/** * 根据对方的公钥和自己的私钥生成本地密钥 */ public static byte[] getSecretKey(byte[] publicKey, byte[] privateKey) throws Exception{ //实例化密钥工厂 KeyFactory keyFactory = KeyFactory.getInstance("DH"); //将公钥从字节数组转换为publicKey X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(publicKey); PublicKey pubKey = keyFactory.generatePublic(pubKeySpec); //将私钥从字节数组转换为privateKey PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(privateKey); PrivateKey priKey = keyFactory.generatePrivate(priKeySpec); //准备根据以上公钥和私钥生成本地密钥SecretKey //先实例化KeyAgreement KeyAgreement keyAgreement = KeyAgreement.getInstance("DH"); //用自己的私钥初始化keyAgreement keyAgreement.init(priKey); //结合对方的公钥进行运算 keyAgreement.doPhase(pubKey, true); //开始生成本地密钥secretKey 密钥算法为对称密码算法 SecretKey secretKey = keyAgreement.generateSecret("DES"); //DES、3DES、AES return secretKey.getEncoded(); }
protected static byte[] generateSecret(String dhSKAlgo, PrivateKey privateKey, PublicKey otherPublicKey) throws Exception { KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(privateKey); ka.doPhase(otherPublicKey, true); int keysize = getKeySize(dhSKAlgo); int blocksize = getBlockSize(dhSKAlgo); if (keysize == -1 || blocksize == -1) { SecretKey sKey = ka.generateSecret(dhSKAlgo); return sKey.getEncoded(); } else { return ka.generateSecret(); } }
@Test public void testGetKeyAgreementFromProvider() throws NoSuchProviderException, NoSuchAlgorithmException { KeyAgreement ka; /* try to get all available options we expect to have */ for (int i = 0; i < wolfJCEAlgos.length; i++) { ka = KeyAgreement.getInstance(wolfJCEAlgos[i], "wolfJCE"); } /* getting a garbage algorithm should throw an exception */ try { ka = KeyAgreement.getInstance("NotValid", "wolfJCE"); fail("KeyAgreement.getInstance should throw " + "NoSuchAlgorithmException when given bad algorithm value"); } catch (NoSuchAlgorithmException e) { } }
private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1, KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception { SecretKey key1; ka1.init(kp1.getPrivate()); ka1.doPhase(kp2.getPublic(), true); System.out.println("Derive " + algorithm + " using SunJCE..."); key1 = ka1.generateSecret(algorithm); ka2.init(kp1.getPrivate()); ka2.doPhase(kp2.getPublic(), true); System.out.println("Derive " + algorithm + " using PKCS#11..."); SecretKey key2 = ka2.generateSecret(algorithm); byte[] b1 = key1.getEncoded(); byte[] b2 = key2.getEncoded(); if (Arrays.equals(b1, b2) == false) { System.out.println(b1.length + " bytes: " + toString(b1)); System.out.println(b2.length + " bytes: " + toString(b2)); throw new Exception(algorithm + " secret mismatch"); } }
private static void testKeyAgreement(KeyPair kpA, KeyPair kpB, Provider p) throws Exception { KeyAgreement ka1 = KeyAgreement.getInstance("ECDH", p); ka1.init(kpA.getPrivate()); ka1.doPhase(kpB.getPublic(), true); byte[] s1 = ka1.generateSecret(); KeyAgreement ka2 = KeyAgreement.getInstance("ECDH", p); ka2.init(kpB.getPrivate()); ka2.doPhase(kpA.getPublic(), true); byte[] s2 = ka2.generateSecret(); if (Arrays.equals(s1, s2) == false) { System.out.println("expected: " + toString(s1)); System.out.println("actual: " + toString(s2)); throw new Exception("Generated secrets do not match"); } }
@Override public final byte[] doEcDh(final Key privateKey, final byte[] publicKey, final EcCurve curveName) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException { if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.insertProviderAt(new BouncyCastleProvider(), 1); } KeyAgreement ka = null; try { ka = KeyAgreement.getInstance(ECDH, BouncyCastleProvider.PROVIDER_NAME); } catch (final NoSuchProviderException e) { ka = KeyAgreement.getInstance(ECDH); } ka.init(privateKey); ka.doPhase(loadEcPublicKey(publicKey, curveName), true); return ka.generateSecret(); }
