Package org.openmuc.jdlms

Class SecurityUtils

  • public class SecurityUtils
extends java.lang.Object
    A static utility class that provides security functions.

    This class is useful if you may want to change the security setup of the remote meter.

    • Method Detail

      • keyChangeMethodParamFor

        public static MethodParameter keyChangeMethodParamFor​(byte[] masterKey,
                                                      byte[] newKey,
                                                      SecurityUtils.KeyId keyId)
        Returns the method parameter for updating a single key of a DLMS server.
        Parameters:
        masterKey - the master key, also known as KEK
        newKey - the new key to update to the DLMS server
        keyId - the type of key to update
        Returns:
        return MethodParameter for global key transfer

      • securityActivateMethodParamFor

        public static MethodParameter securityActivateMethodParamFor​(SecuritySuite.SecurityPolicy securityPolicy)
        Sets the security policy method parameter
        Parameters:
        securityPolicy - the security policy to set for
        Returns:
        return MethodParameter for security policy

      • cipherWithAes128

        public static byte[] cipherWithAes128​(byte[] masterKey,
                                      byte[] iv,
                                      byte[] bytesToCipher)
                               throws java.security.GeneralSecurityException
        Encrypts a byte array with a master key with the algorithm AES in mode CBC and no padding.
        Parameters:
        masterKey - the master key for encryption the bytesToCypher.
        iv - the initialization vector.
        bytesToCipher - the bytes to cipher.
        Returns:
        the bytesToCipher encrypted
        Throws:
        java.security.GeneralSecurityException - caused by Cipher.doFinal(byte[]) or Cipher.init(int, Key)

      • wrapAesRFC3394Key

        public static byte[] wrapAesRFC3394Key​(byte[] kek,
                                       byte[] key)
        This function wraps a key with a kek (key encryption key)
        Parameters:
        kek - the key encryption key for wrapping the key
        key - the key to wrap
        Returns:
        returns a with kek wrapped key

      • unwrapAesRFC3394Key

        public static byte[] unwrapAesRFC3394Key​(byte[] kek,
                                         byte[] wrappedKey)
                                  throws org.bouncycastle.crypto.InvalidCipherTextException
        This function unwraps a wrapped key with the kek (key encryption key)
        Parameters:
        kek - the key encryption key for unwrapping the wrapped key
        wrappedKey - the wrapped key to unwrap
        Returns:
        returns a unwrapped key
        Throws:
        org.bouncycastle.crypto.InvalidCipherTextException - will thrown if something unexpected is in the wrappedKey

      • generateAES128Key

        public static byte[] generateAES128Key()
        Generates a random AES 128 key
        Returns:
        returns a random AES 128 key

      • generateAES256Key

        public static byte[] generateAES256Key()
        Generates a random AES 256 key
        Returns:
        returns a random AES 128 key