Skip to content

Commit

Permalink
RSA 알고리즘 변경 / GCM iv 길이 변경(128->96bit)
Browse files Browse the repository at this point in the history
  • Loading branch information
kaifer committed May 9, 2022
1 parent f71d5e4 commit 5d97e3b
Show file tree
Hide file tree
Showing 6 changed files with 17 additions and 50 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ JAVA 1.8버전 사용자들을 위한 세션키 발급 및 개인정보 암복

예시)
```
<version>0.0.2</version>
<version>0.0.3</version>
```

pom.xml 을 사용하시면 아래와 같이 추가해주세요.
Expand Down
3 changes: 2 additions & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ plugins {
}

group 'com.github.toss'
version '0.0.2'
version '0.0.3'

sourceCompatibility = JavaVersion.VERSION_1_7
targetCompatibility = JavaVersion.VERSION_1_7
Expand All @@ -18,6 +18,7 @@ shadowJar {
}

repositories {
mavenLocal()
mavenCentral()
maven { url = uri("https://jitpack.io") }
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/im/toss/cert/sdk/RSACipher.java
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ static private PublicKey getPublicKeyFromBase64Encrypted(String base64PublicKey)
String encrypt(String plainText)
throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException,
BadPaddingException, IllegalBlockSizeException {
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);

byte[] bytePlain = cipher.doFinal(plainText.getBytes());
Expand Down
6 changes: 6 additions & 0 deletions src/main/java/im/toss/cert/sdk/SecureKeyGenerator.java
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,10 @@ static String generateKey(int aesKeyBitLength) throws NoSuchAlgorithmException {
keyGenerator.init(aesKeyBitLength, new SecureRandom());
return Base64Utils.encodeToString(keyGenerator.generateKey().getEncoded());
}

static String generateRandomBytes(int lengthInBits) {
byte[] bytes = new byte[lengthInBits / 8];
new SecureRandom().nextBytes(bytes);
return Base64Utils.encodeToString(bytes);
}
}
7 changes: 6 additions & 1 deletion src/main/java/im/toss/cert/sdk/TossCertSessionGenerator.java
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,12 @@ public TossCertSession generate(AESAlgorithm algorithm) {
try {
String id = UUID.randomUUID().toString();
String secretKey = SecureKeyGenerator.generateKey(256);
String iv = SecureKeyGenerator.generateKey(128);
String iv;
if (algorithm == AESAlgorithm.AES_GCM) {
iv = SecureKeyGenerator.generateRandomBytes(96);
} else {
iv = SecureKeyGenerator.generateKey(128);
}
String encryptedSessionKey = buildEncryptSessionKeyPart(algorithm, secretKey, iv);
return new TossCertSession(version, id, algorithm, secretKey, iv, encryptedSessionKey);
} catch (Exception e) {
Expand Down
47 changes: 1 addition & 46 deletions src/test/java/im/toss/cert/sdk/TossCertSessionTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ public void test() {

// 4. 요청 파라미터에 추가해주세요.
String sessionKey = tossCertSession.getSessionKey();
System.out.println("sessionKey: " + sessionKey);
// String userName = encryptedUserName;

// 5. 응답을 받은 경우, 요청을 보낼 때 생성했던 tossCertSession 을 가지고 있어야 합니다.
Expand All @@ -30,50 +31,4 @@ public void test() {

Assertions.assertEquals(decryptedUserName, userName);
}

@Test
public void cbcTest() {
// 1. 세션 생성기를 사전에 생성해 주세요.
TossCertSessionGenerator tossCertSessionGenerator = new TossCertSessionGenerator();

// 2. 인증 요청(개인정보가 포함된 경우) API 호출 전에, 세션을 생성해 주세요.
TossCertSession tossCertSession = tossCertSessionGenerator.generate(AESAlgorithm.AES_CBC);

// 3. 개인정보를 암호화 해주세요.
String userName = "소중한 개인정보 입니다";
String encryptedUserName = tossCertSession.encrypt(userName);
System.out.println("encryptedUserName: " + encryptedUserName);

// 4. 요청 파라미터에 추가해주세요.
String sessionKey = tossCertSession.getSessionKey();
// String userName = encryptedUserName;

// 5. 응답을 받은 경우, 요청을 보낼 때 생성했던 tossCertSession 을 가지고 있어야 합니다.
// encryptedUserName 가 응답을 받은 암호화된 userName 이라고 가정합니다.
String decryptedUserName = tossCertSession.decrypt(encryptedUserName);

// 6. decryptedUserName 은 무결성 검증까지 완료되어 있습니다.
System.out.println("decryptedUserName: " + decryptedUserName);

Assertions.assertEquals(decryptedUserName, userName);
}

@Test
public void deserializeTest() {
// 1. 세션 생성기를 사전에 생성해 주세요.
TossCertSessionGenerator tossCertSessionGenerator = new TossCertSessionGenerator();

TossCertSession tossCertSession = tossCertSessionGenerator.generate();

// 2. DB 혹은 다른 저장소에 저장이 필요한 경우, serialize 를 이용해주세요(민감한 정보이므로 저장시 추가 암호화를 해주세요!!).
String serialized = tossCertSession.serializeSession();

// 3. deserialize
TossCertSession deserializedTossCertSession = tossCertSessionGenerator.deserialize(serialized);

// 검증
String plainText = "검증용 문자열";
String encryptedText = tossCertSession.encrypt(plainText);
Assertions.assertEquals(tossCertSession.decrypt(encryptedText), deserializedTossCertSession.decrypt(encryptedText));
}
}

0 comments on commit 5d97e3b

Please sign in to comment.