@Override public byte[] doEcDh(final Key privateKey, final byte[] publicKey, final EcCurve curveName) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException { if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); } KeyAgreement ka; try { ka = KeyAgreement.getInstance(ECDH, BouncyCastleProvider.PROVIDER_NAME); } catch (final NoSuchProviderException e) { ka = KeyAgreement.getInstance(ECDH); } ka.init(privateKey); ka.doPhase(loadEcPublicKey(publicKey, curveName), true); return ka.generateSecret(); }
@Override public void run() { try { Log.d(TAG, "read start!"); DERObject responseDERObject = readDERObject(); Log.d(TAG, "read finished!"); Log.d(TAG, "write start!"); writeDERObject(new DERObject(this.getKeyPair().getPublic().getEncoded())); Log.d(TAG, "write finished!"); KeyFactory keyFactory = KeyFactory.getInstance("ECDH", "SC"); X509EncodedKeySpec x509ks = new X509EncodedKeySpec(responseDERObject.getPayload()); PublicKey publicKey = keyFactory.generatePublic(x509ks); KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", "SC"); keyAgreement.init(this.getKeyPair().getPrivate()); keyAgreement.doPhase(publicKey, true); final byte[] sharedKey = Arrays.copyOfRange(keyAgreement.generateSecret(), 0, Constants.SYMMETRIC_KEY_SIZE); Log.d(TAG, "exchange finished!"); this.getResultListener().onSuccess(new SecretKeySpec(sharedKey, Constants.SYMMETRIC_CIPHER_ALGORITH)); } catch (Exception e) { this.getResultListener().onError(e.getMessage()); } }
@Override public void run() { try { Log.d(TAG, "write start!"); writeDERObject(new DERObject(this.getKeyPair().getPublic().getEncoded())); Log.d(TAG, "write finished!"); Log.d(TAG, "read start!"); DERObject responseDERObject = readDERObject(); Log.d(TAG, "read finished!"); KeyFactory keyFactory = KeyFactory.getInstance("ECDH", "SC"); X509EncodedKeySpec x509ks = new X509EncodedKeySpec(responseDERObject.getPayload()); PublicKey publicKey = keyFactory.generatePublic(x509ks); KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", "SC"); keyAgreement.init(this.getKeyPair().getPrivate()); keyAgreement.doPhase(publicKey, true); final byte[] sharedKey = Arrays.copyOfRange(keyAgreement.generateSecret(), 0, Constants.SYMMETRIC_KEY_SIZE); Log.d(TAG, "exchange finished!"); this.getResultListener().onSuccess(new SecretKeySpec(sharedKey, Constants.SYMMETRIC_CIPHER_ALGORITH)); } catch (Exception e) { this.getResultListener().onError(e.getMessage()); } }
/** Checks that key agreement using ECDH works. */ @Test public void testBasic() throws Exception { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC"); ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1"); keyGen.initialize(ecSpec); KeyPair keyPairA = keyGen.generateKeyPair(); KeyPair keyPairB = keyGen.generateKeyPair(); KeyAgreement kaA = KeyAgreement.getInstance("ECDH"); KeyAgreement kaB = KeyAgreement.getInstance("ECDH"); kaA.init(keyPairA.getPrivate()); kaB.init(keyPairB.getPrivate()); kaA.doPhase(keyPairB.getPublic(), true); kaB.doPhase(keyPairA.getPublic(), true); byte[] kAB = kaA.generateSecret(); byte[] kBA = kaB.generateSecret(); assertEquals(TestUtil.bytesToHex(kAB), TestUtil.bytesToHex(kBA)); }
