xref: /aosp_15_r20/external/tink/java_src/examples/deterministicaead/DeterministicAeadExample.java (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 /**
2  * Copyright 2021 Google LLC
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
5  * in compliance with the License. You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software distributed under the License
10  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11  * or implied. See the License for the specific language governing permissions and limitations under
12  * the License.
13  */
14 // [START deterministic-aead-example]
15 package deterministicaead;
16 
17 import static java.nio.charset.StandardCharsets.UTF_8;
18 
19 import com.google.crypto.tink.DeterministicAead;
20 import com.google.crypto.tink.InsecureSecretKeyAccess;
21 import com.google.crypto.tink.KeysetHandle;
22 import com.google.crypto.tink.TinkJsonProtoKeysetFormat;
23 import com.google.crypto.tink.daead.DeterministicAeadConfig;
24 import java.nio.file.Files;
25 import java.nio.file.Path;
26 import java.nio.file.Paths;
27 
28 /**
29  * A command-line utility for encrypting small files with Deterministic AEAD.
30  *
31  * <p>It loads cleartext keys from disk - this is not recommended!
32  *
33  * <p>It requires the following arguments:
34  *
35  * <ul>
36  *   <li>mode: Can be "encrypt" or "decrypt" to encrypt/decrypt the input to the output.
37  *   <li>key-file: Read the key material from this file.
38  *   <li>input-file: Read the input from this file.
39  *   <li>output-file: Write the result to this file.
40  *   <li>[optional] associated-data: Associated data used for the encryption or decryption.
41  */
42 public final class DeterministicAeadExample {
43   private static final String MODE_ENCRYPT = "encrypt";
44   private static final String MODE_DECRYPT = "decrypt";
45 
main(String[] args)46   public static void main(String[] args) throws Exception {
47     if (args.length != 4 && args.length != 5) {
48       System.err.printf("Expected 4 or 5 parameters, got %d\n", args.length);
49       System.err.println(
50           "Usage: java DeterministicAeadExample encrypt/decrypt key-file input-file output-file"
51               + " [associated-data]");
52       System.exit(1);
53     }
54     String mode = args[0];
55     Path keyFile = Paths.get(args[1]);
56     Path inputFile = Paths.get(args[2]);
57     Path outputFile = Paths.get(args[3]);
58     byte[] associatedData = new byte[0];
59     if (args.length == 5) {
60       associatedData = args[4].getBytes(UTF_8);
61     }
62 
63     // Initialise Tink: register all Deterministic AEAD key types with the Tink runtime
64     DeterministicAeadConfig.register();
65 
66     // Read the keyset into a KeysetHandle
67     KeysetHandle handle =
68         TinkJsonProtoKeysetFormat.parseKeyset(
69             new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get());
70 
71     // Get the primitive
72     DeterministicAead daead = handle.getPrimitive(DeterministicAead.class);
73 
74     // Use the primitive to encrypt/decrypt files.
75     if (MODE_ENCRYPT.equals(mode)) {
76       byte[] plaintext = Files.readAllBytes(inputFile);
77       byte[] ciphertext = daead.encryptDeterministically(plaintext, associatedData);
78       Files.write(outputFile, ciphertext);
79     } else if (MODE_DECRYPT.equals(mode)) {
80       byte[] ciphertext = Files.readAllBytes(inputFile);
81       byte[] plaintext = daead.decryptDeterministically(ciphertext, associatedData);
82       Files.write(outputFile, plaintext);
83     } else {
84       System.err.println("The first argument must be either encrypt or decrypt, got: " + mode);
85       System.exit(1);
86     }
87 
88     System.exit(0);
89   }
90 
DeterministicAeadExample()91   private DeterministicAeadExample() {}
92 }
93 // [END deterministic-aead-example]
94