/** * Generates unique keys from a master key. * * @param label type of key to derive * @param masterKey master key * @param len length of key needed, less than 20 bytes. 20 bytes are * returned if len is 0. * * @return a derived key of the specified length */ private byte[] deriveKey(byte label, byte[] masterKey, int len) { byte[] base = Crypto.concat(new byte[] { label }, masterKey); byte[] hash = DigestUtils.sha(base); if (len == 0) { return hash; } byte[] out = new byte[len]; System.arraycopy(hash, 0, out, 0, out.length); return out; }
/** * Generates unique keys from a master key. * * @param label type of key to derive * @param masterKey master key * @param len length of key needed, less than 20 bytes. 20 bytes are * returned if len is 0. * * @return a derived key of the specified length */ private byte[] deriveKey(byte label, byte[] masterKey, int len) { byte[] base = Crypto.concat(new byte[] { label }, masterKey); byte[] hash = DigestUtils.sha(base); if (len == 0) { return hash; } byte[] out = new byte[len]; System.arraycopy(hash, 0, out, 0, out.length); return out; }
/** * AES-128-CBC encryption. The IV is returned as the first 16 bytes * of the cipher text. * * @param key * @param plain * * @return the IV and cipher text * * @throws GeneralSecurityException */ public static byte[] aes128cbcEncrypt(byte[] key, byte[] plain) throws GeneralSecurityException { Cipher cipher = Cipher.getInstance(CIPHER_TYPE); byte iv[] = getRandomBytes(cipher.getBlockSize()); return concat(iv, aes128cbcEncryptWithIV(key, iv, plain)); }
/** * AES-128-CBC encryption. The IV is returned as the first 16 bytes * of the cipher text. * * @param key * @param plain * * @return the IV and cipher text * * @throws GeneralSecurityException */ public static byte[] aes128cbcEncrypt(byte[] key, byte[] plain) throws GeneralSecurityException { Cipher cipher = Cipher.getInstance(CIPHER_TYPE); byte iv[] = getRandomBytes(cipher.getBlockSize()); return concat(iv, aes128cbcEncryptWithIV(key, iv, plain)); }
public String wrap(Map<String, String> in) throws BlobCrypterException { Preconditions.checkArgument(!in.containsKey(TIMESTAMP_KEY), "No '%s' key allowed for BlobCrypter", TIMESTAMP_KEY); try { byte[] encoded = serializeAndTimestamp(in); byte[] cipherText = Crypto.aes128cbcEncrypt(cipherKey, encoded); byte[] hmac = Crypto.hmacSha1(hmacKey, cipherText); byte[] b64 = Base64.encodeBase64URLSafe(Crypto.concat(cipherText, hmac)); return new String(b64, UTF8); } catch (UnsupportedEncodingException e) { throw new BlobCrypterException(e); } catch (GeneralSecurityException e) { throw new BlobCrypterException(e); } }
public String wrap(Map<String, String> in) throws BlobCrypterException { Preconditions.checkArgument(!in.containsKey(TIMESTAMP_KEY), "No '%s' key allowed for BlobCrypter", TIMESTAMP_KEY); try { byte[] encoded = serializeAndTimestamp(in); byte[] cipherText = Crypto.aes128cbcEncrypt(cipherKey, encoded); byte[] hmac = Crypto.hmacSha1(hmacKey, cipherText); byte[] b64 = Base64.encodeBase64URLSafe(Crypto.concat(cipherText, hmac)); return new String(b64, UTF8); } catch (UnsupportedEncodingException e) { throw new BlobCrypterException(e); } catch (GeneralSecurityException e) { throw new BlobCrypterException(e); } }