Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
125 views
in Technique[技术] by (71.8m points)

java - Importing and exporting keys

Hello I am trying to import and export (to and from string) public/private keys for RSA, ECC, AES GCM, and ChaChaPoly1305.

I am using bouncy castle 1.59 to accomplish most of this. RSA I can use a KeyFactory natively supported by java so that is probably fine.

However, the other ones do not seem possible. Does anyone know of previous work in this area? I am looking for something like wolfcrypt's import and export functionality.

Essentially I need to be able to store a key and then recreate it.

Here is my code ( I know its a lot but its what I got).

Important snippet

    public static void packRsaKey(Key key, KeyPair keyPair) {
        key.toBuilder()
                .addPrimaryKey(ByteString.copyFrom(keyPair.getPrivate().getEncoded()))
                .addPublicKey(ByteString.copyFrom(keyPair.getPublic().getEncoded()))
                .build();
    }

    public static void packECCKey(Key key, KeyPair keyPair) {
        key.toBuilder()
                .addPrimaryKey(ByteString.copyFrom(keyPair.getPrivate().getEncoded()))
                .addPublicKey(ByteString.copyFrom(keyPair.getPublic().getEncoded()))
                .build();
    }

    public static void packAESGCMKey(Key key, SecretKey secretKey, byte[] IV) {
        key.toBuilder().setIv(ByteString.copyFrom(IV)).addPrimaryKey(ByteString.copyFrom(secretKey.getEncoded())).build();
    }

    public static void packChaChaPoly1305Key(Key key, SecretKey secretKey) {
        key.toBuilder().addPrimaryKey(ByteString.copyFrom(secretKey.getEncoded()));
    }

    public static PrivateKey unpackRsaPrivateKey(Key key) throws InvalidKeySpecException, NoSuchAlgorithmException {
        KeyFactory kf = KeyFactory.getInstance("RSA");
        X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(key.getPublicKey(0).toByteArray());
        return kf.generatePrivate(pkSpec);
    }

    public static PublicKey unpackRsaPublicKey(Key key) throws InvalidKeySpecException, NoSuchAlgorithmException {
        KeyFactory kf = KeyFactory.getInstance("RSA");
        X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(key.getPrimaryKey(0).toByteArray());
        return kf.generatePublic(pkSpec);
    }

    public static SecretKey unpackAESGCMKey(Key key) {
        return new SecretKeySpec(key.getPrimaryKey(0).toByteArray(), 0, key.getPrimaryKey(0).toByteArray().length, "AES");
    }

    public static SecretKey unpackChaChaPoly1305Key(Key key) {
        return new SecretKeySpec(key.getPrimaryKey(0).toByteArray(), 0, key.getPrimaryKey(0).toByteArray().length, "ChaCha20");
    }

    public static PrivateKey unpackECCPrivateKey(Key key) throws NoSuchAlgorithmException, InvalidKeySpecException {
        KeyFactory kf = KeyFactory.getInstance("EC");
        X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(key.getPublicKey(0).toByteArray());
        return kf.generatePrivate(pkSpec);
    }

    public static PublicKey unpackECCPublicKey(Key key) throws NoSuchAlgorithmException, InvalidKeySpecException {
        KeyFactory kf = KeyFactory.getInstance("EC");
        X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(key.getPrimaryKey(0).toByteArray());
        return kf.generatePublic(pkSpec);
    }

Full code

package com.keiros.security.encryption;

import java.security.*;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.*;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import com.google.protobuf.ByteString;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;


import com.keiros.security.AsymmetricEncryptionClass.AsymmetricEncryption;
import com.keiros.security.KeyClass.Key;
import com.keiros.security.SymmetricEncryptionClass.SymmetricEncryption;

/**
 * Helper class for encrypting strings.
 */
public class EncryptionHelper {

    public static final int AES_KEY_SIZE = 32;
    public static final int GCM_IV_LENGTH = 16;
    public static final int GCM_TAG_LENGTH = 16;


    public static boolean generateKey(Key key) {

        if (key.hasSymmetricKeyType()) {
            return generateSymmetricKey(key);
        } else if (key.hasAsymmetricKeyType()) {
            return generateAsymmetricKey(key);
        }
        return false;
    }

    public static boolean generateSymmetricKey(Key key) {
        if (key.getSymmetricKeyType().getType() == SymmetricEncryption.Types.AES_GCM) {
            try {
                generateAESGCMKey(key);
                return true;
            } catch (Exception e) {
                return false;
            }
        } else if (key.getSymmetricKeyType().getType() == SymmetricEncryption.Types.CHA_CHA_20_POLY_1305) {
            try {
                packChaChaPoly1305Key(key, generateChaChaPoly1305Key());
                return true;
            } catch (Exception e) {
                return false;
            }
        }
        return false;
    }

    public static SecretKey generateChaChaPoly1305Key() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("ChaCha20");
        keyGenerator.init(32);
        return keyGenerator.generateKey();
    }

    public static void generateAESGCMKey(Key key) throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(AES_KEY_SIZE);
        // Generate Key
        byte[] IV = new byte[GCM_IV_LENGTH];
        SecureRandom random = new SecureRandom();
        random.nextBytes(IV);

