com.emc.vipr.transform.encryption

Class KeyUtils

java.lang.Object

com.emc.vipr.transform.encryption.KeyUtils

public class KeyUtils
extends java.lang.Object

Constructor Summary

Constructors

Constructor and Description
KeyUtils()

Method Summary

Methods

Modifier and Type	Method and Description
static javax.crypto.SecretKey	decryptKey(java.lang.String encodedKey, java.lang.String algorithm, java.security.Provider provider, java.security.PrivateKey privateKey)
static byte[]	derEncodeBigInteger(java.math.BigInteger value) Encodes a BigInteger in DER format
static byte[]	derEncodeRSAPublicKey(java.security.interfaces.RSAPublicKey pubkey) Encodes an RSA public key in DER format.
static byte[]	derEncodeSequence(java.util.List<byte[]> objects) Encodes a list of objects into a DER "sequence".
static byte[]	derEncodeValue(byte type, byte[] bytes) Encodes a DER value with the proper length specifier.
static java.lang.String	encryptKey(javax.crypto.SecretKey key, java.security.Provider provider, java.security.PublicKey publicKey)
static byte[]	extractSubjectKeyIdentifier(byte[] derSki)
static java.lang.String	getRsaPublicKeyFingerprint(java.security.interfaces.RSAPublicKey pubKey, java.security.Provider provider) Computes the fingerprint of an RSA public key.
static java.security.KeyPair	rsaKeyPairFromBase64(java.lang.String publicKey, java.lang.String privateKey) Constructs an RSA KeyPair from base-64 encoded key material.
static java.lang.String	signMetadata(java.util.Map<java.lang.String,java.lang.String> metadata, java.security.interfaces.RSAPrivateKey privateKey, java.security.Provider provider)
static java.lang.String	toHexPadded(byte[] data) Transforms a byte sequence into a sequence of hex digits, MSB first.
static byte[]	urlSafeDecodeBase64(java.lang.String b64Data) Uses the 'base64url' encoding from RFC4648 to decode a string to a byte array.
static java.lang.String	urlSafeEncodeBase64(byte[] data) Uses the 'base64url' encoding from RFC4648 to encode a byte array to a string.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyUtils

public KeyUtils()

Method Detail

getRsaPublicKeyFingerprint

public static java.lang.String getRsaPublicKeyFingerprint(java.security.interfaces.RSAPublicKey pubKey,
                                          java.security.Provider provider)
                                                   throws java.security.NoSuchAlgorithmException

Computes the fingerprint of an RSA public key. This should be equivalent to the Subject Key Identifier (SKI) of a key pair stored in an X.509 certificate. This is done by DER encoding the public key and computing the SHA1 digest of the encoded key.

Parameters:

pubKey - the RSA public key to fingerprint

Returns:

the key's fingerprint as a string of hexadecimal characters.

Throws:

java.security.NoSuchAlgorithmException - if the SHA1 algorithm could not be initialized.

toHexPadded

public static java.lang.String toHexPadded(byte[] data)

Transforms a byte sequence into a sequence of hex digits, MSB first. The value will be padded with zeroes to the proper number of digits.

Parameters:

data - the bytes to encode into hex

Returns:

the bytes as a string of hexadecimal characters.

derEncodeBigInteger

public static byte[] derEncodeBigInteger(java.math.BigInteger value)

Encodes a BigInteger in DER format

Parameters:

value - the value to encode

Returns:

the byte sequence representing the number in DER encoding.

derEncodeValue

public static byte[] derEncodeValue(byte type,
                    byte[] bytes)

Encodes a DER value with the proper length specifier.

Parameters:

type - the DER type specifier byte

bytes - the bytes to encode

Returns:

the input bytes prefixed with the DER type and length.

derEncodeRSAPublicKey

public static byte[] derEncodeRSAPublicKey(java.security.interfaces.RSAPublicKey pubkey)

Encodes an RSA public key in DER format.

Parameters:

pubkey - the RSA public key to encode.

Returns:

the public key's data in DER format.

derEncodeSequence

public static byte[] derEncodeSequence(java.util.List<byte[]> objects)

Encodes a list of objects into a DER "sequence".

Parameters:

objects - the DER encoded objects to sequence.

Returns:

the bytes representing the DER sequence.

rsaKeyPairFromBase64

public static java.security.KeyPair rsaKeyPairFromBase64(java.lang.String publicKey,
                                         java.lang.String privateKey)
                                                  throws java.security.GeneralSecurityException

Constructs an RSA KeyPair from base-64 encoded key material.

Parameters:

publicKey - The Base-64 encoded RSA public key in X.509 format.

privateKey - The Base-64 encoded RSA private key in PKCS#8 format.

Returns:

the KeyPair object containing both keys.

Throws:

java.security.GeneralSecurityException

decryptKey

public static javax.crypto.SecretKey decryptKey(java.lang.String encodedKey,
                                java.lang.String algorithm,
                                java.security.Provider provider,
                                java.security.PrivateKey privateKey)

encryptKey

public static java.lang.String encryptKey(javax.crypto.SecretKey key,
                          java.security.Provider provider,
                          java.security.PublicKey publicKey)
                                   throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

urlSafeEncodeBase64

public static java.lang.String urlSafeEncodeBase64(byte[] data)

Uses the 'base64url' encoding from RFC4648 to encode a byte array to a string.

Parameters:

data - the byte array to encode

Returns:

the Base-64 encoded string.

urlSafeDecodeBase64

public static byte[] urlSafeDecodeBase64(java.lang.String b64Data)

Uses the 'base64url' encoding from RFC4648 to decode a string to a byte array. It is assumed that the characters are encoded as 7-bit US-ASCII.

Parameters:

b64Data - the Base-64 encoded string to decode

Returns:

the decoded bytes.

signMetadata

public static java.lang.String signMetadata(java.util.Map<java.lang.String,java.lang.String> metadata,
                            java.security.interfaces.RSAPrivateKey privateKey,
                            java.security.Provider provider)

extractSubjectKeyIdentifier

public static byte[] extractSubjectKeyIdentifier(byte[] derSki)