Search Results

Search found 37 results on 2 pages for 'bouncycastle'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/2 | 1 2  | Next Page >

  • BouncyCastle GCM/CCM Exceprion in JAVA

    - by 4r1y4n
    can anyone give me an example for using GCM and/or CCM modes with AES in BouncyCastle? My code is this: SecretKeySpec key = new SecretKeySpec(keyBytes, "AES"); IvParameterSpec ivSpec = new IvParameterSpec(ivBytes); Cipher cipher = Cipher.getInstance("AES/AEAD/PKCS5Padding", "BC"); byte[] block = new byte[1048576]; int i; long st,et; cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); BufferedInputStream bIn=new BufferedInputStream(new ProgressMonitorInputStream(null,"Encrypting ...",new FileInputStream("input"))); CipherInputStream cIn = new CipherInputStream(bIn, cipher); BufferedOutputStream bOut=new BufferedOutputStream(new FileOutputStream("output.enc")); int ch; while ((i = cIn.read(block)) != -1) { bOut.write(block, 0, i); } cIn.close(); bOut.close(); Thread.sleep(5000); cipher.init(Cipher.DECRYPT_MODE, key, ivSpec); BufferedInputStream fis=new BufferedInputStream(new ProgressMonitorInputStream(null,"Decrypting ...",new FileInputStream("output.enc"))); //FileInputStream fis=new FileInputStream("output.enc"); //FileOutputStream ro=new FileOutputStream("regen.plain"); BufferedOutputStream ro=new BufferedOutputStream(new FileOutputStream("regen.plain")); CipherInputStream dcIn = new CipherInputStream(fis, cipher); while ((i = dcIn.read(block)) != -1) { ro.write(block, 0, i); } dcIn.close(); ro.close(); but it throws this exception when decrypting in GCM mode (line 70 is bOut.write(block, 0, i);): Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException at java.lang.System.arraycopy(Native Method) at org.bouncycastle.crypto.modes.CCMBlockCipher.processPacket(Unknown Source) at org.bouncycastle.crypto.modes.CCMBlockCipher.doFinal(Unknown Source) at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$AEADGenericBlockCipher.doFinal(Unknown Source) at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source) at javax.crypto.Cipher.doFinal(DashoA13*..) at javax.crypto.CipherInputStream.a(DashoA13*..) at javax.crypto.CipherInputStream.read(DashoA13*..) at javax.crypto.CipherInputStream.read(DashoA13*..) at enctest.Main.main(Main.java:70) And this Exception when encrypting in CCM mode (line 70 is bOut.write(block, 0, i);): Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException at java.lang.System.arraycopy(Native Method) at org.bouncycastle.crypto.modes.CCMBlockCipher.processPacket(Unknown Source) at org.bouncycastle.crypto.modes.CCMBlockCipher.doFinal(Unknown Source) at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$AEADGenericBlockCipher.doFinal(Unknown Source) at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source) at javax.crypto.Cipher.doFinal(DashoA13*..) at javax.crypto.CipherInputStream.a(DashoA13*..) at javax.crypto.CipherInputStream.read(DashoA13*..) at javax.crypto.CipherInputStream.read(DashoA13*..) at enctest.Main.main(Main.java:70)

    Read the article

  • Bouncycastle encryption algorithms not provided

    - by David Read
    I'm trying to use BouncyCastle with android to implement ECDH and EL Gamal. I've added the bouncycastle jar file (bcprov-jdk16-144.jar) and written some code that works with my computers jvm however when I try and port it to my android application it throws: java.security.NoSuchAlgorithmException: KeyPairGenerator ECDH implementation not found A sample of the code is: Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); java.security.KeyPairGenerator keyGen = org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator.getInstance("ECDH", "BC"); ECGenParameterSpec ecSpec = new ECGenParameterSpec("prime192v1"); keyGen.initialize(ecSpec, SecureRandom.getInstance("SHA1PRNG")); KeyPair pair = keyGen.generateKeyPair(); PublicKey pubk = pair.getPublic(); PrivateKey prik = pair.getPrivate(); I then wrote a simple program to see what encryption algorithms are available and ran it on my android emulator and on my computers jvm the code was: Set<Provider.Service> rar = new org.bouncycastle.jce.provider.BouncyCastleProvider().getServices(); Iterator<Provider.Service> ir = rar.iterator(); while(ir.hasNext()) System.out.println(ir.next().getAlgorithm()); On android I do not get any of the EC algorithms while ran normally on my computer it's fine. I'm also getting the following two errors when compiling for a lot of the bouncy castle classes: 01-07 17:17:42.548: INFO/dalvikvm(1054): DexOpt: not resolving ambiguous class 'Lorg/bouncycastle/asn1/ASN1Encodable;' 01-07 17:17:42.548: DEBUG/dalvikvm(1054): DexOpt: not verifying 'Lorg/bouncycastle/asn1/ess/OtherSigningCertificate;': multiple definitions What am I doing wrong?

