Package org.summerboot.jexpress.security
Class EncryptorUtil
java.lang.Object
org.summerboot.jexpress.security.EncryptorUtil
- Author:
- Changski Tie Zheng Zhang 张铁铮, 魏泽北, 杜旺财, 杜富贵
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classstatic enum -
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected static byte[]asymmetric(int cipherMode, Key asymmetricKey, byte[] in) static CipherbuildCypher_GCM(boolean encrypt, SecretKey symmetricKey, byte[] iv) static byte[]buildSecretKey(String password) static byte[]static byte[]decrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] encryptedData, Key digitalSignatureKey, EncryptorUtil.EncryptionMeta meta) decrypt data in RAMstatic byte[]decrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] encryptedData, Key digitalSignatureKey, EncryptorUtil.EncryptionMeta meta, String md5Algorithm) static voiddecrypt(Key asymmetricKey, SecretKey symmetricKey, String encryptedFileName, String plainDataFileName, Key digitalSignatureKey, EncryptorUtil.EncryptionMeta meta) decrypt large filestatic voiddecrypt(Key asymmetricKey, SecretKey symmetricKey, String encryptedFileName, String plainDataFileName, Key digitalSignatureKey, EncryptorUtil.EncryptionMeta meta, String md5Algorithm) static byte[]static byte[]static byte[]static byte[]encrypt data in RAMstatic byte[]encrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] plainData, Key digitalSignatureKey, String md5Algorithm) static voidencrypt(Key asymmetricKey, SecretKey symmetricKey, String plainDataFileName, String encryptedFileName, Key digitalSignatureKey) encrypt large filestatic voidencrypt(Key asymmetricKey, SecretKey symmetricKey, String plainDataFileName, String encryptedFileName, Key digitalSignatureKey, String md5Algorithm) static byte[]static voidstatic SecretKeystatic byte[]generateInitializationVector(int ivBytes) static KeyPairgenerateKeyPair(String keyfactoryAlgorithm, int size) 1. generate keypair: openssl genrsa -des3 -out keypair.pem 40962. export public key: openssl rsa -in keypair.pem -outform PEM -pubout -out public.pem3. export private key: openssl rsa -in keypair.pem -out private_unencrypted.pem -outform PEM4. encrypt and convert private key from PKCS#1 to PKCS#8: openssl pkcs8 -topk8 -inform PEM -outform PEM -in private_unencrypted.pem -out private.pemstatic KeyPairstatic voidstatic KeykeyFromString(String encodedKey, String algorithm) HmacSHA256, HmacSHA384, HmacSHA512, AES, etc.static StringkeyToString(Key signingKey) static KeyPairloadKeyPair(EncryptorUtil.KeyFileType fileType, File keystoreFile, char[] keyStorePwd, String alias, char[] privateKeyPwd) static byte[]loadPermKey(File pemFile) static byte[]loadPermKey(String pemFileContent) static PrivateKeyloadPrivateKey(byte[] pkcs8Data, String algorithm) static PrivateKeyloadPrivateKey(File pemFile) static PrivateKeyloadPrivateKey(File pemFile, char... password) static PrivateKeyloadPrivateKey(File pemFile, String algorithm) static PublicKeyloadPublicKey(EncryptorUtil.KeyFileType fileType, File publicKeyFile) static PublicKeyloadPublicKey(EncryptorUtil.KeyFileType fileType, File publicKeyFile, String algorithm) static SecretKeyloadSymmetricKey(byte[] symmetricKeyBytes, String symmetricKeyAlgorithm) static SecretKeyloadSymmetricKey(String symmetricKeyFile, String symmetricKeyAlgorithm) static PublicKeyloadX509EncodedPublicKey(byte[] permData, String algorithm) static byte[]md5(byte[] data) static byte[]static byte[]static byte[]static byte[]static Stringmd5ToString(byte[] md5) static voidsaveKeyToFile(Key key, File file) static voidsecureMem(char[] pwd)
-
Field Details
-
AES_KEY_ALGO
- See Also:
-
MESSAGEDIGEST_ALGORITHM
- See Also:
-
RSA_KEY_ALGO
- See Also:
-
ENCRYPT_ALGO
- See Also:
-
RSA_CIPHER_ALGORITHM
- See Also:
-
TAG_LENGTH_BIT
public static final int TAG_LENGTH_BIT- See Also:
-
IV_LENGTH_BYTE
public static final int IV_LENGTH_BYTE- See Also:
-
AES_KEY_BIT
public static final int AES_KEY_BIT- See Also:
-
PROVIDER
public static final org.bouncycastle.jce.provider.BouncyCastleProvider PROVIDER
-
-
Constructor Details
-
EncryptorUtil
public EncryptorUtil()
-
-
Method Details
-
keyToString
-
keyFromString
HmacSHA256, HmacSHA384, HmacSHA512, AES, etc.- Parameters:
encodedKey-algorithm-- Returns:
-
buildSecretKey
-
init
-
md5
- Parameters:
filename-- Returns:
- Throws:
NoSuchAlgorithmExceptionIOException
-
md5
public static byte[] md5(File filename, String algorithm) throws NoSuchAlgorithmException, IOException - Parameters:
filename-algorithm- MD5, SHA-1, SHA-256 or SHA3-256 see https://en.wikipedia.org/wiki/SHA-3 (section Comparison of SHA functions)- Returns:
- Throws:
NoSuchAlgorithmExceptionIOException
-
md5
- Parameters:
text-- Returns:
- Throws:
UnsupportedEncodingExceptionNoSuchAlgorithmException
-
md5
- Parameters:
data-- Returns:
- Throws:
NoSuchAlgorithmException
-
md5
- Parameters:
data-algorithm- MD5, SHA-1, SHA-256 or SHA3-256 see https://en.wikipedia.org/wiki/SHA-3 (section Comparison of SHA functions) (128-bit)- Returns:
- Throws:
NoSuchAlgorithmException
-
md5ToString
-
generateAESKey
- Throws:
NoSuchAlgorithmException
-
loadSymmetricKey
public static SecretKey loadSymmetricKey(String symmetricKeyFile, String symmetricKeyAlgorithm) throws IOException - Throws:
IOException
-
loadSymmetricKey
public static SecretKey loadSymmetricKey(byte[] symmetricKeyBytes, String symmetricKeyAlgorithm) throws IOException - Throws:
IOException
-
generateInitializationVector
public static byte[] generateInitializationVector(int ivBytes) -
buildCypher_GCM
public static Cipher buildCypher_GCM(boolean encrypt, SecretKey symmetricKey, byte[] iv) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException -
encrypt
public static byte[] encrypt(SecretKey symmetricKey, byte[] iv, byte[] plainData) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException -
decrypt
public static byte[] decrypt(SecretKey symmetricKey, byte[] iv, byte[] encryptedData) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException -
encrypt
public static void encrypt(SecretKey symmetricKey, String plainDataFileName, String encryptedFileName) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException -
decrypt
public static byte[] decrypt(SecretKey symmetricKey, byte[] encryptedLibraryBytes) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException -
generateKeyPair_RSA4096
public static KeyPair generateKeyPair_RSA4096() throws NoSuchAlgorithmException, InvalidKeySpecException -
generateKeyPair
public static KeyPair generateKeyPair(String keyfactoryAlgorithm, int size) throws NoSuchAlgorithmException, InvalidKeySpecException 1. generate keypair: openssl genrsa -des3 -out keypair.pem 40962. export public key: openssl rsa -in keypair.pem -outform PEM -pubout -out public.pem3. export private key: openssl rsa -in keypair.pem -out private_unencrypted.pem -outform PEM4. encrypt and convert private key from PKCS#1 to PKCS#8: openssl pkcs8 -topk8 -inform PEM -outform PEM -in private_unencrypted.pem -out private.pem- Parameters:
keyfactoryAlgorithm- - RSA(2048), EC(571)size-- Returns:
- Throws:
NoSuchAlgorithmExceptionInvalidKeySpecException
-
saveKeyToFile
- Throws:
IOException
-
secureMem
public static void secureMem(char[] pwd) -
loadKeyPair
public static KeyPair loadKeyPair(EncryptorUtil.KeyFileType fileType, File keystoreFile, char[] keyStorePwd, String alias, char[] privateKeyPwd) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException - Parameters:
fileType-keystoreFile-keyStorePwd-alias-privateKeyPwd-- Returns:
- Throws:
NoSuchAlgorithmExceptionKeyStoreExceptionIOExceptionCertificateExceptionUnrecoverableKeyException
-
loadPublicKey
public static PublicKey loadPublicKey(EncryptorUtil.KeyFileType fileType, File publicKeyFile) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, CertificateException -
loadPublicKey
public static PublicKey loadPublicKey(EncryptorUtil.KeyFileType fileType, File publicKeyFile, String algorithm) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, CertificateException - Parameters:
fileType-publicKeyFile-algorithm-- Returns:
- Throws:
IOExceptionNoSuchAlgorithmExceptionInvalidKeySpecExceptionCertificateException
-
loadX509EncodedPublicKey
public static PublicKey loadX509EncodedPublicKey(byte[] permData, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException -
loadPrivateKey
public static PrivateKey loadPrivateKey(File pemFile) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException -
loadPrivateKey
public static PrivateKey loadPrivateKey(File pemFile, String algorithm) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException -
loadPrivateKey
public static PrivateKey loadPrivateKey(byte[] pkcs8Data, String algorithm) throws InvalidKeySpecException, NoSuchAlgorithmException -
loadPrivateKey
public static PrivateKey loadPrivateKey(File pemFile, char... password) throws IOException, org.bouncycastle.operator.OperatorCreationException, GeneralSecurityException - Throws:
IOExceptionorg.bouncycastle.operator.OperatorCreationExceptionGeneralSecurityException
-
loadPermKey
- Throws:
InvalidKeySpecExceptionIOException
-
loadPermKey
- Throws:
InvalidKeySpecException
-
asymmetric
protected static byte[] asymmetric(int cipherMode, Key asymmetricKey, byte[] in) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException - Parameters:
