1*e7b1675dSTing-Kang Chang /** 2*e7b1675dSTing-Kang Chang * Copyright 2021 Google LLC 3*e7b1675dSTing-Kang Chang * 4*e7b1675dSTing-Kang Chang * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5*e7b1675dSTing-Kang Chang * in compliance with the License. You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang * 7*e7b1675dSTing-Kang Chang * http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang * 9*e7b1675dSTing-Kang Chang * Unless required by applicable law or agreed to in writing, software distributed under the License 10*e7b1675dSTing-Kang Chang * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11*e7b1675dSTing-Kang Chang * or implied. See the License for the specific language governing permissions and limitations under 12*e7b1675dSTing-Kang Chang * the License. 13*e7b1675dSTing-Kang Chang */ 14*e7b1675dSTing-Kang Chang // [START aead-example] 15*e7b1675dSTing-Kang Chang package aead; 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Chang import static java.nio.charset.StandardCharsets.UTF_8; 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Chang import com.google.crypto.tink.Aead; 20*e7b1675dSTing-Kang Chang import com.google.crypto.tink.InsecureSecretKeyAccess; 21*e7b1675dSTing-Kang Chang import com.google.crypto.tink.KeysetHandle; 22*e7b1675dSTing-Kang Chang import com.google.crypto.tink.TinkJsonProtoKeysetFormat; 23*e7b1675dSTing-Kang Chang import com.google.crypto.tink.aead.AeadConfig; 24*e7b1675dSTing-Kang Chang import java.nio.file.Files; 25*e7b1675dSTing-Kang Chang import java.nio.file.Path; 26*e7b1675dSTing-Kang Chang import java.nio.file.Paths; 27*e7b1675dSTing-Kang Chang 28*e7b1675dSTing-Kang Chang /** 29*e7b1675dSTing-Kang Chang * A command-line utility for encrypting small files with AEAD. 30*e7b1675dSTing-Kang Chang * 31*e7b1675dSTing-Kang Chang * <p>It loads cleartext keys from disk - this is not recommended! 32*e7b1675dSTing-Kang Chang * 33*e7b1675dSTing-Kang Chang * <p>It requires the following arguments: 34*e7b1675dSTing-Kang Chang * 35*e7b1675dSTing-Kang Chang * <ul> 36*e7b1675dSTing-Kang Chang * <li>mode: Can be "encrypt" or "decrypt" to encrypt/decrypt the input to the output. 37*e7b1675dSTing-Kang Chang * <li>key-file: Read the key material from this file. 38*e7b1675dSTing-Kang Chang * <li>input-file: Read the input from this file. 39*e7b1675dSTing-Kang Chang * <li>output-file: Write the result to this file. 40*e7b1675dSTing-Kang Chang * <li>[optional] associated-data: Associated data used for the encryption or decryption. 41*e7b1675dSTing-Kang Chang */ 42*e7b1675dSTing-Kang Chang public final class AeadExample { 43*e7b1675dSTing-Kang Chang private static final String MODE_ENCRYPT = "encrypt"; 44*e7b1675dSTing-Kang Chang private static final String MODE_DECRYPT = "decrypt"; 45*e7b1675dSTing-Kang Chang main(String[] args)46*e7b1675dSTing-Kang Chang public static void main(String[] args) throws Exception { 47*e7b1675dSTing-Kang Chang if (args.length != 4 && args.length != 5) { 48*e7b1675dSTing-Kang Chang System.err.printf("Expected 4 or 5 parameters, got %d\n", args.length); 49*e7b1675dSTing-Kang Chang System.err.println( 50*e7b1675dSTing-Kang Chang "Usage: java AeadExample encrypt/decrypt key-file input-file output-file" 51*e7b1675dSTing-Kang Chang + " [associated-data]"); 52*e7b1675dSTing-Kang Chang System.exit(1); 53*e7b1675dSTing-Kang Chang } 54*e7b1675dSTing-Kang Chang String mode = args[0]; 55*e7b1675dSTing-Kang Chang Path keyFile = Paths.get(args[1]); 56*e7b1675dSTing-Kang Chang Path inputFile = Paths.get(args[2]); 57*e7b1675dSTing-Kang Chang Path outputFile = Paths.get(args[3]); 58*e7b1675dSTing-Kang Chang byte[] associatedData = new byte[0]; 59*e7b1675dSTing-Kang Chang if (args.length == 5) { 60*e7b1675dSTing-Kang Chang associatedData = args[4].getBytes(UTF_8); 61*e7b1675dSTing-Kang Chang } 62*e7b1675dSTing-Kang Chang // Register all AEAD key types with the Tink runtime. 63*e7b1675dSTing-Kang Chang AeadConfig.register(); 64*e7b1675dSTing-Kang Chang 65*e7b1675dSTing-Kang Chang // Read the keyset into a KeysetHandle. 66*e7b1675dSTing-Kang Chang KeysetHandle handle = 67*e7b1675dSTing-Kang Chang TinkJsonProtoKeysetFormat.parseKeyset( 68*e7b1675dSTing-Kang Chang new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get()); 69*e7b1675dSTing-Kang Chang 70*e7b1675dSTing-Kang Chang // Get the primitive. 71*e7b1675dSTing-Kang Chang Aead aead = handle.getPrimitive(Aead.class); 72*e7b1675dSTing-Kang Chang 73*e7b1675dSTing-Kang Chang // Use the primitive to encrypt/decrypt files. 74*e7b1675dSTing-Kang Chang if (MODE_ENCRYPT.equals(mode)) { 75*e7b1675dSTing-Kang Chang byte[] plaintext = Files.readAllBytes(inputFile); 76*e7b1675dSTing-Kang Chang byte[] ciphertext = aead.encrypt(plaintext, associatedData); 77*e7b1675dSTing-Kang Chang Files.write(outputFile, ciphertext); 78*e7b1675dSTing-Kang Chang } else if (MODE_DECRYPT.equals(mode)) { 79*e7b1675dSTing-Kang Chang byte[] ciphertext = Files.readAllBytes(inputFile); 80*e7b1675dSTing-Kang Chang byte[] plaintext = aead.decrypt(ciphertext, associatedData); 81*e7b1675dSTing-Kang Chang Files.write(outputFile, plaintext); 82*e7b1675dSTing-Kang Chang } else { 83*e7b1675dSTing-Kang Chang System.err.println("The first argument must be either encrypt or decrypt, got: " + mode); 84*e7b1675dSTing-Kang Chang System.exit(1); 85*e7b1675dSTing-Kang Chang } 86*e7b1675dSTing-Kang Chang } 87*e7b1675dSTing-Kang Chang AeadExample()88*e7b1675dSTing-Kang Chang private AeadExample() {} 89*e7b1675dSTing-Kang Chang } 90*e7b1675dSTing-Kang Chang // [END aead-example] 91