    Read the article

  • how to add bouncycastle algorithm to android

    - by Vamsi
    Hi friends, I am trying to write a small application using bouncycastle algorithm, from the http://tinyurl.com/ylclavn (BouncyCastleProvider.java) it says we have to import and add the provider during runtime by the following code import org.bouncycastle.jce.provider.BouncyCastleProvider; Security.addProvider(new BouncyCastleProvider()); error - The import org.bouncycastle cannot be resolved; during import error - BouncyCastleProvider cannot be resolved to a type; when calling addProvider I though bouncycastle is not provided with the Android 1.6 SDK, so thought of installing separately. how should i do this? If Bouncycastle is shipped along with SDK, what should i do to avoid these errors? I am using Android 1.6, eclipse-V3.4.0 on winXP . Thanks in advance

    Read the article

  • Need example for BouncyCastle PGP File encryption in C#

    - by Daniel Brink
    Hi, I'm trying to write an c#.net app to encrypt files using my private key (in ascii format) and any other public key (also in ascii format). The BouncyCastle library looks like the correct thing to use, but I cannot find documentation for C#. Could anyone please give me an example of how to use BouncyCastle to encrypt a file. Thank you.

    Read the article

  • NullPointerException when generating RSA keys with BouncyCastle

    - by Tom Brito
    public static void main(String[] args) throws Exception { RSAKeyPairGenerator rsaKeyPairGen = new RSAKeyPairGenerator(); AsymmetricCipherKeyPair keyPair = rsaKeyPairGen.generateKeyPair(); } the rsaKeyPairGen is not null, but the generateKeyPair() method is throwing NullPointerException. What may be wrong? Error message: java.lang.NullPointerException at org.bouncycastle.crypto.generators.RSAKeyPairGenerator.generateKeyPair(Unknown Source) at pkg.main(Main.java:154)

    Read the article

  • X.509 Certificate validation with Java and Bouncycastle

    - by Rob
    Hi, through the bouncycastle wiki page I was able to understand how to create a X.509 root certificate and a certification request, but I do not quite understand how to proceed concept- and programming wise after that. Lets assume party A does a cert request and gets his client certificate from the CA. How can some party B validate A's certificate? What kind of certificate does A need? A root certificate? A 'normal' client certificate? And how does the validation work on programming level, if we assume that A has successfully send his certificate in DER or PEM format to B? Any help is much appreciated. Best Regards, Rob

    Read the article

  • Generate authenticated CMSEnvelopedData Messages with bouncycastle

    - by levinalex
    I am trying to encrypt data with a password and store it inside a ASN.1 encoded CMS message (using C# and BouncyCastle 1.4) The code I have seems to have two problems: the data does not seem to be signed with a HMAC, so when I tamper with the encodedData (by enabling the commented out line), the decryption still succeeds. when I decrypt the data I have tampered with, I get beck corrupted plain text. However only a two blocks of plaintext data are corrupted. This seems to suggest that the encryption does not actually use CBC mode. (edit: disregard the second point, this is exactly how CBC is supposed to work) This is what I am testing with: public void TestMethod1() { byte[] data = new byte[1024]; // plaintext: a list of zeroes CmsEnvelopedDataGenerator generator = new CmsEnvelopedDataGenerator(); CmsPbeKey encryptionKey = new Pkcs5Scheme2PbeKey("foo", new byte[] { 1, 2, 3 }, 2048); generator.AddPasswordRecipient(encryptionKey, CmsEnvelopedDataGenerator.Aes256Cbc); CmsProcessableByteArray cmsByteArray = new CmsProcessableByteArray(data); CmsEnvelopedData envelopeData = generator.Generate(cmsByteArray, CmsEnvelopedDataGenerator.Aes256Cbc); byte[] encodedData = envelopeData.GetEncoded(); // encodedData[500] = 10; // tamper with the data RecipientID recipientID = new RecipientID(); CmsEnvelopedData decodedEnvelopeData = new CmsEnvelopedData(encodedData); RecipientInformation recipient = decodedEnvelopeData.GetRecipientInfos().GetFirstRecipient(recipientID); byte[] data2 = recipient.GetContent(encryptionKey); CollectionAssert.AreEqual(data, data2); } What am I doing wrong? What would be the correct way to write this?

