Package net.aifusion.utils

Class EncryptionUtility

java.lang.Object
net.aifusion.utils.EncryptionUtility
public class EncryptionUtility extends Object
Utility class to manage message encryption and signing
Author:
Sharad Singhal

  • Field Details

    • MIN_BUF_SIZE

      public static final int MIN_BUF_SIZE
      See Also:

    • signatureAlgorithm

      public static final String signatureAlgorithm
      Algorithm used to generate message signatures
      See Also:

    • symmetricKeyAlgorithm

      public static final String symmetricKeyAlgorithm
      Algorithm used to encrypt messages
      See Also:

    • encryptionAlgorithm

      public static final String encryptionAlgorithm
      Algorithm used to encrypt symmetric keys
      See Also:

    • publicKeyAlgorithm

      public static final String publicKeyAlgorithm
      Algorithm used for generating public keys for signing
      See Also:

    • symmetricKeyCryptoMode

      public static final String symmetricKeyCryptoMode
      Encryption/Decryption mode used to encrypt messages with the symmetric key
      See Also:

    • SYMMETRIC_KEY_LENGTH

      public static final int SYMMETRIC_KEY_LENGTH
      Key length (in bits) of the symmetric keys
      See Also:

    • PUBLIC_KEY_LENGTH

      public static final int PUBLIC_KEY_LENGTH
      Key length (in bits) used for generating the wrapping keys
      See Also:

    • secretKeyGenerationAlgorithm

      public static final String secretKeyGenerationAlgorithm
      Algorithm used to transform passwords+salts to secret keys
      See Also:

    • SECRET_KEY_ITERATION

      public static final int SECRET_KEY_ITERATION
      Iteration count for generating secret key
      See Also:

    • SEED_LENGTH

      public static final int SEED_LENGTH
      Default length of seeds
      See Also:

    • digestAlgorithm

      public static final String digestAlgorithm
      Algorithm use to compute message digests
      See Also:

  • Method Details

    • getHash

      public static byte[] getHash(byte[] passPhrase)
      Hash a pass phrase. A random seed and the passphrase are hashed. The seed is then prepended to the digest and returned as the hash
      Parameters:
      passPhrase - - passphrase to hash
      Returns:
      byte array containing the hash
      See Also:

    • validateHash

      public static boolean validateHash(byte[] expectedHash, byte[] passPhrase)
      Validate if a passPhrase matches a hash
      Parameters:
      expectedHash - - expected hash
      passPhrase - - passphrase to test
      Returns:
      true if match, false otherwise
      See Also:

    • sign

      public static byte[] sign(PrivateKey signatureKey, byte[] plainText)
      Sign some plainText using a signature key
      Parameters:
      signatureKey - - sender's private signature key
      plainText - - PlainText to sign
      Returns:
      - bytes containing the signature
      See Also:

    • verify

      public static boolean verify(PublicKey validationKey, byte[] plainText, byte[] signature)
      Verify the signature on some signed plainText
      Parameters:
      validationKey - - sender's public validation key corresponding to the signature key
      plainText - - signed plainText
      signature - - signature received with the text
      Returns:
      true - if the signature is successfully verified, false otherwise
      See Also:

    • wrap

      public static byte[] wrap(SecretKey key, PublicKey encryptionKey)
      Wrap a secret key using a receiver's public encryption key
      Parameters:
      key - - key to wrap
      encryptionKey - - receiver's public encryption key
      Returns:
      - wrapped key

    • unwrap

      public static SecretKey unwrap(byte[] wrappedKey, PrivateKey decryptionKey)
      Unwrap a secret key using the receiver's private decryption key
      Parameters:
      wrappedKey - - wrapped key
      decryptionKey - - receiver's private decryption key
      Returns:
      - unwrapped secret key

    • encrypt

      public static byte[] encrypt(byte[] plainText, PublicKey encryptionKey)
      Encrypt some plaintext using a public encryption key
      Parameters:
      plainText - - plaintext to encrypt
      encryptionKey - - public encryption key
      Returns:
      - encrypted text. Null in case of error
      See Also:

    • decrypt

      public static byte[] decrypt(byte[] cipherText, PrivateKey decryptionKey)
      Decrypt some ciphertext using a private decryption key
      Parameters:
      cipherText - - ciphertext to decrypt
      decryptionKey - - private decryption key
      Returns:
      - plain text. Null if error
      See Also:

    • signAndEncrypt

      public static byte[] signAndEncrypt(KeyPair senderKeys, byte[] plainText, PublicKey receiverEncryptionKey)
      Sign and encrypt a message for transmission to a receiver. The method uses the private signature key of the sender to sign the message, and the public encryption key of the receiver to encrypt the message contents.

