eu.h2020.helios_social.core.security

Interface HeliosCrypto

All Known Implementing Classes:

HeliosCryptoManager

public interface HeliosCrypto

Interface class for HELIOS cryptographic operations

Method Summary

Modifier and Type	Method and Description
byte[]	createHMAC(byte[] data, byte[] secret) Calculates the HMAC (message authentication code) for a byte array using SHA 256.
javax.crypto.SecretKey	decryptAESKey(java.security.PrivateKey decryptionRSAKey, byte[] encryptedAESKey) Decrypts an encrypted AES key using a RSA decryption key.
byte[]	decryptBytes(byte[] cryptotextBytes, javax.crypto.SecretKey AESKey, byte[] iv) Decrypts a cryptotext using AES in Galois Counter Mode and with NoPadding.
byte[]	encryptAESKey(java.security.PublicKey encryptionRSAKey, javax.crypto.SecretKey AESKey) Encrypts an AES key using a RSA encryption key.
byte[]	encryptBytes(byte[] plaintextBytes, javax.crypto.SecretKey AESKey, byte[] iv) Encrypts an array of bytes using AES in Galois Counter Mode and with NoPadding.
javax.crypto.SecretKey	generateAESKey() Generates a random AES key.
java.security.KeyPair	generateRSAKeyPair() Generates a random RSA 2048 bit public key - private key pair for encryption or signing.
byte[]	signBytes(java.security.PrivateKey signingRSAKey, byte[] bytesToSign) Signs a byte array using RSA and SHA 256.
boolean	verifyBytes(java.security.PublicKey verificationRSAKey, byte[] bytesToSign, byte[] signatureToVerify) Checks if a signature is valid, that is, generated with the private RSA key corresponding to the public key.
boolean	verifyHMAC(byte[] hmac, byte[] data, byte[] secret) Checks if a HMAC value is valid.

Method Detail

generateAESKey

javax.crypto.SecretKey generateAESKey()

Generates a random AES key.

Returns:

new AES key SecretKey

generateRSAKeyPair

java.security.KeyPair generateRSAKeyPair()

Generates a random RSA 2048 bit public key - private key pair for encryption or signing.

Returns:

new RSA key pair KeyPair

encryptAESKey

byte[] encryptAESKey(java.security.PublicKey encryptionRSAKey,
                     javax.crypto.SecretKey AESKey)

Encrypts an AES key using a RSA encryption key. Used mode is ECB and OAEPWithSHA1AndMGF1Padding. (It is faster to encrypt a message using AES and then encrypt the AES key with RSA than to encrypt the whole message with RSA.)

Parameters:

encryptionRSAKey - The RSA key that is used for encryption PublicKey

AESKey - The key that will be encrypted SecretKey

Returns:

The AES key in encrypted form as byte array

decryptAESKey

javax.crypto.SecretKey decryptAESKey(java.security.PrivateKey decryptionRSAKey,
                                     byte[] encryptedAESKey)

Decrypts an encrypted AES key using a RSA decryption key.

Parameters:

decryptionRSAKey - The RSA key that is used for decryption PrivateKey

encryptedAESKey - The AES key in encrypted form as byte array

Returns:

The decrypted AES key SecretKey

encryptBytes

byte[] encryptBytes(byte[] plaintextBytes,
                    javax.crypto.SecretKey AESKey,
                    byte[] iv)

Encrypts an array of bytes using AES in Galois Counter Mode and with NoPadding. The authentication tag length is 128 bits. The value of iv must be different for every encryption so the method chooses one randomly. The decryption is impossible without the correct initial value, thus the value of iv must be saved afterwards. The iv can then be stored or sent with the plaintext.

Parameters:

plaintextBytes - The plaintext

AESKey - The AES key that is used for encryption SecretKey

iv - The random initial value (12 bytes) that the method generates for GCM

Returns:

The cryptotext as byte array

decryptBytes

byte[] decryptBytes(byte[] cryptotextBytes,
                    javax.crypto.SecretKey AESKey,
                    byte[] iv)

Decrypts a cryptotext using AES in Galois Counter Mode and with NoPadding. Returns null if the cryptotext is not generated correctly.

Parameters:

cryptotextBytes - The cryptotext

AESKey - The AES key that is used for decryption SecretKey

iv - The initial value for GCM. Must be the same that was used in encryption, otherwise decryption fails.

Returns:

The plaintext as byte array

signBytes

byte[] signBytes(java.security.PrivateKey signingRSAKey,
                 byte[] bytesToSign)

Signs a byte array using RSA and SHA 256.

Parameters:

signingRSAKey - The RSA key that is used for signing PrivateKey

bytesToSign - The byte array that is to be signed

Returns:

The signature as byte array

verifyBytes

boolean verifyBytes(java.security.PublicKey verificationRSAKey,
                    byte[] bytesToSign,
                    byte[] signatureToVerify)

Checks if a signature is valid, that is, generated with the private RSA key corresponding to the public key.

Parameters:

verificationRSAKey - The public RSA key that is used for verification PublicKey

bytesToSign - The byte array that was signed

signatureToVerify - The signature that is to be verified

Returns:

True if the signature was valid, false otherwise.

createHMAC

byte[] createHMAC(byte[] data,
                  byte[] secret)

Calculates the HMAC (message authentication code) for a byte array using SHA 256.

Parameters:

data - The input bytes

secret - The secret key

Returns:

The HMAC of length 256 bits as byte array

verifyHMAC

boolean verifyHMAC(byte[] hmac,
                   byte[] data,
                   byte[] secret)

Checks if a HMAC value is valid.

Parameters:

hmac - The 256 bit HMAC that is to be checked

data - The input that was used to generate the HMAC

secret - The secret key that was used to generate the HMAC

Returns:

True if the HMAC was valid, false otherwise.