com.hfg.security.CryptoUtil Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of com_hfg Show documentation
Show all versions of com_hfg Show documentation
com.hfg xml, html, svg, and bioinformatics utility library
package com.hfg.security;
import java.io.File;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
//------------------------------------------------------------------------------
/**
Cryptology-related methods for key & signature handling.
@author J. Alex Taylor, hairyfatguy.com
*/
//------------------------------------------------------------------------------
// com.hfg XML/HTML Coding Library
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 2.1 of the License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
//
// J. Alex Taylor, President, Founder, CEO, COO, CFO, OOPS hairyfatguy.com
// [email protected]
//------------------------------------------------------------------------------
public class CryptoUtil
{
private static String sDefaultEllipticCurveSpec = "secp521r1";
//---------------------------------------------------------------------------
/**
* Sets the default SunEC-implemented elliptic curve spec used.
* Surely there is a better way to find the possible values but here is one url:
*
* http://www.docjar.com/html/api/sun/security/ec/SunECEntries.java.html.
* Also see "Implementing ECC with Java Standard Edition 7" by V. Martinez.
* @param inValue String spec for the SunEC-implemented elliptic curve to use.
*/
public static void setDefaultEllipticCurveSpec(String inValue)
{
sDefaultEllipticCurveSpec = inValue;
}
//---------------------------------------------------------------------------
/**
* Returns the default SunEC-implemented elliptic curve spec used.
* @return Default String spec for the SunEC-implemented elliptic curve to use
*/
public static String getDefaultEllipticCurveSpec()
{
return sDefaultEllipticCurveSpec;
}
//---------------------------------------------------------------------------
/**
* Generates an Elliptic Curve key pair using the default elliptic curve spec.
* @return KeyPair which can be written out to public and private key files.
* @throws Exception
*/
public static KeyPair generateEllipticCurveKeyPair()
throws Exception
{
return generateEllipticCurveKeyPair(sDefaultEllipticCurveSpec);
}
//---------------------------------------------------------------------------
/**
* Generates an Elliptic Curve key pair.
* @param inEllipticCurveSpec String spec for the SunEC-implemented elliptic curve to use.
* @return KeyPair which can be written out to public and private key files.
* @throws Exception
*/
public static KeyPair generateEllipticCurveKeyPair(String inEllipticCurveSpec)
throws Exception
{
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "SunEC");
keyPairGenerator.initialize(new ECGenParameterSpec(inEllipticCurveSpec));
return keyPairGenerator.genKeyPair();
}
//---------------------------------------------------------------------------
public static void writePrivateEllipticCurveKeyToFile(PrivateKey inPrivateKey, File inFile)
throws Exception
{
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(inPrivateKey.getEncoded());
OutputStream fileStream = null;
try
{
fileStream = new FileOutputStream(inFile);
fileStream.write(pkcs8EncodedKeySpec.getEncoded());
// Set strict user-only permissions
inFile.setReadable(false, false);
inFile.setReadable(true, true);
inFile.setWritable(false, false);
inFile.setWritable(true, true);
inFile.setExecutable(false, false);
}
finally
{
if (fileStream != null)
{
fileStream.close();
}
}
}
//---------------------------------------------------------------------------
public static PrivateKey readPrivateEllipticCurveKeyFile(File inPrivateKeyFile)
throws Exception
{
byte[] data = Files.readAllBytes(inPrivateKeyFile.toPath());
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(data);
KeyFactory factory = KeyFactory.getInstance("EC");
return factory.generatePrivate(spec);
}
//---------------------------------------------------------------------------
public static void writePublicEllipticCurveKeyToFile(PublicKey inPublicKey, File inFile)
throws Exception
{
X509EncodedKeySpec spec = new X509EncodedKeySpec(inPublicKey.getEncoded());
OutputStream fileStream = null;
try
{
fileStream = new FileOutputStream(inFile);
fileStream.write(spec.getEncoded());
// Set permissions
inFile.setReadable(true, false);
inFile.setWritable(false, false);
inFile.setWritable(true, true);
inFile.setExecutable(false, false);
}
finally
{
if (fileStream != null)
{
fileStream.close();
}
}
}
//---------------------------------------------------------------------------
public static PublicKey readPublicEllipticCurveKeyFile(File inPublicKeyFile)
throws Exception
{
byte[] data = Files.readAllBytes(inPublicKeyFile.toPath());
X509EncodedKeySpec spec = new X509EncodedKeySpec(data);
KeyFactory factory = KeyFactory.getInstance("EC");
return factory.generatePublic(spec);
}
//---------------------------------------------------------------------------
/**
* Generates a signature give a private key and the text to sign.
* Uses the SHA512withECDSA signature algorithm.
* @param inPrivateKey private Elliptic Curve key
* @param inText text to sign
* @return signature as a byte[]
* @throws Exception
*/
public static byte[] generateSignatureWithECDSA(PrivateKey inPrivateKey, String inText)
throws Exception
{
Signature signature = Signature.getInstance("SHA512withECDSA", "SunEC");
signature.initSign(inPrivateKey);
signature.update(inText.getBytes());
return signature.sign();
}
//---------------------------------------------------------------------------
/**
* Verifies a signature give a public key, the signed text, and the signature.
* Uses the SHA512withECDSA signature algorithm.
* @param inPublicKey public Elliptic Curve key
* @param inText text that was signed
* @param inSignature signature as a byte[]
* @return whether the signature is valid
* @throws Exception
*/
public static boolean verifySignatureWithECDSA(PublicKey inPublicKey, String inText, byte[] inSignature)
throws Exception
{
Signature signature = Signature.getInstance("SHA512withECDSA", "SunEC");
signature.initVerify(inPublicKey);
signature.update(inText.getBytes());
return signature.verify(inSignature);
}
}