static public AsymmetricKeyParameter generatePublicKeyParameter( PublicKey key) throws InvalidKeyException { if (key instanceof BCMcElieceCCA2PublicKey) { BCMcElieceCCA2PublicKey k = (BCMcElieceCCA2PublicKey)key; return new McElieceCCA2PublicKeyParameters(k.getOIDString(), k.getN(), k.getT(), k.getG(), k.getMcElieceCCA2Parameters()); } throw new InvalidKeyException("can't identify McElieceCCA2 public key: " + key.getClass().getName()); }
public X509Certificate generate(String dn, KeyPair keyPair) throws CertificateException { try { Security.addProvider(new BouncyCastleProvider()); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam); X500Name name = new X500Name(dn); Date from = new Date(); Date to = new Date(from.getTime() + days * 86400000L); BigInteger sn = new BigInteger(64, new SecureRandom()); X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(name, sn, from, to, name, subPubKeyInfo); if (subjectAltName != null) v3CertGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName); X509CertificateHolder certificateHolder = v3CertGen.build(sigGen); return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder); } catch (CertificateException ce) { throw ce; } catch (Exception e) { throw new CertificateException(e); } }
public ContentVerifierProvider build(final AsymmetricKeyParameter publicKey) throws OperatorCreationException { return new ContentVerifierProvider() { public boolean hasAssociatedCertificate() { return false; } public X509CertificateHolder getAssociatedCertificate() { return null; } public ContentVerifier get(AlgorithmIdentifier algorithm) throws OperatorCreationException { BcSignerOutputStream stream = createSignatureStream(algorithm, publicKey); return new SigVerifier(algorithm, stream); } }; }
protected void receiveCertificateVerifyMessage(ByteArrayInputStream buf) throws IOException { byte[] clientCertificateSignature = TlsUtils.readOpaque16(buf); assertEmpty(buf); // Verify the CertificateVerify message contains a correct signature. try { TlsSigner tlsSigner = TlsUtils.createTlsSigner(this.clientCertificateType); tlsSigner.init(getContext()); org.bouncycastle.asn1.x509.Certificate x509Cert = this.clientCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); tlsSigner.verifyRawSignature(clientCertificateSignature, publicKey, this.certificateVerifyHash); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
/** * Create a self-signed X.509 Certificate. * From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html. * * @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB" * @param pair the KeyPair * @param days how many days from now the Certificate is valid for * @param algorithm the signing algorithm, eg "SHA1withRSA" * @return the self-signed certificate * @throws CertificateException thrown if a security error or an IO error occurred. */ public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm) throws CertificateException { try { Security.addProvider(new BouncyCastleProvider()); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded()); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded()); ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam); X500Name name = new X500Name(dn); Date from = new Date(); Date to = new Date(from.getTime() + days * 86400000L); BigInteger sn = new BigInteger(64, new SecureRandom()); X509v1CertificateBuilder v1CertGen = new X509v1CertificateBuilder(name, sn, from, to, name, subPubKeyInfo); X509CertificateHolder certificateHolder = v1CertGen.build(sigGen); return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder); } catch (CertificateException ce) { throw ce; } catch (Exception e) { throw new CertificateException(e); } }
public boolean verifyRawSignature(SignatureAndHashAlgorithm algorithm, byte[] sigBytes, AsymmetricKeyParameter publicKey, byte[] hash) throws CryptoException { Signer signer = makeSigner(algorithm, true, false, publicKey); if (algorithm == null) { // Note: Only use the SHA1 part of the (MD5/SHA1) hash signer.update(hash, 16, 20); } else { signer.update(hash, 0, hash.length); } return signer.verifySignature(sigBytes); }
