I'm attempting to implement Diffie-Hellman key exchange. I am a little confused with how to use the secret key once generated.
As seen in the output, the 2 secret keys are generated using the same prime & base as normal in the key exchange, and trade public keys when generating the secret keys, however they are not outputting the same value as I expected.
I'm getting very confused with how to implement this encryption method and would be very grateful for some direction. My overall aim for this is to implement an encrypted SMS Android application.
(The screenshot was unable to capture the entire length of a & b's base & prime)
AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance("DH");
paramGen.init(512); // number of bits
AlgorithmParameters params = paramGen.generateParameters();
DHParameterSpec dhSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class);
BigInteger p512 = dhSpec.getP();
BigInteger g512 = dhSpec.getG();
//A
KeyPairGenerator akpg = KeyPairGenerator.getInstance("DiffieHellman");
DHParameterSpec param = new DHParameterSpec(p512, g512);
System.out.println("Prime: " + p512);
System.out.println("Base: " + g512);
akpg.initialize(param);
KeyPair kp = akpg.generateKeyPair();
//B
KeyPairGenerator bkpg = KeyPairGenerator.getInstance("DiffieHellman");
DHParameterSpec param2 = new DHParameterSpec(p512, g512);
System.out.println("Prime: " + p512);
System.out.println("Base: " + g512);
bkpg.initialize(param2);
KeyPair kp2 = bkpg.generateKeyPair();
KeyAgreement aKeyAgree = KeyAgreement.getInstance("DiffieHellman");
KeyAgreement bKeyAgree = KeyAgreement.getInstance("DiffieHellman");
aKeyAgree.init(kp.getPrivate());
bKeyAgree.init(kp2.getPrivate());
aKeyAgree.doPhase(kp2.getPublic(), true);
bKeyAgree.doPhase(kp.getPublic(), true);
//System.out.println("Alice Secret Key: " + aKeyAgree.generateSecret());
//System.out.println("Bob's Secret Key: " + bKeyAgree.generateSecret());
MessageDigest hash = MessageDigest.getInstance("SHA-256");
byte[] ASharedSecret = hash.digest(aKeyAgree.generateSecret());
byte[] BSharedSecret = hash.digest(bKeyAgree.generateSecret());
System.out.println("Alice's Shared Secret: " + ASharedSecret.toString());
System.out.println("Bob's Shared Secret: " + BSharedSecret.toString());
byte[].toString() doesn't print the contents. Try Arrays.toString().
Related
I have a string than I want to encrypt to send it over an insecure channel.
I want to:
Convert to int my-val & my-private-key. Then, multiply both. Send it. When receiving it, divide by my-private-key converted as int and get my-val.
I tried to used Integer.parseInt and Integer.toString as suggested here. It seems to work with System.out.println(Integer.parseInt("Kona", 27)); (as Java's documentation said)
So I made this:
int base = 27;
String key = "some key";
String cmd = "some val";
int based = Integer.parseInt(cmd, base);
System.out.println("Based: " + based);
int crypted = based * Integer.parseInt(key, base);
System.out.println("Crypted: " + crypted);
// here use un-secure channel to send/receive
int received = crypted;
int back = received / Integer.parseInt(key, base);
System.out.println("Get back: " + back);
System.out.println("Final result: " + Integer.toString(back, base));
But I get Exception in thread "main" java.lang.NumberFormatException: For input string: "some val" at the 4st line.
I tried with base 10, 16, 27, 32. Even if I understand why 10 & 16 doesn't work, why 27 & 32 don't ? How can I fix it ?
Based on below wikipedia link of numeral system, Java will check each character of your input string against the range of radix parameter and if its not in range than it will throw exception.
Visit https://en.wikipedia.org/wiki/List_of_numeral_systems,
Apart from that, Below is explanation from geeksforgeek site.
The string is null or of zero-length
The value represented by the string is not a value of type int
Specifically for the parseInt(String s, int radix) variant of the function:
The second argument radix is either smaller than Character.MIN_RADIX or larger than Character.MAX_RADIX
*
Each character of input string has min and max radix parameter.
