Java Cryptography Architecture (JCA) Tools

Overview

Contains Functions that expose functionality provided by the Java Cryptography Architecture (JCA):

cryptoprovideravailable(): Returns true if the given cryptographic service provider is available for use in the system, otherwise returns false
listprovidersandalgorithms(): Returns a list of all available cryptographic service providers and algorithm details
randombytes(): Returns a random set of bytes as a hex-encoded string
passwordkey(): Generates a key value (as a hex-encoded byte string) from the provided password
passwordencrypt(): Encrypts the provided cleartext string using Password-Based Encryption (PBE) as defined in the PKCS #5 standard. Returns an encrypted ciphertext value (as a hex-encoded byte string) which can be decoded using passworddecrypt()
passworddecrypt(): Decrypts the provided hex-encoded ciphertext byte string using Password-Based Encryption (PBE) as defined in the PKCS #5 standard. Returns the originally encrypted cleartext value
keyencrypt(): Encrypts the provided cleartext string using the specified key and cipher transformation. Returns an encrypted ciphertext value (as a hex-encoded byte string) which can be decoded using keydecrypt()
keydecrypt(): Decrypts the provided hex-encoded ciphertext byte string using the specified key and cipher transformation. Returns the originally encrypted cleartext value
macsignature(): Computes a Mac signature

Note: The JCA framework uses different "providers" to implement specific cryptographic algorithms. Provider implementations need to be installed prior to use.

See https://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html for more details.

rahulb1099 9 months ago

is there any documentation to understand more on macsignature()? Is it related to javax.Crypto.Mac class?
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
scotte0001 over 5 years ago in reply to yusufa

From your file it appears you have the you have the java library needed.
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
yusufa over 5 years ago in reply to scotte0001

ok, maybe we should really develop our own plugin...thank you for your advise
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
yusufa over 5 years ago in reply to scotte0001

Hi, thank you for your quick answer :) There is a bunch of libaries..
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
yusufa over 5 years ago in reply to scotte0001

listprovidersandalgorithms.txt
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
scotte0001 over 5 years ago in reply to yusufa

Ok another problem keyencrypt the key argument has to be a AES generated key. Java's SecretKeyFactory can generate this and it looks like that's what it's trying to do for passwordencrypt but unfortunately this plugin does not expose that method. I suggest using another transformation or modifying the plugin. You will discover as we did the plugin doesn't work well and the developer doesn't respond.
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
scotte0001 over 5 years ago in reply to yusufa

In a test rule run listprovidersandalgorithms() and see if you have the java library needed.
- Cancel
- Up 0 Down
- Reply
- More
- Cancel
yusufa over 5 years ago

Hi,
I'm trying to encrypt a password using "AES/ECB/PKCS5Padding" but failed so far.

For example the password is "Test" followed by a timestamp and SALT is "%aaa*+11/r5Testj8"

I would expect something like this:
Plain text is: 'Test19.09.2019 10:45:12'
Encrypted text is 'S/WAvRLGqQ0HO25DpRYAzoO5ML3ZYbo0UT65lS80yr0='

My approach is:
passwordencrypt(
cleartext: "Test19.09.2019 09:01:25",
password: "Test",
salt: keyencrypt(cleartext: "%aaa*+00/r5Test9", key: text2hex("%aaa*+00/r5Test9"), transformation: "AES"),
iterationCount: 1000,
transformation : "AES/ECB/PKCS5PADDING"
)

Error: java.security.NoSuchAlgorithmException: AES/ECB/PKCS5PADDING SecretKeyFactory not available

Any help?
Thanks
Yusuf
- Cancel
- Up 0 Down
- Reply
- More
- Cancel

scotte0001 over 5 years ago

I can't get the provider argument to work I keep getting "Expression evaluation error at function 'keyencrypt': The provided iv (SunJCE) is not a valid hex string."

keyencrypt( 
  cleartext:a!toJson(value: {ClaimOne:"SECRET"
                            , ClaimTwo: "SECRET"
                            , ClaimThree: "SECRET"
                          })
  , key: text2hex("KjEP3N8I4zLmT9n0N/CNuQ==")
  , transformation : "AES/ECB/PKCS5Padding"
  , provider: "SunJCE"
)

eshbeata over 5 years ago

Can you provide example of RSA ?
- Cancel
- Up 0 Down
- Reply
- More
- Cancel