public static X509CertificateHolder makeV1Certificate(AsymmetricCipherKeyPair subKP, String _subDN, AsymmetricCipherKeyPair issKP, String _issDN) throws IOException, OperatorCreationException { RSAKeyParameters lwPubKey = (RSAKeyParameters)subKP.getPublic(); X509v1CertificateBuilder v1CertGen = new X509v1CertificateBuilder( new X500Name(_issDN), allocateSerialNumber(), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)), new X500Name(_subDN), new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKey(lwPubKey.getModulus(), lwPubKey.getExponent())) ); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption"); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build((AsymmetricKeyParameter)issKP.getPrivate()); return v1CertGen.build(sigGen); }
static DTLSTransport createServerTransport(final RTCCertificate rtcCertificate, final DatagramTransport transport) throws IOException { final DefaultTlsServer defaultTlsServer = new DefaultTlsServer() { private final AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(rtcCertificate.getKeyPair() .getPrivate() .getEncoded()); private final Certificate cCert = new Certificate(new org.bouncycastle.asn1.x509.Certificate[]{rtcCertificate.getCertificate().toASN1Structure()}); @Override protected ProtocolVersion getMaximumVersion() { return ProtocolVersion.DTLSv10; } @Override protected ProtocolVersion getMinimumVersion() { return ProtocolVersion.DTLSv10; } @Override protected TlsSignerCredentials getRSASignerCredentials() throws IOException { return new DefaultTlsSignerCredentials(this.context, this.cCert, this.privateKeyAsymKeyParam); } }; return new DTLSServerProtocol(SECURE_RANDOM).accept(defaultTlsServer, transport); }
public ContentVerifierProvider build(final X509CertificateHolder certHolder) throws OperatorCreationException { return new ContentVerifierProvider() { public boolean hasAssociatedCertificate() { return true; } public X509CertificateHolder getAssociatedCertificate() { return certHolder; } public ContentVerifier get(AlgorithmIdentifier algorithm) throws OperatorCreationException { try { AsymmetricKeyParameter publicKey = extractKeyParameters(certHolder.getSubjectPublicKeyInfo()); BcSignerOutputStream stream = createSignatureStream(algorithm, publicKey); return new SigVerifier(algorithm, stream); } catch (IOException e) { throw new OperatorCreationException("exception on setup: " + e, e); } } }; }
private BcSignerOutputStream createSignatureStream(AlgorithmIdentifier algorithm, AsymmetricKeyParameter publicKey) throws OperatorCreationException { Signer sig = createSigner(algorithm); sig.init(false, publicKey); return new BcSignerOutputStream(sig); }
static public AsymmetricKeyParameter generatePublicKeyParameter( PublicKey key) throws InvalidKeyException { if (key instanceof DHPublicKey) { DHPublicKey k = (DHPublicKey)key; return new DHPublicKeyParameters(k.getY(), new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); } throw new InvalidKeyException("can't identify DH public key."); }
static public AsymmetricKeyParameter generatePrivateKeyParameter( PrivateKey key) throws InvalidKeyException { if (key instanceof DHPrivateKey) { DHPrivateKey k = (DHPrivateKey)key; return new DHPrivateKeyParameters(k.getX(), new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); } throw new InvalidKeyException("can't identify DH private key."); }
static public AsymmetricKeyParameter generatePublicKeyParameter( PublicKey key) throws InvalidKeyException { if (key instanceof BCRainbowPublicKey) { BCRainbowPublicKey k = (BCRainbowPublicKey)key; return new RainbowPublicKeyParameters(k.getDocLength(), k.getCoeffQuadratic(), k.getCoeffSingular(), k.getCoeffScalar()); } throw new InvalidKeyException("can't identify Rainbow public key: " + key.getClass().getName()); }
static public AsymmetricKeyParameter generatePrivateKeyParameter( PrivateKey key) throws InvalidKeyException { if (key instanceof BCRainbowPrivateKey) { BCRainbowPrivateKey k = (BCRainbowPrivateKey)key; return new RainbowPrivateKeyParameters(k.getInvA1(), k.getB1(), k.getInvA2(), k.getB2(), k.getVi(), k.getLayers()); } throw new InvalidKeyException("can't identify Rainbow private key."); }