    Read the article

  • Can a product that uses BouncyCastle be exported from the UK

    - by swisstony
    We are doing work for a company, based in the UK, who are planning on developing an application that uses the BouncyCastle.Crypto.dll. They intend to make their product (including the crypto dll) available for download over the Internet. Are there UK restrictions on the export of crypto software that would prevent them from doing this? From Wikipedia, I understand it's okay to export it from the US, but not sure about the UK.

    Read the article

  • Generated signed X.509 client certificate is invalid (no certificate chain to its CA)

    - by Genady
    I use Bouncy Castle for generation of X.509 client certificates and sing them using a known CA. First I read the CA certificate from the certificate store, generate the client certificate, sign it using the CA. Validation of the certificate is failed doe to the following issue A certificate chain could not be built to a trusted root authority. As I understand this is due to the certificate not being related to the CA. Here is a code sample: public static X509Certificate2 GenerateCertificate(X509Certificate2 caCert, string certSubjectName) { // Generate Certificate var cerKp = kpgen.GenerateKeyPair(); var certName = new X509Name(true,certSubjectName); // subjectName = user var serialNo = BigInteger.ProbablePrime(120, new Random()); X509V3CertificateGenerator gen2 = new X509V3CertificateGenerator(); gen2.SetSerialNumber(serialNo); gen2.SetSubjectDN(certName); gen2.SetIssuerDN(new X509Name(true,caCert.Subject)); gen2.SetNotAfter(DateTime.Now.AddDays(100)); gen2.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen2.SetSignatureAlgorithm("SHA1WithRSA"); gen2.SetPublicKey(cerKp.Public); AsymmetricCipherKeyPair akp = DotNetUtilities.GetKeyPair(caCert.PrivateKey); Org.BouncyCastle.X509.X509Certificate newCert = gen2.Generate(caKp.Private); // used for getting a private key X509Certificate2 userCert = ConvertToWindows(newCert,cerKp); if (caCert22.Verify()) // works well for CA { if (userCert.Verify()) // fails for client certificate { return userCert; } } return null; } private static X509Certificate2 ConvertToWindows(Org.BouncyCastle.X509.X509Certificate newCert, AsymmetricCipherKeyPair kp) { string tempStorePwd = "abcd1234"; var tempStoreFile = new FileInfo(Path.GetTempFileName()); try { // store key { var newStore = new Pkcs12Store(); var certEntry = new X509CertificateEntry(newCert); newStore.SetCertificateEntry( newCert.SubjectDN.ToString(), certEntry ); newStore.SetKeyEntry( newCert.SubjectDN.ToString(), new AsymmetricKeyEntry(kp.Private), new[] { certEntry } ); using (var s = tempStoreFile.Create()) { newStore.Save( s, tempStorePwd.ToCharArray(), new SecureRandom(new CryptoApiRandomGenerator()) ); } } // reload key return new X509Certificate2(tempStoreFile.FullName, tempStorePwd); } finally { tempStoreFile.Delete(); } }

    Read the article

  • How to use Bouncy Castle lightweight API with AES and PBE

    - by Adrian
    I have a block of ciphertext that was created using the JCE algorithim "PBEWithSHA256And256BitAES-CBC-BC". The provider is BouncyCastle. What I'd like to do it decrypt this ciphertext using the BouncyCastle lightweight API. I don't want to use JCE because that requires installing the Unlimited Strength Jurisdiction Policy Files. Documentation seems to be thin on the ground when it comes to using BC with PBE and AES. Here's what I have so far. The decryption code runs without exception but returns rubbish. The encryption code, String password = "qwerty"; String plainText = "hello world"; byte[] salt = generateSalt(); byte[] cipherText = encrypt(plainText, password.toCharArray(), salt); private static byte[] generateSalt() throws NoSuchAlgorithmException { byte salt[] = new byte[8]; SecureRandom saltGen = SecureRandom.getInstance("SHA1PRNG"); saltGen.nextBytes(salt); return salt; } private static byte[] encrypt(String plainText, char[] password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException { Security.addProvider(new BouncyCastleProvider()); PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, 20); PBEKeySpec pbeKeySpec = new PBEKeySpec(password); SecretKeyFactory keyFac = SecretKeyFactory.getInstance("PBEWithSHA256And256BitAES-CBC-BC"); SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec); Cipher encryptionCipher = Cipher.getInstance("PBEWithSHA256And256BitAES-CBC-BC"); encryptionCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec); return encryptionCipher.doFinal(plainText.getBytes()); } The decryption code, byte[] decryptedText = decrypt(cipherText, password.getBytes(), salt); private static byte[] decrypt(byte[] cipherText, byte[] password, byte[] salt) throws DataLengthException, IllegalStateException, InvalidCipherTextException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException { BlockCipher engine = new AESEngine(); CBCBlockCipher cipher = new CBCBlockCipher(engine); PKCS5S1ParametersGenerator keyGenerator = new PKCS5S1ParametersGenerator(new SHA256Digest()); keyGenerator.init(password, salt, 20); CipherParameters keyParams = keyGenerator.generateDerivedParameters(256); cipher.init(false, keyParams); byte[] decryptedBytes = new byte[cipherText.length]; int numBytesCopied = cipher.processBlock(cipherText, 0, decryptedBytes, 0); return decryptedBytes; }

