Module no.uio.ifi.crypt4gh
Package no.uio.ifi.crypt4gh.util

Class KeyUtils

java.lang.Object
no.uio.ifi.crypt4gh.util.KeyUtils
public class KeyUtils extends Object
A bunch of methods for generating/constructing/reading/writing/deriving keys.

  • Field Details

    • CHA_CHA_20

      public static final String CHA_CHA_20
      A constant string with the value "ChaCha20"
      See Also:

    • X25519

      public static final String X25519
      A constant string with the value "X25519"
      See Also:

    • BEGIN_PUBLIC_KEY

      public static final String BEGIN_PUBLIC_KEY
      Header line text for public key file in OpenSSL format
      See Also:

    • END_PUBLIC_KEY

      public static final String END_PUBLIC_KEY
      Footer line text for public key file in OpenSSL format
      See Also:

    • BEGIN_PRIVATE_KEY

      public static final String BEGIN_PRIVATE_KEY
      Header line text for private key file in OpenSSL format
      See Also:

    • END_PRIVATE_KEY

      public static final String END_PRIVATE_KEY
      Footer line text for private key file in OpenSSL format
      See Also:

    • BEGIN_CRYPT4GH_PUBLIC_KEY

      public static final String BEGIN_CRYPT4GH_PUBLIC_KEY
      Header line text for public key file in Crypt4GH format
      See Also:

    • END_CRYPT4GH_PUBLIC_KEY

      public static final String END_CRYPT4GH_PUBLIC_KEY
      Footer line text for public key file in Crypt4GH format
      See Also:

    • BEGIN_CRYPT4GH_ENCRYPTED_PRIVATE_KEY

      public static final String BEGIN_CRYPT4GH_ENCRYPTED_PRIVATE_KEY
      Header line text for private key file in Crypt4GH format
      See Also:

    • END_CRYPT4GH_ENCRYPTED_PRIVATE_KEY

      public static final String END_CRYPT4GH_ENCRYPTED_PRIVATE_KEY
      Footer line text for private key file in Crypt4GH format
      See Also:

    • CRYPT4GH_AUTH_MAGIC

      public static final String CRYPT4GH_AUTH_MAGIC
      Magic number string used at the beginning of private key files in Crypt4GH format
      See Also:

  • Method Details

    • getInstance

      public static KeyUtils getInstance()

    • generateKeyPair

      public KeyPair generateKeyPair() throws NoSuchAlgorithmException
      Generates X25519 key pair.
      Returns:
      X25519 key pair
      Throws:
      NoSuchAlgorithmException - If the X25519 algorithm is not found.

    • encodeKey

      public byte[] encodeKey(Key key) throws GeneralSecurityException
      Extracts either scalar from the X25519 private key, or U from the X25519 public key.
      Parameters:
      key - Key to extract data from.
      Returns:
      Scalar or U.
      Throws:
      GeneralSecurityException - If the key was not XECPublicKey or XECPrivateKey.

    • getU

      public byte[] getU(PublicKey publicKey) throws GeneralSecurityException
      Extracts U from the X25519 public key as a byte array.
      Parameters:
      publicKey - X25519 public key to extract U from.
      Returns:
      U as byte array.
      Throws:
      GeneralSecurityException - In case U can't be extracted.

    • getScalar

      public byte[] getScalar(PrivateKey privateKey) throws GeneralSecurityException
      Extracts scalar from the X25519 private key as a byte array.
      Parameters:
      privateKey - X25519 private key to extract scalar from.
      Returns:
      Scalar as a byte array.
      Throws:
      GeneralSecurityException - In case scalar can't be extracted.

    • generatePrivateKey

      public PrivateKey generatePrivateKey() throws GeneralSecurityException
      Generates X25519 private key.
      Returns:
      X25519 private key.
      Throws:
      GeneralSecurityException - In case key can't be generated.

    • constructPrivateKey

      public PrivateKey constructPrivateKey(byte[] scalar) throws GeneralSecurityException
      Constructs X25519 private key from scalar.
      Parameters:
      scalar - Scalar to build X25519 private key upon.
      Returns:
      X25519 private key.
      Throws:
      GeneralSecurityException - In case the X25519 private key can't be constructed from the given scalar.

    • constructPublicKey

      public PublicKey constructPublicKey(byte[] u) throws GeneralSecurityException
      Constructs X25519 PUBLIC key from U.
      Parameters:
      u - U to build X25519 public key upon.
      Returns:
      X25519 public key.
      Throws:
      GeneralSecurityException - In case the X25519 public key can't be constructed from the given U.

    • derivePublicKey

      public PublicKey derivePublicKey(PrivateKey privateKey) throws GeneralSecurityException
      Derives X25519 public key from the given X25519 private key.
      Parameters:
      privateKey - X25519 private key to derive public key from.
      Returns:
      Derived X25519 public key.
      Throws:
      GeneralSecurityException - In case X25519 public key can't be derived.

    • generateDiffieHellmanSharedKey

      public byte[] generateDiffieHellmanSharedKey(PrivateKey privateKey, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException
      Generates Diffie Hellman shared key from sender's X25519 private and recipient's X25519 public keys.
      Parameters:
      privateKey - Sender's X25519 private key.
      publicKey - Recipient's X25519 public key.
      Returns:
      Diffie Hellman shared key.
      Throws:
      NoSuchAlgorithmException - If X25519 algorithm can't be found.
      InvalidKeyException - If one of the keys is invalid.