cipherMode- Cipher.ENCRYPT_MODE(1) or Cipher.DECRYPT_MODE(2)asymmetricKey-in-- Returns:
- Throws:
NoSuchAlgorithmExceptionInvalidKeyExceptionNoSuchPaddingExceptionIllegalBlockSizeExceptionBadPaddingException
-
encrypt
public static byte[] encrypt(Key asymmetricKey, byte[] in) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException -
decrypt
public static byte[] decrypt(Key asymmetricKey, byte[] in) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException -
encrypt
public static void encrypt(Key asymmetricKey, SecretKey symmetricKey, String plainDataFileName, String encryptedFileName, Key digitalSignatureKey) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException encrypt large file- Parameters:
asymmetricKey- symmetric encryption will be used if nullsymmetricKey- encrypt with random session key if nullplainDataFileName-encryptedFileName-digitalSignatureKey- - to sign the digital signature if not null- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
encrypt
public static void encrypt(Key asymmetricKey, SecretKey symmetricKey, String plainDataFileName, String encryptedFileName, Key digitalSignatureKey, String md5Algorithm) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException - Parameters:
asymmetricKey-symmetricKey-plainDataFileName-encryptedFileName-digitalSignatureKey-md5Algorithm- MD5, SHA-1, SHA-256 or SHA3-256 see https://en.wikipedia.org/wiki/SHA-3 (section Comparison of SHA functions)- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
encrypt
public static byte[] encrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] plainData, Key digitalSignatureKey) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException encrypt data in RAM- Parameters:
asymmetricKey- symmetric encryption will be used if nullsymmetricKey- encrypt with random session key if nullplainData-digitalSignatureKey- - to sign the digital signature if not null- Returns:
- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
encrypt
public static byte[] encrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] plainData, Key digitalSignatureKey, String md5Algorithm) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException - Parameters:
asymmetricKey-symmetricKey-plainData-digitalSignatureKey-md5Algorithm- MD5, SHA-1, SHA-256 or SHA3-256 see https://en.wikipedia.org/wiki/SHA-3 (section Comparison of SHA functions)- Returns:
- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
decrypt
public static void decrypt(Key asymmetricKey, SecretKey symmetricKey, String encryptedFileName, String plainDataFileName, Key digitalSignatureKey, @Nullable EncryptorUtil.EncryptionMeta meta) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException decrypt large file- Parameters:
asymmetricKey- symmetric decryption if nullsymmetricKey- decrypt with asymmetric encrypted random session key if nullencryptedFileName-plainDataFileName-digitalSignatureKey- - to verify the digital signature if not nullmeta-- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
decrypt
public static void decrypt(Key asymmetricKey, SecretKey symmetricKey, String encryptedFileName, String plainDataFileName, Key digitalSignatureKey, @Nullable EncryptorUtil.EncryptionMeta meta, String md5Algorithm) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException - Parameters:
asymmetricKey-symmetricKey-encryptedFileName-plainDataFileName-digitalSignatureKey-meta-md5Algorithm- MD5, SHA-1, SHA-256 or SHA3-256 see https://en.wikipedia.org/wiki/SHA-3 (section Comparison of SHA functions)- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
decrypt
public static byte[] decrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] encryptedData, Key digitalSignatureKey, @Nullable EncryptorUtil.EncryptionMeta meta) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException decrypt data in RAM- Parameters:
asymmetricKey- symmetric decryption if nullsymmetricKey- decrypt with asymmetric encrypted random session key if nullencryptedData-digitalSignatureKey- - to verify the digital signature if not nullmeta-- Returns:
- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
decrypt
public static byte[] decrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] encryptedData, Key digitalSignatureKey, @Nullable EncryptorUtil.EncryptionMeta meta, String md5Algorithm) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException - Parameters:
asymmetricKey-symmetricKey-encryptedData-digitalSignatureKey-meta-md5Algorithm- MD5, SHA-1, SHA-256 or SHA3-256 see https://en.wikipedia.org/wiki/SHA-3 (section Comparison of SHA functions)- Returns:
- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-