0
libsodium提供了一個API來創建或打開此文檔一個密封箱https://download.libsodium.org/doc/public-key_cryptography/sealed_boxes.html如何創建或純Java打開libsodium兼容的密封箱
我怎樣才能實現在純Java一樣的,這樣可以讓我打開由libsodium創建的一個框或創建一個libsodium可以打開的框?
A
回答
2
以下示例代碼可以創建並打開libsodium密封框。
它需要從https://github.com/InstantWebP2P/tweetnacl-java TweetNaclFast和Blake2b散列實現中,例如從https://github.com/alphazero/Blake2b
import java.security.GeneralSecurityException;
import java.util.Arrays;
import ove.crypto.digest.Blake2b;
import com.iwebpp.crypto.TweetNaclFast;
/**
* Example how to open sealed boxes in pure java (libsodium sealed boxes according to
* https://download.libsodium.org/doc/public-key_cryptography/sealed_boxes.html)
*
* Has a dependency on TweetNaclFast and Blake2B, for example
*
* https://github.com/alphazero/Blake2b
* and
* https://github.com/InstantWebP2P/tweetnacl-java
*
*/
public class SealedBoxUtility {
public static final int crypto_box_NONCEBYTES = 24;
public static final int crypto_box_PUBLICKEYBYTES = 32;
public static final int crypto_box_MACBYTES = 16;
public static final int crypto_box_SEALBYTES = (crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES);
// libsodium
// int crypto_box_seal(unsigned char *c, const unsigned char *m,
// unsigned long long mlen, const unsigned char *pk);
/**
* Encrypt in a sealed box
*
* @param clearText clear text
* @param receiverPubKey receiver public key
* @return encrypted message
* @throws GeneralSecurityException
*/
public static byte[] crypto_box_seal(byte[] clearText, byte[] receiverPubKey) throws GeneralSecurityException {
// create ephemeral keypair for sender
TweetNaclFast.Box.KeyPair ephkeypair = TweetNaclFast.Box.keyPair();
// create nonce
byte[] nonce = crypto_box_seal_nonce(ephkeypair.getPublicKey(), receiverPubKey);
TweetNaclFast.Box box = new TweetNaclFast.Box(receiverPubKey, ephkeypair.getSecretKey());
byte[] ciphertext = box.box(clearText, nonce);
if (ciphertext == null) throw new GeneralSecurityException("could not create box");
byte[] sealedbox = new byte[ciphertext.length + crypto_box_PUBLICKEYBYTES];
byte[] ephpubkey = ephkeypair.getPublicKey();
for (int i = 0; i < crypto_box_PUBLICKEYBYTES; i ++)
sealedbox[i] = ephpubkey[i];
for(int i = 0; i < ciphertext.length; i ++)
sealedbox[i+crypto_box_PUBLICKEYBYTES]=ciphertext[i];
return sealedbox;
}
// libsodium:
// int
// crypto_box_seal_open(unsigned char *m, const unsigned char *c,
// unsigned long long clen,
// const unsigned char *pk, const unsigned char *sk)
/**
* Decrypt a sealed box
*
* @param c ciphertext
* @param pk receiver public key
* @param sk receiver secret key
* @return decrypted message
* @throws GeneralSecurityException
*/
public static byte[] crypto_box_seal_open(byte[]c, byte[] pk, byte[]sk) throws GeneralSecurityException{
if (c.length < crypto_box_SEALBYTES) throw new IllegalArgumentException("Ciphertext too short");
byte[] pksender = Arrays.copyOfRange(c, 0, crypto_box_PUBLICKEYBYTES);
byte[] ciphertextwithmac = Arrays.copyOfRange(c, crypto_box_PUBLICKEYBYTES , c.length);
byte[] nonce = crypto_box_seal_nonce(pksender,pk);
TweetNaclFast.Box box = new TweetNaclFast.Box(pksender, sk);
byte[] cleartext = box.open(ciphertextwithmac, nonce);
if (cleartext == null) throw new GeneralSecurityException("could not open box");
return cleartext;
}
/**
* hash the combination of senderpk + mypk into nonce using blake2b hash
* @param senderpk the senders public key
* @param mypk my own public key
* @return the nonce computed using Blake2b generic hash
*/
public static byte[] crypto_box_seal_nonce(byte[] senderpk, byte[] mypk){
// C source ported from libsodium
// crypto_generichash_state st;
//
// crypto_generichash_init(&st, NULL, 0U, crypto_box_NONCEBYTES);
// crypto_generichash_update(&st, pk1, crypto_box_PUBLICKEYBYTES);
// crypto_generichash_update(&st, pk2, crypto_box_PUBLICKEYBYTES);
// crypto_generichash_final(&st, nonce, crypto_box_NONCEBYTES);
//
// return 0;
final Blake2b blake2b = Blake2b.Digest.newInstance(crypto_box_NONCEBYTES);
blake2b.update(senderpk);
blake2b.update(mypk);
byte[] nonce = blake2b.digest();
if (nonce == null || nonce.length!=crypto_box_NONCEBYTES) throw new IllegalArgumentException("Blake2b hashing failed");
return nonce;
}
}
相關問題
- 1. 如何創建Java沙箱?
- 2. Android創建RSA 1024 .NET兼容密鑰
- 3. 創建密封Maven構建
- 4. 如何打開STL向後兼容性?
- 5. 如何使用不兼容的封裝
- 6. 如何創建REST兼容的servlet?
- 7. 如何創建一個IPFS兼容multihash
- 8. JQuery:如何創建一個燈箱來打開一個網頁
- 9. libsodium如何生成密鑰對
- 10. 如何創建一個java.lang.SecurityException異常:密封違規:package ..被密封
- 11. EGit打開純文本的.java文件
- 12. 無法創建密封類的對象
- 13. 創建一個密封的Maven版本
- 14. 如何在java中計算與Laravel兼容的Bcrypt密碼
- 15. 使用Python創建兼容的LDAP密碼(md5crypt)上
- 16. 如何讓Libsodium在Alpine Java上運行
- 17. 如何創建在純C
- 18. 如何用兼容的應用程序打開文件
- 19. 如何從Silverlight中的密封控件創建CustomControl
- 20. 打開信封動畫html5或jquery
- 21. 如何知道使用asp.net是否打開或關閉兼容性(c#)
- 22. 如何打開(讀寫)或創建允許截斷的文件?
- 23. 如何使用Libsodium加密/解密AES-PHP
- 24. 需要關於與sockjs兼容的開箱即用Netty Framework的建議
- 25. 如何創建一個打開的wifiap?
- 26. 打開錢箱
- 27. 如何在打開JFrame的Java Applet中創建按鈕?
- 28. 創建隨機密碼給出不兼容類型錯誤
- 29. 如何創建Exchange郵箱?
- 30. Android打開或創建數據庫