Skip to content

Crypto actions (crypto‐lib)

Jump to bottom
Marten Rebane edited this page Jun 4, 2021 · 1 revision

High-level support for encryption/decryption.

Ability to query for recipients from ldap.sk.ee.

Decryption needs ID-card.

Searching for recipients

RecipientRepository recipientRepository = new RecipientRepository();
// search by personal code
ImmutableList<Certificate> recipients = recipientRepository.query("37101010021");
// search by common name (CN), wildcards are automatically added
ImmutableList<Certificate> recipients = recipientRepository.query("ria");

Parsing CDOC files

try {
    CryptoContainer container = CryptoContainer.open(new File("path-to-container.cdoc"));
    // contains only name of the file, no path info provided
    ImmutableList<File> dataFiles = container.dataFiles();
    // recipients
    ImmutableList<Certificate> recipients = container.recipients();
} catch (CryptoException e) {
    // opening the container failed
    e.printStackTrace();
}

Encrypting data files and creating a new CDOC container

ImmutableList<File> dataFiles = ...;
ImmutableList<Certificate> recipients = ...;
File containerFile = new File("path-to-new-container.cdoc");

try {
    CryptoContainer.encrypt(dataFiles, recipients, containerFile);
} catch (DataFilesEmptyException e) {
    // no data files provided
} catch (RecipientsEmptyException e) {
    // no recipients provided
} catch (CryptoException e) {
    // something else failed
}

Decryption of an existing CDOC container

File containerFile = new File("path-to-container.cdoc");
DecryptToken decryptToken = ...;
Certificate authCertificate = ...;
String pin1 = "1234";
File dataFilesDirectory = new File("path/to/data-files/");

try {
    CryptoContainer container = CryptoContainer.open(containerFile)
            .decrypt(decryptToken, authCertificate, pin1, dataFilesDirectory);
    // data files have absolute path to decrypted files
    ImmutableList<File> dataFiles = container.dataFiles();
} catch (Pin1InvalidException e) {
    // provided PIN1 is invalid
} catch (CertificateNotRecipientException e) {
    // provided certificate is not in recipients list
} catch (CryptoException e) {
    // something else failed
}

Example of implementing DecryptToken with Token from id-card-lib

SmartCardReader smartCardReader = ...;
Token token = Token.create(smartCardReader);

DecryptToken idCardDecryptToken = (pin1, data, ecc) -> {
    try {
        return token.decrypt(pin1, data, ecc);
    } catch (CodeVerificationException e) {
        throw new Pin1InvalidException();
    } catch (SmartCardReaderException e) {
        throw new CryptoException("Decryption failed", e);
    }
};
Clone this wiki locally