/** Check that key agreement using DH works. */ @SuppressWarnings("InsecureCryptoUsage") @Test public void testDh() throws Exception { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH"); DHParameterSpec dhparams = ike2048(); keyGen.initialize(dhparams); KeyPair keyPairA = keyGen.generateKeyPair(); KeyPair keyPairB = keyGen.generateKeyPair(); KeyAgreement kaA = KeyAgreement.getInstance("DH"); KeyAgreement kaB = KeyAgreement.getInstance("DH"); kaA.init(keyPairA.getPrivate()); kaB.init(keyPairB.getPrivate()); kaA.doPhase(keyPairB.getPublic(), true); kaB.doPhase(keyPairA.getPublic(), true); byte[] kAB = kaA.generateSecret(); byte[] kBA = kaB.generateSecret(); assertEquals(TestUtil.bytesToHex(kAB), TestUtil.bytesToHex(kBA)); }
/** This test tries a key agreement with keys using distinct parameters. */ @SuppressWarnings("InsecureCryptoUsage") @Test public void testDHDistinctParameters() throws Exception { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH"); keyGen.initialize(ike1536()); KeyPair keyPairA = keyGen.generateKeyPair(); keyGen.initialize(ike2048()); KeyPair keyPairB = keyGen.generateKeyPair(); KeyAgreement kaA = KeyAgreement.getInstance("DH"); kaA.init(keyPairA.getPrivate()); try { kaA.doPhase(keyPairB.getPublic(), true); byte[] kAB = kaA.generateSecret(); fail("Generated secrets with mixed keys " + TestUtil.bytesToHex(kAB) + ", "); } catch (java.security.GeneralSecurityException ex) { // This is expected. } }
public static ECDHKeySet getSharedSecret (ECKey keyServer, ECKey keyClient) { try { ECPrivateKeySpec specPrivate = new ECPrivateKeySpec(keyServer.getPrivKey(), ecParameters); ECPublicKeySpec specPublic = new ECPublicKeySpec(new ECPoint(keyClient.getPubKeyPoint().getXCoord().toBigInteger(), keyClient.getPubKeyPoint() .getYCoord().toBigInteger()), ecParameters); ECPrivateKey privateKey = (ECPrivateKey) kf.generatePrivate(specPrivate); ECPublicKey publicKey = (ECPublicKey) kf.generatePublic(specPublic); JCEECPrivateKey ecPrivKey = new JCEECPrivateKey(privateKey); JCEECPublicKey ecPubKey = new JCEECPublicKey(publicKey); KeyAgreement aKeyAgree = KeyAgreement.getInstance("ECDH"); aKeyAgree.init(ecPrivKey); aKeyAgree.doPhase(ecPubKey, true); return new ECDHKeySet(aKeyAgree.generateSecret(), keyServer.getPubKey(), keyClient.getPubKey()); } catch (Exception e) { throw new RuntimeException(e); } }
private byte[] generateEcdhSecret(PrivateKey privateKey, PublicKey publicKey, ProviderContext providerContext) throws JoseException { String keyAgreementProvider = providerContext.getSuppliedKeyProviderContext().getKeyAgreementProvider(); KeyAgreement keyAgreement = getKeyAgreement(keyAgreementProvider); try { keyAgreement.init(privateKey); keyAgreement.doPhase(publicKey, true); } catch (java.security.InvalidKeyException e) { throw new InvalidKeyException("Invalid Key for " + getJavaAlgorithm() + " key agreement." ,e); } return keyAgreement.generateSecret(); }
protected void initDiffieHellman(DHPrivateKey dhKey, SecureRandom random) throws SSLException { try { keyAgreement = KeyAgreement.getInstance("DH"); keyAgreement.init(dhKey, random); } catch (InvalidKeyException ike) { throw new SSLException(ike); } catch (NoSuchAlgorithmException nsae) { throw new SSLException(nsae); } }
/** * 构建密钥 * @param publicKey * @param privateKey * @return * @throws Exception */ public static byte[] getSecretKey(byte[] publicKey,byte[] privateKey)throws Exception{ //实例化密钥工厂 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); //初始化公钥 //密钥材料转换 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(publicKey); //产生公钥 PublicKey pubKey = keyFactory.generatePublic(x509KeySpec); //初始化私钥 //密钥材料转换 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(privateKey); //产生私钥 PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec); //实例化 KeyAgreement keyAgree = KeyAgreement.getInstance(keyFactory.getAlgorithm()); keyAgree.init(priKey); keyAgree.doPhase(pubKey, true); //产生本地密钥 SecretKey secretKey = keyAgree.generateSecret(SECRET_ALGORITHM); return secretKey.getEncoded(); }
