/** * Decrypt original data from encrypted using current encryptor (non-personalized encryption). * @param message Encrypted payload message. * @return Original data. * @throws InvalidKeyException In case decryption key is invalid. * @throws GenericCryptoException In case decryption fails. * @throws CryptoProviderException In case cryptography provider is incorrectly initialized. */ public byte[] decrypt(NonPersonalizedEncryptedMessage message) throws InvalidKeyException, GenericCryptoException, CryptoProviderException { return this.encryptor.decrypt(message); }
/** * Encrypt data using current encryptor (non-personalized encryption). * @param data Original data. * @return Encrypted payload. * @throws InvalidKeyException In case encryption key is invalid. * @throws GenericCryptoException In case encryption fails. * @throws CryptoProviderException In case cryptography provider is incorrectly initialized. */ public NonPersonalizedEncryptedMessage encrypt(byte[] data) throws InvalidKeyException, GenericCryptoException, CryptoProviderException { return this.encryptor.encrypt(data); }
public PowerAuthNonPersonalizedEncryptor(String applicationKeyBase64, String sessionKeyBytesBase64, String sessionIndexBase64, String ephemeralPublicKeyBase64) { byte[] applicationKey = BaseEncoding.base64().decode(applicationKeyBase64); byte[] sessionIndex = BaseEncoding.base64().decode(sessionIndexBase64); byte[] sessionKeyBytes = BaseEncoding.base64().decode(sessionKeyBytesBase64); byte[] ephemeralKeyBytes = BaseEncoding.base64().decode(ephemeralPublicKeyBase64); this.encryptor = new NonPersonalizedEncryptor(applicationKey, sessionKeyBytes, sessionIndex, ephemeralKeyBytes); }
/** * Create a new client side non-personalized encryptor using provided app key (for reference in encrypted object) * and master public key. * * @param appKey App key. * @param masterPublicKey Master Server Public Key. * @throws InvalidKeyException In case an invalid key is provided. * @throws GenericCryptoException In case of any other cryptography error. * @throws CryptoProviderException In case cryptography provider is incorrectly initialized. */ public ClientNonPersonalizedEncryptor(byte[] appKey, PublicKey masterPublicKey) throws InvalidKeyException, GenericCryptoException, CryptoProviderException { final KeyGenerator generator = new KeyGenerator(); byte[] sessionIndex = generator.generateRandomBytes(16); KeyPair ephemeralKeyPair = generator.generateKeyPair(); final SecretKey ephemeralSecretKey = generator.computeSharedKey(ephemeralKeyPair.getPrivate(), masterPublicKey); final SecretKey sessionRelatedSecretKey = generator.deriveSecretKeyHmac(ephemeralSecretKey, sessionIndex); final CryptoProviderUtil keyConversion = PowerAuthConfiguration.INSTANCE.getKeyConvertor(); final byte[] sessionRelatedSecretKeyBytes = keyConversion.convertSharedSecretKeyToBytes(sessionRelatedSecretKey); final byte[] ephemeralPublicKeyBytes = keyConversion.convertPublicKeyToBytes(ephemeralKeyPair.getPublic()); this.encryptor = new NonPersonalizedEncryptor(appKey, sessionRelatedSecretKeyBytes, sessionIndex, ephemeralPublicKeyBytes); }
/** * Encrypt data using current encryptor (non-personalized encryption). * @param data Original data. * @return Encrypted payload. * @throws InvalidKeyException In case encryption key is invalid. * @throws GenericCryptoException In case encryption fails. * @throws CryptoProviderException In case cryptography provider is incorrectly initialized. */ public NonPersonalizedEncryptedMessage encrypt(byte[] data) throws InvalidKeyException, GenericCryptoException, CryptoProviderException { return this.encryptor.encrypt(data); }
/** * Decrypt original data from encrypted using current encryptor (non-personalized encryption). * @param message Encrypted payload message. * @return Original data. * @throws InvalidKeyException In case decryption key is invalid. * @throws GenericCryptoException In case decryption fails. * @throws CryptoProviderException In case cryptography provider is incorrectly initialized. */ public byte[] decrypt(NonPersonalizedEncryptedMessage message) throws InvalidKeyException, GenericCryptoException, CryptoProviderException { return this.encryptor.decrypt(message); }
