1 /** 2 * Copyright 2021 Google LLC 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 * in compliance with the License. You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software distributed under the License 10 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 * or implied. See the License for the specific language governing permissions and limitations under 12 * the License. 13 */ 14 // [START aead-example] 15 package aead; 16 17 import static java.nio.charset.StandardCharsets.UTF_8; 18 19 import com.google.crypto.tink.Aead; 20 import com.google.crypto.tink.InsecureSecretKeyAccess; 21 import com.google.crypto.tink.KeysetHandle; 22 import com.google.crypto.tink.TinkJsonProtoKeysetFormat; 23 import com.google.crypto.tink.aead.AeadConfig; 24 import java.nio.file.Files; 25 import java.nio.file.Path; 26 import java.nio.file.Paths; 27 28 /** 29 * A command-line utility for encrypting small files with AEAD. 30 * 31 * <p>It loads cleartext keys from disk - this is not recommended! 32 * 33 * <p>It requires the following arguments: 34 * 35 * <ul> 36 * <li>mode: Can be "encrypt" or "decrypt" to encrypt/decrypt the input to the output. 37 * <li>key-file: Read the key material from this file. 38 * <li>input-file: Read the input from this file. 39 * <li>output-file: Write the result to this file. 40 * <li>[optional] associated-data: Associated data used for the encryption or decryption. 41 */ 42 public final class AeadExample { 43 private static final String MODE_ENCRYPT = "encrypt"; 44 private static final String MODE_DECRYPT = "decrypt"; 45 main(String[] args)46 public static void main(String[] args) throws Exception { 47 if (args.length != 4 && args.length != 5) { 48 System.err.printf("Expected 4 or 5 parameters, got %d\n", args.length); 49 System.err.println( 50 "Usage: java AeadExample encrypt/decrypt key-file input-file output-file" 51 + " [associated-data]"); 52 System.exit(1); 53 } 54 String mode = args[0]; 55 Path keyFile = Paths.get(args[1]); 56 Path inputFile = Paths.get(args[2]); 57 Path outputFile = Paths.get(args[3]); 58 byte[] associatedData = new byte[0]; 59 if (args.length == 5) { 60 associatedData = args[4].getBytes(UTF_8); 61 } 62 // Register all AEAD key types with the Tink runtime. 63 AeadConfig.register(); 64 65 // Read the keyset into a KeysetHandle. 66 KeysetHandle handle = 67 TinkJsonProtoKeysetFormat.parseKeyset( 68 new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get()); 69 70 // Get the primitive. 71 Aead aead = handle.getPrimitive(Aead.class); 72 73 // Use the primitive to encrypt/decrypt files. 74 if (MODE_ENCRYPT.equals(mode)) { 75 byte[] plaintext = Files.readAllBytes(inputFile); 76 byte[] ciphertext = aead.encrypt(plaintext, associatedData); 77 Files.write(outputFile, ciphertext); 78 } else if (MODE_DECRYPT.equals(mode)) { 79 byte[] ciphertext = Files.readAllBytes(inputFile); 80 byte[] plaintext = aead.decrypt(ciphertext, associatedData); 81 Files.write(outputFile, plaintext); 82 } else { 83 System.err.println("The first argument must be either encrypt or decrypt, got: " + mode); 84 System.exit(1); 85 } 86 } 87 AeadExample()88 private AeadExample() {} 89 } 90 // [END aead-example] 91