/** * Use 1536 for Fast Prime Generation (less secure) or 2048 for slow prime generation (secure) * @param strength * @throws InvalidKeyException * @throws IllegalStateException * @throws InvalidAlgorithmParameterException * @throws NoSuchAlgorithmException * @throws NoSuchProviderException * @throws InvalidKeySpecException * @throws InvalidParameterSpecException */ public DHExchange(int strength) throws InvalidKeyException, IllegalStateException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, InvalidParameterSpecException { Security.addProvider(new org.spongycastle.jce.provider.BouncyCastleProvider()); AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance("DH", "SC"); paramGen.init(strength); // number of bits AlgorithmParameters params = paramGen.generateParameters(); DHParameterSpec dhSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class); BigInteger p = dhSpec.getP(); BigInteger g = dhSpec.getG(); DHParameterSpec dhParams = new DHParameterSpec(p, g); KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH", "SC"); keyGen.initialize(dhParams, new SecureRandom()); KeyAgreement aKeyAgree = KeyAgreement.getInstance("DH", "SC"); KeyPair aPair = keyGen.generateKeyPair(); KeyAgreement bKeyAgree = KeyAgreement.getInstance("DH", "SC"); KeyPair bPair = keyGen.generateKeyPair(); aKeyAgree.init(aPair.getPrivate()); bKeyAgree.init(bPair.getPrivate()); aKeyAgree.doPhase(bPair.getPublic(), true); bKeyAgree.doPhase(aPair.getPublic(), true); }
/** * Test for <code> getInstance(String algorithm) </code> method Assertions: * returns KeyAgreement object */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "This is a complete subset of tests for getInstance method.", method = "getInstance", args = {java.lang.String.class} ) public void testGetInstanceString02() throws NoSuchAlgorithmException { if (!DEFSupported) { fail(NotSupportMsg); return; } KeyAgreement keyA; for (int i = 0; i < validValues.length; i++) { keyA = KeyAgreement.getInstance(validValues[i]); assertEquals("Incorrect algorithm", keyA.getAlgorithm(), validValues[i]); } }
/** * Test for <code> getInstance(String algorithm, String provider)</code> * method Assertions: returns KeyAgreement object */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "This is a complete subset of tests for getInstance method.", method = "getInstance", args = {java.lang.String.class, java.lang.String.class} ) public void testGetInstanceStringString03() throws IllegalArgumentException, NoSuchAlgorithmException, NoSuchProviderException { if (!DEFSupported) { fail(NotSupportMsg); return; } KeyAgreement keyA; for (int i = 0; i < validValues.length; i++) { keyA = KeyAgreement .getInstance(validValues[i], defaultProviderName); assertEquals("Incorrect algorithm", keyA.getAlgorithm(), validValues[i]); assertEquals("Incorrect provider", keyA.getProvider().getName(), defaultProviderName); } }
/** * Test for <code> getInstance(String algorithm, Provider provider)</code> * method Assertions: throws IllegalArgumentException when provider is null */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "This is a complete subset of tests for getInstance method.", method = "getInstance", args = {java.lang.String.class, java.security.Provider.class} ) public void testGetInstanceStringProvider02() throws NoSuchAlgorithmException, IllegalArgumentException { if (!DEFSupported) { fail(NotSupportMsg); return; } Provider provider = null; for (int i = 0; i < invalidValues.length; i++) { try { KeyAgreement.getInstance(invalidValues[i], provider); fail("IllegalArgumentException must be thrown"); } catch (IllegalArgumentException e) { } } }
