public static EncryptedValue getInstance(Object o) { if (o instanceof EncryptedValue) { return (EncryptedValue)o; } else if (o != null) { return new EncryptedValue(ASN1Sequence.getInstance(o)); } return null; }
addOptional(v, 0, intendedAlg); addOptional(v, 1, symmAlg); addOptional(v, 2, encSymmKey); addOptional(v, 3, keyAlg); addOptional(v, 4, valueHint);
/** * <pre> * EncryptedKey ::= CHOICE { * encryptedValue EncryptedValue, -- deprecated * envelopedData [0] EnvelopedData } * -- The encrypted private key MUST be placed in the envelopedData * -- encryptedContentInfo encryptedContent OCTET STRING. * </pre> */ public ASN1Primitive toASN1Primitive() { if (encryptedValue != null) { return encryptedValue.toASN1Primitive(); } return new DERTaggedObject(false, 0, envelopedData); } }
@Override protected byte[] decrypt(EncryptedValue ev) throws Exception { AlgorithmIdentifier keyAlg = ev.getKeyAlg(); ASN1ObjectIdentifier keyOid = keyAlg.getAlgorithm(); symmKey = keyCipher.doFinal(ev.getEncSymmKey().getOctets()); } else if (requestorKey instanceof ECPrivateKey) { ASN1Sequence params = ASN1Sequence.getInstance(keyAlg.getParameters()); byte[] encSymmKey = ev.getEncSymmKey().getOctets(); AlgorithmIdentifier symmAlg = ev.getSymmAlg(); if (!symmAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_aes128_GCM)) { dataCipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(symmKey, "AES"), spec); byte[] encValue = ev.getEncValue().getOctets(); return dataCipher.doFinal(encValue); } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
private CertOrEncCert(ASN1TaggedObject tagged) { if (tagged.getTagNo() == 0) { certificate = CMPCertificate.getInstance(tagged.getObject()); } else if (tagged.getTagNo() == 1) { encryptedCert = EncryptedValue.getInstance(tagged.getObject()); } else { throw new IllegalArgumentException("unknown tag: " + tagged.getTagNo()); } }
private static byte[] decrypt(EncryptedValue ev, char[] password) throws XiSecurityException { AlgorithmIdentifier symmAlg = ev.getSymmAlg(); if (!PKCSObjectIdentifiers.id_PBES2.equals(symmAlg.getAlgorithm())) { throw new XiSecurityException("unsupported symmAlg " + symmAlg.getAlgorithm().getId()); } PBES2Parameters alg = PBES2Parameters.getInstance(symmAlg.getParameters()); PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); try { SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId()); SecretKey key; int iterations = func.getIterationCount().intValue(); key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), iterations, KEYSIZE_PROVIDER.getKeySize(encScheme), func.getPrf())); key = new SecretKeySpec(key.getEncoded(), "AES"); String cipherAlgOid = alg.getEncryptionScheme().getAlgorithm().getId(); Cipher cipher = Cipher.getInstance(cipherAlgOid); ASN1Encodable encParams = alg.getEncryptionScheme().getParameters(); GCMParameters gcmParameters = GCMParameters.getInstance(encParams); GCMParameterSpec gcmParamSpec = new GCMParameterSpec(gcmParameters.getIcvLen() * 8, gcmParameters.getNonce()); cipher.init(Cipher.DECRYPT_MODE, key, gcmParamSpec); return cipher.doFinal(ev.getEncValue().getOctets()); } catch (IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | InvalidKeySpecException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException ex) { throw new XiSecurityException("Error while decrypting the EncryptedValue", ex); } }
private static byte[] decrypt(EncryptedValue ev, PrivateKey decKey) throws XiSecurityException { AlgorithmIdentifier keyAlg = ev.getKeyAlg(); ASN1ObjectIdentifier keyOid = keyAlg.getAlgorithm(); symmKey = keyCipher.doFinal(ev.getEncSymmKey().getOctets()); } else if (decKey instanceof ECPrivateKey) { ASN1Sequence params = ASN1Sequence.getInstance(keyAlg.getParameters()); byte[] encSymmKey = ev.getEncSymmKey().getOctets(); AlgorithmIdentifier symmAlg = ev.getSymmAlg(); ASN1ObjectIdentifier symmAlgOid = symmAlg.getAlgorithm(); if (!symmAlgOid.equals(NISTObjectIdentifiers.id_aes128_GCM)) { dataCipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(symmKey, "AES"), algParams); byte[] encValue = ev.getEncValue().getOctets(); return dataCipher.doFinal(encValue); } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException
private CertOrEncCert(ASN1TaggedObject tagged) { if (tagged.getTagNo() == 0) { certificate = CMPCertificate.getInstance(tagged.getObject()); } else if (tagged.getTagNo() == 1) { encryptedCert = EncryptedValue.getInstance(tagged.getObject()); } else { throw new IllegalArgumentException("unknown tag: " + tagged.getTagNo()); } }
@Override protected byte[] decrypt(EncryptedValue ev) throws Exception { AlgorithmIdentifier symmAlg = ev.getSymmAlg(); if (!PKCSObjectIdentifiers.id_PBES2.equals(symmAlg.getAlgorithm())) { throw new Exception("unsupported symmAlg " + symmAlg.getAlgorithm().getId()); cipher.init(Cipher.DECRYPT_MODE, key, gcmParamSpec); return cipher.doFinal(ev.getEncValue().getOctets());
public static EncryptedKey getInstance(Object o) { if (o instanceof EncryptedKey) { return (EncryptedKey)o; } else if (o instanceof ASN1TaggedObject) { return new EncryptedKey(EnvelopedData.getInstance((ASN1TaggedObject)o, false)); } else if (o instanceof EncryptedValue) { return new EncryptedKey((EncryptedValue)o); } else { return new EncryptedKey(EncryptedValue.getInstance(o)); } }
public static EncryptedValue getInstance(Object o) { if (o instanceof EncryptedValue) { return (EncryptedValue)o; } else if (o != null) { return new EncryptedValue(ASN1Sequence.getInstance(o)); } return null; }
addOptional(v, 0, intendedAlg); addOptional(v, 1, symmAlg); addOptional(v, 2, encSymmKey); addOptional(v, 3, keyAlg); addOptional(v, 4, valueHint);
/** * <pre> * EncryptedKey ::= CHOICE { * encryptedValue EncryptedValue, -- deprecated * envelopedData [0] EnvelopedData } * -- The encrypted private key MUST be placed in the envelopedData * -- encryptedContentInfo encryptedContent OCTET STRING. * </pre> */ public ASN1Primitive toASN1Primitive() { if (encryptedValue != null) { return encryptedValue.toASN1Primitive(); } return new DERTaggedObject(false, 0, envelopedData); } }
public static EncryptedKey getInstance(Object o) { if (o instanceof EncryptedKey) { return (EncryptedKey)o; } else if (o instanceof ASN1TaggedObject) { return new EncryptedKey(EnvelopedData.getInstance((ASN1TaggedObject)o, false)); } else if (o instanceof EncryptedValue) { return new EncryptedKey((EncryptedValue)o); } else { return new EncryptedKey(EncryptedValue.getInstance(o)); } }
AlgorithmIdentifier symmAlg = new AlgorithmIdentifier(symmAlgOid, params); encKey = new EncryptedValue(intendedAlg, symmAlg, new DERBitString(encSymmKey), keyAlg, null, new DERBitString(encValue)); } else { new EncryptionScheme(encAlgOid, new GCMParameters(nonce, tagByteLen)))); encKey = new EncryptedValue(intendedAlg, symmAlg, null, null, null, new DERBitString(encValue));
private CertifiedKeyPair(ASN1Sequence seq) { certOrEncCert = CertOrEncCert.getInstance(seq.getObjectAt(0)); if (seq.size() >= 2) { if (seq.size() == 2) { ASN1TaggedObject tagged = ASN1TaggedObject.getInstance(seq.getObjectAt(1)); if (tagged.getTagNo() == 0) { privateKey = EncryptedValue.getInstance(tagged.getObject()); } else { publicationInfo = PKIPublicationInfo.getInstance(tagged.getObject()); } } else { privateKey = EncryptedValue.getInstance(ASN1TaggedObject.getInstance(seq.getObjectAt(1))); publicationInfo = PKIPublicationInfo.getInstance(ASN1TaggedObject.getInstance(seq.getObjectAt(2))); } } }
private CertifiedKeyPair(ASN1Sequence seq) { certOrEncCert = CertOrEncCert.getInstance(seq.getObjectAt(0)); if (seq.size() >= 2) { if (seq.size() == 2) { ASN1TaggedObject tagged = ASN1TaggedObject.getInstance(seq.getObjectAt(1)); if (tagged.getTagNo() == 0) { privateKey = EncryptedValue.getInstance(tagged.getObject()); } else { publicationInfo = PKIPublicationInfo.getInstance(tagged.getObject()); } } else { privateKey = EncryptedValue.getInstance(ASN1TaggedObject.getInstance(seq.getObjectAt(1)).getObject()); publicationInfo = PKIPublicationInfo.getInstance(ASN1TaggedObject.getInstance(seq.getObjectAt(2)).getObject()); } } }