      An AES secret key is first generated, and encrypted (wrapped) using the receiver's public encryption key. The Sender's verificationKey, the messageSignature, and the plain text are encrypted using the secret key and the wrapped key and the encrypted text is returned packed as {WLen,WrappedKey,E[{PkLen,PublicKey,SLen,Signature,PtLen,PlainText}]}, where {x}Len is two bytes containing the length of {x}. Currently assumes that RSA keys are used for the asymetric keys

      Parameters:
      senderKeys - - keypair containing the sender's signature keys
      plainText - - message to be sent (Should be less than about 60000 bytes).
      receiverEncryptionKey - - the public (encryption) key of the receiver
      Returns:
      - encrypted message. Null in case of error
      See Also:

    • decryptAndVerify

      public static byte[] decryptAndVerify(PrivateKey decryptionKey, byte[] receivedCipherText)
      Decrypt a message, and verify the signature on it. The message is unpacked, the received encryption key is decrypted using the receiver's private decryption key, and the signature on the message is verified using the sender's public key (included as part of the message). Currently assumes RSA key pairs
      Parameters:
      decryptionKey - - decryption key to be used
      receivedCipherText - - received message
      Returns:
      - plainText. Null if some error occurs
      See Also:

    • generatePublicKeyPair

      public static KeyPair generatePublicKeyPair()
      Generate a private/public key pair usable by this class
      Returns:
      - a key pair containing public/private keys usable by this class
      Throws:
      ModelException - if the Java security policy does not permit keys of the appropriate length to be generated
      See Also:

    • generatePublicKeyPair

      public static KeyPair generatePublicKeyPair(byte[] privateKeyData, byte[] publicKeyData)
      Generate the private/public keys from encoded key data
      Parameters:
      privateKeyData - - private key data (from key.getEncoded())
      publicKeyData - - public key data (from key.getEncoded()))
      Returns:
      - key pair containing the private/public keys
      See Also:

    • generateSecretKey

      public static SecretKey generateSecretKey()
      Generate a secret key
      Returns:
      - a secret key usable by this class

    • generateSecretKey

      public static SecretKey generateSecretKey(byte[] salt, char[] password)
      Generate a password-based secret key. This method takes a salt and a password, and generates an AES key from them
      Parameters:
      salt - - salt used in the algorithm (normally 16 bytes)
      password - - password to be used to generate the secret key
      Returns:
      - key to be used in secret key encryption
      See Also:

    • encrypt

      public static byte[] encrypt(byte[] plainText, SecretKey key)
      Encrypt some plain text using secret key-based encryption
      Parameters:
      plainText - - plainText to be encrypted
      key - - secret key for encryption
      Returns:
      - encrypted cipher text
      See Also:

    • decrypt

      public static byte[] decrypt(byte[] cipherText, SecretKey key)
      Decrypt some cipherText that was encrypted using secret key-based encryption
      Parameters:
      cipherText - - cipherText to be decrypted
      key - - secret key to be used for decryption
      Returns:
      - decrypted plain text
      See Also:

    • encrypt

      public static byte[] encrypt(byte[] plainText, char[] password)
      Encrypt some plain text using a password. An encryption key is generated using the password and a randomly generated salt, and used to encrypt the message. The salt concatenated with the encoded message is returned as the cipherText
      Parameters:
      plainText - - plain text to be encrypted
      password - - password to be used for encryption
      Returns:
      - encrypted cipherText
      See Also:

    • decrypt

      public static byte[] decrypt(byte[] cipherText, char[] password)
      Decrypt some cipherText that was encrypted using password-based encryption. The salt is extracted from the message, and the password is used to re-generate the encryption key, which is then used to decrypt the message.
      Parameters:
      cipherText - - cipherText to be decrypted
      password - - password used to encrypt the text
      Returns:
      - decrypted plain text
      See Also:

    • encrypt

      public static void encrypt(InputStream input, CipherOutputStream output, SecretKey key)

    • decrypt

      public static void decrypt(CipherInputStream input, OutputStream output, SecretKey key)