This article belongs to H Verify external signature in Tink and is part 3.
The Google Tink-environment encapsulates especially the keys for a usage outside of Tink so it’s also a problem to bring external Keys inside of Tink. To solve this problem I’m creating a Public Key-file in JSON-format, but instead of using libraries (like JSON or JSON SIMPLE) I’m writing the file „handmade“.
I’m for shure there might be better (looking ?) solutions but as there are only two „flexible“ data fields (primaryKeyId and value) I hardcoded the file structure. To get a random KeyId I used two small code segments from Tink KeysetManager.java. This helper class belongs to this article: H Tink Verify an ECDSA signature with Tink.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
package tinkExternalSignatureVerification; /* * Diese Klasse gehört zu VerifyEcdsaTinkSignature.java * This class belongs to VerifyEcdsaTinkSignature.java * Herkunft/Origin: http://javacrypto.bplaced.net/ * Programmierer/Programmer: Michael Fehr * Copyright/Copyright: frei verwendbares Programm (Public Domain) * Copyright: This is free and unencumbered software released into the public domain. * Lizenttext/Licence: <http://unlicense.org> */ import java.io.BufferedWriter; import java.io.FileWriter; import java.io.IOException; import java.security.SecureRandom; public class SaveJson { public static int writeJson(String filename, String value) throws IOException { BufferedWriter writer = new BufferedWriter(new FileWriter(filename)); int keyId = newKeyId(); String str = "{"; writer.write(str + "\n"); str = " \"primaryKeyId\": " + keyId + ","; writer.append(str + "\n"); str = " \"key\": [{"; writer.append(str + "\n"); str = " \"keyData\": {"; writer.append(str + "\n"); str = " \"typeUrl\": \"type.googleapis.com/google.crypto.tink.EcdsaPublicKey\","; writer.append(str + "\n"); str = " \"keyMaterialType\": \"ASYMMETRIC_PUBLIC\","; writer.append(str + "\n"); str = " \"value\": \"" + value + "\""; writer.append(str + "\n"); str = " },"; writer.append(str + "\n"); str = " \"outputPrefixType\": \"TINK\","; writer.append(str + "\n"); str = " \"keyId\": " + keyId + ","; writer.append(str + "\n"); str = " \"status\": \"ENABLED\""; writer.append(str + "\n"); str = " }]"; writer.append(str + "\n"); str = "}"; writer.append(str); writer.close(); return keyId; } // routines for keyId private static int newKeyId() { int keyId = randPositiveInt(); keyId = randPositiveInt(); return keyId; } // source: // https://github.com/google/tink/blob/08405fb55ba695b60b41f7f9ae198e5748152604/java/src/main/java/com/google/crypto/tink/KeysetManager.java /** @return positive random int */ private static int randPositiveInt() { SecureRandom secureRandom = new SecureRandom(); byte[] rand = new byte[4]; int result = 0; while (result == 0) { secureRandom.nextBytes(rand); result = ((rand[0] & 0x7f) << 24) | ((rand[1] & 0xff) << 16) | ((rand[2] & 0xff) << 8) | (rand[3] & 0xff); } return result; } } |
As this is a helper class there is no console output.
All sourcecodes to this solution are available in my Github-Archive with this link: https://github.com/java-crypto/H-Google-Tink. All programs run with Java 8 and Java 11.
The licence (or better unlicence) to my solution is available here: Lizenz-Seite.
Last edit: 18.11.2019