        SecretKey secretKey = keyGenerator.generateKey();
        packAESGCMKey(key, secretKey, IV);
    }

    public static boolean generateAsymmetricKey(Key key) {
        if (key.getAsymmetricKeyType().getType() == AsymmetricEncryption.Types.ECC) {
            try {
                KeyPair keyPair = generateECCKeys();
                packECCKey(key, keyPair);
            } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | NoSuchProviderException e) {
                return false;
            }
        } else if (key.getAsymmetricKeyType().getType() == AsymmetricEncryption.Types.SSH_2_RSA) {
            try {
                KeyPair keyPair = generateRsaKeys();
                packRsaKey(key, keyPair);
                return true;
            } catch (NoSuchAlgorithmException e) {
                return false;
            }
        }
        return false;
    }

    public static KeyPair generateRsaKeys() throws NoSuchAlgorithmException {
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        kpg.initialize(2048);
        return kpg.generateKeyPair();
    }

    public static KeyPair generateECCKeys() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException {
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
        kpg.initialize(new ECGenParameterSpec("secp256r1"));
        return kpg.generateKeyPair();
    }

    public static void packRsaKey(Key key, KeyPair keyPair) {
        key.toBuilder()
                .addPrimaryKey(ByteString.copyFrom(keyPair.getPrivate().getEncoded()))
                .addPublicKey(ByteString.copyFrom(keyPair.getPublic().getEncoded()))
                .build();
    }

    public static void packECCKey(Key key, KeyPair keyPair) {
        key.toBuilder()
                .addPrimaryKey(ByteString.copyFrom(keyPair.getPrivate().getEncoded()))
                .addPublicKey(ByteString.copyFrom(keyPair.getPublic().getEncoded()))
                .build();
    }

    public static void packAESGCMKey(Key key, SecretKey secretKey, byte[] IV) {
        key.toBuilder().setIv(ByteString.copyFrom(IV)).addPrimaryKey(ByteString.copyFrom(secretKey.getEncoded())).build();
    }

    public static void packChaChaPoly1305Key(Key key, SecretKey secretKey) {
        key.toBuilder().addPrimaryKey(ByteString.copyFrom(secretKey.getEncoded()));
    }

    public static PrivateKey unpackRsaPrivateKey(Key key) throws InvalidKeySpecException, NoSuchAlgorithmException {
        KeyFactory kf = KeyFactory.getInstance("RSA");
        X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(key.getPublicKey(0).toByteArray());
        return kf.generatePrivate(pkSpec);
    }

    public static PublicKey unpackRsaPublicKey(Key key) throws InvalidKeySpecException, NoSuchAlgorithmException {
        KeyFactory kf = KeyFactory.getInstance("RSA");
        X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(key.getPrimaryKey(0).toByteArray());
        return kf.generatePublic(pkSpec);
    }

    public static SecretKey unpackAESGCMKey(Key key) {
        return new SecretKeySpec(key.getPrimaryKey(0).toByteArray(), 0, key.getPrimaryKey(0).toByteArray().length, "AES");
    }

    public static SecretKey unpackChaChaPoly1305Key(Key key) {
        return new SecretKeySpec(key.getPrimaryKey(0).toByteArray(), 0, key.getPrimaryKey(0).toByteArray().length, "ChaCha20");
    }

    public static PrivateKey unpackECCPrivateKey(Key key) throws NoSuchAlgorithmException, InvalidKeySpecException {
        KeyFactory kf = KeyFactory.getInstance("EC");
        X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(key.getPublicKey(0).toByteArray());
        return kf.generatePrivate(pkSpec);
    }

    public static PublicKey unpackECCPublicKey(Key key) throws NoSuchAlgorithmException, InvalidKeySpecException {
        KeyFactory kf = KeyFactory.getInstance("EC");
        X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(key.getPrimaryKey(0).toByteArray());
        return kf.generatePublic(pkSpec);
    }

