, usage);

    Credential credential = null;
    if (keyStoreEntry instanceof KeyStore.PrivateKeyEntry) {
        credential = processPrivateKeyEntry((KeyStore.PrivateKeyEntry) keyStoreEntry, entityID, keystoreUsage);
    } else if (keyStoreEntry instanceof KeyStore.TrustedCertificateEntry) {
        credential = processTrustedCertificateEntry((KeyStore.TrustedCertificateEntry) keyStoreEntry, entityID,
                keystoreUsage);
    } else if (keyStoreEntry instanceof KeyStore.SecretKeyEntry) {
        credential = processSecretKeyEntry((KeyStore.SecretKeyEntry) keyStoreEntry, entityID, keystoreUsage);
    } else {
        throw new SecurityException("KeyStore entry was of an unsupported type: "
                + keyStoreEntry.getClass().getName());
    }
    return credential;
}
 
Example #3
Source File: KeyStoreMaterialsProvider.java    From aws-dynamodb-encryption-java with Apache License 2.0 6 votes vote down vote up
public CurrentMaterials(Entry encryptionEntry, Entry signingEntry) {
    super();
    this.encryptionEntry = encryptionEntry;
    this.signingEntry = signingEntry;

    if (encryptionEntry instanceof SecretKeyEntry) {
        if (signingEntry instanceof SecretKeyEntry) {
            this.symRawMaterials = new SymmetricRawMaterials(
                    ((SecretKeyEntry) encryptionEntry).getSecretKey(),
                    ((SecretKeyEntry) signingEntry).getSecretKey(),
                    description);
        } else {
            this.symRawMaterials = new SymmetricRawMaterials(
                    ((SecretKeyEntry) encryptionEntry).getSecretKey(),
                    entry2Pair(signingEntry),
                    description);
        }
    } else {
        this.symRawMaterials = null;
    }
}
 
Example #4
Source File: KeyStoreMaterialsProvider.java    From aws-dynamodb-encryption-java with Apache License 2.0 6 votes vote down vote up
@Override
public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) {
    CurrentMaterials materials = currMaterials.get();
    if (context.getMaterialDescription().entrySet().containsAll(description.entrySet())) {
        if (materials.encryptionEntry instanceof SecretKeyEntry) {
            return materials.symRawMaterials;
        } else {
            try {
                return makeAsymMaterials(materials, context.getMaterialDescription());
            } catch (GeneralSecurityException ex) {
                throw new DynamoDBMappingException("Unable to decrypt envelope key", ex);
            }
        }
    } else {
        return null;
    }
}
 
Example #5
Source File: KeyStoreMaterialsProvider.java    From aws-dynamodb-encryption-java with Apache License 2.0 6 votes vote down vote up
@Override
public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) {
    CurrentMaterials materials = currMaterials.get();
    if (context.getMaterialDescription().entrySet().containsAll(description.entrySet())) {
        if (materials.encryptionEntry instanceof SecretKeyEntry) {
            return materials.symRawMaterials;
        } else {
            try {
                return makeAsymMaterials(materials, context.getMaterialDescription());
            } catch (GeneralSecurityException ex) {
                throw new DynamoDbEncryptionException("Unable to decrypt envelope key", ex);
            }
        }
    } else {
        return null;
    }
}
 
Example #6
Source File: KeyStoreMaterialsProvider.java    From aws-dynamodb-encryption-java with Apache License 2.0 6 votes vote down vote up
public CurrentMaterials(Entry encryptionEntry, Entry signingEntry) {
    super();
    this.encryptionEntry = encryptionEntry;
    this.signingEntry = signingEntry;

    if (encryptionEntry instanceof SecretKeyEntry) {
        if (signingEntry instanceof SecretKeyEntry) {
            this.symRawMaterials = new SymmetricRawMaterials(
                    ((SecretKeyEntry) encryptionEntry).getSecretKey(),
                    ((SecretKeyEntry) signingEntry).getSecretKey(),
                    description);
        } else {
            this.symRawMaterials = new SymmetricRawMaterials(
                    ((SecretKeyEntry) encryptionEntry).getSecretKey(),
                    entry2Pair(signingEntry),
                    description);
        }
    } else {
        this.symRawMaterials = null;
    }
}
 
Example #7
Source File: KeyStoreMaterialsProvider.java    From aws-dynamodb-encryption-java with Apache License 2.0 5 votes vote down vote up
@Override
public EncryptionMaterials getEncryptionMaterials(EncryptionContext context) {
    CurrentMaterials materials = currMaterials.get();
    if (materials.encryptionEntry instanceof SecretKeyEntry) {
        return materials.symRawMaterials;
    } else {
        try {
            return makeAsymMaterials(materials, description);
        } catch (GeneralSecurityException ex) {
            throw new DynamoDBMappingException("Unable to encrypt envelope key", ex);
        }
    }
}
 
