hatter/tiny-encrypt-java
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat now can use

Browse Source
This commit is contained in:
Hatter Jiang
2021-04-16 01:25:12 +08:00
parent 8d656b518e
commit b0acd62ccc
3 changed files with 33 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/me/hatter/tools/tinyencrypt/TinyEncryptMain.java
View File

@@ -12,7 +12,6 @@ import me.hatter.tools.commons.security.key.PKType;
import me.hatter.tools.commons.string.StringUtil;
import me.hatter.tools.tinyencrypt.config.TinyEncryptConfig;
import me.hatter.tools.tinyencrypt.encrypt.EncryptedFileUtil;
import me.hatter.tools.tinyencrypt.encrypt.TinyEncryptMetaUtil;
import me.hatter.tools.tinyencrypt.util.BCUtil;
import picocli.CommandLine;
@@ -25,7 +24,7 @@ public class TinyEncryptMain {
static {
BCUtil.init();
// LogConfig.initMuteInfoMode();
LogConfig.initMuteInfoMode();
log = LogTools.getLogTool(TinyEncryptMain.class);
}
@@ -109,7 +108,7 @@ public class TinyEncryptMain {
if (tinyEncryptArgs.encrypt) {
EncryptedFileUtil.encryptFile(config, tinyEncryptArgs.key, f, tinyEncryptArgs.comment);
} else {
EncryptedFileUtil.decryptFile(f);
EncryptedFileUtil.decryptFile(config, f);
}
index++;
}

4
src/main/java/me/hatter/tools/tinyencrypt/encrypt/EncryptedFileUtil.java
View File

@@ -21,7 +21,7 @@ public class EncryptedFileUtil {
BCUtil.init();
}
public static void decryptFile(File file) {
public static void decryptFile(TinyEncryptConfig config, File file) {
File decFile = getDecryptFile(file);
if (decFile == null) {
log.warn("File is not tinyenc file, skip: " + decFile);
@@ -35,6 +35,8 @@ public class EncryptedFileUtil {
try (FileInputStream fis = new FileInputStream(file)) {
Tlv tlv = TlvUtil.readTlv(fis);
TinyEncryptMeta meta = tlv.getValueAsBytes().asJSONObject(TinyEncryptMeta.class);
byte[] dataKey = TinyEncryptMetaUtil.decryptDataKey(config, meta);
meta.setDataKey(dataKey);
try (FileOutputStream fos = new FileOutputStream(decFile)) {
try (OutputStream newOs = getDecryptOutputStream(fos, meta)) {
IOUtil.copy(fis, newOs, new CopyRollCounter() {

35
src/main/java/me/hatter/tools/tinyencrypt/encrypt/TinyEncryptMetaUtil.java
View File

@@ -8,17 +8,12 @@ import me.hatter.tools.commons.log.LogTool;
import me.hatter.tools.commons.log.LogTools;
import me.hatter.tools.commons.network.HttpRequest;
import me.hatter.tools.commons.os.OSUtil;
import me.hatter.tools.commons.security.key.KeyPairTool;
import me.hatter.tools.commons.security.key.KeyUtil;
import me.hatter.tools.commons.security.key.PKType;
import me.hatter.tools.commons.security.pem.PEMUtil;
import me.hatter.tools.commons.security.random.RandomTool;
import me.hatter.tools.commons.security.rsa.PrivateKeyParseTool;
import me.hatter.tools.commons.security.sign.Signatures;
import me.hatter.tools.tinyencrypt.config.TinyEncryptConfig;
import me.hatter.tools.tinyencrypt.config.TinyEncryptConstant;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
@@ -28,6 +23,7 @@ import java.util.List;
public class TinyEncryptMetaUtil {
private static final LogTool log = LogTools.getLogTool(TinyEncryptMetaUtil.class);
private static final String KMS_GET_DATA_KEY = "https://hatter.ink/kms/get_data_key.json";
private static final String KMS_DECRYPT_DATA_KEY = "https://hatter.ink/kms/decrypt_data_key_with_sign.json";
public static String toString(TinyEncryptMeta tinyEncryptMeta) {
return JSON.toJSONString(tinyEncryptMeta);
@@ -37,6 +33,31 @@ public class TinyEncryptMetaUtil {
return JSON.parseObject(meta, TinyEncryptMeta.class);
}
public static byte[] decryptDataKey(TinyEncryptConfig config, TinyEncryptMeta meta) {
PrivateKey privateKey = KeyUtil.parsePrivateKeyPEM(config.getLocalPrivateKeyPem());
String envelop = meta.getEnvelop();
String timestamp = String.valueOf(System.currentTimeMillis());
String toBeSigned = envelop + "|" + timestamp;
Bytes sign = Signatures.sha256(privateKey).sign(toBeSigned);
List<HttpRequest.KeyValue> keyValues = new ArrayList<>();
keyValues.add(new HttpRequest.KeyValue("envelop", envelop));
keyValues.add(new HttpRequest.KeyValue("timestamp", timestamp));
keyValues.add(new HttpRequest.KeyValue("signature", sign.asBase64()));
log.info("Decrypt data key ...");
Bytes response = HttpRequest.fromUrl(KMS_DECRYPT_DATA_KEY).post(keyValues);
JSONObject responseObject = response.asJSON();
if (responseObject.getIntValue("status") != 200) {
throw new JumpOutException("Get data key from kms error, status: "
+ responseObject.getIntValue("status")
+ ", detail: " + responseObject
);
}
JSONObject responseData = responseObject.getJSONObject("data");
return Base64.getDecoder().decode(responseData.getString("dataKey"));
}
public static TinyEncryptMeta create(TinyEncryptConfig config, String comment) {
PublicKey publicKey = KeyUtil.parsePublicKeyPEM(config.getLocalPublicKeyPem());
PrivateKey privateKey = KeyUtil.parsePrivateKeyPEM(config.getLocalPrivateKeyPem());
@@ -51,13 +72,13 @@ public class TinyEncryptMetaUtil {
keyValues.add(new HttpRequest.KeyValue("timestamp", timestamp));
keyValues.add(new HttpRequest.KeyValue("dataKeyPublicKey", KeyUtil.serializePublicKeyToPEM(publicKey)));
keyValues.add(new HttpRequest.KeyValue("dataKeyRequestSign", sign.asBase64()));
log.info("Get data key from kms, key name: " + name);
log.info("Get data key from kms, key name: " + name + " ...");
Bytes response = HttpRequest.fromUrl(KMS_GET_DATA_KEY).post(keyValues);
JSONObject responseObject = response.asJSON();
if (responseObject.getIntValue("status") != 200) {
throw new JumpOutException("Get data key from kms error, status: "
+ responseObject.getIntValue("status")
+ "detail: " + responseObject
+ ", detail: " + responseObject
);
}
JSONObject responseData = responseObject.getJSONObject("data");