Class JCEHandler

java.lang.Object
org.jpos.security.jceadapter.JCEHandler
public class JCEHandler extends Object

Provides some higher level methods that are needed by the JCE Security Module, yet they are generic and can be used elsewhere.

It depends on the JavaTM Cryptography Extension (JCE).

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    protected static class 
    JCEHandler.MacEngineKey
    Class used for indexing MAC algorithms in cache

  • Constructor Summary

    Constructors
    Constructor
    Description
    JCEHandler()
    Default constructor; no instance state to initialise.

  • Method Summary

    Modifier and Type
    Method
    Description
    byte[]
    decryptData(byte[] encryptedData, Key key)
    Decrypts data using ECB mode.
    byte[]
    decryptDataCBC(byte[] encryptedData, Key key, byte[] iv)
    Decrypts data using CBC mode with the given IV.
    Key
    decryptDESKey(short keyLength, byte[] encryptedDESKey, Key encryptingKey, boolean checkParity)
    Decrypts an encrypted DES/Triple-DES key
    byte[]
    encryptData(byte[] data, Key key)
    Encrypts data using ECB mode.
    byte[]
    encryptDataCBC(byte[] data, Key key, byte[] iv)
    Encrypts data using CBC mode with the given IV.
    byte[]
    encryptDESKey(short keyLength, Key clearDESKey, Key encryptingKey)
    Encrypts (wraps) a clear DES Key, it also sets odd parity before encryption
    protected byte[]
    extractDESKeyMaterial(short keyLength, Key clearDESKey)
    Extracts the DES/DESede key material
    protected Key
    formDESKey(short keyLength, byte[] clearKeyBytes)
    Forms the clear DES key given its "RAW" encoded bytes Does the inverse of extractDESKeyMaterial
    Key
    generateDESKey(short keyLength)
    Generates a clear DES (DESede) key
    byte[]
    generateMAC(byte[] data, Key kd, String macAlgorithm)
    Generates MAC (Message Message Authentication Code) for some data.

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • JCEHandler

      public JCEHandler()
      Default constructor; no instance state to initialise.

  • Method Details

    • generateDESKey

      public Key generateDESKey(short keyLength) throws JCEHandlerException
      Generates a clear DES (DESede) key
      Parameters:
      keyLength - the bit length (key size) of the generated key (LENGTH_DES, LENGTH_DES3_2KEY or LENGTH_DES3_3KEY)
      Returns:
      generated clear DES (or DESede) key
      Throws:
      JCEHandlerException - if the underlying JCE provider cannot generate the key

    • encryptDESKey

      public byte[] encryptDESKey(short keyLength, Key clearDESKey, Key encryptingKey) throws JCEHandlerException
      Encrypts (wraps) a clear DES Key, it also sets odd parity before encryption
      Parameters:
      keyLength - bit length (key size) of the clear DES key (LENGTH_DES, LENGTH_DES3_2KEY or LENGTH_DES3_3KEY)
      clearDESKey - DES/Triple-DES key whose format is "RAW" (for a DESede with 2 Keys, keyLength = 128 bits, while DESede key with 3 keys keyLength = 192 bits)
      encryptingKey - can be a key of any type (RSA, DES, DESede...)
      Returns:
      encrypted DES key
      Throws:
      JCEHandlerException - if key extraction or encryption fails

    • extractDESKeyMaterial

      protected byte[] extractDESKeyMaterial(short keyLength, Key clearDESKey) throws JCEHandlerException
      Extracts the DES/DESede key material
      Parameters:
      keyLength - bit length (key size) of the DES key. (LENGTH_DES, LENGTH_DES3_2KEY or LENGTH_DES3_3KEY)
      clearDESKey - DES/Triple-DES key whose format is "RAW"
      Returns:
      encoded key material
      Throws:
      JCEHandlerException - if the key format/algorithm is unsupported

    • decryptDESKey

      public Key decryptDESKey(short keyLength, byte[] encryptedDESKey, Key encryptingKey, boolean checkParity) throws JCEHandlerException
      Decrypts an encrypted DES/Triple-DES key
      Parameters:
      keyLength - bit length (key size) of the DES key to be decrypted. (LENGTH_DES, LENGTH_DES3_2KEY or LENGTH_DES3_3KEY)
      encryptedDESKey - the byte[] representing the encrypted key
      encryptingKey - can be of any algorithm (RSA, DES, DESede...)
      checkParity - if true, the parity of the key is checked
      Returns:
      clear DES (DESede) Key
      Throws:
      JCEHandlerException - if checkParity==true and the key does not have correct parity

    • formDESKey

      protected Key formDESKey(short keyLength, byte[] clearKeyBytes) throws JCEHandlerException
      Forms the clear DES key given its "RAW" encoded bytes Does the inverse of extractDESKeyMaterial
      Parameters:
      keyLength - bit length (key size) of the DES key. (LENGTH_DES, LENGTH_DES3_2KEY or LENGTH_DES3_3KEY)
      clearKeyBytes - the RAW DES/Triple-DES key
      Returns:
      clear key
      Throws:
      JCEHandlerException - if keyLength is not a supported DES key size

    • encryptData

      public byte[] encryptData(byte[] data, Key key) throws JCEHandlerException
      Encrypts data using ECB mode.
      Parameters:
      data - plaintext to encrypt
      key - cipher key
      Returns:
      encrypted data
      Throws:
      JCEHandlerException - if the JCE cipher operation fails

    • decryptData

      public byte[] decryptData(byte[] encryptedData, Key key) throws JCEHandlerException
      Decrypts data using ECB mode.
      Parameters:
      encryptedData - ciphertext to decrypt
      key - cipher key
      Returns:
      clear data
      Throws:
      JCEHandlerException - if the JCE cipher operation fails

    • encryptDataCBC

      public byte[] encryptDataCBC(byte[] data, Key key, byte[] iv) throws JCEHandlerException
      Encrypts data using CBC mode with the given IV.
      Parameters:
      data - plaintext to encrypt
      key - cipher key
      iv - 8 bytes initial vector
      Returns:
      encrypted data
      Throws:
      JCEHandlerException - if the JCE cipher operation fails

    • decryptDataCBC

      public byte[] decryptDataCBC(byte[] encryptedData, Key key, byte[] iv) throws JCEHandlerException
      Decrypts data using CBC mode with the given IV.
      Parameters:
      encryptedData - ciphertext to decrypt
      key - cipher key
      iv - 8 bytes initial vector
      Returns:
      clear data
      Throws:
      JCEHandlerException - if the JCE cipher operation fails

    • generateMAC

      public byte[] generateMAC(byte[] data, Key kd, String macAlgorithm) throws JCEHandlerException
      Generates MAC (Message Message Authentication Code) for some data.
      Parameters:
      data - the data to be MACed
      kd - the key used for MACing
      macAlgorithm - MAC algorithm name suitable for Mac.getInstance(String)
      Returns:
      the MAC
      Throws:
      JCEHandlerException - if the MAC algorithm cannot be assigned or evaluated