1 /** 2 * Copyright 2021 Google LLC 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 5 * in compliance with the License. You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software distributed under the License 10 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 11 * or implied. See the License for the specific language governing permissions and limitations under 12 * the License. 13 */ 14 // [START hybrid-example] 15 package hybrid; 16 17 import static java.nio.charset.StandardCharsets.UTF_8; 18 19 import com.google.crypto.tink.HybridDecrypt; 20 import com.google.crypto.tink.HybridEncrypt; 21 import com.google.crypto.tink.InsecureSecretKeyAccess; 22 import com.google.crypto.tink.KeysetHandle; 23 import com.google.crypto.tink.RegistryConfiguration; 24 import com.google.crypto.tink.TinkJsonProtoKeysetFormat; 25 import com.google.crypto.tink.hybrid.HybridConfig; 26 import java.nio.file.Files; 27 import java.nio.file.Path; 28 import java.nio.file.Paths; 29 30 /** 31 * A command-line utility for hybrid encryption. 32 * 33 * <p>It loads cleartext keys from disk - this is not recommended! 34 * 35 * <p>It requires the following arguments: 36 * 37 * <ul> 38 * <li>mode: either 'encrypt' or 'decrypt'. 39 * <li>key-file: Read the key material from this file. 40 * <li>input-file: Read the input from this file. 41 * <li>output-file: Write the result to this file. 42 * <li>[optional] contex-info: Bind the encryption to this context info. 43 */ 44 public final class HybridExample { main(String[] args)45 public static void main(String[] args) throws Exception { 46 if (args.length != 4 && args.length != 5) { 47 System.err.printf("Expected 4 or 5 parameters, got %d\n", args.length); 48 System.err.println( 49 "Usage: java HybridExample encrypt/decrypt key-file input-file output-file context-info"); 50 System.exit(1); 51 } 52 53 String mode = args[0]; 54 if (!mode.equals("encrypt") && !mode.equals("decrypt")) { 55 System.err.println("Incorrect mode. Please select encrypt or decrypt."); 56 System.exit(1); 57 } 58 Path keyFile = Paths.get(args[1]); 59 Path inputFile = Paths.get(args[2]); 60 byte[] input = Files.readAllBytes(inputFile); 61 Path outputFile = Paths.get(args[3]); 62 byte[] contextInfo = new byte[0]; 63 if (args.length == 5) { 64 contextInfo = args[4].getBytes(UTF_8); 65 } 66 67 // Register all hybrid encryption key types with the Tink runtime. 68 HybridConfig.register(); 69 70 // Read the keyset into a KeysetHandle. 71 KeysetHandle handle = 72 TinkJsonProtoKeysetFormat.parseKeyset( 73 new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get()); 74 75 if (mode.equals("encrypt")) { 76 // Get the primitive. 77 HybridEncrypt encryptor = 78 handle.getPrimitive(RegistryConfiguration.get(), HybridEncrypt.class); 79 80 // Use the primitive to encrypt data. 81 byte[] ciphertext = encryptor.encrypt(input, contextInfo); 82 Files.write(outputFile, ciphertext); 83 } else { 84 HybridDecrypt decryptor = 85 handle.getPrimitive(RegistryConfiguration.get(), HybridDecrypt.class); 86 87 // Use the primitive to decrypt data. 88 byte[] plaintext = decryptor.decrypt(input, contextInfo); 89 Files.write(outputFile, plaintext); 90 } 91 } 92 HybridExample()93 private HybridExample() {} 94 } 95 // [END hybrid-example] 96