aboutsummaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
Commit message (Collapse)AuthorAgeFilesLines
* Update copyrightJon Bratseth2023-10-091-1/+1
|
* Use Base62 for tokens and Base58 for keysTor Brede Vekterli2022-11-091-0/+29
| | | | | | | | * Base62 minimizes extra size overhead relative to Base64. * Base58 removes ambiguous characters from key encodings. Common for both bases is that they do not emit any characters that interfer with easily selecting them on web pages or in the CLI.
* Add X25519 private to public key extraction and use for HPKE openingTor Brede Vekterli2022-10-191-0/+9
| | | | | | | Avoids the need to pass the full key pair when opening a sealed piece of ciphertext, since we can just extract the public key on-demand. Uses BouncyCastle X25519 utils under the hood.
* Minimal implementation of RFC 9180 Hybrid Public Key Encryption (HPKE)Tor Brede Vekterli2022-10-181-0/+140
| | | | | | | | | | | | | | | | | | | | | | | | | HPKE is a hybrid encryption scheme that builds around three primitives: * A key encapsulation mechanism (KEM) * A key derivation function (KDF) * An "authenticated encryption with associated data" (AEAD) algorithm The 3-tuple (KEM, KDF, AEAD) is known as the HPKE _ciphersuite_. This implementation has certain (intentional) limitations: * Only the `DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, AES-128-GCM` ciphersuite is implemented. This is expected to be a good default choice for any internal use of this class. * Only the "base mode" (unauthenticated sender) is supported, i.e. no PSK support and no secret exporting. This implementation is only expected to be used for anonymous one-way encryption. * The API only offers single-shot encryption to keep anyone from being tempted to use it to build their own multi-message protocol on top. This entirely avoids the risk of nonce reuse caused by accidentally repeating sequence numbers. **Deprecation notice:** once BouncyCastle (or the Java crypto API) supports HPKE, this particular implementation can safely be deprecated and sent off to live on a farm.
* Add NTokenGeneratorHåkon Hallingstad2022-03-161-0/+8
|
* Update 2018 copyright notices.gjoranv2021-10-071-1/+1
|
* Allow output of PEM private keys using PKCS#8Bjørn Christian Seime2019-08-231-3/+29
|
* Use correct key factory for key typeBjørn Christian Seime2019-08-231-1/+2
|
* Add toPem(PublicKey)Bjørn Christian Seime2019-05-031-0/+10
|
* Ensure parsed keys uses 'EC' as algorithmBjørn Christian Seime2019-05-031-5/+20
| | | | Remove use of JcaPEMKeyConverter as it generated keys with 'ECDSA' as algorithm.
* Refactor into createKeyFactory() methodBjørn Christian Seime2019-05-031-3/+8
|
* Move Signature factories to separate classBjørn Christian Seime2019-05-031-37/+0
|
* BCP for Signature, to handle ECDSA keysJon Marius Venstad2019-04-301-2/+37
|
* Add support for parsing public keys to KeyUtilsJon Marius Venstad2019-04-301-0/+27
|
* Revert "Merge pull request #8370 from ↵Jon Bratseth2019-02-041-0/+1
| | | | | | | vespa-engine/revert-8308-bratseth/disallow-dash-rebased" This reverts commit 43cf4fd1ec196cb0543af73db8e3bd1f6774f0a8, reversing changes made to 14172aa5cd890445980202909d1277429e4c5a3a.
* Revert "Bratseth/disallow dash rebased"Jon Bratseth2019-02-041-1/+0
|
* Nonfunctional changes onlyJon Bratseth2019-01-311-0/+1
|
* Use 'prime256v1' curve for EC keysBjørn Christian Seime2019-01-231-0/+3
| | | | | This allows the TLS test in jrt to use elliptic curves crypto in unit tests (fixes issue where JSSE cannot find matching cipher).
* Revert "Bratseth/disallow dash "Jon Bratseth2019-01-161-1/+0
|
* Nonfunctional changes onlyJon Bratseth2019-01-101-0/+1
|
* Skip non-key objects (e.g. ec params) when parsing private key from pemBjørn Christian Seime2018-10-301-11/+18
|
* Move classes in com.yahoo.security to security-utilsBjørn Christian Seime2018-10-191-0/+129
|
* Revert "Move classes in com.yahoo.security to security-utils"Harald Musum2018-10-191-129/+0
|
* Move classes in com.yahoo.security to security-utilsBjørn Christian Seime2018-10-171-0/+129