    Read the article

  • NullPointerException when generating RSA keys with boucycastle

    - by Tom Brito
    public static void main(String[] args) throws Exception { RSAKeyPairGenerator rsaKeyPairGen = new RSAKeyPairGenerator(); AsymmetricCipherKeyPair keyPair = rsaKeyPairGen.generateKeyPair(); } the rsaKeyPairGen is not null, but the generateKeyPair() method is throwing NullPointerException. What may be wrong? Error message: java.lang.NullPointerException at org.bouncycastle.crypto.generators.RSAKeyPairGenerator.generateKeyPair(Unknown Source) at pkg.main(Main.java:154)

    Read the article

  • Detecting incorrect key using AES/GCM in JAVA

    - by 4r1y4n
    I'm using AES to encrypt/decrypt some files in GCM mode using BouncyCastle. While I'm proving wrong key for decryption there is no exception. How should I check that the key is incorrect? my code is this: SecretKeySpec incorrectKey = new SecretKeySpec(keyBytes, "AES"); IvParameterSpec ivSpec = new IvParameterSpec(ivBytes); Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC"); byte[] block = new byte[1048576]; int i; cipher.init(Cipher.DECRYPT_MODE, incorrectKey, ivSpec); BufferedInputStream fis=new BufferedInputStream(new ProgressMonitorInputStream(null,"Decrypting ...",new FileInputStream("file.enc"))); BufferedOutputStream ro=new BufferedOutputStream(new FileOutputStream("file_org")); CipherOutputStream dcOut = new CipherOutputStream(ro, cipher); while ((i = fis.read(block)) != -1) { dcOut.write(block, 0, i); } dcOut.close(); fis.close(); thanks

    Read the article

  • Can't send client certificate via SslStream

    - by Jonathan
    I am doing an SSL3 handshake using an SslStream, but, in spite of my best efforts, the SslStream never sends a client certificate on my behalf. Here is the code: SSLConnection = new System.Net.Security.SslStream(SSLInOutStream, false, new System.Net.Security.RemoteCertificateValidationCallback(AlwaysValidRemoteCertificate), new System.Net.Security.LocalCertificateSelectionCallback(ChooseLocalCertificate)); X509CertificateCollection CC = new X509CertificateCollection(); CC.Add(Org.BouncyCastle.Security.DotNetUtilities.ToX509Certificate(MyLocalCertificate)); SSLConnection.AuthenticateAsClient("test", CC, System.Security.Authentication.SslProtocols.Ssl3, false); and then I have AlwaysValidRemoteCertificate just returning true, and ChooseLocalCertificate returning the zeroth element of the array. The code probably looks a little weird because the project is a little weird, but I think that is beside the point here. The SSL handshake completes. The issue is that instead of sending a certificate message on my behalf (in the handshake process), with the ASN.1 encoded certificate (MyLocalCertificate), the SslStream sends an SSL alert number 41 (no certificate) and then carries on. I know this from packet sniffing. After the handshake is completed, the SslStream marks IsAuthenticated as true, IsMutuallyAuthenticated as false, and its LocalCertificate member is null. I feel like I'm probably missing something pretty obvious here, so any ideas would be appreciated. I am a novice with SSL, and this project is off the beaten path, so I am kind of at a loss. P.S. 1: My ChooseLocalCertificate routine is called twice during the handshake, and returns a valid (as far as I can tell), non-null certificate both times. P.S. 2: SSLInOutStream is my own class, not a NetworkStream. Like I said, though, the handshake proceeds mostly normally, so I doubt this is the culprit... but who knows?

    Read the article

  • use bouncy castle libraries to encrypt files using public key from digital certificate

    - by mike
    I got the public key from the certificate, keypair is a java.security.KeyPair object String public_key = keypair.getPublic().toString(); I want to send this to the via an http connection to a J2me application. I cannot find any documentation to convert the transmitted string to a Public key that can be used to encrypt Strings. I also want the J2me to verify signed strings from the server. I want to then send the encrypted strings back to the server.

