/** * Returns XML suitable for use in .NET code with the RSACryptoServiceProvider.FromXmlString method. * This RSACryptoServiceProvider object can be used in the .NET version of the OAuth libraries in the areas * where we use a PrivateKey object in the Java libraries. * An explanation of the XML used for key formats is here: http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsa.toxmlstring.aspx * Thanks to http://www.jensign.com/JavaScience/PvkConvert/ for pointing out that leading zeros must be trimmed for .NET. */ public static String privateKeyToDotNetXml(PrivateKey privateKey) { try{ StringBuilder sb = new StringBuilder(); RSAPrivateCrtKey rsaPrivateKey = (RSAPrivateCrtKey)privateKey; sb.append("<RSAKeyValue>") ; sb.append("<Modulus>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getModulus().toByteArray())) + "</Modulus>"); sb.append("<Exponent>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getPublicExponent().toByteArray())) + "</Exponent>"); sb.append("<P>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getPrimeP().toByteArray())) + "</P>"); sb.append("<Q>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getPrimeQ().toByteArray())) + "</Q>"); sb.append("<DP>" +Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getPrimeExponentP().toByteArray())) + "</DP>"); sb.append("<DQ>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getPrimeExponentQ().toByteArray())) + "</DQ>"); sb.append("<InverseQ>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getCrtCoefficient().toByteArray())) + "</InverseQ>"); sb.append("<D>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getPrivateExponent().toByteArray())) + "</D>"); sb.append("</RSAKeyValue>") ; return sb.toString(); } catch(Exception e) { throw new IllegalArgumentException("Could not convert PrivateKey to Dot Net XML.", e); } }
public boolean equals(Object o) { if (o == this) { return true; } if (!(o instanceof RSAPrivateCrtKey)) { return false; } RSAPrivateCrtKey key = (RSAPrivateCrtKey)o; return this.getModulus().equals(key.getModulus()) && this.getPublicExponent().equals(key.getPublicExponent()) && this.getPrivateExponent().equals(key.getPrivateExponent()) && this.getPrimeP().equals(key.getPrimeP()) && this.getPrimeQ().equals(key.getPrimeQ()) && this.getPrimeExponentP().equals(key.getPrimeExponentP()) && this.getPrimeExponentQ().equals(key.getPrimeExponentQ()) && this.getCrtCoefficient().equals(key.getCrtCoefficient()); }
protected Key engineTranslateKey( Key key) throws InvalidKeyException { if (key instanceof RSAPublicKey) { return new BCRSAPublicKey((RSAPublicKey)key); } else if (key instanceof RSAPrivateCrtKey) { return new BCRSAPrivateCrtKey((RSAPrivateCrtKey)key); } else if (key instanceof java.security.interfaces.RSAPrivateKey) { return new BCRSAPrivateKey((java.security.interfaces.RSAPrivateKey)key); } throw new InvalidKeyException("key type unknown"); }
/** * Sets the private key for the keystore entry. */ void setPrivateKey(RSAPrivateCrtKey key) throws InvalidKeyException, KeyStoreException { byte[] modulusBytes = key.getModulus().toByteArray(); // Adjust key length due to sign bit int keyBitLength = (modulusBytes[0] == 0) ? (modulusBytes.length - 1) * 8 : modulusBytes.length * 8; byte[] keyBlob = generatePrivateKeyBlob( keyBitLength, modulusBytes, key.getPublicExponent().toByteArray(), key.getPrivateExponent().toByteArray(), key.getPrimeP().toByteArray(), key.getPrimeQ().toByteArray(), key.getPrimeExponentP().toByteArray(), key.getPrimeExponentQ().toByteArray(), key.getCrtCoefficient().toByteArray()); privateKey = storePrivateKey(keyBlob, "{" + UUID.randomUUID().toString() + "}", keyBitLength); }
