io.getlime.security.powerauth.client.activation

Class PowerAuthClientActivation

java.lang.Object

io.getlime.security.powerauth.client.activation.PowerAuthClientActivation

public class PowerAuthClientActivation
extends Object

Class implementing a cryptography used on the client side in order to complete the PowerAuth Client activation.

Author:

Petr Dvorak

Constructor Summary

Constructors

Constructor and Description
PowerAuthClientActivation()

Method Summary

Modifier and Type	Method and Description
byte[]	computeApplicationSignature(String activationIdShort, byte[] activationNonce, byte[] encryptedDevicePublicKey, byte[] applicationKey, byte[] applicationSecret) Method computes the signature of the activation data in order to prove that a correct client application is attempting to complete the activation.
int	computeDevicePublicKeyFingerprint(PublicKey devicePublicKey) Compute a fingerprint of the device public key.
PublicKey	decryptServerPublicKey(byte[] C_serverPublicKey, PrivateKey devicePrivateKey, PublicKey ephemeralPublicKey, String activationOTP, String activationIdShort, byte[] activationNonce) Decrypt server public key using activation OTP and device private key.
byte[]	encryptDevicePublicKey(PublicKey devicePublicKey, PrivateKey clientEphemeralPrivateKey, PublicKey masterPublicKey, String activationOTP, String activationIdShort, byte[] activationNonce) Encrypt a device public key using the activation OTP.
byte[]	generateActivationNonce() Generate a new activation nonce.
KeyPair	generateDeviceKeyPair() Generate a device related activation key pair.
ActivationStatusBlobInfo	getStatusFromEncryptedBlob(byte[] cStatusBlob, SecretKey transportKey) Returns an activation status from the encrypted activation blob as described in PowerAuth 2.0 Specification.
boolean	verifyActivationDataSignature(String activationIdShort, String activationOTP, byte[] signature, PublicKey masterPublicKey) Verify the signature of activation data using Master Public Key.
boolean	verifyServerDataSignature(String activationId, byte[] C_serverPublicKey, byte[] signature, PublicKey masterPublicKey) Verify signature of the encrypted activation ID and server public key using a Master Public Key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PowerAuthClientActivation

public PowerAuthClientActivation()

Method Detail

verifyActivationDataSignature

public boolean verifyActivationDataSignature(String activationIdShort,
                                             String activationOTP,
                                             byte[] signature,
                                             PublicKey masterPublicKey)
                                      throws InvalidKeyException

Verify the signature of activation data using Master Public Key. Signature is computed as the concatenation of activationIdShort and activationOTP, separated with the "-" character: activationData = activationIdShort + "-" + activationOTP

Parameters:

activationIdShort - Short activation ID.

activationOTP - Activation OTP value.

signature - Activation data signature.

masterPublicKey - Master Public Key.

Returns:

Returns "true" if the signature matches activation data, "false" otherwise.

Throws:

InvalidKeyException - If provided master public key is invalid.

generateDeviceKeyPair

public KeyPair generateDeviceKeyPair()

Generate a device related activation key pair.

Returns:

A new device key pair.

generateActivationNonce

public byte[] generateActivationNonce()

Generate a new activation nonce.

Returns:

A new activation nonce.

computeApplicationSignature

public byte[] computeApplicationSignature(String activationIdShort,
                                          byte[] activationNonce,
                                          byte[] encryptedDevicePublicKey,
                                          byte[] applicationKey,
                                          byte[] applicationSecret)

Method computes the signature of the activation data in order to prove that a correct client application is attempting to complete the activation.

Parameters:

activationIdShort - Short activation ID.

activationNonce - Client activation nonce.

encryptedDevicePublicKey - Encrypted device public key.

applicationKey - Application identifier.

applicationSecret - Application secret.

Returns:

Signature bytes.

encryptDevicePublicKey

public byte[] encryptDevicePublicKey(PublicKey devicePublicKey,
                                     PrivateKey clientEphemeralPrivateKey,
                                     PublicKey masterPublicKey,
                                     String activationOTP,
                                     String activationIdShort,
                                     byte[] activationNonce)
                              throws InvalidKeyException

Encrypt a device public key using the activation OTP.

Parameters:

devicePublicKey - Device public key to be encrypted.

clientEphemeralPrivateKey - Ephemeral private key.

masterPublicKey - Master public key.

activationOTP - Activation OTP value.

activationIdShort - Short activation ID.

activationNonce - Activation nonce, used as an initialization vector for AES encryption.

Returns:

An encrypted device public key.

Throws:

InvalidKeyException - In case provided public key is invalid.

verifyServerDataSignature

public boolean verifyServerDataSignature(String activationId,
                                         byte[] C_serverPublicKey,
                                         byte[] signature,
                                         PublicKey masterPublicKey)
                                  throws InvalidKeyException,
                                         UnsupportedEncodingException

Verify signature of the encrypted activation ID and server public key using a Master Public Key.

Parameters:

activationId - Activation ID

C_serverPublicKey - Encrypted server public key.

signature - Encrypted server public key signature.

masterPublicKey - Master Public Key.

Returns:

Returns "true" if signature matches encrypted data, "false" otherwise.

Throws:

InvalidKeyException - If provided master public key is invalid.

UnsupportedEncodingException - In case system does not support UTF-8 encoding.

decryptServerPublicKey

public PublicKey decryptServerPublicKey(byte[] C_serverPublicKey,
                                        PrivateKey devicePrivateKey,
                                        PublicKey ephemeralPublicKey,
                                        String activationOTP,
                                        String activationIdShort,
                                        byte[] activationNonce)
                                 throws InvalidKeyException

Decrypt server public key using activation OTP and device private key. As a technical component for public key encryption, an ephemeral public key is used (in order to deduce ephemeral symmetric key using ECDH).

Parameters:

C_serverPublicKey - Encrypted server public key.

devicePrivateKey - Device private key.

ephemeralPublicKey - Ephemeral public key.

activationOTP - Activation OTP value.

activationIdShort - Short activation OTP.

activationNonce - Activation nonce, used as an initialization vector for AES encryption.

Returns:

Decrypted server public key.

Throws:

InvalidKeyException - In case some of the provided keys is invalid.

computeDevicePublicKeyFingerprint

public int computeDevicePublicKeyFingerprint(PublicKey devicePublicKey)

Compute a fingerprint of the device public key. The fingerprint can be used for visual validation of an exchanged public key.

Parameters:

devicePublicKey - Public key for computing fingerprint.

Returns:

Fingerprint of the public key.

getStatusFromEncryptedBlob

public ActivationStatusBlobInfo getStatusFromEncryptedBlob(byte[] cStatusBlob,
                                                           SecretKey transportKey)
                                                    throws InvalidKeyException

Returns an activation status from the encrypted activation blob as described in PowerAuth 2.0 Specification.

Parameters:

cStatusBlob - Encrypted activation status blob

transportKey - A key used to protect the transport.

Returns:

Status information from the status blob

Throws:

InvalidKeyException - When invalid key is provided.