/** * Test for <code> getInstance(String algorithm, Provider provider)</code> * method Assertions: returns KeyAgreement object */ @TestTargetNew( level = TestLevel.PARTIAL_COMPLETE, notes = "This is a complete subset of tests for getInstance method.", method = "getInstance", args = {java.lang.String.class, java.security.Provider.class} ) public void testGetInstanceStringProvider03() throws IllegalArgumentException, NoSuchAlgorithmException { if (!DEFSupported) { fail(NotSupportMsg); return; } KeyAgreement keyA; for (int i = 0; i < validValues.length; i++) { keyA = KeyAgreement.getInstance(validValues[i], defaultProvider); assertEquals("Incorrect algorithm", keyA.getAlgorithm(), validValues[i]); assertEquals("Incorrect provider", keyA.getProvider(), defaultProvider); } }
@TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "getAlgorithm", args = {} ) public void test_getAlgorithm() throws NoSuchAlgorithmException { Mock_KeyAgreement mka = new Mock_KeyAgreement(null, null, null); assertNull(mka.getAlgorithm()); KeyAgreement keyA; for (int i = 0; i < validValues.length; i++) { keyA = KeyAgreement.getInstance(validValues[i]); assertEquals("Incorrect algorithm", keyA.getAlgorithm(), validValues[i]); } }
@TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "init", args = {java.security.Key.class, java.security.SecureRandom.class} ) public void test_initLjava_security_KeyLjava_security_SecureRandom() throws Exception { if (!DEFSupported) { fail(NotSupportMsg); return; } createKeys(); KeyAgreement[] kAgs = createKAs(); KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(privKey, new SecureRandom()); try { ka.init(publKey, new SecureRandom()); fail("InvalidKeyException expected"); } catch (InvalidKeyException e) { //expected } }
public void keyOperations(StringProvider provider) { KeyFactory keyFactory; KeyAgreement keyAgreement; KeyPairGenerator keyPairGenerator; final String dh = "DH"; try { // BUG: Diagnostic contains: compile-time constant keyFactory = KeyFactory.getInstance(provider.get()); // BUG: Diagnostic contains: Diffie-Hellman on prime fields keyFactory = KeyFactory.getInstance(dh); // BUG: Diagnostic contains: DSA keyAgreement = KeyAgreement.getInstance("DSA"); // BUG: Diagnostic contains: compile-time constant keyAgreement = KeyAgreement.getInstance(provider.get()); // BUG: Diagnostic contains: Diffie-Hellman on prime fields keyPairGenerator = KeyPairGenerator.getInstance(dh); // BUG: Diagnostic contains: compile-time constant keyPairGenerator = KeyPairGenerator.getInstance(provider.get()); } catch (NoSuchAlgorithmException e) { // We don't handle any exception as this code is not meant to be executed. } }
/** * Test for <code> getInstance(String algorithm, String provider)</code> * method Assertions: returns KeyAgreement object */ public void testGetInstanceStringString03() throws IllegalArgumentException, NoSuchAlgorithmException, NoSuchProviderException { if (!DEFSupported) { fail(NotSupportMsg); return; } KeyAgreement keyA; for (int i = 0; i < validValues.length; i++) { keyA = KeyAgreement .getInstance(validValues[i], defaultProviderName); assertEquals("Incorrect algorithm", keyA.getAlgorithm(), validValues[i]); assertEquals("Incorrect provider", keyA.getProvider().getName(), defaultProviderName); } }
/** * Test for <code> getInstance(String algorithm, Provider provider)</code> * method Assertions: throws IllegalArgumentException when provider is null */ public void testGetInstanceStringProvider02() throws NoSuchAlgorithmException, IllegalArgumentException { if (!DEFSupported) { fail(NotSupportMsg); return; } Provider provider = null; for (int i = 0; i < invalidValues.length; i++) { try { KeyAgreement.getInstance(invalidValues[i], provider); fail("IllegalArgumentException must be thrown"); } catch (IllegalArgumentException e) { } } }