Example #8
Source File: KeyStoreMaterialsProviderTest.java    From aws-dynamodb-encryption-java with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUpBeforeClass() throws Exception {
    
    KeyGenerator macGen = KeyGenerator.getInstance("HmacSHA256");
    macGen.init(256, Utils.getRng());
    macKey = macGen.generateKey();
    
    KeyGenerator aesGen = KeyGenerator.getInstance("AES");
    aesGen.init(128, Utils.getRng());
    encryptionKey = aesGen.generateKey();
    
    keyStore = KeyStore.getInstance("jceks");
    keyStore.load(null, password.toCharArray());
    
    KeyFactory kf = KeyFactory.getInstance("RSA");
    PKCS8EncodedKeySpec rsaSpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(keyPem));
    privateKey = kf.generatePrivate(rsaSpec);
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    certificate = cf.generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(certPem)));
    
    
    keyStore.setEntry("enc", new SecretKeyEntry(encryptionKey), passwordProtection);
    keyStore.setEntry("sig", new SecretKeyEntry(macKey), passwordProtection);
    keyStore.setEntry("enc-a", new PrivateKeyEntry(privateKey, new Certificate[] {certificate}), passwordProtection);
    keyStore.setEntry("sig-a", new PrivateKeyEntry(privateKey, new Certificate[] {certificate}), passwordProtection);
    keyStore.setCertificateEntry("trustedCert", certificate);
}
 
Example #9
Source File: KeyStoreMaterialsProvider.java    From aws-dynamodb-encryption-java with Apache License 2.0 5 votes vote down vote up
private AsymmetricRawMaterials makeAsymMaterials(CurrentMaterials materials,
        Map<String, String> description) throws GeneralSecurityException {
    KeyPair encryptionPair = entry2Pair(materials.encryptionEntry);
    if (materials.signingEntry instanceof SecretKeyEntry) {
        return new AsymmetricRawMaterials(encryptionPair,
                ((SecretKeyEntry) materials.signingEntry).getSecretKey(), description);
    } else {
        return new AsymmetricRawMaterials(encryptionPair, entry2Pair(materials.signingEntry),
                description);
    }
}
 
Example #10
Source File: KeyStoreMaterialsProvider.java    From aws-dynamodb-encryption-java with Apache License 2.0 5 votes vote down vote up
@Override
public EncryptionMaterials getEncryptionMaterials(EncryptionContext context) {
    CurrentMaterials materials = currMaterials.get();
    if (materials.encryptionEntry instanceof SecretKeyEntry) {
        return materials.symRawMaterials;
    } else {
        try {
            return makeAsymMaterials(materials, description);
        } catch (GeneralSecurityException ex) {
            throw new DynamoDbEncryptionException("Unable to encrypt envelope key", ex);
        }
    }
}
 
Example #11
Source File: KeyStoreMaterialsProviderTest.java    From aws-dynamodb-encryption-java with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUpBeforeClass() throws Exception {

    KeyGenerator macGen = KeyGenerator.getInstance("HmacSHA256");
    macGen.init(256, Utils.getRng());
    macKey = macGen.generateKey();

    KeyGenerator aesGen = KeyGenerator.getInstance("AES");
    aesGen.init(128, Utils.getRng());
    encryptionKey = aesGen.generateKey();

    keyStore = KeyStore.getInstance("jceks");
    keyStore.load(null, password.toCharArray());

    KeyFactory kf = KeyFactory.getInstance("RSA");
    PKCS8EncodedKeySpec rsaSpec = new PKCS8EncodedKeySpec(Base64.decode(keyPem));
    privateKey = kf.generatePrivate(rsaSpec);
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    certificate = cf.generateCertificate(new ByteArrayInputStream(Base64.decode(certPem)));


    keyStore.setEntry("enc", new SecretKeyEntry(encryptionKey), passwordProtection);
    keyStore.setEntry("sig", new SecretKeyEntry(macKey), passwordProtection);
    keyStore.setEntry("enc-a", new PrivateKeyEntry(privateKey, new Certificate[]{certificate}), passwordProtection);
    keyStore.setEntry("sig-a", new PrivateKeyEntry(privateKey, new Certificate[]{certificate}), passwordProtection);
    keyStore.setCertificateEntry("trustedCert", certificate);
}
 
Example #12
Source File: KeyStoreMaterialsProvider.java    From aws-dynamodb-encryption-java with Apache License 2.0 5 votes vote down vote up
private AsymmetricRawMaterials makeAsymMaterials(CurrentMaterials materials,
        Map<String, String> description) throws GeneralSecurityException {
    KeyPair encryptionPair = entry2Pair(materials.encryptionEntry);
    if (materials.signingEntry instanceof SecretKeyEntry) {
        return new AsymmetricRawMaterials(encryptionPair,
                ((SecretKeyEntry) materials.signingEntry).getSecretKey(), description);
    } else {
        return new AsymmetricRawMaterials(encryptionPair, entry2Pair(materials.signingEntry),
                description);
    }
}
 
