java - Creating signature with HMAC_SHA1 - Secret key expected exception -

-

i want create digital signature of signaturemethod.hmac_sha1, referred below program

package com.sampel.test;  import javax.crypto.mac; import javax.crypto.spec.secretkeyspec; import javax.xml.crypto.*; import javax.xml.crypto.dsig.*; import javax.xml.crypto.dom.*; import javax.xml.crypto.dsig.dom.domsigncontext; import javax.xml.crypto.dsig.keyinfo.*; import javax.xml.crypto.dsig.spec.*; import java.io.fileinputstream; import java.io.fileoutputstream; import java.io.outputstream; import java.security.*; import java.util.collections; import java.util.formatter; import java.util.iterator; import javax.xml.parsers.documentbuilderfactory; import javax.xml.transform.*; import javax.xml.transform.dom.domsource; import javax.xml.transform.stream.streamresult; import org.w3c.dom.document;  /**  * simple example of generating enveloped xml  * signature using jsr 105 api. resulting signature  * (key , signature values different):  *  * <pre><code>  *<envelope xmlns="urn:envelope">  * <signature xmlns="http://www.w3.org/2000/09/xmldsig#">  *   <signedinfo>  *     <canonicalizationmethod algorithm="http://www.w3.org/tr/2001/rec-xml-c14n -20010315"/>  *     <signaturemethod algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>  *     <reference uri="">  *       <transforms>  *         <transform algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>  *       </transforms>  *       <digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>  *       <digestvalue>k8m/lpbknumdso0uzuj75lqtzqi=<digestvalue>  *     </reference>  *   </signedinfo>  *   <signaturevalue>  *     dpeylhqoiukbokwmyfajxo7lzxidygvtutcnytgwzgochzora2nhkq==  *   </signaturevalue>  *   <keyinfo>  *     <keyvalue>  *       <dsakeyvalue>  *         <p>  *           rfto8upqm6y34flpmdh40blj1rvrc8verquuhpz6jynfkquwxnu/wcviamhukpbl  *           fet8bjf/b2ef+oqxzajeb+88zlzoyg8g/wmfdbhtxz+cnowlahncctybp5kt7g8q  *           uobjuvjylwj1st7v9lsu03ixmxtbiriujfa5gurasn8=  *         </p>  *         <q>  *           kejafpce4lcuodwphpzf+tbauds=  *         </q>  *         <g>  *           oe14r2otykx+s+60o5brnmoypig2tu/f15n3bsderkowtkxenk9fs7dwstredxo2  *           ssgoonqad4fuj/4uva7ggnl4uliqy7e+mw5iwj7n/wtelh98meocslxknh24hch4  *           bzfsctruuzmcyjdv1ksqx/eux04hfcwymdxn3sq/qqw=  *         </g>  *         <y>  *           pa5nnzvcd574wrxuoa7zfc/7lqt4cb0mrlwthubtjovoao9ib5ry4rtk0r6ddnov  *           aigkktutzk3ymvkles3dorwzqgj+/bdwdw8ko9r66o6rdjisobbi/0c2v1+dkqog  *           jfmkz395mvcozghc7fqavhhat2ejgpmfgszyaba7+1k=  *         </y>  *       </dsakeyvalue>  *     </keyvalue>  *   </keyinfo>  * </signature>  *</envelope>  * </code></pre>  */ public class xmldigsig {      //     // synopsis: java genenveloped [document] [output]     //     //    "document" name of file containing xml document     //    signed, , "output" name of file store     //    signed document. 2nd argument optional - if not specified,     //    standard output used.     //     public static void main(string[] args) throws exception {          // create dom xmlsignaturefactory used generate         // enveloped signature         xmlsignaturefactory fac = xmlsignaturefactory.getinstance("dom");          // create reference enveloped document (in case         // signing whole document, uri of "" signifies that) ,         // specify sha1 digest algorithm , enveloped transform.         reference ref = fac.newreference             ("#_0", fac.newdigestmethod(digestmethod.sha1, null),              collections.singletonlist               (fac.newtransform                 (transform.enveloped, (transformparameterspec) null)),              null, null);          // create signedinfo         signedinfo si = fac.newsignedinfo             (fac.newcanonicalizationmethod              (canonicalizationmethod.exclusive,               (c14nmethodparameterspec) null),              fac.newsignaturemethod(signaturemethod.dsa_sha1, null),              collections.singletonlist(ref));          // create dsa keypair         keypairgenerator kpg = keypairgenerator.getinstance("dsa");         kpg.initialize(512);         keypair kp = kpg.generatekeypair();          // create keyvalue containing dsa publickey generated         keyinfofactory kif = fac.getkeyinfofactory();         keyvalue kv = kif.newkeyvalue(kp.getpublic());          // create keyinfo , add keyvalue         keyinfo ki = kif.newkeyinfo(collections.singletonlist(kv));          // instantiate document signed         documentbuilderfactory dbf = documentbuilderfactory.newinstance();         dbf.setnamespaceaware(true);         document doc =             dbf.newdocumentbuilder().parse(new fileinputstream("c:/sample/timestamp.txt"));          // create domsigncontext , specify dsa privatekey ,         // location of resulting xmlsignature's parent element         domsigncontext dsc = new domsigncontext             (kp.getprivate(), doc.getdocumentelement());         // create xmlsignature (but don't sign yet)         xmlsignature signature = fac.newxmlsignature(si, ki);         // marshal, generate (and sign) enveloped signature         signature.sign(dsc);         system.out.println(ref.geturi());         // output resulting document         outputstream os;         if (args.length > 1) {            os = new fileoutputstream(args[1]);         } else {            os = system.out;         }          transformerfactory tf = transformerfactory.newinstance();         transformer trans = tf.newtransformer();         trans.transform(new domsource(doc), new streamresult(os));      } }

with input file (in timestamp.txt)