Any character of the string is not a digit of the specified radix, except that the first character may be a minus sign ‘-‘ (‘\u002D’) or plus sign ‘+’ (‘\u002B’) provided that the string is longer than length 1
Custom logic for conversion
String name = "some val";
long key = 0;
for (int i = 0;i<name.length();i++)
key+= (name.charAt(i) - 'a'+1 ) * Math.pow(26,name.length() - i - 1 );
System.out.println(key);
Above code is taken Converting name to a key using radix-26
I was looking to encrypt with another string. I get the idea to multiply both, and so convert them into int. But, it seems to have informations lost with operation.
So, I searched for another way, and I found this one:
private static final String ALGORITHM = "AES";
private static final Key MY_KEY = new SecretKeySpec("16-char priv key".getBytes(), ALGORITHM);
private Cipher getCipher(int mode) throws Exception {
Cipher c = Cipher.getInstance(ALGORITHM);
c.init(mode, MY_KEY);
return c;
}
public String encrypt(String valueToEnc) throws Exception {
return Base64.getEncoder().encodeToString(getCipher(Cipher.ENCRYPT_MODE).doFinal(valueToEnc.getBytes()));
}
public String decrypt(String encryptedValue) throws Exception {
return new String(getCipher(Cipher.DECRYPT_MODE).doFinal(Base64.getDecoder().decode(encryptedValue)));
}
How it works ? It encrypt and decrypt with a key. This key should be a 16-chars one. Also, to make it easier to show/send/receive, it's converted into base 64.
Example of how to use:
String myVal = "some val";
String encrypt = encrypt(myVal);
System.out.println("Encrypt: " + encrypt);
String decrypt = decrypt(encrypt);
System.out.println("Decrypt: " + decrypt);
Output:
Encrypt: ERJZ7ZOJcNpQEAvrb6wPOA==
Decrypt: some val
I used SCALE Codec for java offline address generation. but I see that generated address and polkadot.js generated address are not alike.
I use bitcoinj 's MnemonicCode generation mnemonic, and I toseed the mnemonic get seed;
this is my code;
public void createAddress() throws Exception {
System.out.println("Generate a new Root Key + derive a `demo` address from that key");
int number = 0;
byte[] initialEntropy = new byte[128 / 8];
SecureRandomUtils.secureRandom().nextBytes(initialEntropy);
String mnemonic = "devote fatigue dice clock lock cross creek neutral minute achieve betray curve";
String[] mm = mnemonic.split(" ");
List<String> strings = Arrays.asList(mm.clone());
System.out.println(mnemonic);
String n = Utils.SPACE_JOINER.join(strings);
System.out.println(n);
byte[] seed = toSeed(strings, "");
String s = Hex.encodeHexString(seed);
System.out.println(s);
Schnorrkel instance = Schnorrkel.getInstance();
Schnorrkel.KeyPair rootKey = instance.generateKeyPairFromSeed(seed);
System.out.println(" Root Key: " + Hex.encodeHexString(rootKey.getSecretKey()));
Schnorrkel.KeyPair key = instance.deriveKeyPair(rootKey, Schnorrkel.ChainCode.from("".getBytes()));
Address address = new Address(SS58Type.Network.LIVE, key.getPublicKey());
System.out.println(" Address: " + address);
System.out.println("Public Key: " + Hex.encodeHexString(key.getPublicKey()));
System.out.println("Secret Key: " + Hex.encodeHexString(key.getSecretKey()));
}
public static byte[] toSeed(List<String> words, String passphrase) {
checkNotNull(passphrase, "A null passphrase is not allowed.");
// To create binary seed from mnemonic, we use PBKDF2 function
// with mnemonic sentence (in UTF-8) used as a password and
// string "mnemonic" + passphrase (again in UTF-8) used as a
// salt. Iteration count is set to 4096 and HMAC-SHA512 is
// used as a pseudo-random function. Desired length of the
// derived key is 512 bits (= 64 bytes).