/** * Create a new client side non-personalized encryptor using provided app key (for reference in encrypted object) * and master public key. * * @param appKey App key. * @param masterPublicKey Master Server Public Key. * @throws InvalidKeyException In case an invalid key is provided. * @throws GenericCryptoException In case of any other cryptography error. * @throws CryptoProviderException In case cryptography provider is incorrectly initialized. */ public ClientNonPersonalizedEncryptor(byte[] appKey, PublicKey masterPublicKey) throws InvalidKeyException, GenericCryptoException, CryptoProviderException { final KeyGenerator generator = new KeyGenerator(); byte[] sessionIndex = generator.generateRandomBytes(16); KeyPair ephemeralKeyPair = generator.generateKeyPair(); final SecretKey ephemeralSecretKey = generator.computeSharedKey(ephemeralKeyPair.getPrivate(), masterPublicKey); final SecretKey sessionRelatedSecretKey = generator.deriveSecretKeyHmac(ephemeralSecretKey, sessionIndex); final CryptoProviderUtil keyConversion = PowerAuthConfiguration.INSTANCE.getKeyConvertor(); final byte[] sessionRelatedSecretKeyBytes = keyConversion.convertSharedSecretKeyToBytes(sessionRelatedSecretKey); final byte[] ephemeralPublicKeyBytes = keyConversion.convertPublicKeyToBytes(ephemeralKeyPair.getPublic()); this.encryptor = new NonPersonalizedEncryptor(appKey, sessionRelatedSecretKeyBytes, sessionIndex, ephemeralPublicKeyBytes); }
public ObjectResponse<NonPersonalizedEncryptedPayloadModel> encrypt(byte[] originalData) throws GenericCryptoException, CryptoProviderException, InvalidKeyException { if (originalData == null) { return null; } NonPersonalizedEncryptedMessage message = encryptor.encrypt(originalData); if (message == null) { // this will happen only in case of an unlikely randomness error, or if keys are corrupted return null; } NonPersonalizedEncryptedPayloadModel responseObject = new NonPersonalizedEncryptedPayloadModel(); responseObject.setApplicationKey(BaseEncoding.base64().encode(message.getApplicationKey())); responseObject.setEphemeralPublicKey(BaseEncoding.base64().encode(message.getEphemeralPublicKey())); responseObject.setSessionIndex(BaseEncoding.base64().encode(message.getSessionIndex())); responseObject.setAdHocIndex(BaseEncoding.base64().encode(message.getAdHocIndex())); responseObject.setMacIndex(BaseEncoding.base64().encode(message.getMacIndex())); responseObject.setNonce(BaseEncoding.base64().encode(message.getNonce())); responseObject.setMac(BaseEncoding.base64().encode(message.getMac())); responseObject.setEncryptedData(BaseEncoding.base64().encode(message.getEncryptedData())); return new ObjectResponse<>(responseObject); }
public byte[] decrypt(ObjectRequest<NonPersonalizedEncryptedPayloadModel> request) throws GenericCryptoException, CryptoProviderException, InvalidKeyException { if (request == null) { return null; } NonPersonalizedEncryptedPayloadModel requestObject = request.getRequestObject(); if (requestObject == null) { return null; } NonPersonalizedEncryptedMessage message = new NonPersonalizedEncryptedMessage(); message.setApplicationKey(BaseEncoding.base64().decode(requestObject.getApplicationKey())); message.setEphemeralPublicKey(BaseEncoding.base64().decode(requestObject.getEphemeralPublicKey())); message.setSessionIndex(BaseEncoding.base64().decode(requestObject.getSessionIndex())); message.setAdHocIndex(BaseEncoding.base64().decode(requestObject.getAdHocIndex())); message.setMacIndex(BaseEncoding.base64().decode(requestObject.getMacIndex())); message.setNonce(BaseEncoding.base64().decode(requestObject.getNonce())); message.setMac(BaseEncoding.base64().decode(requestObject.getMac())); message.setEncryptedData(BaseEncoding.base64().decode(requestObject.getEncryptedData())); return encryptor.decrypt(message); }