-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathusing.html.md.erb
140 lines (102 loc) · 4.8 KB
/
using.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
---
title: Code Samples
owner: Partners
---
This topic demonstrates the use of **DYADIC** as the **JCE**-Provider in various crypto-cases.
## <a id='bind'></a> Introduction
To start using Dyadic-based realization of crypto-primitives, specify **"DYADIC"** as your default JCE provider.
Consult [JCE](<https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html>) Documentation for the use of **KeyStore**, **KeyGenerator**, and **Cipher**.
The following API of JCE creates Dyadic-based Cipher object that implements all standard RSA, AES, and ECC crypto-methods (`transformations`).
```java
Cipher getInstance(String transformation, "DYADIC")
```
For example:
```java
Cipher cipher1 = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING", "DYADIC");
Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding", "DYADIC")
KeyStore keyStore = KeyStore.getInstance("PKCS11", "DYADIC");
KeyPairGenerator gen1 = KeyPairGenerator.getInstance("RSA", "DYADIC");
KeyPairGenerator gen2 = KeyPairGenerator.getInstance("EC", "DYADIC");
Signature sign = Signature.getInstance("SHA256WithRSA", "DYADIC");
```
<p class="note"><strong>Note:</strong> Dyadic supports <code>KeyStore</code> of type <code>PKCS11</code>.</p>
## <a id="RSA"></a> RSA - Signing and Encryption
The following code sample demonstrates RSA for signing and encryption:
```java
byte[] testData = new byte[]{1, 2, 3, 4, 5};
KeyStore keyStore = KeyStore.getInstance("PKCS11", "DYADIC");
keyStore.load(null);
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA", "DYADIC");
gen.initialize(2048);
KeyPair keyPair = gen.generateKeyPair();
keyStore.setEntry("RSA test", new DYCryptoProvider.KeyEntry(keyPair.getPrivate()), null);
PrivateKey prvKey = (PrivateKey) keyStore.getKey("RSA test", null);
Signature sign = Signature.getInstance("SHA256WithRSA", "DYADIC");
sign.initSign(prvKey);
sign.update(testData);
byte[] signature = sign.sign();
sign = Signature.getInstance("SHA256WithRSA");
RSAPrivateCrtKey rsa = (RSAPrivateCrtKey) prvKey;
KeyFactory kf = KeyFactory.getInstance("RSA");
PublicKey pubKey = kf.generatePublic(new RSAPublicKeySpec(rsa.getModulus(), rsa.getPublicExponent()));
sign.initVerify(pubKey);
sign.update(testData);
boolean ok = sign.verify(signature);
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING");
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
byte[] encrypted = cipher.doFinal(testData);
cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING", "DYADIC");
cipher.init(Cipher.DECRYPT_MODE, prvKey);
byte[] decrypted = cipher.doFinal(encrypted);
ok = Arrays.equals(decrypted, testData);
```
## <a id="ECDSA"></a> ECDSA - Key Generation
The following code sample demonstrates ECDSA key generation and signature:
```java
KeyStore keyStore = KeyStore.getInstance("PKCS11", "DYADIC");
keyStore.load(null);
KeyPairGenerator gen = KeyPairGenerator.getInstance("EC", "DYADIC");
gen.initialize(new ECGenParameterSpec("secp256r1"));
KeyPair keyPair = gen.generateKeyPair();
keyStore.setEntry("ECDSA test",
new DYCryptoProvider.KeyEntry(keyPair.getPrivate()), null);
PrivateKey prvKey = (PrivateKey) keyStore.getKey("ECDSA test", null);
byte[] testData = new byte[] { 1, 2, 3, 4, 5 };
Signature sign = Signature.getInstance("SHA256WithECDSA", "DYADIC");
sign.initSign(prvKey);
sign.update(testData);
byte[] signature = sign.sign();
sign = Signature.getInstance("SHA256WithECDSA");
sign.initVerify(keyPair.getPublic());
sign.update(testData);
boolean ok = sign.verify(signature);
```
## <a id="AES"></a> AES - Key Generation and Encryption
The following code sample demonstrates AES key generation and usage:
```java
KeyStore keyStore = KeyStore.getInstance("PKCS11", "DYADIC");
keyStore.load(null);
KeyGenerator gen = KeyGenerator.getInstance("AES", "DYADIC");
gen.init(256);
SecretKey secretKey = (SecretKey) gen.generateKey();
keyStore.setKeyEntry("AES test", secretKey, null, null);
SecureRandom secureRandom = new SecureRandom();
byte[] data = new byte[64];
byte[] iv = new byte[12];
byte[] AD = new byte[12];
secureRandom.nextBytes(data);
secureRandom.nextBytes(data);
secureRandom.nextBytes(iv);
secureRandom.nextBytes(AD);
CcmParameterSpec ccmParameterSpec = new CcmParameterSpec(iv, 12, AD);
Cipher encryptCipherEncrypt = Cipher.getInstance("AES/CCM/NoPadding");
encryptCipherEncrypt.init(Cipher.ENCRYPT_MODE, secretKey, ccmParameterSpec);
encryptCipherEncrypt.update(data, 0, data.length / 2);
encryptCipherEncrypt.update(data, data.length / 2, data.length / 2);
byte[] enc = encryptCipherEncrypt.doFinal();
Cipher encryptCipherDecrypt = Cipher.getInstance("AES/CCM/NoPadding");
encryptCipherDecrypt.init(Cipher.DECRYPT_MODE, secretKey, ccmParameterSpec);
byte[] dec = encryptCipherDecrypt.doFinal(enc);
```
## <a id="code-sample"></a> Complete Test Application
See the complete application in <https://github.com/DyadicSec/dyadic-sample>.