Package com.inesm.KeyManager.services

Class CryptographyService

java.lang.Object
com.inesm.KeyManager.services.CryptographyService
@Service public class CryptographyService extends Object
Provides cryptographic services.

  • Constructor Details

    • CryptographyService

      @Autowired public CryptographyService(PCKS11 pcks11)
      Constructor for the CryptographicService.
      Parameters:
      pcks11 - the service providing the interactions with the PCKS11 interface

  • Method Details

    • generateAEADSKeys64Encoded

      public String[] generateAEADSKeys64Encoded() throws NoSuchAlgorithmException
      Generates two symmetric keys for AEAD, encoded using base64.
      Returns:
      a string array containing the encoded encryption key (index 0) and the signature encryption key(index 1)
      Throws:
      NoSuchAlgorithmException - if the random generator algorithm is not found

    • hashPassword

      public String hashPassword(String password) throws HashingErrorException
      Hashes a password, using the algorithm "PBKDF2WithHmacSHA512". The algorithm used, uses the parameters defined in PBKDF2_ITERATIONS and PBKDF2_KEY_LENGHT.
      Parameters:
      password - the password to be hashed
      Returns:
      a string with the hash and originating parameters, as defined in CryptographyService.StoredHash.dump()
      Throws:
      HashingErrorException - if an error occurred during the hashing operation

    • validatePassword

      public boolean validatePassword(String storedHash, String password) throws HashingErrorException
      Validates the password against a hash. Uses the algorithm "PBKDF2WithHmacSHA512".
      Parameters:
      storedHash - the hash concatenate with the originating parameters, as defined in CryptographyService.StoredHash.dump()
      password - the password to be checked
      Returns:
      true if the password matches the hash, false otherwise
      Throws:
      HashingErrorException - if an error occurred generating the hash

    • AEADencryptWeb

      public String AEADencryptWeb(String payload, String data, String encKey64, String signKey64) throws EncryptionErrorException, NoSuchAlgorithmException, InvalidSignatureException
      Encrypts a payload using AEAD.
      Parameters:
      payload - the payload to be encrypted
      data - the associated data of the payload
      encKey64 - the encryption key encoded in base64
      signKey64 - the signature key encoded in base64
      Returns:
      a json strign containing the IV (base64), ciphertext (base64), signature (base64) and data parameters.
      Throws:
      EncryptionErrorException - if an error occurred during the encryption process
      NoSuchAlgorithmException - if the IV generation algorithm could not be found
      InvalidSignatureException - if a problem occurred generating the signature

    • AEADdecryptWeb

      public String AEADdecryptWeb(String jsonString, String encKey64, String signKey64) throws DecryptionErrorException, InvalidSignatureException
      Decrypts a payload using AEAD.
      Parameters:
      jsonString - a json string containing the fields (and respective enconding) IV (in base64), ciphertext (in base64), signature (in base64) and data (UTF_8).
      encKey64 - the encryption key encoded in base64
      signKey64 - the signature key encoded in base64
      Returns:
      the decrypted payload as a string
      Throws:
      DecryptionErrorException - if an error occurred during the decryption process
      InvalidSignatureException - if an error ocurred generating the signature

    • AEADencrypt

      public MessageContainer AEADencrypt(byte[] msg, byte[] data, byte[] keys) throws EncryptionErrorException, NoSuchAlgorithmException, IOException, InvalidSignatureException
      Encrypts a message using AEAD.
      Parameters:
      msg - the message to be encrypted as a byte array
      data - the associated data
      keys - the byte array containing the encryption key in the first half and the signature key in the second (EK||SK)
      Returns:
      the message container, containing the AEAD parameters that result from the encryption process
      Throws:
      EncryptionErrorException - if an error occurred during encryption
      NoSuchAlgorithmException - if the IV generation algorithm could not be found
      IOException - if there was an I/O exception writing to the byte arrays
      InvalidSignatureException - if an error occurred during signature generation

    • AEADdecrypt

      public byte[] AEADdecrypt(MessageContainer mc, byte[] keys) throws DecryptionErrorException, InvalidSignatureException, IOException
      Decrypts a message using AEAD.
      Parameters:
      mc - the message container, containing the AEAD parameters that resulted from the encryption process
      keys - the byte array containing the encryption key in the first half and the signature key in the second (EK||SK)
      Returns:
      the decrypted message as a byte array
      Throws:
      DecryptionErrorException - if an error occurred during decryption
      IOException - if there was an I/O exception writing to the byte arrays
      InvalidSignatureException - if an error occurred during signature generation

    • smartCardAuthenticate

      public String smartCardAuthenticate() throws InvalidSignatureException
      Authenticates an entity via smartcard authentication.
      Returns:
      the string containing the smartcard subject information
      Throws:
      InvalidSignatureException - if any exception occurred during the operation, the message will contain more details about the cause

    • getNounce

      public byte[] getNounce(int length) throws NoSuchAlgorithmException
      Generates a random nonce. Uses the algorithm "SHA1PRNG".
      Parameters:
      length - the length of the desired nonce
      Returns:
      the nonce as a byte array
      Throws:
      NoSuchAlgorithmException - if the algorithm was not found