API Java
HSM Dinamo
Todos Estruturas de dados Namespaces Arquivos Funções Variáveis Grupos Páginas
GenEcdhKeyX963.java

Ejemplo de generación de claves ECDH x9.63 en HSM.

Véase la nota sobre ejemplos.
package doxy.examples;
import java.util.Arrays;
import com.dinamonetworks.Dinamo;
import br.com.trueaccess.TacException;
import br.com.trueaccess.TacNDJavaLib;
public class GenEcdhKeyX963 {
private static String strAddr = "127.0.0.1";
private static String strUsrId = "master";
private static String strPwd = "12345678";
private static int nPort = 4433;
private static String strLocalKey = "test_local_key";
private static String strPeerKey = "test_peer_key";
private static String strTargetKey = "test_target_key";
private static String strSessionKey = "test_session_key";
public static void main(String[] args) {
int nFlags = 0;
Dinamo api = new Dinamo();
try {
api.openSession(strAddr, strUsrId, strPwd, nPort, nFlags);
api.deleteKeyIfExists(strLocalKey);
api.deleteKeyIfExists(strTargetKey);
api.deleteKeyIfExists(strSessionKey);
api.deleteKeyIfExists(strPeerKey);
System.out.println("--> Generate ECDH keys!");
api.createKey(strLocalKey, TacNDJavaLib.ALG_ECC_BRAINPOOL_P512T1);
api.createKey(strPeerKey, TacNDJavaLib.ALG_ECC_BRAINPOOL_P512T1);
System.out.println("--> Export public key from peer key!");
byte[] pbPeerPubKey = api.exportKey(strPeerKey, TacNDJavaLib.PUBLICKEY_BLOB);
byte[] pbKDFData = {(byte)0xff,(byte)0xff,(byte)0xff,(byte)0xff,(byte)0xff,(byte)0xff,(byte)0xff,(byte)0xff,
(byte)0x11,(byte)0x12,(byte)0x13,(byte)0x14,(byte)0x15,(byte)0x16,(byte)0x17,(byte)0x18};
/*
* Primeira forma de gerar a chave.
*
* Gera a chave derivada e guarda dentro do HSM.
* */
System.out.println("--> Generate shared secret!");
api.genEcdhKeyX963Sha256(strLocalKey,
strTargetKey,
TacNDJavaLib.ALG_AES_256,
true,
false,
pbPeerPubKey,
pbKDFData);
/*
* Segunda forma de gerar a chave.
*
* Gera a chave derivada dentro do HSM e devolve ao chamador.
* Como os parâmetros são iguais as chaves geradas são iguais.
* */
System.out.println("--> Generate shared secret! (2nd option)");
byte[] pbKey = api.genEcdhKeyX963Sha256(strLocalKey,
null,
TacNDJavaLib.ALG_AES_256,
false,
false,
pbPeerPubKey,
pbKDFData);
byte[] pbClearBuffer = "askdfkasdfaksdfa".getBytes();
/*
* Importa a chave com o conteúdo retornado.
* */
System.out.println("--> Import shared secret!");
api.importKey( strSessionKey,
TacNDJavaLib.PLAINTEXTKEY_BLOB,
TacNDJavaLib.ALG_AES_256,
TacNDJavaLib.EXPORTABLE_KEY,
pbKey,
TacNDJavaLib.ALG_AES_256_LEN);
System.out.println("--> Encrypt and decrypt buffer!");
byte[] pbEncryptedBuffer = api.encrypt(strSessionKey, pbClearBuffer);
byte[] pbDecryptedBuffer = api.decrypt(strTargetKey, pbEncryptedBuffer);
if(!Arrays.equals(pbClearBuffer, pbDecryptedBuffer))
{
System.out.println("Decrypted buffer and clear text buffer are different!");
}
System.out.println("--> Delete keys!");
api.deleteKey(strLocalKey);
api.deleteKey(strPeerKey);
api.deleteKey(strTargetKey);
api.deleteKey(strSessionKey);
api.closeSession();
} catch (TacException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
}