/** * 从KeyStore获取公钥 * @param location * @param alias * @param storeType * @param storePass * @param keyPass * @return */ public static PublicKey loadPublicKeyFromKeyStore(String location, String alias, String storeType, String storePass, String keyPass) { try { storeType = null == storeType ? KeyStore.getDefaultType() : storeType; keyPass = keyPass == null ? storePass : keyPass; KeyStore keyStore = KeyStore.getInstance(storeType); InputStream is = new FileInputStream(location); keyStore.load(is, storePass.toCharArray()); RSAPrivateCrtKey key = (RSAPrivateCrtKey) keyStore.getKey(alias, keyPass.toCharArray()); RSAPublicKeySpec spec = new RSAPublicKeySpec(key.getModulus(), key.getPublicExponent()); PublicKey publicKey = KeyFactory.getInstance(KEY_ALGORITHM).generatePublic(spec); return publicKey; } catch (Exception e) { throw new RuntimeException(e); } }
/** * Sets the private key for the keystore entry. */ void setPrivateKey(RSAPrivateCrtKey key) throws InvalidKeyException, KeyStoreException { byte[] modulusBytes = key.getModulus().toByteArray(); // Adjust key length due to sign bit int keyBitLength = (modulusBytes[0] == 0) ? (modulusBytes.length - 1) * 8 : modulusBytes.length * 8; byte[] keyBlob = generatePrivateKeyBlob( keyBitLength, modulusBytes, key.getPublicExponent().toByteArray(), key.getPrivateExponent().toByteArray(), key.getPrimeP().toByteArray(), key.getPrimeQ().toByteArray(), key.getPrimeExponentP().toByteArray(), key.getPrimeExponentQ().toByteArray(), key.getCrtCoefficient().toByteArray()); privateKey = storePrivateKey(Objects.requireNonNull(keyBlob), "{" + UUID.randomUUID().toString() + "}", keyBitLength); }
private static void check(String encodedBlob) throws Exception { byte[] blob = new byte[encodedBlob.length() * 2]; for (int i = 0; i < blob.length; ) { final char ch = encodedBlob.charAt(i / 2); blob[i++] = (byte) (ch >> 8); blob[i++] = (byte) ch; } KeyStore store = KeyStore.getInstance("PKCS12"); store.load(new ByteArrayInputStream(blob), new char[0]); if (!store.aliases().nextElement().equals("test")) throw new Exception("test alias not found"); KeyStore.PrivateKeyEntry e = (KeyStore.PrivateKeyEntry) store.getEntry("test", new KeyStore.PasswordProtection(new char[0])); X509Certificate cert = (X509Certificate) e.getCertificateChain()[0]; if (!cert.getSubjectDN().toString().equals("CN=Test Key")) throw new Exception("invalid certificate subject DN"); RSAPrivateCrtKey key = (RSAPrivateCrtKey) e.getPrivateKey(); if (!key.getPublicExponent().equals(BigInteger.valueOf(65537))) throw new Exception("invalid public exponent"); }
/** * Create a fresh RSA key pair. * * @return a new RSAKeyPair */ public static RSAKeyPair createNewRSAKeyPair() { try { // Generate a 1024-bit RSA key pair final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(KEY_STRENGTH); final KeyPair keypair = keyGen.genKeyPair(); final RSAPrivateCrtKey privateKey = (RSAPrivateCrtKey) keypair.getPrivate(); final RSAPublicKey publicKey = (RSAPublicKey) keypair.getPublic(); return new RSAKeyPair(publicKey, privateKey); } catch (final NoSuchAlgorithmException e) { LOG.error("Could not create new key pair", e); throw new RuntimeException(e); } }
@Test public void test_EVP_PKEY_cmp() throws Exception { RSAPrivateCrtKey privKey1 = generateRsaKey(); NativeRef.EVP_PKEY pkey1 = getRsaPkey(privKey1); assertNotSame(NULL, pkey1); NativeRef.EVP_PKEY pkey1_copy = getRsaPkey(privKey1); assertNotSame(NULL, pkey1_copy); NativeRef.EVP_PKEY pkey2 = getRsaPkey(generateRsaKey()); assertNotSame(NULL, pkey2); assertEquals("Same keys should be the equal", 1, NativeCrypto.EVP_PKEY_cmp(pkey1, pkey1)); assertEquals( "Same keys should be the equal", 1, NativeCrypto.EVP_PKEY_cmp(pkey1, pkey1_copy)); assertEquals( "Different keys should not be equal", 0, NativeCrypto.EVP_PKEY_cmp(pkey1, pkey2)); }