    Read the article

  • scp via java

    - by Lloyd Meinholz
    What is the best method of performing an scp transfer via the Java programming language? It seems I may be able to perform this via JSSE, JSch or the bouncy castle java libraries. None of these solutions seem to have an easy answer.

    Read the article

  • Verify a X.509 certificate with Java ME and Bouncy Castle

    - by Dino
    Hi, Can anybody point me to an example of verifying a X.509 certificate with Bouncy Castle under Java ME? I can see how to easily do this in Java SE code with java.security.cert.Certificate.verify(), but I could not find an equivalent method in the lightweight BC API. Thanks in advance! Cheers Dino

    Read the article

  • problem generating pgp keys?

    - by pavankumar
    I'm using RSACryptoServiceProvider I've generated public key and private key. The keys generated by it are in the following format: Public key: <RSAKeyValue> <Modulus>m9bAoh2...eGNKYs=</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> Private key: <RSAKeyValue> <Modulus>m9bAo...ZAIeGNKYs=</Modulus> <Exponent>AQAB</Exponent> <P>xGj/UcXs...R1lmeVQ==</P> <Q>yx6e18aP...GXzXIXw==</Q> <DP>NyxvnJ...1xAsEyQ==</DP> <DQ>La17Jycd...FhApEqwznQ==</DQ> <InverseQ>JrG7WCT...Hp3OWA==</InverseQ> <D>RdWsOFn....KL699Vh6HK0=</D> </RSAKeyValue> but using PGP Desktop i've generated keys like this - Public key: mQCNBEoOlp8BBACi/3EvBZ83ZduvG6YHu5F0P7Z3xOnpIsaPvTk0q+dnjwDUa5sU lEFbUZgDXSz7ZRhyiNqUOy+IG3ghPxpiKGBtldVpi33qaFCCEBiqsxRRpVCLgTUK HP2kH5ysrlFWkxTo =a4t9 Private key: lQHgBEoOlp8BBACi/3EvBZ83ZduvG6YHu5F0P7Z3xOnpIsaPvTk0q+dnjwDUa5sU lEFbUZgDXSz7ZRhyiNqUOy+IG3ghPxpiKGBtldVpi33qaFCCEBiqsxRRpVCLgTUK waBnEitQti3XgUUEZnz/rnXcQVM0QFBe6H5x8fMDUw== =CVPD So when I'm passing the keys generated by PGP Desktop it is able to do encryption and decryption perfectly but when im passing the keys generated by RSACryptoServiceProvider I'm not able to encrypt and decrypt? Can anyone please tell me how to generate keys in the pattern generated by PGP?

    Read the article

  • use bouncy castle to create public key on j2me

    - by mike
    I got the public key from the certificate, keypair is a java.security.KeyPair object String public_key = keypair.getPublic().toString(); I want to send this to the via an http connection to a J2me application. I cannot find any documentation to convert the transmitted string to a Public key that can be used to encrypt Strings. I also want the J2me to verify signed strings from the server. I want to then send the encrypted strings back to the server.

    Read the article

  • Creating a Cerificate for Bouncy Castle Encryption

    - by Gordon
    I am trying to create a self-signed certificate to use for encrypting an email using bouncycaste. What would be the best way to generate a certificate? I have tried using openssl but I have had problems with certificate. Here is the code I am using to encrypt, I am using 3des. SMIMEEnvelopedGenerator gen = new SMIMEEnvelopedGenerator(); gen.addKeyTransRecipient(x509Cert); // adds an X509Certificate MimeBodyPart encData = gen.generate(mimeBodyPart, SMIMEEnvelopedGenerator.DES_EDE3_CBC, "BC");

    Read the article

  • Bouncy Castle, RSA : transforming keys into a String format

    - by Rami W.
    Hi, iam using RSA(Bouncy Castle API) in my c# porject. Igenerated the keypair with this method RsaKeyPairGenerator r = new RsaKeyPairGenerator(); r.Init(new KeyGenerationParameters(new SecureRandom(), 1024)); AsymmetricCipherKeyPair keys = r.GenerateKeyPair(); AsymmetricKeyParameter private_key = keys.Private; AsymmetricKeyParameter public_key = keys.Public; now i want to save them in txt file but the problem is that i can't convert them to a string format. i read in another post that keys must be serialized using PrivateKeyInfo k = PrivateKeyInfoFactory.CreatePrivateKeyInfo(private_key); byte[] serializedKey = k.ToAsn1Object().GetDerEncoded(); Is it the right way ? if yes, what should i do after this ? just convert them from byte[] to String ? thx for any help.

    Read the article

  • How to verify if the private key matches with the certificate..?

