Example of ECDH x9.63 key generation in HSM.
package doxy.examples;
import java.util.Arrays;
import com.dinamonetworks.Dinamo;
import br.com.trueaccess.TacException;
import br.com.trueaccess.TacNDJavaLib;
public class GenEcdhKeyX963 {
private static String strAddr = "127.0.0.1";
private static String strUsrId = "master";
private static String strPwd = "12345678";
private static int nPort = 4433;
private static String strLocalKey = "test_local_key";
private static String strPeerKey = "test_peer_key";
private static String strTargetKey = "test_target_key";
private static String strSessionKey = "test_session_key";
public static void main(String[] args) {
int nFlags = 0;
Dinamo api = new Dinamo();
try {
api.openSession(strAddr, strUsrId, strPwd, nPort, nFlags);
api.deleteKeyIfExists(strLocalKey);
api.deleteKeyIfExists(strTargetKey);
api.deleteKeyIfExists(strSessionKey);
api.deleteKeyIfExists(strPeerKey);
System.out.println("--> Generate ECDH keys!");
api.createKey(strLocalKey, TacNDJavaLib.ALG_ECC_BRAINPOOL_P512T1);
api.createKey(strPeerKey, TacNDJavaLib.ALG_ECC_BRAINPOOL_P512T1);
System.out.println("--> Export public key from peer key!");
byte[] pbPeerPubKey = api.exportKey(strPeerKey, TacNDJavaLib.PUBLICKEY_BLOB);
byte[] pbKDFData = {(byte)0xff,(byte)0xff,(byte)0xff,(byte)0xff,(byte)0xff,(byte)0xff,(byte)0xff,(byte)0xff,
(byte)0x11,(byte)0x12,(byte)0x13,(byte)0x14,(byte)0x15,(byte)0x16,(byte)0x17,(byte)0x18};
System.out.println("--> Generate shared secret!");
api.genEcdhKeyX963Sha256(strLocalKey,
strTargetKey,
TacNDJavaLib.ALG_AES_256,
true,
false,
pbPeerPubKey,
pbKDFData);
System.out.println("--> Generate shared secret! (2nd option)");
byte[] pbKey = api.genEcdhKeyX963Sha256(strLocalKey,
null,
TacNDJavaLib.ALG_AES_256,
false,
false,
pbPeerPubKey,
pbKDFData);
byte[] pbClearBuffer = "askdfkasdfaksdfa".getBytes();
System.out.println("--> Import shared secret!");
api.importKey( strSessionKey,
TacNDJavaLib.PLAINTEXTKEY_BLOB,
TacNDJavaLib.ALG_AES_256,
TacNDJavaLib.EXPORTABLE_KEY,
pbKey,
TacNDJavaLib.ALG_AES_256_LEN);
System.out.println("--> Encrypt and decrypt buffer!");
byte[] pbEncryptedBuffer = api.encrypt(strSessionKey, pbClearBuffer);
byte[] pbDecryptedBuffer = api.decrypt(strTargetKey, pbEncryptedBuffer);
if(!Arrays.equals(pbClearBuffer, pbDecryptedBuffer))
{
System.out.println("Decrypted buffer and clear text buffer are different!");
}
System.out.println("--> Delete keys!");
api.deleteKey(strLocalKey);
api.deleteKey(strPeerKey);
api.deleteKey(strTargetKey);
api.deleteKey(strSessionKey);
api.closeSession();
} catch (TacException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
}