从jPBC保存并加载非对称密钥

时间:2017-04-19 04:55:49

标签: java encryption serialization encoding jpbc

我想要与Easy way to store/restore encryption key for decrypting string in java

规定类似的功能

但我的情况有所不同。在上面的链接中,他们使用的是javax.crypto.*,但就我而言,我使用的是org.bouncycastle.crypto.*it.unisa.dia.gas.crypto.jpbc.fe.abe.gghsw13.generators.*

我想将master-secret-key,public-key和private-key存储在不同的文件中,并从文件中检索这些密钥。怎么做?

以下是我离开 TODO 的代码。工作代码可以在github找到。

import it.unisa.dia.gas.crypto.circuit.BooleanCircuit;
import it.unisa.dia.gas.crypto.circuit.BooleanCircuit.BooleanCircuitGate;
import it.unisa.dia.gas.crypto.jpbc.fe.abe.gghsw13.engines.GGHSW13KEMEngine;
import it.unisa.dia.gas.crypto.jpbc.fe.abe.gghsw13.generators.GGHSW13KeyPairGenerator;
import it.unisa.dia.gas.crypto.jpbc.fe.abe.gghsw13.generators.GGHSW13ParametersGenerator;
import it.unisa.dia.gas.crypto.jpbc.fe.abe.gghsw13.generators.GGHSW13SecretKeyGenerator;
import it.unisa.dia.gas.crypto.jpbc.fe.abe.gghsw13.params.*;
import it.unisa.dia.gas.crypto.kem.cipher.engines.KEMCipher;
import it.unisa.dia.gas.crypto.kem.cipher.params.KEMCipherDecryptionParameters;
import it.unisa.dia.gas.crypto.kem.cipher.params.KEMCipherEncryptionParameters;
import it.unisa.dia.gas.plaf.jpbc.pairing.PairingFactory;
import it.unisa.dia.gas.plaf.jpbc.util.concurrent.ExecutorServiceUtils;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.List;

import static it.unisa.dia.gas.crypto.circuit.Gate.Type.*;

public class Example {
    protected KEMCipher kemCipher;
    protected AlgorithmParameterSpec iv;

    protected AsymmetricCipherKeyPair keyPair;


    public Example() throws GeneralSecurityException {
        this.kemCipher = new KEMCipher(
                Cipher.getInstance("AES/CBC/PKCS7Padding", "BC"),
                new GGHSW13KEMEngine()
        );

        // build the initialization vector.  This example is all zeros, but it
        // could be any value or generated using a random number generator.
        iv = new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0});
    }


    public AsymmetricCipherKeyPair setup(int n) {
        GGHSW13KeyPairGenerator setup = new GGHSW13KeyPairGenerator();
        setup.init(new GGHSW13KeyPairGenerationParameters(
                new SecureRandom(),
                new GGHSW13ParametersGenerator().init(
                        PairingFactory.getPairing("params/mm/ctl13/toy.properties"),
                        n).generateParameters()
        ));

        return (keyPair = setup.generateKeyPair());
    }


    public byte[] initEncryption(String assignment) {
        try {
            return kemCipher.init(
                    true,
                    new KEMCipherEncryptionParameters(
                            128,
                            new GGHSW13EncryptionParameters(
                                    (GGHSW13PublicKeyParameters) keyPair.getPublic(),
                                    assignment
                            )
                    ),
                    iv
            );
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] encrypt(String message) {
        try {
            return kemCipher.doFinal(message.getBytes());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }


    public CipherParameters keyGen(BooleanCircuit circuit) {
        GGHSW13SecretKeyGenerator keyGen = new GGHSW13SecretKeyGenerator();
        keyGen.init(new GGHSW13SecretKeyGenerationParameters(
                ((GGHSW13PublicKeyParameters) keyPair.getPublic()),
                ((GGHSW13MasterSecretKeyParameters) keyPair.getPrivate()),
                circuit
        ));

        return keyGen.generateKey();
    }

    public byte[] decrypt(CipherParameters secretKey, byte[] encapsulation, byte[] ciphertext) {
        try {
            kemCipher.init(
                    false,
                    new KEMCipherDecryptionParameters(secretKey, encapsulation, 128),
                    iv
            );
            return kemCipher.doFinal(ciphertext);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }



    public static void main(String[] args) {
        Security.addProvider(new BouncyCastleProvider());

        try {
            // Setup
            int n = 4;
            Example engine = new Example();
            engine.setup(n);

            // TODO: Here I want to store (GGHSW13PublicKeyParameters) keyPair.getPublic() and 
            // (GGHSW13MasterSecretKeyParameters) keyPair.getPrivate() in files and later to retrieve from file

            // Encrypt
            String message = "Hello World!!!";
            byte[] encapsulation = engine.initEncryption("1101");
            byte[] ciphertext = engine.encrypt(message);

            BooleanCircuitGate bcg1 = new BooleanCircuitGate(INPUT, 0, 1);

            BooleanCircuitGate[] bcgs = new BooleanCircuitGate[]{
                    new BooleanCircuitGate(INPUT, 0, 1),
                    new BooleanCircuitGate(INPUT, 1, 1),
                    new BooleanCircuitGate(INPUT, 2, 1),
                    new BooleanCircuitGate(INPUT, 3, 1),

                    new BooleanCircuitGate(AND, 4, 2, new int[]{0, 1}),
                    new BooleanCircuitGate(OR, 5, 2, new int[]{2, 3}),

                    new BooleanCircuitGate(AND, 6, 3, new int[]{4, 5}),
            };

