| package org.bouncycastle.jce.provider.test; |
| |
| import java.security.AlgorithmParameters; |
| import java.security.KeyPair; |
| import java.security.KeyPairGenerator; |
| import java.security.MessageDigest; |
| import java.security.PrivateKey; |
| import java.security.PublicKey; |
| import java.security.SecureRandom; |
| import java.security.Security; |
| import java.security.spec.PKCS8EncodedKeySpec; |
| |
| import javax.crypto.Cipher; |
| import javax.crypto.EncryptedPrivateKeyInfo; |
| import javax.crypto.SecretKeyFactory; |
| import javax.crypto.spec.IvParameterSpec; |
| import javax.crypto.spec.PBEKeySpec; |
| import javax.crypto.spec.PBEParameterSpec; |
| |
| import org.bouncycastle.jcajce.PKCS12KeyWithParameters; |
| import org.bouncycastle.jce.provider.BouncyCastleProvider; |
| import org.bouncycastle.util.test.SimpleTest; |
| import org.bouncycastle.util.test.Test; |
| import org.bouncycastle.util.test.TestResult; |
| |
| public class EncryptedPrivateKeyInfoTest |
| extends SimpleTest |
| { |
| String alg = "1.2.840.113549.1.12.1.3"; // 3 key triple DES with SHA-1 |
| |
| public void performTest() |
| throws Exception |
| { |
| doTestWithExplicitIV(); |
| |
| KeyPairGenerator fact = KeyPairGenerator.getInstance("RSA", "BC"); |
| fact.initialize(512, new SecureRandom()); |
| |
| KeyPair keyPair = fact.generateKeyPair(); |
| |
| PrivateKey priKey = keyPair.getPrivate(); |
| PublicKey pubKey = keyPair.getPublic(); |
| |
| // |
| // set up the parameters |
| // |
| byte[] salt = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }; |
| int iterationCount = 100; |
| PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount); |
| |
| AlgorithmParameters params = AlgorithmParameters.getInstance(alg, "BC"); |
| |
| params.init(defParams); |
| |
| // |
| // set up the key |
| // |
| char[] password1 = { 'h', 'e', 'l', 'l', 'o' }; |
| |
| PBEKeySpec pbeSpec = new PBEKeySpec(password1); |
| SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg, "BC"); |
| Cipher cipher = Cipher.getInstance(alg, "BC"); |
| |
| cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), params); |
| |
| byte[] wrappedKey = cipher.wrap(priKey); |
| |
| // |
| // create encrypted object |
| // |
| |
| EncryptedPrivateKeyInfo pInfo = new EncryptedPrivateKeyInfo(params, wrappedKey); |
| |
| // |
| // decryption step |
| // |
| char[] password2 = { 'h', 'e', 'l', 'l', 'o' }; |
| |
| pbeSpec = new PBEKeySpec(password2); |
| |
| cipher = Cipher.getInstance(pInfo.getAlgName(), "BC"); |
| |
| cipher.init(Cipher.DECRYPT_MODE, keyFact.generateSecret(pbeSpec), pInfo.getAlgParameters()); |
| |
| PKCS8EncodedKeySpec keySpec = pInfo.getKeySpec(cipher); |
| |
| if (!MessageDigest.isEqual(priKey.getEncoded(), keySpec.getEncoded())) |
| { |
| fail("Private key does not match"); |
| } |
| |
| // |
| // using Cipher parameters test |
| // |
| pbeSpec = new PBEKeySpec(password1); |
| keyFact = SecretKeyFactory.getInstance(alg, "BC"); |
| cipher = Cipher.getInstance(alg, "BC"); |
| |
| cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), params); |
| |
| wrappedKey = cipher.wrap(priKey); |
| |
| // |
| // create encrypted object |
| // |
| |
| pInfo = new EncryptedPrivateKeyInfo(cipher.getParameters(), wrappedKey); |
| |
| // |
| // decryption step |
| // |
| pbeSpec = new PBEKeySpec(password2); |
| |
| cipher = Cipher.getInstance(pInfo.getAlgName(), "BC"); |
| |
| cipher.init(Cipher.DECRYPT_MODE, keyFact.generateSecret(pbeSpec), pInfo.getAlgParameters()); |
| |
| keySpec = pInfo.getKeySpec(cipher); |
| |
| if (!MessageDigest.isEqual(priKey.getEncoded(), keySpec.getEncoded())) |
| { |
| fail("Private key does not match"); |
| } |
| } |
| |
| public void doTestWithExplicitIV() |
| throws Exception |
| { |
| KeyPairGenerator fact = KeyPairGenerator.getInstance("RSA", "BC"); |
| fact.initialize(512, new SecureRandom()); |
| |
| KeyPair keyPair = fact.generateKeyPair(); |
| |
| PrivateKey priKey = keyPair.getPrivate(); |
| PublicKey pubKey = keyPair.getPublic(); |
| |
| // |
| // set up the parameters |
| // |
| byte[] salt = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }; |
| int iterationCount = 100; |
| PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount); |
| |
| AlgorithmParameters params = AlgorithmParameters.getInstance(alg, "BC"); |
| |
| params.init(defParams); |
| |
| // |
| // set up the key |
| // |
| char[] password1 = { 'h', 'e', 'l', 'l', 'o' }; |
| |
| Cipher cipher = Cipher.getInstance(alg, "BC"); |
| |
| byte[] iv = { 1, 2, 3, 4, 5, 6, 7, 8 }; |
| |
| cipher.init(Cipher.WRAP_MODE, new PKCS12KeyWithParameters(password1, salt, iterationCount), new IvParameterSpec(iv)); |
| |
| byte[] wrappedKey = cipher.wrap(priKey); |
| |
| // |
| // create encrypted object |
| // |
| |
| EncryptedPrivateKeyInfo pInfo = new EncryptedPrivateKeyInfo(params, wrappedKey); |
| |
| // |
| // decryption step |
| // |
| char[] password2 = { 'h', 'e', 'l', 'l', 'o' }; |
| |
| cipher = Cipher.getInstance(pInfo.getAlgName(), "BC"); |
| |
| cipher.init(Cipher.DECRYPT_MODE, new PKCS12KeyWithParameters(password2, salt, iterationCount), new IvParameterSpec(iv)); |
| |
| PKCS8EncodedKeySpec keySpec = pInfo.getKeySpec(cipher); |
| |
| if (!MessageDigest.isEqual(priKey.getEncoded(), keySpec.getEncoded())) |
| { |
| fail("Private key does not match"); |
| } |
| } |
| |
| public String getName() |
| { |
| return "EncryptedPrivateKeyInfoTest"; |
| } |
| |
| public static void main( |
| String[] args) |
| { |
| Security.addProvider(new BouncyCastleProvider()); |
| |
| Test test = new EncryptedPrivateKeyInfoTest(); |
| TestResult result = test.perform(); |
| |
| System.out.println(result.toString()); |
| } |
| } |