    - by surendhar_s
    I have the private key stored as .key file.. -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQD5YBS6V3APdgqaWAkijIUHRK4KQ6eChSaRWaw9L/4u8o3T1s8J rUFHQhcIo5LPaQ4BrIuzHS8yzZf0m3viCTdZAiDn1ZjC2koquJ53rfDzqYxZFrId 7a4QYUCvM0gqx5nQ+lw1KoY/CDAoZN+sO7IJ4WkMg5XbgTWlSLBeBg0gMwIDAQAB AoGASKDKCKdUlLwtRFxldLF2QPKouYaQr7u1ytlSB5QFtIih89N5Avl5rJY7/SEe rdeL48LsAON8DpDAM9Zg0ykZ+/gsYI/C8b5Ch3QVgU9m50j9q8pVT04EOCYmsFi0 DBnwNBRLDESvm1p6NqKEc7zO9zjABgBvwL+loEVa1JFcp5ECQQD9/sekGTzzvKa5 SSVQOZmbwttPBjD44KRKi6LC7rQahM1PDqmCwPFgMVpRZL6dViBzYyWeWxN08Fuv p+sIwwLrAkEA+1f3VnSgIduzF9McMfZoNIkkZongcDAzjQ8sIHXwwTklkZcCqn69 qTVPmhyEDA/dJeAK3GhalcSqOFRFEC812QJAXStgQCmh2iaRYdYbAdqfJivMFqjG vgRpP48JHUhCeJfOV/mg5H2yDP8Nil3SLhSxwqHT4sq10Gd6umx2IrimEQJAFNA1 ACjKNeOOkhN+SzjfajJNHFyghEnJiw3NlqaNmEKWNNcvdlTmecObYuSnnqQVqRRD cfsGPU661c1MpslyCQJBAPqN0VXRMwfU29a3Ve0TF4Aiu1iq88aIPHsT3GKVURpO XNatMFINBW8ywN5euu8oYaeeKdrVSMW415a5+XEzEBY= -----END RSA PRIVATE KEY----- And i extracted public key from ssl certificate file.. Below is the code i tried to verify if private key matches with ssl certificate or not.. I used the modulus[i.e. private key get modulus==public key get modulus] to check if they are matching.. And this seems to hold only for RSAKEYS.. But i want to check for other keys as well.. Is there any other alternative to do the same..?? private static boolean verifySignature(File serverCertificateFile, File serverCertificateKey) { try { byte[] certificateBytes = FileUtils.readFileToByteArray(serverCertificateFile); //byte[] keyBytes = FileUtils.readFileToByteArray(serverCertificateKey); RandomAccessFile raf = new RandomAccessFile(serverCertificateKey, "r"); byte[] buf = new byte[(int) raf.length()]; raf.readFully(buf); raf.close(); PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(buf); KeyFactory kf; try { kf = KeyFactory.getInstance("RSA"); RSAPrivateKey privKey = (RSAPrivateKey) kf.generatePrivate(kspec); CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); InputStream in = new ByteArrayInputStream(certificateBytes); //Generate Certificate in X509 Format X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in); RSAPublicKey publicKey = (RSAPublicKey) cert.getPublicKey(); in.close(); return privKey.getModulus() == publicKey.getModulus(); } catch (NoSuchAlgorithmException ex) { logger.log(Level.SEVERE, "Such algorithm is not found", ex); } catch (CertificateException ex) { logger.log(Level.SEVERE, "certificate exception", ex); } catch (InvalidKeySpecException ex) { Logger.getLogger(CertificateConversion.class.getName()).log(Level.SEVERE, null, ex); } } catch (IOException ex) { logger.log(Level.SEVERE, "Signature verification failed.. This could be because the file is in use", ex); } return false; } And the code isn't working either.. throws invalidkeyspec exception

    Read the article

  • How do encrypt a long or int using the Bouncy Castle crypto routines for BlackBerry?