static public AsymmetricKeyParameter generatePrivateKeyParameter( PrivateKey key) throws InvalidKeyException { if (key instanceof BCMcElieceCCA2PrivateKey) { BCMcElieceCCA2PrivateKey k = (BCMcElieceCCA2PrivateKey)key; return new McElieceCCA2PrivateKeyParameters(k.getOIDString(), k.getN(), k.getK(), k.getField(), k.getGoppaPoly(), k.getP(), k.getH(), k.getQInv(), k.getMcElieceCCA2Parameters()); } throw new InvalidKeyException("can't identify McElieceCCA2 private key."); }
static public AsymmetricKeyParameter generatePublicKeyParameter( PublicKey key) throws InvalidKeyException { if (key instanceof BCMcEliecePublicKey) { BCMcEliecePublicKey k = (BCMcEliecePublicKey)key; return new McEliecePublicKeyParameters(k.getOIDString(), k.getN(), k.getT(), k.getG(), k.getMcElieceParameters()); } throw new InvalidKeyException("can't identify McEliece public key: " + key.getClass().getName()); }
static public AsymmetricKeyParameter generatePrivateKeyParameter( PrivateKey key) throws InvalidKeyException { if (key instanceof BCMcEliecePrivateKey) { BCMcEliecePrivateKey k = (BCMcEliecePrivateKey)key; return new McEliecePrivateKeyParameters(k.getOIDString(), k.getN(), k.getK(), k.getField(), k.getGoppaPoly(), k.getSInv(), k.getP1(), k.getP2(), k.getH(), k.getQInv(), k.getMcElieceParameters()); } throw new InvalidKeyException("can't identify McEliece private key."); }
public AsymmetricKeyParameter getPublicKey() throws PKCSException { try { return PublicKeyFactory.createKey(this.getSubjectPublicKeyInfo()); } catch (IOException e) { throw new PKCSException("error extracting key encoding: " + e.getMessage(), e); } }
/** * Initialise the encryptor. * * @param publicKey the recipient's/sender's public key parameters * @param params encoding and derivation parameters. * @param ephemeralKeyPairGenerator the ephemeral key pair generator to use. */ public void init(AsymmetricKeyParameter publicKey, CipherParameters params, EphemeralKeyPairGenerator ephemeralKeyPairGenerator) { this.forEncryption = true; this.pubParam = publicKey; this.param = (IESParameters)params; this.keyPairGenerator = ephemeralKeyPairGenerator; }
/** * Initialise the encryptor. * * @param privateKey the recipient's private key. * @param params encoding and derivation parameters. * @param publicKeyParser the parser for reading the ephemeral public key. */ public void init(AsymmetricKeyParameter privateKey, CipherParameters params, KeyParser publicKeyParser) { this.forEncryption = false; this.privParam = privateKey; this.param = (IESParameters)params; this.keyParser = publicKeyParser; }
public DefaultTlsEncryptionCredentials(TlsContext context, Certificate certificate, AsymmetricKeyParameter privateKey) { if (certificate == null) { throw new IllegalArgumentException("'certificate' cannot be null"); } if (certificate.isEmpty()) { throw new IllegalArgumentException("'certificate' cannot be empty"); } if (privateKey == null) { throw new IllegalArgumentException("'privateKey' cannot be null"); } if (!privateKey.isPrivate()) { throw new IllegalArgumentException("'privateKey' must be private"); } if (privateKey instanceof RSAKeyParameters) { } else { throw new IllegalArgumentException("'privateKey' type not supported: " + privateKey.getClass().getName()); } this.context = context; this.certificate = certificate; this.privateKey = privateKey; }
public byte[] generateRawSignature(AsymmetricKeyParameter privateKey, byte[] md5AndSha1) throws CryptoException { // Note: Only use the SHA1 part of the hash Signer signer = makeSigner(new NullDigest(), true, new ParametersWithRandom(privateKey, this.context.getSecureRandom())); signer.update(md5AndSha1, 16, 20); return signer.generateSignature(); }
public boolean verifyRawSignature(byte[] sigBytes, AsymmetricKeyParameter publicKey, byte[] md5AndSha1) throws CryptoException { // Note: Only use the SHA1 part of the hash Signer signer = makeSigner(new NullDigest(), false, publicKey); signer.update(md5AndSha1, 16, 20); return signer.verifySignature(sigBytes); }
