1 /** 2 * Copyright 2021 Google LLC 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 * in compliance with the License. You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software distributed under the License 10 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 * or implied. See the License for the specific language governing permissions and limitations under 12 * the License. 13 */ 14 // [START streaming-aead-example] 15 package streamingaead; 16 17 import static java.nio.charset.StandardCharsets.UTF_8; 18 19 import com.google.crypto.tink.InsecureSecretKeyAccess; 20 import com.google.crypto.tink.KeysetHandle; 21 import com.google.crypto.tink.StreamingAead; 22 import com.google.crypto.tink.TinkJsonProtoKeysetFormat; 23 import com.google.crypto.tink.streamingaead.StreamingAeadConfig; 24 import java.io.IOException; 25 import java.nio.ByteBuffer; 26 import java.nio.channels.FileChannel; 27 import java.nio.channels.ReadableByteChannel; 28 import java.nio.channels.WritableByteChannel; 29 import java.nio.file.Files; 30 import java.nio.file.Path; 31 import java.nio.file.Paths; 32 import java.nio.file.StandardOpenOption; 33 import java.security.GeneralSecurityException; 34 35 /** 36 * A command-line utility for encrypting files with Streaming AEAD. 37 * 38 * <p>It loads cleartext keys from disk - this is not recommended! 39 * 40 * <p>It requires the following arguments: 41 * 42 * <ul> 43 * <li>mode: Can be "encrypt" or "decrypt" to encrypt/decrypt the input to the output. 44 * <li>key-file: Read the key material from this file. 45 * <li>input-file: Read the input from this file. 46 * <li>output-file: Write the result to this file. 47 * <li>[optional] associated-data: Associated data used for the encryption or decryption. 48 */ 49 public final class StreamingAeadExample { 50 private static final String MODE_ENCRYPT = "encrypt"; 51 private static final String MODE_DECRYPT = "decrypt"; 52 private static final int BLOCK_SIZE_IN_BYTES = 8 * 1024; 53 main(String[] args)54 public static void main(String[] args) throws Exception { 55 if (args.length != 4 && args.length != 5) { 56 System.err.printf("Expected 4 or 5 parameters, got %d\n", args.length); 57 System.err.println( 58 "Usage: java StreamingAeadExample encrypt/decrypt key-file input-file output-file" 59 + " [associated-data]"); 60 System.exit(1); 61 } 62 String mode = args[0]; 63 Path keyFile = Paths.get(args[1]); 64 Path inputFile = Paths.get(args[2]); 65 Path outputFile = Paths.get(args[3]); 66 byte[] associatedData = new byte[0]; 67 if (args.length == 5) { 68 associatedData = args[4].getBytes(UTF_8); 69 } 70 71 // Initalise Tink: register all Streaming AEAD key types with the Tink runtime 72 StreamingAeadConfig.register(); 73 74 // Read the keyset into a KeysetHandle 75 KeysetHandle handle = 76 TinkJsonProtoKeysetFormat.parseKeyset( 77 new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get()); 78 79 // Get the primitive 80 StreamingAead streamingAead = handle.getPrimitive(StreamingAead.class); 81 82 // Use the primitive to encrypt/decrypt files 83 if (MODE_ENCRYPT.equals(mode)) { 84 encryptFile(streamingAead, inputFile, outputFile, associatedData); 85 } else if (MODE_DECRYPT.equals(mode)) { 86 decryptFile(streamingAead, inputFile, outputFile, associatedData); 87 } else { 88 System.err.println("The first argument must be either encrypt or decrypt, got: " + mode); 89 System.exit(1); 90 } 91 } 92 encryptFile( StreamingAead streamingAead, Path inputFile, Path outputFile, byte[] associatedData)93 private static void encryptFile( 94 StreamingAead streamingAead, Path inputFile, Path outputFile, byte[] associatedData) 95 throws GeneralSecurityException, IOException { 96 try (WritableByteChannel plaintextChannel = 97 streamingAead.newEncryptingChannel( 98 FileChannel.open(outputFile, StandardOpenOption.WRITE, StandardOpenOption.CREATE), 99 associatedData); 100 FileChannel inputChannel = FileChannel.open(inputFile, StandardOpenOption.READ)) { 101 ByteBuffer byteBuffer = ByteBuffer.allocate(BLOCK_SIZE_IN_BYTES); 102 while (true) { 103 int read = inputChannel.read(byteBuffer); 104 if (read <= 0) { 105 return; 106 } 107 byteBuffer.flip(); 108 while (byteBuffer.hasRemaining()) { 109 plaintextChannel.write(byteBuffer); 110 } 111 byteBuffer.clear(); 112 } 113 } 114 } 115 decryptFile( StreamingAead streamingAead, Path inputFile, Path outputFile, byte[] associatedData)116 private static void decryptFile( 117 StreamingAead streamingAead, Path inputFile, Path outputFile, byte[] associatedData) 118 throws GeneralSecurityException, IOException { 119 try (ReadableByteChannel plaintextChannel = 120 streamingAead.newDecryptingChannel( 121 FileChannel.open(inputFile, StandardOpenOption.READ), associatedData); 122 FileChannel outputChannel = 123 FileChannel.open(outputFile, StandardOpenOption.WRITE, StandardOpenOption.CREATE)) { 124 ByteBuffer byteBuffer = ByteBuffer.allocate(BLOCK_SIZE_IN_BYTES); 125 while (true) { 126 int read = plaintextChannel.read(byteBuffer); 127 if (read <= 0) { 128 return; 129 } 130 byteBuffer.flip(); 131 while (byteBuffer.hasRemaining()) { 132 outputChannel.write(byteBuffer); 133 } 134 byteBuffer.clear(); 135 } 136 } 137 } 138 StreamingAeadExample()139 private StreamingAeadExample() {} 140 } 141 // [END streaming-aead-example] 142