    public boolean encryptData(String in, StringBuilder out, Key key) {
        if (key.hasAsymmetricKeyType()) {
            if (key.getAsymmetricKeyType().getType() == AsymmetricEncryption.Types.SSH_2_RSA) {
                try {
                    out.append(encryptRsa(in.getBytes(), unpackRsaPublicKey(key)));
                    return true;
                } catch (Exception e) {
                    return false;
                }
            }
        } else if (key.hasSymmetricKeyType()) {
            if (key.getSymmetricKeyType().getType() == SymmetricEncryption.Types.AES_GCM) {
                try {
                    out.append(encryptAESGCM(in, key));
                    return true;
                } catch (Exception e) {
                    return false;
                }
            } else if (key.getSymmetricKeyType().getType() == SymmetricEncryption.Types.CHA_CHA_20_POLY_1305) {
                try {
                    out.append(encryptChaChaPoly1305(in, key));
                    return true;
                } catch (Exception e) {
                    return false;
                }
            }
        }
        return false;
    }

    public boolean encryptData(String in, StringBuilder out, Key firstKey, Key secondKey) {

        if (firstKey.hasAsymmetricKeyType() && firstKey.getAsymmetricKeyType().getType() == AsymmetricEncryption.Types.ECC) {
            if (secondKey.hasAsymmetricKeyType() && secondKey.getAsymmetricKeyType().getType() == Asymmetric

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

The description 'DER' is ambiguous, but in the contrast you quoted it probably means that RSA keys are in the ASN.1 format(s?) defined by PKCS1 aka RFC8017 et pred Appendix A.1 which like all ASN.1 data can be and for crypto often is encoded in DER. 'X.963' is clearly a mistake; the relevant standards for ECC crypto are X9.62 and X9.63, but the publickey format which indeed is not ASN.1/DER was defined by X9.62 and copied by X9.63, while the privatekey format was not standardized at all, but is often a raw octet string and not ASN.1/DER. (X.(number) standards are from the international treaty organization formerly called International Consultative Committee on Telephony and Telegraphy CCITT and now International Telecommunication Union Telecommunication Standardization Sector ITU-T; X9.(number) are from the USA private-sector financial-industry organization ANSI accredited standards committee (ASC) X9.) OTOH Java crypto encoding for private key is PKCS8 aka RFC5208 (unencrypted) which adds metadata. To convert a Java key to the format your 'wolfcrypt' apparently wants is fairly easy, by just extracting the algorithm-dependent element, while the reverse, using a 'wolfcrypt' key in Java, would be quite difficult with just Java, but adding BouncyCastle helps a lot; there are numerous existing Qs about both (or all three) of these, which I will dig up for you later.

Some other, partial, comments:

generateChaChaPoly1305Key, generateAESGCMKey: KeyGenerator.init(int) takes the number of bits, which should be 256 for ChaCha20 and 128, 192 or 256 for AES. (So does KeyPairGenerator and you got that one right for RSA.) The IV should NOT be generated with the key for AES-GCM; see more below.

unpackRsaPrivateKey, unpackRsaPublicKey, unpackECCPrivateKey, unpackECCPublicKey: the 'PrivateKey' methods use key.getPublicKey() and the 'PublicKey' methods use key.getPrivateKey() which appears to be backwards. Assuming you change the PrivateKey methods to use the privatekey, as above the Java encoding of a privatekey is PKCS8EncodedKeySpec -- not X509EncodedKeySpec which is only for publickey.

unpackAESGCMKey, unpackChaChaPoly1305Key: to use a whole byte[] as the key, you don't need to specify , 0, array.length, you can use the simpler ctor SecretKeySpec(byte[], String algorithm).

encrypt*: you do new String(byte[]) on the ciphertext, and (String_var).getBytes() in the decrypt* methods. THIS IS NOT SAFE. Java String is designed to hold characters, and although crypto still uses the traditional terms plaintext and ciphertext, since about 1950 the plaintext is not required to be and the ciphertext is NEVER actually characters, but rather arbitrary bit patterns. Trying to put these bits in a Java String and then get them back will usually fail, especially if done across multiple systems (e.g. encrypt on A, transmit, and decrypt on B, which is a common use case). The best thing is to handle them consistently as byte[]; if you must run them through something that can't handle arbitrary bits, like SMS or the Web (HTML), you need to encode in a text form that preserves all bits; the common methods for this are hexadecimal (or hex) and base64.

encryptAESGCM: it's not clear what key.getIV() does/uses, but if this repeats an IV value for multiple encryptions using the same key, that is CATASTROPHIC; even one reuse destroys all authenticity (attacker can forge any data), and depending on your data anywhere from one to a small number of reuses (like two or ten) destroys confidentiality (attacker can expose supposedly secret data).

encryptChaChaPoly1305: this clearly uses the same nonce, all-zeros, for every encryption; if you reuse the key at all, which seems to be the point of your design, this destroys all security in the same way as for AES-GCM.

At this point I gave up. You should throw out this design and replace it with one from someone who knows about cryptography.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...