Package org.summerboot.jexpress.security
Class EncryptorUtil
java.lang.Object
org.summerboot.jexpress.security.EncryptorUtil
- Author:
- Changski Tie Zheng Zhang 张铁铮, 魏泽北, 杜旺财, 杜富贵
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classstatic enum -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final intstatic final Stringstatic final intstatic final intstatic final Stringstatic final org.bouncycastle.jce.provider.BouncyCastleProviderprotected static SecureRandomstatic final Stringstatic final Stringstatic final intstatic final Stringstatic final int -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected static byte[]asymmetric(int cipherMode, Key asymmetricKey, byte[] in) static Stringbase64Decode(String base64Text) static Stringbase64Encode(String plain) static CipherbuildCypher_GCM(boolean encrypt, SecretKey symmetricKey, byte[] iv) static SecretKeybuildSecretKey(char[] password, byte[] salt) static SecretKeybuildSecretKey(String password, byte[] salt) static byte[]decrypt(char[] password, byte[] encryptedDataPackage) static Stringdecrypt encrypted value with prefix to plain textstatic byte[]static byte[]static byte[]decrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] encryptedData, Key digitalSignatureKey, EncryptorUtil.EncryptionMeta meta) decrypt data in RAMstatic byte[]decrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] encryptedData, Key digitalSignatureKey, EncryptorUtil.EncryptionMeta meta, String md5Algorithm) static voiddecrypt(Key asymmetricKey, SecretKey symmetricKey, String encryptedFileName, String plainDataFileName, Key digitalSignatureKey, EncryptorUtil.EncryptionMeta meta) decrypt large filestatic voiddecrypt(Key asymmetricKey, SecretKey symmetricKey, String encryptedFileName, String plainDataFileName, Key digitalSignatureKey, EncryptorUtil.EncryptionMeta meta, String md5Algorithm) static byte[]static byte[]static byte[]encrypt(char[] password, byte[] plainData) static Stringstatic byte[]static byte[]static byte[]encrypt data in RAMstatic byte[]encrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] plainData, Key digitalSignatureKey, String md5Algorithm) static voidencrypt(Key asymmetricKey, SecretKey symmetricKey, String plainDataFileName, String encryptedFileName, Key digitalSignatureKey) encrypt large filestatic voidencrypt(Key asymmetricKey, SecretKey symmetricKey, String plainDataFileName, String encryptedFileName, Key digitalSignatureKey, String md5Algorithm) static byte[]static voidstatic SecretKeystatic KeyPairgenerateKeyPair(String keyfactoryAlgorithm, int size) 1. generate keypair: openssl genrsa -des3 -out keypair.pem 40962. export public key: openssl rsa -in keypair.pem -outform PEM -pubout -out public.pem3. export private key: openssl rsa -in keypair.pem -out private_unencrypted.pem -outform PEM4. encrypt and convert private key from PKCS#1 to PKCS#8: openssl pkcs8 -topk8 -inform PEM -outform PEM -in private_unencrypted.pem -out private.pemstatic KeyPairstatic KeyPairstatic KeykeyFromString(String encodedKey, String algorithm) HmacSHA256, HmacSHA384, HmacSHA512, AES, etc.static StringkeyToString(Key signingKey) static KeyPairloadKeyPair(EncryptorUtil.KeyFileType fileType, File keystoreFile, char[] keyStorePwd, String alias, char[] privateKeyPwd) static byte[]loadPermKey(File pemFile) static byte[]loadPermKey(String pemFileContent) static PrivateKeyloadPrivateKey(byte[] pkcs8Data, String algorithm) static PrivateKeyloadPrivateKey(File pemFile) static PrivateKeyloadPrivateKey(File pemFile, char... password) static PrivateKeyloadPrivateKey(File pemFile, String algorithm) static PublicKeyloadPublicKey(EncryptorUtil.KeyFileType fileType, File publicKeyFile) static PublicKeyloadPublicKey(EncryptorUtil.KeyFileType fileType, File publicKeyFile, String algorithm) static SecretKeyloadSymmetricKey(byte[] symmetricKeyBytes, String symmetricKeyAlgorithm) static SecretKeyloadSymmetricKey(String symmetricKeyFile, String symmetricKeyAlgorithm) static PublicKeyloadX509EncodedPublicKey(byte[] permData, String algorithm) static byte[]md5(byte[] data) static byte[]static byte[]static byte[]static byte[]static Stringmd5ToString(byte[] md5) static byte[]randomBytes(int len) static voidsecureMem(char[] pwd) static voidsetMasterPassword(String masterPassword)