//
String pass = Utils.SPACE_JOINER.join(words);
String salt = "mnemonic" + passphrase;
final Stopwatch watch = Stopwatch.createStarted();
byte[] seed = PBKDF2SHA512.derive(pass, salt, 2048, 32);
watch.stop();
System.out.println("PBKDF2 took {}" + watch);
return seed;
}
polkadot.js generated address is "12EgmkT6NHjTjtwcvfBFu1dkPEN9TLFo3ftA4L2ZcmkCfQCp";
i use my code generated address is "12YTJRjPRsw34wBp2Ewfr9oBP9w47RpKKw4CPZF2zaCga1Hk"
how do I generate similar polkadot.js' address ?
This is my request code. aa means my consumer key and bb is userAcessTokenSecret. I changed the values for the sake of security. I don't know is it becasue of cursor parameter or the ways of encoding and hashing the values and keys.
public static void getLocationAndNameOfFollowers(String userAcessToken, String userAcessTokenSecret) throws IOException, InvalidKeyException, NoSuchAlgorithmException {
userAcessTokenSecret = "bb";
String signingKey = GenerateSignature.oAuthSigningKey("aa", userAcessTokenSecret);
long ts = new Timestamp(System.currentTimeMillis()).getTime() / 1000;
String timeStamp = String.valueOf(ts);
String nonce = GenerateSignature.generateNonce("aa", timeStamp);
String baseString = GenerateSignature.oAuthBaseString("GET", "https://api.twitter.com/1.1/followers/list.json?",
"cursor-1", "fHkdJVy3x1fKE1Yop9qraJyCp", userAcessToken, timeStamp, nonce);
String oauth_signature = GenerateSignature.oAuthSignature(baseString, signingKey);
JSONObject response = Unirest.get("https://api.twitter.com/1.1/followers/list.json?cursor=-1")
.header("Content-Type", "application/x-www-form-urlencoded")
.header("Authorization", "OAuth oauth_consumer_key=\"consumer_key\"," +
"oauth_token=" + "\"" + userAcessToken +"\""+ "," +
"oauth_signature_method=" + "\"HMAC-SHA1\"," +
"oauth_timestamp=" + "\""+timeStamp + "\"" + "," +
"oauth_nonce=" + "\""+nonce + "\"" + "," +
"oauth_version=\"1.0\"," +
"oauth_signature=" + "\"" +oauth_signature + "\"")
.asJson().getBody().getObject();
The code in below contains my helper functions.
private static String percentEncoding(String originalString) {
String encodedString = Base64.getUrlEncoder().encodeToString(originalString.getBytes());
return encodedString;
}
public static String oAuthBaseString(String method, String url, String parameters, String key, String token, String timestamp, String nonce) {
System.out.println("generated sorted parameter string -> "+generateSortedParameterString(parameters, key, token, timeStamp , nonce));
String res = method + "&" + percentEncoding(url)
+ "&" + generateSortedParameterString(parameters, key, token, timeStamp , nonce);
System.out.println("oauth base string -> \n\n\n" + res);
return res;
}
public static String oAuthSignature(String baseString, String tokenSecret) throws NoSuchAlgorithmException, InvalidKeyException {
byte[] bytes = baseString.getBytes(StandardCharsets.UTF_8);
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(new SecretKeySpec(bytes, "HmacSHA1"));
byte[] res = mac.doFinal(tokenSecret.getBytes(StandardCharsets.UTF_8));
return percentEncoding(Base64.getEncoder().toString());
}
public static String oAuthSigningKey(String consumerSecret, String accessTokenSecret) {
return consumerSecret + "&" + accessTokenSecret;
}
public static String generateNonce(String consumerKey, String timeStamp) {
String nonce = Base64.getEncoder().encodeToString((consumerKey + ":" + timeStamp).getBytes());
return nonce;
}
public static String generateSortedParameterString(String parameter, String key, String token, String timeStamp, String nonce) {
Map<String, String> parameters = new LinkedHashMap<>();
parameters.put("oauth_consumer_key", key);
parameters.put("oauth_nonce", nonce);
parameters.put("oauth_signature_method", "HMAC-SHA1");
parameters.put("oauth_timestamp", timeStamp);
parameters.put("oauth_token", token);
parameters.put("oauth_version", "1.0");
System.out.println("parameter map is here -> "+parameters);
String parameterString = parameters.entrySet().stream()
.sorted(Map.Entry.comparingByKey())
.map(e -> percentEncoding(e.getKey()) + "=" + percentEncoding(e.getValue()))
.collect(Collectors.joining("&"));
return parameterString;
}
I am getting this response
{"errors":[{"code":32,"message":"Could not authenticate you."}]}
I see your code and looks like you may not have finished the steps needed before you make a call to get followers.
