hatter/tiny-encrypt-java
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

v0.4.10, allow create data key without sign

Browse Source
This commit is contained in:
Hatter Jiang
2022-04-02 23:59:01 +08:00
parent f1ed2bae7e
commit 1fa032ca06
4 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/me/hatter/tools/tinyencrypt/TinyEncryptArgs.java
View File

@@ -28,6 +28,9 @@ public class TinyEncryptArgs {
@CommandLine.Option(names = {"--compress"}, description = "Encrypt compress") @CommandLine.Option(names = {"--compress"}, description = "Encrypt compress")
boolean compress = false; boolean compress = false;
@CommandLine.Option(names = {"--require-sign"}, description = "Require signature when create data key")
boolean requireSign = false;
@CommandLine.Option(names = {"-C", "--config"}, description = "Encrypt config") @CommandLine.Option(names = {"-C", "--config"}, description = "Encrypt config")
File config; File config;

2
src/main/java/me/hatter/tools/tinyencrypt/TinyEncryptMain.java
View File

@@ -200,7 +200,7 @@ public class TinyEncryptMain {
} }
boolean result; boolean result;
if (tinyEncryptArgs.encrypt) { if (tinyEncryptArgs.encrypt) {
result = EncryptedFileUtil.encryptFile(config, tinyEncryptArgs.key, f, tinyEncryptArgs.compress, tinyEncryptArgs.comment); result = EncryptedFileUtil.encryptFile(config, tinyEncryptArgs.key, f, tinyEncryptArgs.compress, tinyEncryptArgs.requireSign, tinyEncryptArgs.comment);
} else { } else {
if (tinyEncryptArgs.showInWindow) { if (tinyEncryptArgs.showInWindow) {
EncryptedFileUtil.decryptInWindow(config, f, tinyEncryptArgs.pgp); EncryptedFileUtil.decryptInWindow(config, f, tinyEncryptArgs.pgp);

4
src/main/java/me/hatter/tools/tinyencrypt/encrypt/EncryptedFileUtil.java
View File

@@ -136,7 +136,7 @@ public class EncryptedFileUtil {
} }
} }
public static boolean encryptFile(TinyEncryptConfig config, String keyName, File file, boolean compress, String comment) { public static boolean encryptFile(TinyEncryptConfig config, String keyName, File file, boolean compress, boolean requireSign, String comment) {
File encFile = getEncryptFile(file); File encFile = getEncryptFile(file);
if (encFile == null) { if (encFile == null) {
log.warn("Cannot encrypt .tinyenc file: " + file); log.warn("Cannot encrypt .tinyenc file: " + file);
@@ -147,7 +147,7 @@ public class EncryptedFileUtil {
return false; return false;
} }
try { try {
TinyEncryptMeta meta = TinyEncryptMetaUtil.create(config, comment); TinyEncryptMeta meta = TinyEncryptMetaUtil.create(config, comment, requireSign);
meta.setFileLength(file.length()); meta.setFileLength(file.length());
meta.setFileLastModified(file.lastModified()); meta.setFileLastModified(file.lastModified());
meta.setCompress(compress); meta.setCompress(compress);

19
src/main/java/me/hatter/tools/tinyencrypt/encrypt/TinyEncryptMetaUtil.java
View File

@@ -85,10 +85,13 @@ public class TinyEncryptMetaUtil {
return Base64.getDecoder().decode(responseData.getString("dataKey")); return Base64.getDecoder().decode(responseData.getString("dataKey"));
} }
public static TinyEncryptMeta create(TinyEncryptConfig config, String comment) { public static TinyEncryptMeta create(TinyEncryptConfig config, String comment, boolean requireSignature) {
requireLocalPrivateKeyPem(config); PrivateKey privateKey = null;
if (requireSignature) {
requireLocalPrivateKeyPem(config);
privateKey = KeyUtil.parsePrivateKeyPEM(config.getLocalPrivateKeyPem());
}
PublicKey publicKey = KeyUtil.parsePublicKeyPEM(config.getLocalPublicKeyPem()); PublicKey publicKey = KeyUtil.parsePublicKeyPEM(config.getLocalPublicKeyPem());
PrivateKey privateKey = KeyUtil.parsePrivateKeyPEM(config.getLocalPrivateKeyPem());
PublicKey pgpEncryptPublicKey = null; PublicKey pgpEncryptPublicKey = null;
if (StringUtil.isNotBlank(config.getPgpEncryptPublicKeyPem())) { if (StringUtil.isNotBlank(config.getPgpEncryptPublicKeyPem())) {
pgpEncryptPublicKey = KeyUtil.parsePublicKeyPEM(config.getPgpEncryptPublicKeyPem()); pgpEncryptPublicKey = KeyUtil.parsePublicKeyPEM(config.getPgpEncryptPublicKeyPem());
@@ -97,14 +100,18 @@ public class TinyEncryptMetaUtil {
String timestamp = String.valueOf(System.currentTimeMillis()); String timestamp = String.valueOf(System.currentTimeMillis());
String toBeSigned = name + "|" + timestamp; String toBeSigned = name + "|" + timestamp;
Bytes sign = Signatures.sha256(privateKey).sign(toBeSigned); Bytes sign = (privateKey == null) ? null : Signatures.sha256(privateKey).sign(toBeSigned);
List<HttpRequest.KeyValue> keyValues = new ArrayList<>(); List<HttpRequest.KeyValue> keyValues = new ArrayList<>();
keyValues.add(new HttpRequest.KeyValue("name", name)); keyValues.add(new HttpRequest.KeyValue("name", name));
keyValues.add(new HttpRequest.KeyValue("timestamp", timestamp)); keyValues.add(new HttpRequest.KeyValue("timestamp", timestamp));
keyValues.add(new HttpRequest.KeyValue("dataKeyPublicKey", KeyUtil.serializePublicKeyToPEM(publicKey))); keyValues.add(new HttpRequest.KeyValue("dataKeyPublicKey", KeyUtil.serializePublicKeyToPEM(publicKey)));
keyValues.add(new HttpRequest.KeyValue("dataKeyRequestSign", sign.asBase64())); if (sign == null) {
log.info("Get data key from kms, key name: " + name + " ..."); keyValues.add(new HttpRequest.KeyValue("skipDataKeyRequestSignVerify", "true"));
} else {
keyValues.add(new HttpRequest.KeyValue("dataKeyRequestSign", sign.asBase64()));
}
log.info("Get data key from kms, key name: " + name + ", with sign: " + (sign != null) + " ...");
Bytes response = HttpRequest.fromUrl(KMS_GET_DATA_KEY).post(keyValues); Bytes response = HttpRequest.fromUrl(KMS_GET_DATA_KEY).post(keyValues);
JSONObject responseObject = response.asJSON(); JSONObject responseObject = response.asJSON();
if (responseObject.getIntValue("status") != 200) { if (responseObject.getIntValue("status") != 200) {