-
Field Details
-
AES_KEY_ALGO
- See Also:
-
MESSAGEDIGEST_ALGORITHM
- See Also:
-
RSA_KEY_ALGO
- See Also:
-
ENCRYPT_ALGO
- See Also:
-
RSA_CIPHER_ALGORITHM
- See Also:
-
TAG_LENGTH_BIT
public static final int TAG_LENGTH_BIT- See Also:
-
IV_LENGTH_BYTE
public static final int IV_LENGTH_BYTE- See Also:
-
AES_KEY_BIT
public static final int AES_KEY_BIT- See Also:
-
SALT_LEN
public static final int SALT_LEN- See Also:
-
ITERATIONS
public static final int ITERATIONS- See Also:
-
SECRET_KEY_ALGO
- See Also:
-
PROVIDER
public static final org.bouncycastle.jce.provider.BouncyCastleProvider PROVIDER -
RANDOM
-
-
Constructor Details
-
EncryptorUtil
public EncryptorUtil()
-
-
Method Details
-
base64Decode
-
base64Encode
-
keyToString
-
keyFromString
HmacSHA256, HmacSHA384, HmacSHA512, AES, etc.- Parameters:
encodedKey-algorithm-- Returns:
-
setMasterPassword
-
randomBytes
public static byte[] randomBytes(int len) -
buildSecretKey
-
buildSecretKey
-
md5
- Parameters:
filename-- Returns:
- Throws:
NoSuchAlgorithmExceptionIOException
-
md5
public static byte[] md5(File filename, String algorithm) throws NoSuchAlgorithmException, IOException - Parameters:
filename-algorithm- MD5, SHA-1, SHA-256 or SHA3-256 see https://en.wikipedia.org/wiki/SHA-3 (section Comparison of SHA functions)- Returns:
- Throws:
NoSuchAlgorithmExceptionIOException
-
md5
- Parameters:
text-- Returns:
- Throws:
UnsupportedEncodingExceptionNoSuchAlgorithmException
-
md5
- Parameters:
data-- Returns:
- Throws:
NoSuchAlgorithmException
-
md5
- Parameters:
data-algorithm- MD5, SHA-1, SHA-256 or SHA3-256 see https://en.wikipedia.org/wiki/SHA-3 (section Comparison of SHA functions) (128-bit)- Returns:
- Throws:
NoSuchAlgorithmException
-
md5ToString
-
generateAESKey
- Throws:
NoSuchAlgorithmException
-
encrypt
public static byte[] encrypt(SecretKey symmetricKey, byte[] iv, byte[] plainData) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException -
decrypt
public static byte[] decrypt(SecretKey symmetricKey, byte[] iv, byte[] encryptedData) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException -
loadSymmetricKey
public static SecretKey loadSymmetricKey(String symmetricKeyFile, String symmetricKeyAlgorithm) throws IOException - Throws:
IOException
-
loadSymmetricKey
public static SecretKey loadSymmetricKey(byte[] symmetricKeyBytes, String symmetricKeyAlgorithm) throws IOException - Throws:
IOException
-
buildCypher_GCM
public static Cipher buildCypher_GCM(boolean encrypt, SecretKey symmetricKey, byte[] iv) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException -
encrypt
- Parameters:
plainData-warped- true if the encrypted value is in a warper like password=DEC(encrypted password)- Returns:
- Throws:
GeneralSecurityException
-
encrypt
- Throws:
GeneralSecurityException
-
encrypt
- Throws:
GeneralSecurityException
-
decrypt
decrypt encrypted value with prefix to plain text- Parameters:
encodedData-warped- true if the encrypted value is in a warper like password=ENC(encrypted password)- Returns:
- Throws:
GeneralSecurityException
-
decrypt
public static byte[] decrypt(String password, byte[] encryptedDataPackage) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
decrypt
public static byte[] decrypt(char[] password, byte[] encryptedDataPackage) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
encrypt
public static void encrypt(SecretKey symmetricKey, String plainDataFileName, String encryptedFileName) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException -
decrypt
public static byte[] decrypt(SecretKey symmetricKey, byte[] encryptedLibraryBytes) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException -
generateKeyPairRSA
public static KeyPair generateKeyPairRSA() throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException -
generateKeyPairEC
public static KeyPair generateKeyPairEC() throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException -
generateKeyPair
public static KeyPair generateKeyPair(String keyfactoryAlgorithm, int size) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException 1. generate keypair: openssl genrsa -des3 -out keypair.pem 40962. export public key: openssl rsa -in keypair.pem -outform PEM -pubout -out public.pem3. export private key: openssl rsa -in keypair.pem -out private_unencrypted.pem -outform PEM4. encrypt and convert private key from PKCS#1 to PKCS#8: openssl pkcs8 -topk8 -inform PEM -outform PEM -in private_unencrypted.pem -out private.pem- Parameters:
keyfactoryAlgorithm- - RSA(2048), EC(571)size-- Returns:
- Throws:
NoSuchAlgorithmExceptionInvalidKeySpecExceptionInvalidAlgorithmParameterException
-
secureMem
public static void secureMem(char[] pwd) -
loadKeyPair
public static KeyPair loadKeyPair(EncryptorUtil.KeyFileType fileType, File keystoreFile, char[] keyStorePwd, String alias, char[] privateKeyPwd) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException - Parameters:
fileType-keystoreFile-keyStorePwd-alias-privateKeyPwd-- Returns:
- Throws:
NoSuchAlgorithmExceptionKeyStoreExceptionIOExceptionCertificateExceptionUnrecoverableKeyException
-
loadPublicKey
public static PublicKey loadPublicKey(EncryptorUtil.KeyFileType fileType, File publicKeyFile) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, CertificateException -
loadPublicKey
public static PublicKey loadPublicKey(EncryptorUtil.KeyFileType fileType, File publicKeyFile, String algorithm) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, CertificateException - Parameters:
fileType-publicKeyFile-algorithm-- Returns:
- Throws:
IOExceptionNoSuchAlgorithmExceptionInvalidKeySpecExceptionCertificateException
-
loadX509EncodedPublicKey
public static PublicKey loadX509EncodedPublicKey(byte[] permData, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException -
loadPrivateKey
public static PrivateKey loadPrivateKey(File pemFile) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException -
loadPrivateKey
public static PrivateKey loadPrivateKey(File pemFile, String algorithm) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException -
loadPrivateKey
public static PrivateKey loadPrivateKey(byte[] pkcs8Data, String algorithm) throws InvalidKeySpecException, NoSuchAlgorithmException -
loadPrivateKey
public static PrivateKey loadPrivateKey(File pemFile, char... password) throws IOException, org.bouncycastle.operator.OperatorCreationException, GeneralSecurityException - Throws:
IOExceptionorg.bouncycastle.operator.OperatorCreationExceptionGeneralSecurityException
-
loadPermKey
- Throws:
InvalidKeySpecExceptionIOException
-
loadPermKey
- Throws:
InvalidKeySpecException
-
asymmetric
protected static byte[] asymmetric(int cipherMode, Key asymmetricKey, byte[] in) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException - Parameters:
cipherMode- Cipher.ENCRYPT_MODE(1) or Cipher.DECRYPT_MODE(2)asymmetricKey-in-- Returns:
- Throws:
NoSuchAlgorithmExceptionInvalidKeyExceptionNoSuchPaddingExceptionIllegalBlockSizeExceptionBadPaddingException
-
encrypt
public static byte[] encrypt(Key asymmetricKey, byte[] in) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException -
decrypt
public static byte[] decrypt(Key asymmetricKey, byte[] in) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException -
encrypt
public static void encrypt(Key asymmetricKey, SecretKey symmetricKey, String plainDataFileName, String encryptedFileName, Key digitalSignatureKey) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException encrypt large file- Parameters:
asymmetricKey- symmetric encryption will be used if nullsymmetricKey- encrypt with random session key if nullplainDataFileName-encryptedFileName-digitalSignatureKey- - to sign the digital signature if not null- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
encrypt
public static void encrypt(Key asymmetricKey, SecretKey symmetricKey, String plainDataFileName, String encryptedFileName, Key digitalSignatureKey, String md5Algorithm) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException - Parameters:
asymmetricKey-symmetricKey-plainDataFileName-encryptedFileName-digitalSignatureKey-md5Algorithm- MD5, SHA-1, SHA-256 or SHA3-256 see https://en.wikipedia.org/wiki/SHA-3 (section Comparison of SHA functions)- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
encrypt
public static byte[] encrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] plainData, Key digitalSignatureKey) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException encrypt data in RAM- Parameters:
asymmetricKey- symmetric encryption will be used if nullsymmetricKey- encrypt with random session key if nullplainData-digitalSignatureKey- - to sign the digital signature if not null- Returns:
- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
encrypt
public static byte[] encrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] plainData, Key digitalSignatureKey, String md5Algorithm) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException - Parameters:
asymmetricKey-symmetricKey-plainData-digitalSignatureKey-md5Algorithm- MD5, SHA-1, SHA-256 or SHA3-256 see https://en.wikipedia.org/wiki/SHA-3 (section Comparison of SHA functions)- Returns:
- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
decrypt
public static void decrypt(Key asymmetricKey, SecretKey symmetricKey, String encryptedFileName, String plainDataFileName, Key digitalSignatureKey, @Nullable EncryptorUtil.EncryptionMeta meta) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException decrypt large file- Parameters:
asymmetricKey- symmetric decryption if nullsymmetricKey- decrypt with asymmetric encrypted random session key if nullencryptedFileName-plainDataFileName-digitalSignatureKey- - to verify the digital signature if not nullmeta-- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
decrypt
public static void decrypt(Key asymmetricKey, SecretKey symmetricKey, String encryptedFileName, String plainDataFileName, Key digitalSignatureKey, @Nullable EncryptorUtil.EncryptionMeta meta, String md5Algorithm) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException - Parameters:
asymmetricKey-symmetricKey-encryptedFileName-plainDataFileName-digitalSignatureKey-meta-md5Algorithm- MD5, SHA-1, SHA-256 or SHA3-256 see https://en.wikipedia.org/wiki/SHA-3 (section Comparison of SHA functions)- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
decrypt
public static byte[] decrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] encryptedData, Key digitalSignatureKey, @Nullable EncryptorUtil.EncryptionMeta meta) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException decrypt data in RAM- Parameters:
asymmetricKey- symmetric decryption if nullsymmetricKey- decrypt with asymmetric encrypted random session key if nullencryptedData-digitalSignatureKey- - to verify the digital signature if not nullmeta-- Returns:
- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-
decrypt
public static byte[] decrypt(Key asymmetricKey, SecretKey symmetricKey, byte[] encryptedData, Key digitalSignatureKey, @Nullable EncryptorUtil.EncryptionMeta meta, String md5Algorithm) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException - Parameters:
asymmetricKey-symmetricKey-encryptedData-digitalSignatureKey-meta-md5Algorithm- MD5, SHA-1, SHA-256 or SHA3-256 see https://en.wikipedia.org/wiki/SHA-3 (section Comparison of SHA functions)- Returns:
- Throws:
IOExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeyExceptionInvalidAlgorithmParameterExceptionIllegalBlockSizeExceptionBadPaddingException
-