/** * Test for <code> getInstance(String algorithm, Provider provider)</code> * method Assertions: returns KeyAgreement object */ public void testGetInstanceStringProvider03() throws IllegalArgumentException, NoSuchAlgorithmException { if (!DEFSupported) { fail(NotSupportMsg); return; } KeyAgreement keyA; for (int i = 0; i < validValues.length; i++) { keyA = KeyAgreement.getInstance(validValues[i], defaultProvider); assertEquals("Incorrect algorithm", keyA.getAlgorithm(), validValues[i]); assertEquals("Incorrect provider", keyA.getProvider(), defaultProvider); } }
/** * Test for the methods: <code>init(Key key)</code> * <code>generateSecret()</code> * <code>generateSecret(byte[] sharedsecret, int offset)</code> * <code>generateSecret(String algorithm)</code> * Assertions: initializes KeyAgreement; returns sharedSecret; puts * sharedsecret in buffer and return numbers of bytes; returns SecretKey * object */ public void testGenerateSecret03() throws Exception { if (!DEFSupported) { fail(NotSupportMsg); return; } createKeys(); KeyAgreement[] kAgs = createKAs(); byte[] bb; byte[] bb1 = new byte[10]; for (int i = 0; i < kAgs.length; i++) { kAgs[i].init(privKey); kAgs[i].doPhase(publKey, true); bb = kAgs[i].generateSecret(); kAgs[i].init(privKey); kAgs[i].doPhase(publKey, true); bb1 = new byte[bb.length + 10]; kAgs[i].generateSecret(bb1, 9); kAgs[i].init(privKey); kAgs[i].doPhase(publKey, true); kAgs[i].generateSecret("DES"); } }
/** * Test for <code>KeyAgreement</code> constructor Assertion: returns * KeyAgreement object */ public void testKeyAgreement() throws NoSuchAlgorithmException, InvalidKeyException, IllegalStateException { if (!DEFSupported) { fail(NotSupportMsg); return; } KeyAgreementSpi spi = new MyKeyAgreementSpi(); KeyAgreement keyA = new myKeyAgreement(spi, defaultProvider, defaultAlgorithm); assertEquals("Incorrect algorithm", keyA.getAlgorithm(), defaultAlgorithm); assertEquals("Incorrect provider", keyA.getProvider(), defaultProvider); assertNull("Incorrect result", keyA.doPhase(null, true)); assertEquals("Incorrect result", keyA.generateSecret().length, 0); keyA = new myKeyAgreement(null, null, null); assertNull("Algorithm must be null", keyA.getAlgorithm()); assertNull("Provider must be null", keyA.getProvider()); try { keyA.doPhase(null, true); fail("NullPointerException must be thrown"); } catch (NullPointerException e) { } }
/** * 构建密钥 * * @param publicKey * 公钥 * @param privateKey * 私钥 * @return * @throws Exception */ private static SecretKey getSecretKey(String publicKey, String privateKey) throws Exception { // 初始化公钥 byte[] pubKeyBytes = decryptBASE64(publicKey); KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(pubKeyBytes); PublicKey pubKey = keyFactory.generatePublic(x509KeySpec); // 初始化私钥 byte[] priKeyBytes = decryptBASE64(privateKey); PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(priKeyBytes); Key priKey = keyFactory.generatePrivate(pkcs8KeySpec); KeyAgreement keyAgree = KeyAgreement.getInstance(keyFactory .getAlgorithm()); keyAgree.init(priKey); keyAgree.doPhase(pubKey, true); // 生成本地密钥 SecretKey secretKey = keyAgree.generateSecret(SECRET_ALGORITHM); return secretKey; }
public byte[] generateDHPublicKey() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException { // generate key pair KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH"); DHParameterSpec param = new DHParameterSpec(sP, sG); kpg.initialize(param); KeyPair kp = kpg.generateKeyPair(); DHPrivateKey privateKey = (DHPrivateKey) kp.getPrivate(); DHPublicKey publicKey = (DHPublicKey) kp.getPublic(); // initialize key agreement with our private key mKA = KeyAgreement.getInstance("DH"); mKA.init(privateKey); // return our public 1/2 key to share return getBytes(publicKey.getY()); }
