hatter/tiny-encrypt-java
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat now can use

Browse Source
This commit is contained in:
Hatter Jiang
2021-04-16 01:25:12 +08:00
parent 8d656b518e
commit b0acd62ccc
3 changed files with 33 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/me/hatter/tools/tinyencrypt/TinyEncryptMain.java
View File

@@ -12,7 +12,6 @@ import me.hatter.tools.commons.security.key.PKType;
import me.hatter.tools.commons.string.StringUtil; import me.hatter.tools.commons.string.StringUtil;
import me.hatter.tools.tinyencrypt.config.TinyEncryptConfig; import me.hatter.tools.tinyencrypt.config.TinyEncryptConfig;
import me.hatter.tools.tinyencrypt.encrypt.EncryptedFileUtil; import me.hatter.tools.tinyencrypt.encrypt.EncryptedFileUtil;
import me.hatter.tools.tinyencrypt.encrypt.TinyEncryptMetaUtil;
import me.hatter.tools.tinyencrypt.util.BCUtil; import me.hatter.tools.tinyencrypt.util.BCUtil;
import picocli.CommandLine; import picocli.CommandLine;
@@ -25,7 +24,7 @@ public class TinyEncryptMain {
static { static {
BCUtil.init(); BCUtil.init();
// LogConfig.initMuteInfoMode(); LogConfig.initMuteInfoMode();
log = LogTools.getLogTool(TinyEncryptMain.class); log = LogTools.getLogTool(TinyEncryptMain.class);
} }
@@ -109,7 +108,7 @@ public class TinyEncryptMain {
if (tinyEncryptArgs.encrypt) { if (tinyEncryptArgs.encrypt) {
EncryptedFileUtil.encryptFile(config, tinyEncryptArgs.key, f, tinyEncryptArgs.comment); EncryptedFileUtil.encryptFile(config, tinyEncryptArgs.key, f, tinyEncryptArgs.comment);
} else { } else {
EncryptedFileUtil.decryptFile(f); EncryptedFileUtil.decryptFile(config, f);
} }
index++; index++;
} }

4
src/main/java/me/hatter/tools/tinyencrypt/encrypt/EncryptedFileUtil.java
View File

@@ -21,7 +21,7 @@ public class EncryptedFileUtil {
BCUtil.init(); BCUtil.init();
} }
public static void decryptFile(File file) { public static void decryptFile(TinyEncryptConfig config, File file) {
File decFile = getDecryptFile(file); File decFile = getDecryptFile(file);
if (decFile == null) { if (decFile == null) {
log.warn("File is not tinyenc file, skip: " + decFile); log.warn("File is not tinyenc file, skip: " + decFile);
@@ -35,6 +35,8 @@ public class EncryptedFileUtil {
try (FileInputStream fis = new FileInputStream(file)) { try (FileInputStream fis = new FileInputStream(file)) {
Tlv tlv = TlvUtil.readTlv(fis); Tlv tlv = TlvUtil.readTlv(fis);
TinyEncryptMeta meta = tlv.getValueAsBytes().asJSONObject(TinyEncryptMeta.class); TinyEncryptMeta meta = tlv.getValueAsBytes().asJSONObject(TinyEncryptMeta.class);
byte[] dataKey = TinyEncryptMetaUtil.decryptDataKey(config, meta);
meta.setDataKey(dataKey);
try (FileOutputStream fos = new FileOutputStream(decFile)) { try (FileOutputStream fos = new FileOutputStream(decFile)) {
try (OutputStream newOs = getDecryptOutputStream(fos, meta)) { try (OutputStream newOs = getDecryptOutputStream(fos, meta)) {
IOUtil.copy(fis, newOs, new CopyRollCounter() { IOUtil.copy(fis, newOs, new CopyRollCounter() {

35
src/main/java/me/hatter/tools/tinyencrypt/encrypt/TinyEncryptMetaUtil.java
View File

