OAEPParameterSpec oaepParams = new OAEPParameterSpec( "SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT); cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams);
public RsaOaep256() { super("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", KeyManagementAlgorithmIdentifiers.RSA_OAEP_256); setAlgorithmParameterSpec(new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT)); }
private void initEncodeCipher(Cipher cipher, String alias, KeyStore keyStore) throws PFSecurityException { try { final PublicKey key = keyStore.getCertificate(alias).getPublicKey(); final PublicKey unrestricted = KeyFactory.getInstance(key.getAlgorithm()).generatePublic( new X509EncodedKeySpec(key.getEncoded())); final OAEPParameterSpec spec = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); cipher.init(Cipher.ENCRYPT_MODE, unrestricted, spec); } catch (KeyStoreException | InvalidKeySpecException | NoSuchAlgorithmException | InvalidKeyException | InvalidAlgorithmParameterException e) { throw new PFSecurityException("Can not initialize Encode Cipher:" + e.getMessage()); } }
private static OAEPParameterSpec getOAEPParameterSpec(String algorithm, String oaepHashingAlgorithm) { if (algorithm.contains("OAEPWith")) { //OAEPWith<digest>And<mgf>Padding // String template = "OAEPWith<digest>And<mgf>Padding"; int startDigest = algorithm.indexOf("OAEPWith") + 8; int endDigest = algorithm.indexOf("And"); int startPadding = endDigest + 3; int endPadding = algorithm.indexOf("Padding"); String digest = algorithm.substring(startDigest, endDigest); String padding = algorithm.substring(startPadding, endPadding); if (oaepHashingAlgorithm != null) { return new OAEPParameterSpec(digest, padding, new MGF1ParameterSpec(oaepHashingAlgorithm), PSource.PSpecified.DEFAULT); } else { return new OAEPParameterSpec(digest, padding, new MGF1ParameterSpec(digest), PSource.PSpecified.DEFAULT); } } return null; }
/** * Encrypts the specified Content Encryption Key (CEK). * * @param pub The public RSA key. Must not be {@code null}. * @param cek The Content Encryption Key (CEK) to encrypt. Must not be {@code null}. * * @return The encrypted Content Encryption Key (CEK). * * @throws RuntimeException If encryption failed. */ public static byte[] encryptCEK(final RSAPublicKey pub, final SecretKey cek) { try { AlgorithmParameters algp = AlgorithmParameters.getInstance("OAEP", new BouncyCastleProvider()); AlgorithmParameterSpec paramSpec = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT); algp.init(paramSpec); Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", new BouncyCastleProvider()); cipher.init(Cipher.ENCRYPT_MODE, pub, algp); return cipher.doFinal(cek.getEncoded()); } catch (Exception e) { // java.security.NoSuchAlgorithmException // java.security.NoSuchPaddingException // java.security.InvalidKeyException // javax.crypto.IllegalBlockSizeException // javax.crypto.BadPaddingException throw new RuntimeException(e.getMessage(), e); } }
/** * Encrypts the specified Content Encryption Key (CEK). * * @param pub The public RSA key. Must not be {@code null}. * @param cek The Content Encryption Key (CEK) to encrypt. Must not be {@code null}. * * @return The encrypted Content Encryption Key (CEK). * * @throws RuntimeException If encryption failed. */ public static byte[] encryptCEK(final RSAPublicKey pub, final SecretKey cek) { try { AlgorithmParameters algp = AlgorithmParameters.getInstance("OAEP", new BouncyCastleProvider()); AlgorithmParameterSpec paramSpec = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT); algp.init(paramSpec); Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", new BouncyCastleProvider()); cipher.init(Cipher.ENCRYPT_MODE, pub, algp); return cipher.doFinal(cek.getEncoded()); } catch (Exception e) { // java.security.NoSuchAlgorithmException // java.security.NoSuchPaddingException // java.security.InvalidKeyException // javax.crypto.IllegalBlockSizeException // javax.crypto.BadPaddingException throw new RuntimeException(e.getMessage(), e); } }
/** * Decrypts the specified encrypted Content Encryption Key (CEK). * * @param priv The private RSA key. Must not be {@code null}. * @param encryptedCEK The encrypted Content Encryption Key (CEK) to decrypt. Must not be {@code null}. * * @return The decrypted Content Encryption Key (CEK). * * @throws RuntimeException If decryption failed. */ public static SecretKey decryptCEK(final RSAPrivateKey priv, final byte[] encryptedCEK) { try { AlgorithmParameters algp = AlgorithmParameters.getInstance("OAEP", new BouncyCastleProvider()); AlgorithmParameterSpec paramSpec = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT); algp.init(paramSpec); Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", new BouncyCastleProvider()); cipher.init(Cipher.DECRYPT_MODE, priv, algp); return new SecretKeySpec(cipher.doFinal(encryptedCEK), "AES"); } catch (Exception e) { // java.security.NoSuchAlgorithmException // java.security.NoSuchPaddingException // java.security.InvalidKeyException // javax.crypto.IllegalBlockSizeException // javax.crypto.BadPaddingException throw new RuntimeException(e.getMessage(), e); } }