protected void processCertificateVerify(ServerHandshakeState state, byte[] body, byte[] certificateVerifyHash) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(body); byte[] clientCertificateSignature = TlsUtils.readOpaque16(buf); TlsProtocol.assertEmpty(buf); // Verify the CertificateVerify message contains a correct signature. try { TlsSigner tlsSigner = TlsUtils.createTlsSigner(state.clientCertificateType); tlsSigner.init(state.serverContext); org.bouncycastle.asn1.x509.Certificate x509Cert = state.clientCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo); tlsSigner.verifyRawSignature(clientCertificateSignature, publicKey, certificateVerifyHash); } catch (Exception e) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
public byte[] generateAgreement(AsymmetricKeyParameter peerPublicKey) { basicAgreement.init(privateKey); BigInteger agreementValue = basicAgreement.calculateAgreement(peerPublicKey); if (truncateAgreement) { return BigIntegers.asUnsignedByteArray(agreementValue); } return BigIntegers.asUnsignedByteArray(basicAgreement.getFieldSize(), agreementValue); }
public byte[] generateRawSignature(AsymmetricKeyParameter privateKey, byte[] md5AndSha1) throws CryptoException { AsymmetricBlockCipher engine = createRSAImpl(); engine.init(true, new ParametersWithRandom(privateKey, this.context.getSecureRandom())); return engine.processBlock(md5AndSha1, 0, md5AndSha1.length); }
public boolean verifyRawSignature(byte[] sigBytes, AsymmetricKeyParameter publicKey, byte[] md5AndSha1) throws CryptoException { AsymmetricBlockCipher engine = createRSAImpl(); engine.init(false, publicKey); byte[] signed = engine.processBlock(sigBytes, 0, sigBytes.length); return Arrays.constantTimeAreEqual(signed, md5AndSha1); }
/** * basic constructor. * * @param publicParam a public key parameters object. * @param privateParam the corresponding private key parameters. */ public AsymmetricCipherKeyPair( AsymmetricKeyParameter publicParam, AsymmetricKeyParameter privateParam) { this.publicParam = publicParam; this.privateParam = privateParam; }
/** * basic constructor. * * @param publicParam a public key parameters object. * @param privateParam the corresponding private key parameters. * @deprecated use AsymmetricKeyParameter */ public AsymmetricCipherKeyPair( CipherParameters publicParam, CipherParameters privateParam) { this.publicParam = (AsymmetricKeyParameter)publicParam; this.privateParam = (AsymmetricKeyParameter)privateParam; }
public AsymmetricKeyParameter readKey(InputStream stream) throws IOException { byte[] V; int first = stream.read(); // Decode the public ephemeral key switch (first) { case 0x00: // infinity throw new IOException("Sender's public key invalid."); case 0x02: // compressed case 0x03: // Byte length calculated as in ECPoint.getEncoded(); V = new byte[1 + (ecParams.getCurve().getFieldSize()+7)/8]; break; case 0x04: // uncompressed or case 0x06: // hybrid case 0x07: // Byte length calculated as in ECPoint.getEncoded(); V = new byte[1 + 2*((ecParams.getCurve().getFieldSize()+7)/8)]; break; default: throw new IOException("Sender's public key has invalid point encoding 0x" + Integer.toString(first, 16)); } V[0] = (byte)first; stream.read(V, 1, V.length - 1); return new ECPublicKeyParameters(ecParams.getCurve().decodePoint(V), ecParams); }
public AsymmetricKeyParameter readKey(InputStream stream) throws IOException { byte[] V = new byte[(dhParams.getP().bitLength() + 7) / 8]; stream.read(V, 0, V.length); return new DHPublicKeyParameters(new BigInteger(1, V), dhParams); }
static public AsymmetricKeyParameter generatePublicKeyParameter( PublicKey key) throws InvalidKeyException { if (key instanceof DSAPublicKey) { DSAPublicKey k = (DSAPublicKey)key; return new DSAPublicKeyParameters(k.getY(), new DSAParameters(k.getParams().getP(), k.getParams().getQ(), k.getParams().getG())); } throw new InvalidKeyException("can't identify DSA public key: " + key.getClass().getName()); }
static public AsymmetricKeyParameter generatePrivateKeyParameter( PrivateKey key) throws InvalidKeyException { if (key instanceof DSAPrivateKey) { DSAPrivateKey k = (DSAPrivateKey)key; return new DSAPrivateKeyParameters(k.getX(), new DSAParameters(k.getParams().getP(), k.getParams().getQ(), k.getParams().getG())); } throw new InvalidKeyException("can't identify DSA private key."); }