@Override protected int engineGetKeySize(Key key) throws InvalidKeyException { if (key instanceof OpenSSLRSAPrivateKey) { return ((OpenSSLRSAPrivateKey) key).getModulus().bitLength(); } if (key instanceof RSAPrivateCrtKey) { return ((RSAPrivateCrtKey) key).getModulus().bitLength(); } if (key instanceof RSAPrivateKey) { return ((RSAPrivateKey) key).getModulus().bitLength(); } if (key instanceof OpenSSLRSAPublicKey) { return ((OpenSSLRSAPublicKey) key).getModulus().bitLength(); } if (key instanceof RSAPublicKey) { return ((RSAPublicKey) key).getModulus().bitLength(); } if (null == key) { throw new InvalidKeyException("RSA private or public key is null"); } throw new InvalidKeyException("Need RSA private or public key"); }
/** * 从KeyStore获取公钥 * @param location * @param alias * @param storeType * @param storePass * @param keyPass * @return */ public static PublicKey loadPublicKeyFromKeyStore(String location,String alias,String storeType,String storePass,String keyPass){ try { storeType = null == storeType ? KeyStore.getDefaultType() : storeType; keyPass = keyPass == null ? storePass : keyPass; KeyStore keyStore = KeyStore.getInstance(storeType); InputStream is = new FileInputStream(location); keyStore.load(is, storePass.toCharArray()); RSAPrivateCrtKey key = (RSAPrivateCrtKey) keyStore.getKey(alias, keyPass.toCharArray()); RSAPublicKeySpec spec = new RSAPublicKeySpec(key.getModulus(), key.getPublicExponent()); PublicKey publicKey = KeyFactory.getInstance(KEY_ALGORITHM).generatePublic(spec); return publicKey; } catch (Exception e) { throw new RuntimeException(e); } }
protected void fillPrivateTypeSpecificParams(Map<String,Object> params) { RSAPrivateKey rsaPrivateKey = getRsaPrivateKey(); if (rsaPrivateKey != null) { putBigIntAsBase64UrlEncodedParam(params, PRIVATE_EXPONENT_MEMBER_NAME, rsaPrivateKey.getPrivateExponent()); if (rsaPrivateKey instanceof RSAPrivateCrtKey) { RSAPrivateCrtKey crt = (RSAPrivateCrtKey) rsaPrivateKey; putBigIntAsBase64UrlEncodedParam(params, FIRST_PRIME_FACTOR_MEMBER_NAME, crt.getPrimeP()); putBigIntAsBase64UrlEncodedParam(params, SECOND_PRIME_FACTOR_MEMBER_NAME, crt.getPrimeQ()); putBigIntAsBase64UrlEncodedParam(params, FIRST_FACTOR_CRT_EXPONENT_MEMBER_NAME, crt.getPrimeExponentP()); putBigIntAsBase64UrlEncodedParam(params, SECOND_FACTOR_CRT_EXPONENT_MEMBER_NAME, crt.getPrimeExponentQ()); putBigIntAsBase64UrlEncodedParam(params, FIRST_CRT_COEFFICIENT_MEMBER_NAME, crt.getCrtCoefficient()); } } }
/** * OpenSSL encode a private key and PEM the encoding. * * @return The PEM'd encoding * @param privateKey * The private key * @throws CryptoException * Problem encountered while getting the encoded private key */ public static String getPem(PrivateKey privateKey) throws CryptoException { byte[] openSsl = get(privateKey); String pemType = null; if (privateKey instanceof RSAPrivateCrtKey) { pemType = OPENSSL_RSA_PVK_PEM_TYPE; } else if (privateKey instanceof ECPrivateKey) { pemType = OPENSSL_EC_PVK_PEM_TYPE; } else { pemType = OPENSSL_DSA_PVK_PEM_TYPE; } PemInfo pemInfo = new PemInfo(pemType, null, openSsl); String openSslPem = PemUtil.encode(pemInfo); return openSslPem; }
private static void writePrivateKeyBlobHeader(ByteBuffer bb, long keyType, PrivateKey privateKey) throws IOException { // Write Key blob type - private key UnsignedUtil.putByte(bb, PRIVATE_KEY_BLOB); // Write Blob version UnsignedUtil.putByte(bb, CUR_BLOB_VERSION); // Write Reserved value UnsignedUtil.putShort(bb, BLOB_RESERVED); // Write Algorithm ID - differs depending on key type and key pair type if (keyType == PVK_KEY_SIGNATURE) { if (privateKey instanceof RSAPrivateCrtKey) { UnsignedUtil.putInt(bb, CALG_RSA_SIGN); // RSA signature } else { UnsignedUtil.putInt(bb, CALG_DSS_SIGN); // DSA signature } } else { UnsignedUtil.putInt(bb, CALG_RSA_KEYX); // Key exchange - RSA only } }
