Page History
...
Copy the certificate file to the server(s) hosting the Agent(s) or 3rd-party components that should encrypt secrets.
Encryption
Usage
An example on how to use the provided classes.
| Code Block | ||||
|---|---|---|---|---|
| ||||
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import com.sos.commons.encryption.EncryptionUtils;
import com.sos.commons.encryption.common.EncryptedValue;
import com.sos.commons.encryption.decrypt.Decrypt;
import com.sos.commons.encryption.encrypt.Encrypt;
import com.sos.commons.sign.keys.key.KeyUtil;
private String encrypt(String valueToEncrypt, String pathToCertificate) throws Exception {
// algorithm to encrypt the value with
String algorithm = "AES/CBC/PKCS5Padding";
// generated initialization vector
IvParameterSpec ivParameterSpec = EncryptionUtils.generateIv();
// initialization vector base64 encoded for output
byte[] ivBase64Encoded = Base64.getEncoder().encode(ivParameterSpec.getIV());
// generate a symmetric key on the fly to encrypt the desired value
SecretKey key = EncryptionUtils.generateSecretKey(256);
X509Certificate cert = KeyUtil.getX509Certificate(Paths.get(pathToCertificate));
// encrypt the symmetric key with the given certificate
byte[] encryptedKey = EncryptionUtils.encryptSymmetricKey(key, cert);
// encrypt the desired value with the symmetric key
String encryptedValue = Encrypt.encrypt(algorithm, valueToEncrypt, key, ivParameterSpec);
// return the concatenated ouptut in the format "<encrypted-syymetric-key> <base64-encoded-iv> <encrypted-value>"
return Encrypt.concatOutput(new String(encryptedKey), new String(ivBase64Encoded), encryptedValue);
}
|
Decryption
Usage
An example on how to use the provided classes.
| Code Block | ||||
|---|---|---|---|---|
| ||||
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import com.sos.commons.encryption.EncryptionUtils;
import com.sos.commons.encryption.common.EncryptedValue;
import com.sos.commons.encryption.decrypt.Decrypt;
import com.sos.commons.encryption.encrypt.Encrypt;
import com.sos.commons.sign.keys.key.KeyUtil;
private String decrypt(String encryptedValue, String pathToPrivateKey) throws Exception {
Path privateKeyPath = Paths.get(pathToPrivateKey);
PrivateKey priv = KeyUtil.getPrivateKeyFromString(Files.readString(privateKeyPath));
EncryptedValue envVal = EncryptedValue.getInstance("decrypt", encryptedValue);
return Decrypt.decrypt(envVal, priv);
} |
Test
An example on how to run the above examples with a JUnit test.
| Code Block | ||
|---|---|---|
| ||
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Test
public void testEncipherment() throws Exception {
// needed parameters
// the value to encrypt
String valueToEncrypt = "my test value to encrypt!";
// Path to the certificate needed for encryption
String certificatePath = "path/to/the/certificate/file";
// Path to the private key file to decrypt the symmetric key with
String privateKeyPath = "path/to/the/privatekey/file";
// call encrypt methode above with the provided parameters
String encryptedValue = encrypt(valueToEncrypt, certificatePath);
// call decrypt methode above with the provided parameters
String decryptedValue = decrypt(encryptedValue, privateKeyPath);
LOGGER.info("valueToEncrypt:\t" + valueToEncrypt);
LOGGER.info("encrypted Value:\t" + encryptedValue);
LOGGER.info("decrypted Value:\t" + decryptedValue);
Assert.assertEquals(valueToEncrypt, decryptedValue);
} |
Overview
Content Tools