/** * Decrypts the specified encrypted Content Encryption Key (CEK). * * @param priv The private RSA key. Must not be {@code null}. * @param encryptedCEK The encrypted Content Encryption Key (CEK) to decrypt. Must not be {@code null}. * * @return The decrypted Content Encryption Key (CEK). * * @throws RuntimeException If decryption failed. */ public static SecretKey decryptCEK(final RSAPrivateKey priv, final byte[] encryptedCEK) { try { AlgorithmParameters algp = AlgorithmParameters.getInstance("OAEP", new BouncyCastleProvider()); AlgorithmParameterSpec paramSpec = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT); algp.init(paramSpec); Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", new BouncyCastleProvider()); cipher.init(Cipher.DECRYPT_MODE, priv, algp); return new SecretKeySpec(cipher.doFinal(encryptedCEK), "AES"); } catch (Exception e) { // java.security.NoSuchAlgorithmException // java.security.NoSuchPaddingException // java.security.InvalidKeyException // javax.crypto.IllegalBlockSizeException // javax.crypto.BadPaddingException throw new RuntimeException(e.getMessage(), e); } }
AlgorithmParameterSpec paramSpec = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT); algp.init(paramSpec); Cipher cipher = CipherHelper.getInstance(RSA_OEAP_256_JCA_ALG, provider);
return new OAEPParameterSpec(jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource);
/** * Decrypts the given data using the key given. * * @param encrypted Encrypted data * @return Decrypted bytes */ public byte[] decrypt(byte[] encrypted) throws Exception { if (this.keyStoreProvider.privateKeyName() == null) { throw new CryptoProviderMissingPrivateKeyException("Asymmetric key cryptographic providers require a non-null, empty private key be configured for the alias: " + this.alias); } Cipher cipher = Cipher.getInstance(CRYPTO_ALG); OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-1", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT); cipher.init(Cipher.DECRYPT_MODE, getPrivateKey(this.keyStoreProvider.privateKeyName()), oaepParams); return cipher.doFinal(encrypted); }
AlgorithmParameterSpec paramSpec = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT); algp.init(paramSpec); Cipher cipher = CipherHelper.getInstance(RSA_OEAP_256_JCA_ALG, provider);
@Override protected AlgorithmParameters engineGetParameters() { if (!isInitialized()) { return null; } try { AlgorithmParameters params = AlgorithmParameters.getInstance("OAEP"); final PSource pSrc; if (label == null) { pSrc = PSource.PSpecified.DEFAULT; } else { pSrc = new PSource.PSpecified(label); } params.init(new OAEPParameterSpec( EvpMdRef.getJcaDigestAlgorithmStandardNameFromEVP_MD(oaepMd), EvpMdRef.MGF1_ALGORITHM_NAME, new MGF1ParameterSpec( EvpMdRef.getJcaDigestAlgorithmStandardNameFromEVP_MD(mgf1Md)), pSrc)); return params; } catch (NoSuchAlgorithmException e) { // We should not get here. throw (Error) new AssertionError("OAEP not supported").initCause(e); } catch (InvalidParameterSpecException e) { throw new RuntimeException("No providers of AlgorithmParameters.OAEP available"); } }
@Override protected AlgorithmParameters engineGetParameters() { if (!isInitialized()) { return null; } try { AlgorithmParameters params = AlgorithmParameters.getInstance("OAEP"); final PSource pSrc; if (label == null) { pSrc = PSource.PSpecified.DEFAULT; } else { pSrc = new PSource.PSpecified(label); } params.init(new OAEPParameterSpec( EvpMdRef.getJcaDigestAlgorithmStandardNameFromEVP_MD(oaepMd), EvpMdRef.MGF1_ALGORITHM_NAME, new MGF1ParameterSpec( EvpMdRef.getJcaDigestAlgorithmStandardNameFromEVP_MD(mgf1Md)), pSrc)); return params; } catch (NoSuchAlgorithmException e) { // We should not get here. throw (Error) new AssertionError("OAEP not supported").initCause(e); } catch (InvalidParameterSpecException e) { throw new RuntimeException("No providers of AlgorithmParameters.OAEP available"); } }