            List<BooleanCircuitGate> bcgList = new ArrayList<BooleanCircuitGate>();

            bcgList.add(bcg1);
            bcgList.add(new BooleanCircuitGate(INPUT, 1, 1));
            bcgList.add(new BooleanCircuitGate(INPUT, 2, 1));
            bcgList.add(new BooleanCircuitGate(INPUT, 3, 1));
            bcgList.add(new BooleanCircuitGate(AND, 4, 2, new int[]{0, 1}));
            bcgList.add(new BooleanCircuitGate(OR, 5, 2, new int[]{2, 3}));
            bcgList.add(new BooleanCircuitGate(AND, 6, 3, new int[]{4, 5}));

            // Decrypt
            int q = 3;
            BooleanCircuit circuit = new BooleanCircuit(n, q, 3, bcgList.toArray(new BooleanCircuitGate[bcgList.size()]));

            GGHSW13SecretKeyParameters secretKey = (GGHSW13SecretKeyParameters) engine.keyGen(circuit);

            // TODO: Want to store secretKey in file and later to retrieve from file

            byte[] plaintext = engine.decrypt(secretKey, encapsulation, ciphertext);

            System.out.println(new String(plaintext));

        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            ExecutorServiceUtils.shutdown();
        }
    }

}

2 个答案:

答案 0 :(得分:2)

生成主密钥和公共参数后,应该存储它们,以便以后可以实际使用它们。 jPBC没有为您提供存储这些密钥的方法。此外,由于密钥继承自org.bouncycastle.crypto.params.AsymmetricKeyParameter,因此您无法使用Java的序列化,因为AsymmetricKeyParameter未实现Serializable接口。它doesn't无需工作。

您需要自己实现序列化。首先,您必须考虑要序列化的键内部的对象类型。对于GGHSW13MasterSecretKeyParameters类,这是ElementintPairing

首先,您必须考虑是否要在序列化密钥中包含Pairing。如果这样做,您必须将其写入开头,以便以后能够使用它来反序列化Element

如果我们假设Pairing实例是常量或始终从外部代码提供,则序列化非常简单。您应该在前面编写格式版本,这样您就可以在不丢弃所有先前序列化的密钥的情况下更改格式。编写元素有点棘手,因为我在2年前遇到过一个错误。基本思想是你编写元素字节的长度,然后是元素的内容。

public void serialize(GGHSW13MasterSecretKeyParameters msk, OutputStream out) throws IOException {
    DataOutputStream dOut = new DataOutputStream(out);

    dOut.writeInt(1); // version of the serialized format
    dOut.writeInt(msk.getParameters().getN());

    serialize(msk.getAlpha(), dOut, msk.getParameters().getPairing());
}

public void serialize(Element elem, DataOutputStream dOut, Pairing pairing) throws IOException {
    dOut.writeBoolean(elem == null);
    if (elem == null) {
        return;
    }

    dOut.writeInt(pairing.getFieldIndex(elem.getField()));
    byte[] bytes = elem.toBytes();
    dOut.writeInt(bytes.length);
    dOut.write(bytes);

    // this is a workaround because it.unisa.dia.gas.plaf.jpbc.field.curve.CurveElement does not serialize the infFlag
    dOut.writeBoolean(elem instanceof CurveElement && elem.isZero());
    if (elem instanceof CurveElement && elem.isZero()) {
        throw new IOException("Infinite element detected. They should not happen.");
    }
}

OutputStream可以是FileOutputSteamByteArrayOutputStream

反序列化同样容易,但您需要明确提供Pairing,并且需要确保始终按照您的请求读取完全字节数。您请求的字节数可以从写在数据前面的length int中获知。如果您不检查该长度是否有意义,则可能会引入安全问题,例如拒绝服务漏洞或远程执行代码。

public GGHSW13MasterSecretKeyParameters deserialize(InputStream in, Pairing pairing) throws IOException {
    DataInputStream dIn = new DataInputStream(in);

    int version = dIn.readInt();
    if (version != 1) {
        throw new RuntimeException("Unknown key format version: " + version);
    }

    int n = dIn.getInt();
    Element alpha = deserialize(dIn, pairing);

    return new GGHSW13MasterSecretKeyParameters(
            new GGHSW13Parameters(pairing, n),
            alpha
    );
}

public Element deserialize(DataInputStream dIn, Pairing pairing) throws IOException {
    if (dIn.readBoolean()) {
        return null;
    }

    int fieldIndex = dIn.readInt(); // TODO: check if this is in a sensible range
    int length = dIn.readInt(); // TODO: check if this is in a sensible range
    byte[] bytes = new byte[length];
    dIn.readFully(bytes); // throws an exception if there is a premature EOF
    Element e = pairing.getFieldAt(fieldIndex).newElementFromBytes(bytes);

    // this is a workaround because it.unisa.dia.gas.plaf.jpbc.field.curve.CurveElement does not serialize the infFlag
    boolean instOfCurveElementAndInf = dIn.readBoolean();
    if (instOfCurveElementAndInf) {
        //e.setToZero(); // according to the code this simply sets the infFlag to 1
        throw new IOException("The point is infinite. This shouldn't happen.");
    }
    return e;
}

这是一个很小的二进制序列化。还有其他可能性,例如将所有组件编码为字符串并使用JSON。

答案 1 :(得分:0)

我有同样的问题。我使用JPBC实现服务器和客户端模式。从客户端,客户端应使用JPBC加密明文,而服务器应解密密文以恢复明文。我的问题是我应该从客户端向服务器发送什么消息,以便服务器可以解密密文,也就是说,我可以序列化包括公用密钥和私有密钥的密钥,但是如何序列化 配对 ,因为我应该在服务器端使用相同的配对。

相关问题
最新问题