Since Twitter follows OAuth1 here is what you need to do for this. If you confirm that you have done these then I can help you with the signing process.
The variables that you are working with
consumerKey = Copied from twitter during registration
accesstokenSecret = Copied from twitter during registration
oauth_token = Received as response from step 1 below
oauth_token_secret = Received as response from step 2 below
oauth_verifier = Received as response from step 3 below
accesstoken = Received as response from step 4 below. Finally to be used while signing all API calls
Steps for OAuth 1.0 that twitter follows
GET oauth_token making signed call to https://api.twitter.com/oauth/request_token. Twitter will return oauth_token and oauth_token_secret
Redirect user to https://api.twitter.com/oauth/authorize?oauth_token={{oauth_token}}
User Authenticates and twitter will send a code to your redirect url
Then send a signed request to https://api.twitter.com/oauth/access_token to recieve the access_token
The process for signing are the same for each step with changes to the baseString and signing key. If you have achieved the signing logic for step1. All the others should work.
If you have not done the above steps and are struggling with signing at step1 then I'll help you with the basic structure of signing. Do confirm?
I work at Pathfix and we built it out as a middleware to solve the exact problem without having you to download SDK. If you are dealing with multiple Providers, you will eventually notice the lack of reusability and bulk of unneccessary code. It might save you hours and $$. All of what you are trying to achieve can take you not more than 10 minutes :)
Trying to generate an SAS Token to access certain files in a Storage Account. I'm using the methods listed here:
https://learn.microsoft.com/en-us/rest/api/eventhub/generate-sas-token
Now, the problem I have is I cannot, for the life of me, make the sasToken string work. If I generate the token via the Portal (Shared Access Signature in the Storage Account), I can access those files via a URL with the provided Token.
However I have yet to be able to generate an SAS token programmatically via Java using the methods I linked above. I think my problem is the StringToSign that is being encrypted. I've been following this example when constructing the string to encrypt:
https://learn.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas
All my efforts have resulted in either:
<AuthenticationErrorDetail>Signature fields not well formed.</AuthenticationErrorDetail>
or
<AuthenticationErrorDetail>Signature did not match. String to sign used was <insert string details here>
Looking at the Portal generated sasToken that works for me:
?sv=2017-11-09&ss=f&srt=o&sp=r&se=2018-12-06T22:15:20Z&st=2018-12-06T14:15:20Z&spr=https&sig=%2Bi1TWv5D80U%2BoaIeoBh1wjaO1p4xVFx4nRZt%2FzwiszY%3D
It seems I need a String like so:
String stringToSign = accountName + "\n" +
"r\n" +
"f\n" +
"o\n" +
URLEncoder.encode(start, "UTF-8") + "\n" +
URLEncoder.encode(expiry, "UTF-8") + "\n" +
"\n" +
"https\n" +
azureApiVersion;
Where accountName is the storage account name from Azure, and start/expiry are the start and expiry strings (ie- 2018-12-06T22:15:20Z) and azureApiVersion is "2017-11-09".
I then try to return the token after constructing the string like so:
String signature = getHMAC256(key, stringToSign);
sasToken = "sv=" + azureApiVersion +
"&ss=f" +
"&srt=o" +
"&sp=r" +
"&se=" +URLEncoder.encode(expiry, "UTF-8") +
"&st=" + URLEncoder.encode(start, "UTF-8") +
"&spr=https" +
"&sig=" + URLEncoder.encode(signature, "UTF-8");
I've tried URL encoding and not URL encoding the the start/expiry dates as well, just in case that was messing things up. What am I missing?
Three points to fix
getHMAC256 method problem as mentioned by #Gaurav
Don't encode expiry and start in stringToSign or the signature won't match. Because the encoded part in url will be decoded by Azure Storage Service to calculate the expected signature.
