Page History
...
Copy the certificate file to the server(s) hosting the Agent(s) or 3rd-party components that should encrypt secrets.
Encryption
Usage
...
Examples
Example for Encryption
Find the following example how to use the classes provided for encryption:
Code Block | ||||
---|---|---|---|---|
| ||||
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import com.sos.commons.encryption.EncryptionUtils;
import com.sos.commons.encryption.common.EncryptedValue;
import com.sos.commons.encryption.decrypt.Decrypt;
import com.sos.commons.encryption.encrypt.Encrypt;
import com.sos.commons.sign.keys.key.KeyUtil;
private String encrypt(String valueToEncrypt, String pathToCertificate) throws Exception {
// algorithm to encrypt the value
String algorithm = "AES/CBC/PKCS5Padding";
// generated initialization vector
IvParameterSpec ivParameterSpec = EncryptionUtils.generateIv();
// initialization vector base64 encoded for output
byte[] ivBase64Encoded = Base64.getEncoder().encode(ivParameterSpec.getIV());
// generate a symmetric key on-the-fly to encrypt the value
SecretKey key = EncryptionUtils.generateSecretKey(256);
X509Certificate cert = KeyUtil.getX509Certificate(Paths.get(pathToCertificate));
// encrypt the symmetric key with the given certificate
byte[] encryptedKey = EncryptionUtils.encryptSymmetricKey(key, cert);
// encrypt the value with the symmetric key
String encryptedValue = Encrypt.encrypt(algorithm, valueToEncrypt, key, ivParameterSpec);
// return the concatenated ouptut in the format "<encrypted-symmetric-key> <base64-encoded-iv> <encrypted-value>"
return Encrypt.concatOutput(new String(encryptedKey), new String(ivBase64Encoded), encryptedValue);
}
|
Example for Decryption
Find an example how to use the classes provided for decryption:
Code Block | ||||
---|---|---|---|---|
| ||||
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import com.sos.commons.encryption.EncryptionUtils;
import com.sos.commons.encryption.common.EncryptedValue;
import com.sos.commons.encryption.decrypt.Decrypt;
import com.sos.commons.encryption.encrypt.Encrypt;
import com.sos.commons.sign.keys.key.KeyUtil;
private String decrypt(String encryptedValue, String pathToPrivateKey) throws Exception {
Path privateKeyPath = Paths.get(pathToPrivateKey);
PrivateKey priv = KeyUtil.getPrivateKeyFromString(Files.readString(privateKeyPath));
EncryptedValue encVal = EncryptedValue.getInstance("decrypt", encryptedValue);
return Decrypt.decrypt(encVal, priv);
} |
Example for Unit Test
An example on how to run the above examples with a JUnit test.
Code Block | ||
---|---|---|
| ||
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Test
public void testEncipherment() throws Exception {
// required parameters
// the value to encrypt
String valueToEncrypt = "my test value to encrypt!";
// Path to the certificate file required for encryption
String certificatePath = "path/to/the/certificate/file";
// Path to the private key file required for decryption
String privateKeyPath = "path/to/the/privatekey/file";
// call encrypt method with the parameters provided
String encryptedValue = encrypt(valueToEncrypt, certificatePath);
// call decrypt method with the parameters provided
String decryptedValue = decrypt(encryptedValue, privateKeyPath);
LOGGER.info("valueToEncrypt:\t" + valueToEncrypt);
LOGGER.info("encrypted Value:\t" + encryptedValue);
LOGGER.info("decrypted Value:\t" + decryptedValue);
Assert.assertEquals(valueToEncrypt, decryptedValue);
} |
Resources
Overview
Content Tools