public byte[] createNodeKey(byte[] pubKeyNode) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, IllegalStateException { // add this public key node to agreement KeyFactory keyFac = KeyFactory.getInstance("DH"); BigInteger y = new BigInteger(1, pubKeyNode); DHPublicKeySpec spec = new DHPublicKeySpec(y, sP, sG); PublicKey nodePubKey = keyFac.generatePublic(spec); mKA.doPhase(nodePubKey, true); // complete this phase of agreement by generating secret BigInteger x = new BigInteger(1, mKA.generateSecret()); BigInteger v = sG.modPow(x, sP); DHPrivateKeySpec specX = new DHPrivateKeySpec(x, sP, sG); PrivateKey nodePrivKey = keyFac.generatePrivate(specX); mKA.doPhase(nodePubKey, true); mKA = KeyAgreement.getInstance("DH"); mKA.init(nodePrivKey); return getBytes(v); }
/** * 构建密钥 * * @param publicKey 公钥 * @param privateKey 私钥 * @return * @throws Exception */ private static SecretKey getSecretKey(String publicKey, String privateKey) throws Exception { // 初始化公钥 byte[] pubKeyBytes = decryptBASE64(publicKey); KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(pubKeyBytes); PublicKey pubKey = keyFactory.generatePublic(x509KeySpec); // 初始化私钥 byte[] priKeyBytes = decryptBASE64(privateKey); PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(priKeyBytes); Key priKey = keyFactory.generatePrivate(pkcs8KeySpec); KeyAgreement keyAgree = KeyAgreement.getInstance(keyFactory .getAlgorithm()); keyAgree.init(priKey); keyAgree.doPhase(pubKey, true); // 生成本地密钥 SecretKey secretKey = keyAgree.generateSecret(SECRET_ALGORITHM); return secretKey; }
/** * Creates a Diffie-Hellman key pair. * * @return dh keypair */ protected KeyPair generateKeyPair() { KeyPair keyPair = null; DHParameterSpec keySpec = new DHParameterSpec(DH_MODULUS, DH_BASE); try { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH"); keyGen.initialize(keySpec); keyPair = keyGen.generateKeyPair(); keyAgreement = KeyAgreement.getInstance("DH"); // key agreement is initialized with "this" ends private key keyAgreement.init(keyPair.getPrivate()); } catch (Exception e) { log.error("Error generating keypair", e); } return keyPair; }
private static SecretKey generateSharedSecret(PrivateKey privateKey, PublicKey publicKey) { try { KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME); keyAgreement.init(privateKey); keyAgreement.doPhase(publicKey, true); SecretKey key = keyAgreement.generateSecret("AES"); System.out.println("Shared key length: " + key.getEncoded().length); return key; } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException e) { e.printStackTrace(); return null; } }
public static byte[] computeSharedSecret(ECPrivateKey myPrivateKey, ECPoint publicPoint) throws GeneralSecurityException { checkPointOnCurve(publicPoint, myPrivateKey.getParams().getCurve()); // Explicitly reconstruct the peer public key using private key's spec. ECParameterSpec privSpec = myPrivateKey.getParams(); EllipticCurve privCurve = privSpec.getCurve(); ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(publicPoint, privSpec); KeyFactory kf = KeyFactory.getInstance("EC"); PublicKey publicKey = kf.generatePublic(publicKeySpec); KeyAgreement ka = EngineFactory.KEY_AGREEMENT.getInstance("ECDH"); ka.init(myPrivateKey); ka.doPhase(publicKey, true /* lastPhase */); byte[] secret = ka.generateSecret(); validateSharedSecret(secret, myPrivateKey); return secret; }