In stringToSign, miss one \n after azureApiVersion.
Here's the complete sample.
public static void GetFileSAS(){
String accountName = "accountName";
String key = "accountKey";
String resourceUrl = "https://"+accountName+".file.core.windows.net/fileShare/fileName";
String start = "startTime";
String expiry = "expiry";
String azureApiVersion = "2017-11-09";
String stringToSign = accountName + "\n" +
"r\n" +
"f\n" +
"o\n" +
start + "\n" +
expiry + "\n" +
"\n" +
"https\n" +
azureApiVersion+"\n";
String signature = getHMAC256(key, stringToSign);
try{
String sasToken = "sv=" + azureApiVersion +
"&ss=f" +
"&srt=o" +
"&sp=r" +
"&se=" +URLEncoder.encode(expiry, "UTF-8") +
"&st=" + URLEncoder.encode(start, "UTF-8") +
"&spr=https" +
"&sig=" + URLEncoder.encode(signature, "UTF-8");
System.out.println(resourceUrl+"?"+sasToken);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
}
private static String getHMAC256(String accountKey, String signStr) {
String signature = null;
try {
SecretKeySpec secretKey = new SecretKeySpec(Base64.getDecoder().decode(accountKey), "HmacSHA256");
Mac sha256HMAC = Mac.getInstance("HmacSHA256");
sha256HMAC.init(secretKey);
signature = Base64.getEncoder().encodeToString(sha256HMAC.doFinal(signStr.getBytes("UTF-8")));
} catch (Exception e) {
e.printStackTrace();
}
return signature;
}
I got a simpler method
SharedAccessAccountPolicy sharedAccessAccountPolicy = new SharedAccessAccountPolicy();
sharedAccessAccountPolicy.setPermissionsFromString("racwdlup");
long date = new Date().getTime();
long expiryDate = new Date(date + 8640000).getTime();
sharedAccessAccountPolicy.setSharedAccessStartTime(new Date(date));
sharedAccessAccountPolicy.setSharedAccessExpiryTime(new Date(expiryDate));
sharedAccessAccountPolicy.setResourceTypeFromString("sco");
sharedAccessAccountPolicy.setServiceFromString("bfqt");
String sasToken = "?" + storageAccount.generateSharedAccessSignature(sharedAccessAccountPolicy);
You can get the storage account like this:
private String storageConnectionString = "DefaultEndpointsProtocol=https;AccountName=<storage name>;AccountKey=<your key>;EndpointSuffix=core.windows.net";
storageAccount = CloudStorageAccount.parse(storageConnectionString);
I'm trying to put the data which is read from sequence file, and put it into Hash Map. After the loop finished, I try to print the content which is wrong.
I've tried to just print the key and value in the first loop, and the result is correct. When I try to print the key in the second while loop, the result is several duplicate records. I can't figure it out what is going wrong.
while(reader.next(key, value)) {
byte[] value_bytes = value.getBytes();
data_HashMap.put(key, value_bytes);
}
IOUtils.closeStream(reader);
Iterator<Text> keySetIterator = data_HashMap.keySet().iterator();
while(keySetIterator.hasNext()){
Text index = keySetIterator.next();
System.out.println("key: " + index);
}
here is the result
Key: 123
Key: 123
Key: 123
Key: 123
Key: 123
Key: 123
If I modified the first while loop like this
while(reader.next(key, value)) {
byte[] value_bytes = value.getBytes();
System.out.println("Key: " + key);
}
Here is the result and it's correct.
Key: 123
Key: 456
Key: 789
Key: 741
Key: 852
Key: 963
You are reusing the same key all over again:
while(reader.next(key, value)) {
byte[] value_bytes = value.getBytes();
data_HashMap.put(**key**, value_bytes);
}
I don't know what the type is, but if it's Text, simply copy it or use String instead.
while(reader.next(key, value)) {
byte[] value_bytes = value.getBytes();
data_HashMap.put(key.toString(), value_bytes);
}
You will hit the same issue with the value bytes as well, so I recommend you to do a defensive copy of this array too.