public void setSigningKey(final String signingSecretKey) { this.signingKey = new AesKey(signingSecretKey.getBytes()); }
public EncryptionFactoryAes(@NotNull byte[] secret) { this.key = new AesKey(secret); }
public EncryptionFactoryAes(@NotNull String secret) { this.key = new AesKey(TokenHelper.secretToBytes(secret, KEY_SIZE)); }
public static OctetSequenceJsonWebKey generateJwk(int keyLengthInBits, SecureRandom secureRandom) { byte[] bytes = ByteUtil.randomBytes(ByteUtil.byteLength(keyLengthInBits), secureRandom); return new OctetSequenceJsonWebKey(new AesKey(bytes)); } }
/** * Sets signing key. If the key provided is resolved as a private key, * then will create use the private key as is, and will sign values * using RSA. Otherwise, AES is used. * * @param signingSecretKey the signing secret key */ protected void configureSigningKey(final String signingSecretKey) { try { if (ResourceUtils.doesResourceExist(signingSecretKey)) { configureSigningKeyFromPrivateKeyResource(signingSecretKey); } } finally { if (this.signingKey == null) { setSigningKey(new AesKey(signingSecretKey.getBytes(StandardCharsets.UTF_8))); LOGGER.trace("Created signing key instance [{}] based on provided secret key", this.signingKey.getClass().getSimpleName()); } } }
public boolean isAvailable(Logger log, int keyByteLength, int ivByteLength, String joseAlg) { boolean isAvailable = false; // The Sun/Oracle provider in Java 7 doesn't have GCM. // Bouncy Castle prior to 1.50 would let you get a cipher with AES/GCM/NoPadding but it but // didn't fully support the JCE AEAD interfaces and would fail (on initialization with the // GCMParameterSpec, IIRC) when trying to encrypt/decrypt. So seems the only good way to see if GCM // is really there is to try it... if (CipherStrengthSupport.isAvailable(algorithm, keyByteLength)) { byte[] plain = new byte[] {112,108,97,105,110,116,101,120,116}; byte[] aad = new byte[] {97,97,100}; byte[] cek = new byte[keyByteLength]; byte[] iv = new byte[ivByteLength]; try { encrypt(new AesKey(cek), iv, plain, aad, null); isAvailable = true; } catch (Throwable e) { log.debug("{} is not available ({}).", joseAlg, ExceptionHelp.toStringWithCauses(e)); } } return isAvailable; }
public ContentEncryptionParts encrypt(byte[] plaintext, byte[] aad, byte[] contentEncryptionKey, byte[] iv, String provider) throws JoseException { AesKey cek = new AesKey(contentEncryptionKey); SimpleAeadCipher.CipherOutput encrypted = simpleAeadCipher.encrypt(cek, iv, plaintext, aad, provider); return new ContentEncryptionParts(iv, encrypted.getCiphertext(), encrypted.getTag()); }
public byte[] decrypt(ContentEncryptionParts contentEncParts, byte[] aad, byte[] contentEncryptionKey, Headers headers, ProviderContext providerContext) throws JoseException { byte[] iv = contentEncParts.getIv(); AesKey cek = new AesKey(contentEncryptionKey); byte[] ciphertext = contentEncParts.getCiphertext(); byte[] tag = contentEncParts.getAuthenticationTag(); String cipherProvider = ContentEncryptionHelp.getCipherProvider(headers, providerContext); return simpleAeadCipher.decrypt(cek, iv, ciphertext, tag, aad, cipherProvider); }
ContentEncryptionParts encrypt(byte[] plaintext, byte[] aad, byte[] key, byte[] iv, Headers headers, ProviderContext providerContext) throws JoseException Key encryptionKey = new AesKey(ByteUtil.rightHalf(key)); final String cipherProvider = ContentEncryptionHelp.getCipherProvider(headers, providerContext); Cipher cipher = CipherUtil.getCipher(getJavaAlgorithm(), cipherProvider);
Key encryptionKey = new AesKey(ByteUtil.rightHalf(contentEncryptionKey)); Cipher cipher = CipherUtil.getCipher(getJavaAlgorithm(), cipherProvider); try