https://github.com/henricook/cryptoutils

Scala wrappers for JCA/BouncyCastle (Fork for scala 2.13 from Karasiq original)
https://github.com/henricook/cryptoutils

bouncycastle certificates scala ssl tls

Last synced: 5 months ago
JSON representation

Scala wrappers for JCA/BouncyCastle (Fork for scala 2.13 from Karasiq original)

• Host: GitHub
• URL: https://github.com/henricook/cryptoutils
• Owner: henricook
• License: mit
• Fork: true (Karasiq/cryptoutils)
• Created: 2019-09-12T12:45:23.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2024-04-09T15:29:55.000Z (about 2 years ago)
• Last Synced: 2024-04-24T12:13:56.348Z (about 2 years ago)
• Topics: bouncycastle, certificates, scala, ssl, tls
• Language: Scala
• Homepage:
• Size: 111 KB
• Stars: 6
• Watchers: 2
• Forks: 1
• Open Issues: 9
• Metadata Files:
  • Readme: README.MD
  • License: LICENSE

Awesome Lists containing this project

README

          
# cryptoutils [![Build Status](https://travis-ci.org/henricook/cryptoutils.svg?branch=master)](https://travis-ci.org/henricook/cryptoutils) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.henricook/cryptoutils_2.13/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.henricook/cryptoutils_2.13)

Scala wrappers for JCA/BouncyCastle classes  

Fork of karasiq/cryptoutils to add Scala 2.13 and Scala 3 support 

# How to use

Add to `build.sbt`:

```scala

libraryDependencies ++= Seq(

  "org.bouncycastle" % "bcprov-jdk15on" % "1.58",

  "org.bouncycastle" % "bcpkix-jdk15on" % "1.58",

  "com.henricook" %% "cryptoutils" % "1.5.3"

)

```

# Managing key pairs and certificates

## Generating X.509 certificate

```scala

val keyGenerator = CertificateGenerator()

// Self-signed CA certificate

val caSubject = X509Utils.subject("Example Root CA", "US", "California", "San Francisco", "Example", "Example Root CA", "ca@example.com")

val ca: TLS.CertificateKey = keyGenerator.generate(caSubject, "RSA", 2048, extensions = CertExtension.certificationAuthorityExtensions()) 

println(s"Self-signed: ${ca.certificate.getSubject}")

// CA-signed certificate

val subject = X509Utils.subject("Example Subject", "US", "California", "San Francisco", "Example", "Example", "example@example.com")

val cert: TLS.CertificateKey = keyGenerator.generate(subject, "RSA", 2048, Some(ca), BigInt(1))

println(s"CA signed: ${cert.certificate.getSubject}")

```

## X.509 certification request

```scala

val keyGenerator = CertificateGenerator()

val subject = X509Utils.subject("Example Subject", "US", "California", "San Francisco", "Example", "Example", "example@example.com")

val keyPair: java.security.KeyPair = ??? // Generate/load key pair

// Creating request

val request = keyGenerator.createRequest(keyPair, subject)

// Signing request

val ca: TLS.CertificateKey = ... // Certification authority certificate and private key

val cert: TLS.CertificateChain = keyGenerator.signRequest(request, ca) // Resulting certificate chain

```

## Verifying X.509 certificate

```scala

val verifier = CertificateVerifier(CertificateStatusProvider.CRL, ca.certificate) // Or from java trust store: CertificateVerifier.fromTrustStore(TrustStore.fromFile("example-trust.jks"), CertificateStatusProvider.CRL)

if (verifier.isChainValid(cert.certificateChain)) {

  println(s"Verified: ${cert.getSubject}")

}

```

## Using PEM files

```scala

val certificationAuthority = PEM.certificate.fromFile("ca.crt")

val myCertificate = PEM.certificate.fromFile("mycert.crt")

val keyPair = PEM.keyPair.fromFile("mykey.key")

val certKey = TLS.CertificateKey(new TLS.CertificateChain(Array(myCertificate, certificationAuthority)), keyPair)

```

## Using Java Key Store

```scala

// Open key store

val keyStore = TLSKeyStore.open("example.jks", "123456")

// Reading key

val (key, chain) = (keyStore.getKey("example"), keyStore.getCertificateChain("example"))

// Reading key set

val keySet: TLS.KeySet = keyStore.getKeySet("example")

// Adding new key

val newKey: TLS.CertificateKey = ??? // Generate key and certificate (see above)

keyStore.putKey("example-new", newKey)

// Saving to file

keyStore.saveAs("example.jks")

```

# Using TLS (transport layer security)

## TLS client

```scala

val verifier: CertificateVerifier = ??? // Certificate verifier

val clientKeySet: TLS.KeySet = ??? // Client authorization

val address = new InetSocketAddress("example.com", 443) // Server address

// Opening connection:

val clientWrapper = new TLSClientWrapper(verifier, address, clientKeySet)

val socket = clientWrapper(SocketChannel.open(address))

// ... Do read/write, etc ...

socket.close()

```

## TLS server

```scala              

val verifier: CertificateVerifier = ... // Client certificate verifier

val serverKeySet: TLS.KeySet = keyStore.getKeySet("example-server") // Server certificate is required

// Accepting connection

val serverWrapper = new TLSServerWrapper(serverKeySet, clientAuth = true, verifier)

val serverSocket = ServerSocketChannel.open()

serverSocket.bind(new InetSocketAddress("0.0.0.0", 443))

val socket = serverWrapper(serverSocket.accept())

// ... Do read/write, etc ...

socket.close()

```