    • generateWriterSharedKey

      public SecretKey generateWriterSharedKey(PrivateKey writerPrivateKey, PublicKey readerPublicKey) throws GeneralSecurityException
      Generates writer's shared key based on sender's X25519 private and recipient's X25519 public keys.
      Parameters:
      writerPrivateKey - Sender's X25519 private key.
      readerPublicKey - Recipient's X25519 public key.
      Returns:
      Blake2b-based shared key.
      Throws:
      GeneralSecurityException - In case there's a problem in generating keys.

    • generateReaderSharedKey

      public SecretKey generateReaderSharedKey(PrivateKey readerPrivateKey, PublicKey writerPublicKey) throws GeneralSecurityException
      Generates reader's shared key based on recipient's X25519 private and sender's X25519 public keys.
      Parameters:
      readerPrivateKey - Recipient's X25519 private key.
      writerPublicKey - Sender's X25519 public key.
      Returns:
      Blake2b-based shared key.
      Throws:
      GeneralSecurityException - In case there's a problem in generating keys.

    • generateSessionKey

      public SecretKey generateSessionKey() throws NoSuchAlgorithmException
      Generates ChaCha20 secret key.
      Returns:
      ChaCha20 secret key.
      Throws:
      NoSuchAlgorithmException - If ChaCha20 algorithm can't be found.

    • readPublicKey

      public PublicKey readPublicKey(File keyFile) throws IOException, GeneralSecurityException
      Reads public key (OpenSSL or Crypt4GH format) file.
      Parameters:
      keyFile - Public key file.
      Returns:
      Public key.
      Throws:
      IOException - If the file can't be read.
      GeneralSecurityException - If the key can't be constructed from the given file.

    • readPublicKey

      public PublicKey readPublicKey(String keyMaterial) throws GeneralSecurityException
      Reads public key (OpenSSL or Crypt4GH format).
      Parameters:
      keyMaterial - Content of the key file.
      Returns:
      Public key.
      Throws:
      GeneralSecurityException - If the key can't be constructed from the given content.

    • readPrivateKey

      public PrivateKey readPrivateKey(File keyFile, char[] password) throws IOException, GeneralSecurityException
      Reads private key (OpenSSL or Crypt4GH format) file.
      Parameters:
      keyFile - Private key file.
      password - Optional password (if private key is password-protected). Can be null for unencrypted key.
      Returns:
      Private key.
      Throws:
      IOException - If the file can't be read.
      GeneralSecurityException - If the key can't be constructed from the given file.

    • readPrivateKey

      public PrivateKey readPrivateKey(String keyMaterial, char[] password) throws GeneralSecurityException, IllegalArgumentException
      Reads private key (OpenSSL or Crypt4GH format) file.
      Parameters:
      keyMaterial - Content of the key file.
      password - Optional password (if private key is encrypted).
      Returns:
      Private key.
      Throws:
      GeneralSecurityException - If the key can't be constructed from the given content.
      IllegalArgumentException - If the key is password-protected, but the password was null.

    • readCrypt4GHPrivateKey

      public PrivateKey readCrypt4GHPrivateKey(byte[] keyMaterial, char[] password) throws GeneralSecurityException, IllegalArgumentException
      Reads Crypt4GH private key.
      Parameters:
      keyMaterial - Decoded key file content.
      password - Optional password (if private key is password-protected). Can be null for unencrypted key.
      Returns:
      Private key.
      Throws:
      GeneralSecurityException - If the key can't be constructed from the given content.
      IllegalArgumentException - If the key is password-protected, but the password was null.

    • decodeKey

      public byte[] decodeKey(String keyMaterial)
      Decodes Base64 key string, surrounded by header and footer.
      Parameters:
      keyMaterial - Base64 key string, surrounded by header and footer.
      Returns:
      Decoded key as byte array.

    • writeOpenSSLKey

      public void writeOpenSSLKey(Writer writer, Key key) throws IOException
      Writes the key using a supplied writer in OpenSSL format.
      Parameters:
      writer - Writer to use.
      key - Key to write.
      Throws:
      IOException - If the file can't be written.

    • writeCrypt4GHKey

      public void writeCrypt4GHKey(Writer writer, Key key, char[] password) throws IOException, GeneralSecurityException
      Writes the key using a supplied writer in Crypt4GH format.
      Parameters:
      writer - Writer to use.
      key - Key to write.
      password - Password to lock private key.
      Throws:
      IOException - If the file can't be written.
      GeneralSecurityException - If the key was not XECPublicKey or XECPrivateKey.

    • writeOpenSSLKey

      public void writeOpenSSLKey(File keyFile, Key key) throws IOException
      Writes the key to a file in OpenSSL format.
      Parameters:
      keyFile - Key file to create.
      key - Key to write.
      Throws:
      IOException - If the file can't be written.

    • writeCrypt4GHKey

      public void writeCrypt4GHKey(File keyFile, Key key, char[] password) throws IOException, GeneralSecurityException
      Writes the key to a file in Crypt4GH format.
      Parameters:
      keyFile - Key file to create.
      key - Key to write.
      password - Password to lock private key.
      Throws:
      IOException - If the file can't be written.
      GeneralSecurityException - If the key was not XECPublicKey or XECPrivateKey.