<u:timestamp u:id="_0" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">                 <u:created>2015-06-18t17:34:40.325z</u:created>                 <u:expires>2015-06-18t17:39:40.325z</u:expires>             </u:timestamp>

am getting output below value (since referred dsa method) 

<ds:signaturemethod algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>

but need value ( hmac_sha1 method)

<signaturemethod algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>

so modified code signaturemethod.hmac_sha1 instead of signaturemethod.dsa_sha1 started giving me below exception , not able find appropriate keypairgenerator hmac_sha1.

exception in thread "main" javax.xml.crypto.dsig.xmlsignatureexception: java.security.invalidkeyexception: secret key expected     @ com.ibm.xml.crypto.dsig.dom.signedinfoimpl.sign(signedinfoimpl.java:189)     @ com.ibm.xml.crypto.dsig.dom.xmlsignatureimpl.sign(xmlsignatureimpl.java:162)     @ com.anthem.kytest.xmldigsig.main(xmldigsig.java:134) caused by: java.security.invalidkeyexception: secret key expected     @ com.ibm.crypto.provider.hmacsha1.engineinit(unknown source)     @ javax.crypto.mac.a(unknown source)     @ javax.crypto.mac.init(unknown source)     @ com.ibm.xml.crypto.dsig.signatureenginehmac.initsign(signatureenginehmac.java:102)     @ com.ibm.xml.crypto.dsig.dom.signedinfoimpl.sign(signedinfoimpl.java:168)     ... 2 more java.security.invalidkeyexception: secret key expected     @ com.ibm.crypto.provider.hmacsha1.engineinit(unknown source)     @ javax.crypto.mac.a(unknown source)     @ javax.crypto.mac.init(unknown source)     @ com.ibm.xml.crypto.dsig.signatureenginehmac.initsign(signatureenginehmac.java:102)     @ com.ibm.xml.crypto.dsig.dom.signedinfoimpl.sign(signedinfoimpl.java:168)     @ com.ibm.xml.crypto.dsig.dom.xmlsignatureimpl.sign(xmlsignatureimpl.java:162)     @ com.anthem.kytest.xmldigsig.main(xmldigsig.java:134)

how create signature method hmac_sha1, there tutorial/example available.

environment rsa/was 7 1.6 jdk

please me on this, thanks.

you'll need generate symmetric secret key hmac, not key pair. key pairs inherently asymmetric cryptography rsa , dsa.

so try replace key pair generation generation of hmac key:

byte[] randomkey = new byte[20]; securerandom rng = new securerandom(); rng.nextbytes(randomkey); secretkey hmackey = new secretkeyspec(randomkey, "hmac");  keyinfofactory kif = fac.getkeyinfofactory(); keyname kv = kif.newkeyname("owlstead"); keyinfo ki = kif.newkeyinfo(collections.singletonlist(kv));

i not verify code because of problem using "#_0" reference on machine though.

of course somehow need securely distribute hmac key well. generating randomly no good. that's different subject though.


Comments

Post a Comment

Popular posts from this blog

javascript - Karma not able to start PhantomJS on Windows - Error: spawn UNKNOWN -

-
i lost "unknown" error: karma.conf.js: frameworks: ['mocha', 'should'], plugins: ['karma-mocha', 'karma-should', 'karma-phantomjs-launcher'], ... browsers: ['phantomjs'], error: 23 07 2015 14:35:37.691:warn [karma]: no captured browser, open http://localhost:9876/ 23 07 2015 14:35:37.701:info [karma]: karma v0.13.3 server started @ http://localhost:9876/ 23 07 2015 14:35:37.707:info [launcher]: starting browser phantomjs 23 07 2015 14:35:37.738:error [karma]: { [error: spawn unknown] code: 'unknown', errno: 'unknown', syscall: 'spawn' } error: spawn unknown @ exports._errnoexception (util.js:749:11) @ childprocess.spawn (child_process.js:1093:11) @ exports.spawn (child_process.js:933:9) @ object._execcommand (c:\users\jinga4x\git\mdl-sample-project\node_modules\karma\lib\launchers\process.js:63:21) @ object._start (c:\users\jinga4x\git\md...
Read more

Nuget pack csproj using nuspec -

-
i want create nuget package contains specified in nuspec file, still version csproj. in order use token have pack like: nuget pack myproj.csproj but when adds dependencies , creates unwanted folder in nuget package. nuspec file is: <?xml version="1.0" encoding="utf-8"?> <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd"> <metadata> <id>test</id> <version>$version$</version> <title>test</title> <authors>test</authors> <owners>test</owners> <requirelicenseacceptance>false</requirelicenseacceptance> <description>test</description> <summary>test</summary> <releasenotes>test</releasenotes> <copyright>test</copyright> </metadata> <files> <file src="bin\debug\*.dll" target="lib\net45" /> <file s...
Read more

c# - Display ASPX Popup control in RowDeleteing Event (ASPX Gridview) -

-
i have aspxgridview includes new , delete button. delete button includs gv_rowdeleting event. want show aspxpopupcontrol (id="pupconfirm"). want user have confirm password delete item. tried: protected void gv_rowdeleting(object sender, devexpress.web.data.aspxdatadeletingeventargs e) { pupconfirm.showonpageload = true; } but nothing happened. please me. !!! you can create template column javascript prompt confirmation. <itemtemplate> <asp:linkbutton id="btndelete" runat="server" text="delete" commandname="delete" onclientclick="javascript:if(!confirm('are sure want delete record?')){return false;}"> </asp:linkbutton> </itemtemplate>
Read more