Example #13
Source File: Main.java    From fido2 with GNU Lesser General Public License v2.1 5 votes vote down vote up
private static void listaccesskeys(String keystorelocation, String password) throws Exception {
    KeyStore keystore = KeyStore.getInstance("BCFKS", BC_FIPS_PROVIDER);
    keystore.load(new FileInputStream(keystorelocation), password.toCharArray());
    java.util.SortedSet<String> hsmobj = new java.util.TreeSet<>();
    for (Enumeration<String> e = keystore.aliases(); e.hasMoreElements();) {
        hsmobj.add(e.nextElement());
    }
    System.out.println("===> Objects in keystore:");
    for (String s : hsmobj) {
        if (keystore.entryInstanceOf(s, SecretKeyEntry.class)) {
            System.out.println(String.format("%-24s %-20s %-48s", s, "SecretKey", "created on " + keystore.getCreationDate(s)));
        }
    }
}
 
Example #14
Source File: KeyStoreProvider.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up
private JceMasterKey internalGetMasterKey(final String provider, final String keyId) {
    final Entry entry;
    try {
        entry = keystore_.getEntry(keyId, keystore_.isKeyEntry(keyId) ? protection_ : null);
    } catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) {
        throw new UnsupportedProviderException(e);
    }
    if (entry == null) {
        throw new NoSuchMasterKeyException();
    }
    if (entry instanceof SecretKeyEntry) {
        final SecretKeyEntry skEntry = (SecretKeyEntry) entry;
        if (!skEntry.getSecretKey().getAlgorithm().equals(keyAlgorithm_)) {
            return null;
        }
        return JceMasterKey.getInstance(skEntry.getSecretKey(), provider, keyId, wrappingAlgorithm_);
    } else if (entry instanceof PrivateKeyEntry) {
        final PrivateKeyEntry pkEntry = (PrivateKeyEntry) entry;
        if (!pkEntry.getPrivateKey().getAlgorithm().equals(keyAlgorithm_)) {
            return null;
        }
        return JceMasterKey.getInstance(pkEntry.getCertificate().getPublicKey(), pkEntry.getPrivateKey(), provider,
                keyId, wrappingAlgorithm_);
    } else if (entry instanceof TrustedCertificateEntry) {
        final TrustedCertificateEntry certEntry = (TrustedCertificateEntry) entry;
        if (!certEntry.getTrustedCertificate().getPublicKey().getAlgorithm().equals(keyAlgorithm_)) {
            return null;
        }
        return JceMasterKey.getInstance(certEntry.getTrustedCertificate().getPublicKey(), null, provider, keyId,
                wrappingAlgorithm_);
    } else {
        throw new NoSuchMasterKeyException();
    }
}
 
Example #15
Source File: ECKeyStore.java    From balzac with Apache License 2.0 5 votes vote down vote up
public String addKey(PrivateKey key) throws KeyStoreException {
    String keyID = getUniqueID(key);
    SecretKey secretKey = new SecretKeySpec(key.getBytes(), "EC");
    SecretKeyEntry kEntry = new SecretKeyEntry(secretKey);
    ks.setEntry(keyID, kEntry, new PasswordProtection(password));
    netwotkTypeMap.put(keyID, key.getNetworkType());
    return keyID;
}
 
Example #16
Source File: KeyStoreCredentialResolver.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Build a Credential from a keystore secret key entry.
 * 
 * @param secretKeyEntry the entry being processed
 * @param entityID the entityID to set
 * @param usage the usage type to set
 * @return new Credential instance
 */
protected Credential processSecretKeyEntry(SecretKeyEntry secretKeyEntry, String entityID, UsageType usage) {
    log.debug("Processing SecretKeyEntry from keystore");

    BasicCredential credential = new BasicCredential();
    credential.setEntityId(entityID);
    credential.setUsageType(usage);

    credential.setSecretKey(secretKeyEntry.getSecretKey());

    return credential;
}
 
Example #17
Source File: KeyStoreUtils.java    From presto with Apache License 2.0 5 votes vote down vote up
public static String readEntity(KeyStore keyStore, String entityAlias, String entityPassword)
        throws GeneralSecurityException
{
    SecretKeyEntry secretKeyEntry = (SecretKeyEntry) keyStore.getEntry(entityAlias, new PasswordProtection(entityPassword.toCharArray()));

    SecretKeyFactory factory = SecretKeyFactory.getInstance("PBE");
    PBEKeySpec keySpec = (PBEKeySpec) factory.getKeySpec(secretKeyEntry.getSecretKey(), PBEKeySpec.class);

    return new String(keySpec.getPassword());
}