    - by DanG
    How do encrypt/decrypt a long or int using the Bouncy Castle crypto routines for BlackBerry? I know how to encrypt/decrypt a String. I can encrypt a long but can't get a long to decrypt properly. Some of this is poorly done, but I'm just trying stuff out at the moment. I've included my entire crypto engine here: import org.bouncycastle.crypto.BufferedBlockCipher; import org.bouncycastle.crypto.DataLengthException; import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.engines.AESFastEngine; import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; import org.bouncycastle.crypto.params.KeyParameter; public class CryptoEngine { // Global Variables // Global Objects private static AESFastEngine engine; private static BufferedBlockCipher cipher; private static KeyParameter key; public static boolean setEncryptionKey(String keyText) { // adding in spaces to force a proper key keyText += " "; // cutting off at 128 bits (16 characters) keyText = keyText.substring(0, 16); keyText = HelperMethods.cleanUpNullString(keyText); byte[] keyBytes = keyText.getBytes(); key = new KeyParameter(keyBytes); engine = new AESFastEngine(); cipher = new PaddedBufferedBlockCipher(engine); // just for now return true; } public static String encryptString(String plainText) { try { byte[] plainArray = plainText.getBytes(); cipher.init(true, key); byte[] cipherBytes = new byte[cipher.getOutputSize(plainArray.length)]; int cipherLength = cipher.processBytes(plainArray, 0, plainArray.length, cipherBytes, 0); cipher.doFinal(cipherBytes, cipherLength); String cipherString = new String(cipherBytes); return cipherString; } catch (DataLengthException e) { Logger.logToConsole(e); } catch (IllegalArgumentException e) { Logger.logToConsole(e); } catch (IllegalStateException e) { Logger.logToConsole(e); } catch (InvalidCipherTextException e) { Logger.logToConsole(e); } catch (Exception ex) { Logger.logToConsole(ex); } // else return "";// default bad value } public static String decryptString(String encryptedText) { try { byte[] cipherBytes = encryptedText.getBytes(); cipher.init(false, key); byte[] decryptedBytes = new byte[cipher.getOutputSize(cipherBytes.length)]; int decryptedLength = cipher.processBytes(cipherBytes, 0, cipherBytes.length, decryptedBytes, 0); cipher.doFinal(decryptedBytes, decryptedLength); String decryptedString = new String(decryptedBytes); // crop accordingly int index = decryptedString.indexOf("\u0000"); if (index >= 0) { decryptedString = decryptedString.substring(0, index); } return decryptedString; } catch (DataLengthException e) { Logger.logToConsole(e); } catch (IllegalArgumentException e) { Logger.logToConsole(e); } catch (IllegalStateException e) { Logger.logToConsole(e); } catch (InvalidCipherTextException e) { Logger.logToConsole(e); } catch (Exception ex) { Logger.logToConsole(ex); } // else return "";// default bad value } private static byte[] convertLongToByteArray(long longToConvert) { return new byte[] { (byte) (longToConvert >>> 56), (byte) (longToConvert >>> 48), (byte) (longToConvert >>> 40), (byte) (longToConvert >>> 32), (byte) (longToConvert >>> 24), (byte) (longToConvert >>> 16), (byte) (longToConvert >>> 8), (byte) (longToConvert) }; } private static long convertByteArrayToLong(byte[] byteArrayToConvert) { long returnable = 0; for (int counter = 0; counter < byteArrayToConvert.length; counter++) { returnable += ((byteArrayToConvert[byteArrayToConvert.length - counter - 1] & 0xFF) << counter * 8); } if (returnable < 0) { returnable++; } return returnable; } public static long encryptLong(long plainLong) { try { String plainString = String.valueOf(plainLong); String cipherString = encryptString(plainString); byte[] cipherBytes = cipherString.getBytes(); long returnable = convertByteArrayToLong(cipherBytes); return returnable; } catch (Exception e) { Logger.logToConsole(e); } // else return Integer.MIN_VALUE;// default bad value } public static long decryptLong(long encryptedLong) { byte[] cipherBytes = convertLongToByteArray(encryptedLong); cipher.init(false, key); byte[] decryptedBytes = new byte[cipher.getOutputSize(cipherBytes.length)]; int decryptedLength = cipherBytes.length; try { cipher.doFinal(decryptedBytes, decryptedLength); } catch (DataLengthException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (IllegalStateException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (InvalidCipherTextException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } long plainLong = convertByteArrayToLong(decryptedBytes); return plainLong; } public static boolean encryptBoolean(int plainBoolean) { return false; } public static boolean decryptBoolean(int encryptedBoolean) { return false; } public static boolean testLongToByteArrayConversion() { boolean returnable = true; // fails out of the bounds of an integer, the conversion to long from byte // array does not hold, need to figure out a better solution for (long counter = -1000000; counter < 1000000; counter++) { long test = counter; byte[] bytes = convertLongToByteArray(test); long result = convertByteArrayToLong(bytes); if (result != test) { returnable = false; Logger.logToConsole("long conversion failed"); Logger.logToConsole("test = " + test + "\n result = " + result); } // regardless } // the end Logger.logToConsole("final returnable result = " + returnable); return returnable; } }