protected void engineInit( byte[] params) throws IOException { try { RSAESOAEPparams oaepP = RSAESOAEPparams.getInstance(params); currentSpec = new OAEPParameterSpec( oaepP.getHashAlgorithm().getAlgorithm().getId(), oaepP.getMaskGenAlgorithm().getAlgorithm().getId(), new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(oaepP.getMaskGenAlgorithm().getParameters()).getAlgorithm().getId()), new PSource.PSpecified(ASN1OctetString.getInstance(oaepP.getPSourceAlgorithm().getParameters()).getOctets())); } catch (ClassCastException e) { throw new IOException("Not a valid OAEP Parameter encoding."); } catch (ArrayIndexOutOfBoundsException e) { throw new IOException("Not a valid OAEP Parameter encoding."); } }
protected void engineInit( byte[] params) throws IOException { try { RSAESOAEPparams oaepP = RSAESOAEPparams.getInstance(params); if (!oaepP.getMaskGenAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1)) { throw new IOException("unknown mask generation function: " + oaepP.getMaskGenAlgorithm().getAlgorithm()); } currentSpec = new OAEPParameterSpec( MessageDigestUtils.getDigestName(oaepP.getHashAlgorithm().getAlgorithm()), OAEPParameterSpec.DEFAULT.getMGFAlgorithm(), new MGF1ParameterSpec(MessageDigestUtils.getDigestName(AlgorithmIdentifier.getInstance(oaepP.getMaskGenAlgorithm().getParameters()).getAlgorithm())), new PSource.PSpecified(ASN1OctetString.getInstance(oaepP.getPSourceAlgorithm().getParameters()).getOctets())); } catch (ClassCastException e) { throw new IOException("Not a valid OAEP Parameter encoding."); } catch (ArrayIndexOutOfBoundsException e) { throw new IOException("Not a valid OAEP Parameter encoding."); } }
protected void engineInit( byte[] params) throws IOException { try { RSAESOAEPparams oaepP = RSAESOAEPparams.getInstance(params); if (!oaepP.getMaskGenAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1)) { throw new IOException("unknown mask generation function: " + oaepP.getMaskGenAlgorithm().getAlgorithm()); } currentSpec = new OAEPParameterSpec( MessageDigestUtils.getDigestName(oaepP.getHashAlgorithm().getAlgorithm()), OAEPParameterSpec.DEFAULT.getMGFAlgorithm(), new MGF1ParameterSpec(MessageDigestUtils.getDigestName(AlgorithmIdentifier.getInstance(oaepP.getMaskGenAlgorithm().getParameters()).getAlgorithm())), new PSource.PSpecified(ASN1OctetString.getInstance(oaepP.getPSourceAlgorithm().getParameters()).getOctets())); } catch (ClassCastException e) { throw new IOException("Not a valid OAEP Parameter encoding."); } catch (ArrayIndexOutOfBoundsException e) { throw new IOException("Not a valid OAEP Parameter encoding."); } }
protected void engineInit( byte[] params) throws IOException { try { RSAESOAEPparams oaepP = RSAESOAEPparams.getInstance(params); currentSpec = new OAEPParameterSpec( oaepP.getHashAlgorithm().getAlgorithm().getId(), oaepP.getMaskGenAlgorithm().getAlgorithm().getId(), new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(oaepP.getMaskGenAlgorithm().getParameters()).getAlgorithm().getId()), new PSource.PSpecified(ASN1OctetString.getInstance(oaepP.getPSourceAlgorithm().getParameters()).getOctets())); } catch (ClassCastException e) { throw new IOException("Not a valid OAEP Parameter encoding."); } catch (ArrayIndexOutOfBoundsException e) { throw new IOException("Not a valid OAEP Parameter encoding."); } }
protected void engineInit( byte[] params) throws IOException { try { RSAESOAEPparams oaepP = RSAESOAEPparams.getInstance(params); currentSpec = new OAEPParameterSpec( oaepP.getHashAlgorithm().getAlgorithm().getId(), oaepP.getMaskGenAlgorithm().getAlgorithm().getId(), new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(oaepP.getMaskGenAlgorithm().getParameters()).getAlgorithm().getId()), new PSource.PSpecified(ASN1OctetString.getInstance(oaepP.getPSourceAlgorithm().getParameters()).getOctets())); } catch (ClassCastException e) { throw new IOException("Not a valid OAEP Parameter encoding."); } catch (ArrayIndexOutOfBoundsException e) { throw new IOException("Not a valid OAEP Parameter encoding."); } }
protected void engineInit( byte[] params) throws IOException { try { RSAESOAEPparams oaepP = RSAESOAEPparams.getInstance(params); currentSpec = new OAEPParameterSpec( oaepP.getHashAlgorithm().getAlgorithm().getId(), oaepP.getMaskGenAlgorithm().getAlgorithm().getId(), new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(oaepP.getMaskGenAlgorithm().getParameters()).getAlgorithm().getId()), new PSource.PSpecified(ASN1OctetString.getInstance(oaepP.getPSourceAlgorithm().getParameters()).getOctets())); } catch (ClassCastException e) { throw new IOException("Not a valid OAEP Parameter encoding."); } catch (ArrayIndexOutOfBoundsException e) { throw new IOException("Not a valid OAEP Parameter encoding."); } }