@@ -8,17 +8,12 @@ import me.hatter.tools.commons.log.LogTool;
import me.hatter.tools.commons.log.LogTools; import me.hatter.tools.commons.log.LogTools;
import me.hatter.tools.commons.network.HttpRequest; import me.hatter.tools.commons.network.HttpRequest;
import me.hatter.tools.commons.os.OSUtil; import me.hatter.tools.commons.os.OSUtil;
import me.hatter.tools.commons.security.key.KeyPairTool;
import me.hatter.tools.commons.security.key.KeyUtil; import me.hatter.tools.commons.security.key.KeyUtil;
import me.hatter.tools.commons.security.key.PKType;
import me.hatter.tools.commons.security.pem.PEMUtil;
import me.hatter.tools.commons.security.random.RandomTool; import me.hatter.tools.commons.security.random.RandomTool;
import me.hatter.tools.commons.security.rsa.PrivateKeyParseTool;
import me.hatter.tools.commons.security.sign.Signatures; import me.hatter.tools.commons.security.sign.Signatures;
import me.hatter.tools.tinyencrypt.config.TinyEncryptConfig; import me.hatter.tools.tinyencrypt.config.TinyEncryptConfig;
import me.hatter.tools.tinyencrypt.config.TinyEncryptConstant; import me.hatter.tools.tinyencrypt.config.TinyEncryptConstant;
import java.security.KeyPair;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.PublicKey; import java.security.PublicKey;
import java.util.ArrayList; import java.util.ArrayList;
@@ -28,6 +23,7 @@ import java.util.List;
public class TinyEncryptMetaUtil { public class TinyEncryptMetaUtil {
private static final LogTool log = LogTools.getLogTool(TinyEncryptMetaUtil.class); private static final LogTool log = LogTools.getLogTool(TinyEncryptMetaUtil.class);
private static final String KMS_GET_DATA_KEY = "https://hatter.ink/kms/get_data_key.json"; private static final String KMS_GET_DATA_KEY = "https://hatter.ink/kms/get_data_key.json";
private static final String KMS_DECRYPT_DATA_KEY = "https://hatter.ink/kms/decrypt_data_key_with_sign.json";
public static String toString(TinyEncryptMeta tinyEncryptMeta) { public static String toString(TinyEncryptMeta tinyEncryptMeta) {
return JSON.toJSONString(tinyEncryptMeta); return JSON.toJSONString(tinyEncryptMeta);
@@ -37,6 +33,31 @@ public class TinyEncryptMetaUtil {
return JSON.parseObject(meta, TinyEncryptMeta.class); return JSON.parseObject(meta, TinyEncryptMeta.class);
} }
public static byte[] decryptDataKey(TinyEncryptConfig config, TinyEncryptMeta meta) {
PrivateKey privateKey = KeyUtil.parsePrivateKeyPEM(config.getLocalPrivateKeyPem());
String envelop = meta.getEnvelop();
String timestamp = String.valueOf(System.currentTimeMillis());
String toBeSigned = envelop + "|" + timestamp;
Bytes sign = Signatures.sha256(privateKey).sign(toBeSigned);
List<HttpRequest.KeyValue> keyValues = new ArrayList<>();
keyValues.add(new HttpRequest.KeyValue("envelop", envelop));
keyValues.add(new HttpRequest.KeyValue("timestamp", timestamp));
keyValues.add(new HttpRequest.KeyValue("signature", sign.asBase64()));
log.info("Decrypt data key ...");
Bytes response = HttpRequest.fromUrl(KMS_DECRYPT_DATA_KEY).post(keyValues);
JSONObject responseObject = response.asJSON();
if (responseObject.getIntValue("status") != 200) {
throw new JumpOutException("Get data key from kms error, status: "
+ responseObject.getIntValue("status")
+ ", detail: " + responseObject
);
}
JSONObject responseData = responseObject.getJSONObject("data");
return Base64.getDecoder().decode(responseData.getString("dataKey"));
}
public static TinyEncryptMeta create(TinyEncryptConfig config, String comment) { public static TinyEncryptMeta create(TinyEncryptConfig config, String comment) {
PublicKey publicKey = KeyUtil.parsePublicKeyPEM(config.getLocalPublicKeyPem()); PublicKey publicKey = KeyUtil.parsePublicKeyPEM(config.getLocalPublicKeyPem());
PrivateKey privateKey = KeyUtil.parsePrivateKeyPEM(config.getLocalPrivateKeyPem()); PrivateKey privateKey = KeyUtil.parsePrivateKeyPEM(config.getLocalPrivateKeyPem());
@@ -51,13 +72,13 @@ public class TinyEncryptMetaUtil {
keyValues.add(new HttpRequest.KeyValue("timestamp", timestamp)); keyValues.add(new HttpRequest.KeyValue("timestamp", timestamp));
keyValues.add(new HttpRequest.KeyValue("dataKeyPublicKey", KeyUtil.serializePublicKeyToPEM(publicKey))); keyValues.add(new HttpRequest.KeyValue("dataKeyPublicKey", KeyUtil.serializePublicKeyToPEM(publicKey)));
keyValues.add(new HttpRequest.KeyValue("dataKeyRequestSign", sign.asBase64())); keyValues.add(new HttpRequest.KeyValue("dataKeyRequestSign", sign.asBase64()));
log.info("Get data key from kms, key name: " + name); log.info("Get data key from kms, key name: " + name + " ...");
Bytes response = HttpRequest.fromUrl(KMS_GET_DATA_KEY).post(keyValues); Bytes response = HttpRequest.fromUrl(KMS_GET_DATA_KEY).post(keyValues);
JSONObject responseObject = response.asJSON(); JSONObject responseObject = response.asJSON();
if (responseObject.getIntValue("status") != 200) { if (responseObject.getIntValue("status") != 200) {
throw new JumpOutException("Get data key from kms error, status: " throw new JumpOutException("Get data key from kms error, status: "
+ responseObject.getIntValue("status") + responseObject.getIntValue("status")
+ "detail: " + responseObject + ", detail: " + responseObject
); );
} }
JSONObject responseData = responseObject.getJSONObject("data"); JSONObject responseData = responseObject.getJSONObject("data");