    Read the article

  • Ideas for multiplatform encrypted java mobile storage system

    - by Fernando Miguélez
    Objective I am currently designing the API for a multiplatform storage system that would offer same interface and capabilities accross following supported mobile Java Platforms: J2ME. Minimum configuration/profile CLDC 1.1/MIDP 2.0 with support for some necessary JSRs (JSR-75 for file storage). Android. No minimum platform version decided yet, but rather likely could be API level 7. Blackberry. It would use the same base source of J2ME but taking advantage of some advaced capabilities of the platform. No minimum configuration decided yet (maybe 4.6 because of 64 KB limitation for RMS on 4.5). Basically the API would sport three kind of stores: Files. These would allow standard directory/file manipulation (read/write through streams, create, mkdir, etc.). Preferences. It is a special store that handles properties accessed through keys (Similar to plain old java properties file but supporting some improvements such as different value data types such as SharedPreferences on Android platform) Local Message Queues. This store would offer basic message queue functionality. Considerations Inspired on JSR-75, all types of stores would be accessed in an uniform way by means of an URL following RFC 1738 conventions, but with custom defined prefixes (i.e. "file://" for files, "prefs://" for preferences or "queue://" for message queues). The address would refer to a virtual location that would be mapped to a physical storage object by each mobile platform implementation. Only files would allow hierarchical storage (folders) and access to external extorage memory cards (by means of a unit name, the same way as in JSR-75, but that would not change regardless of underlying platform). The other types would only support flat storage. The system should also support a secure version of all basic types. The user would indicate it by prefixing "s" to the URL (i.e. "sfile://" instead of "file://"). The API would only require one PIN (introduced only once) to access any kind of secure object types. Implementation issues For the implementation of both plaintext and encrypted stores, I would use the functionality available on the underlying platforms: Files. These are available on all platforms (J2ME only with JSR-75, but it is mandatory for our needs). The abstract File to actual File mapping is straight except for addressing issues. RMS. This type of store available on J2ME (and Blackberry) platforms is convenient for Preferences and maybe Message Queues (though depending on performance or size requirements these could be implemented by means of normal files). SharedPreferences. This type of storage, only available on Android, would match Preferences needs. SQLite databases. This could be used for message queues on Android (and maybe Blackberry). When it comes to encryption some requirements should be met: To ease the implementation it will be carried out on read/write operations basis on streams (for files), RMS Records, SharedPreferences key-value pairs, SQLite database columns. Every underlying storage object should use the same encryption key. Handling of encrypted stores should be the same as the unencrypted counterpart. The only difference (from the user point of view) accessing an encrypted store would be the addressing. The user PIN provides access to any secure storage object, but the change of it would not require to decrypt/re-encrypt all the encrypted data. Cryptographic capabilities of underlying platform should be used whenever it is possible, so we would use: J2ME: SATSA-CRYPTO if it is available (not mandatory) or lightweight BoncyCastle cryptographic framework for J2ME. Blackberry: RIM Cryptographic API or BouncyCastle Android: JCE with integraced cryptographic provider (BouncyCastle?) Doubts Having reached this point I was struck by some doubts about what solution would be more convenient, taking into account the limitation of the plataforms. These are some of my doubts: Encryption Algorithm for data. Would AES-128 be strong and fast enough? What alternatives for such scenario would you suggest? Encryption Mode. I have read about the weakness of ECB encryption versus CBC, but in this case the first would have the advantage of random access to blocks, which is interesting for seek functionality on files. What type of encryption mode would you choose instead? Is stream encryption suitable for this case? Key generation. There could be one key generated for each storage object (file, RMS RecordStore, etc.) or just use one for all the objects of the same type. The first seems "safer", though it would require some extra space on device. In your opinion what would the trade-offs of each? Key storage. For this case using a standard JKS (or PKCS#12) KeyStore file could be suited to store encryption keys, but I could also define a smaller structure (encryption-transformation / key data / checksum) that could be attached to each storage store (i.e. using addition files with the same name and special extension for plain files or embedded inside other types of objects such as RMS Record Stores). What approach would you prefer? And when it comes to using a standard KeyStore with multiple-key generation (given this is your preference), would it be better to use a record-store per storage object or just a global KeyStore keeping all keys (i.e. using the URL identifier of abstract storage object as alias)? Master key. The use of a master key seems obvious. This key should be protected by user PIN (introduced only once) and would allow access to the rest of encryption keys (they would be encrypted by means of this master key). Changing the PIN would only require to reencrypt this key and not all the encrypted data. Where would you keep it taking into account that if this got lost all data would be no further accesible? What further considerations should I take into account? Platform cryptography support. Do SATSA-CRYPTO-enabled J2ME phones really take advantage of some dedicated hardware acceleration (or other advantage I have not foreseen) and would this approach be prefered (whenever possible) over just BouncyCastle implementation? For the same reason is RIM Cryptographic API worth the license cost over BouncyCastle? Any comments, critics, further considerations or different approaches are welcome.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2  | Next Page >