|
7 | 7 | import java.security.GeneralSecurityException; |
8 | 8 | import java.security.Key; |
9 | 9 | import java.security.KeyStore; |
| 10 | +import java.security.KeyStore.PasswordProtection; |
| 11 | +import java.security.KeyStore.SecretKeyEntry; |
10 | 12 | import java.security.KeyStoreException; |
11 | 13 | import java.security.NoSuchAlgorithmException; |
12 | 14 | import java.security.UnrecoverableKeyException; |
13 | 15 |
|
14 | 16 | import javax.crypto.SecretKey; |
| 17 | +import javax.crypto.spec.PBEParameterSpec; |
15 | 18 | import javax.crypto.spec.SecretKeySpec; |
16 | 19 |
|
| 20 | +import convex.core.Constants; |
17 | 21 | import convex.core.util.Utils; |
18 | 22 |
|
19 | 23 |
|
@@ -126,8 +130,17 @@ public static KeyStore setKeyPair(KeyStore ks, String alias, AKeyPair kp, char[] |
126 | 130 | if (keyPassword == null) throw new IllegalArgumentException("Password is mandatory for private key"); |
127 | 131 |
|
128 | 132 | byte[] bs=((AKeyPair)kp).getSeed().getBytes(); |
129 | | - SecretKey secretKeyPrivate = new SecretKeySpec(bs, "Ed25519"); |
130 | | - ks.setKeyEntry(alias, secretKeyPrivate, keyPassword, null); |
| 133 | + SecretKey secretKeySeed = new SecretKeySpec(bs, "Ed25519"); |
| 134 | + |
| 135 | + // See https://neilmadden.blog/2017/11/17/java-keystores-the-gory-details/ |
| 136 | + SecretKeyEntry keyEntry=new SecretKeyEntry(secretKeySeed); |
| 137 | + byte[] salt=new byte[20]; |
| 138 | + |
| 139 | + PasswordProtection protection= new PasswordProtection(keyPassword, |
| 140 | + "PBEWithHmacSHA512AndAES_128", |
| 141 | + new PBEParameterSpec(salt, Constants.PBE_ITERATIONS)); |
| 142 | + ks.setEntry(alias, keyEntry, protection); |
| 143 | + // ks.setKeyEntry(alias, secretKeySeed, keyPassword, null); |
131 | 144 |
|
132 | 145 | return ks; |
133 | 146 | } |
|
0 commit comments