private byte[] getPvkEncodedPrivateKey(PrivateKey privateKey, int keyType, Password password, boolean strongEncryption) throws CryptoException, IOException { byte[] encoded = null; if (password != null) { if (privateKey instanceof RSAPrivateCrtKey) { encoded = MsPvkUtil.getEncrypted((RSAPrivateCrtKey) privateKey, keyType, password, strongEncryption); } else { encoded = MsPvkUtil.getEncrypted((DSAPrivateKey) privateKey, password, strongEncryption); } } else { if (privateKey instanceof RSAPrivateCrtKey) { encoded = MsPvkUtil.get((RSAPrivateCrtKey) privateKey, keyType); } else { encoded = MsPvkUtil.get((DSAPrivateKey) privateKey); } } return encoded; }
/** * Create a fresh RSA key pair. * * @return a new RSAKeyPair */ public static RSAKeyPair createNewRSAKeyPair() { try { // Generate a 1024-bit RSA key pair final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(KEY_STRENGTH); final KeyPair keypair = keyGen.genKeyPair(); final RSAPrivateCrtKey privateKey = (RSAPrivateCrtKey) keypair.getPrivate(); final RSAPublicKey publicKey = (RSAPublicKey) keypair.getPublic(); return new RSAKeyPair(publicKey, privateKey); } catch (final NoSuchAlgorithmException e) { logger.error("Could not create new key pair", e); throw new RuntimeException(e); } }
public PublicKey getPublicKey() throws GeneralSecurityException { if (privateKey instanceof DSAPrivateKey) { DSAPrivateKey dsa = (DSAPrivateKey) privateKey; DSAParams params = dsa.getParams(); BigInteger g = params.getG(); BigInteger p = params.getP(); BigInteger q = params.getQ(); BigInteger x = dsa.getX(); BigInteger y = q.modPow( x, p ); DSAPublicKeySpec dsaKeySpec = new DSAPublicKeySpec(y, p, q, g); return KeyFactory.getInstance("DSA").generatePublic(dsaKeySpec); } else if (privateKey instanceof RSAPrivateCrtKey) { RSAPrivateCrtKey rsa = (RSAPrivateCrtKey) privateKey; RSAPublicKeySpec rsaKeySpec = new RSAPublicKeySpec( rsa.getModulus(), rsa.getPublicExponent() ); return KeyFactory.getInstance("RSA").generatePublic(rsaKeySpec); } else { throw new GeneralSecurityException("Not an RSA or DSA key"); } }
public Ssh2RsaPrivateCrtKey(BigInteger modulus, BigInteger publicExponent, BigInteger privateExponent, BigInteger primeP, BigInteger primeQ, BigInteger primeExponentP, BigInteger primeExponentQ, BigInteger crtCoefficient) throws NoSuchAlgorithmException, InvalidKeySpecException { KeyFactory keyFactory = JCEProvider .getProviderForAlgorithm(JCEAlgorithms.JCE_RSA) == null ? KeyFactory .getInstance(JCEAlgorithms.JCE_RSA) : KeyFactory.getInstance( JCEAlgorithms.JCE_RSA, JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_RSA)); RSAPrivateCrtKeySpec spec = new RSAPrivateCrtKeySpec(modulus, publicExponent, privateExponent, primeP, primeQ, primeExponentP, primeExponentQ, crtCoefficient); prv = (RSAPrivateCrtKey) keyFactory.generatePrivate(spec); }
private static void generateTestVector(int rsaKeyBits, int suffix) throws Exception { KeyPair pair = generateKeyPair(rsaKeyBits); RSAPrivateCrtKey priv = (RSAPrivateCrtKey) pair.getPrivate(); // The core RSA private key operation is doing the modPow for the two components. BigInteger p = priv.getPrimeP(); BigInteger dp = priv.getPrimeExponentP(); BigInteger q = priv.getPrimeQ(); BigInteger dq = priv.getPrimeExponentQ(); byte[] random = new byte[rsaKeyBits / 8]; SECURE_RANDOM.nextBytes(random); // Clear the top bit to ensure it fits. random[0] &= 0x7F; BigInteger message = new BigInteger(1, random); BigInteger pResult = message.modPow(dp, p); BigInteger qResult = message.modPow(dq, q); System.out.println("public static final TestVector VECTOR" + suffix + " = "); new TestVector(message, p, dp, pResult, q, dq, qResult).printJavaConstructorFor(); System.out.println(); }