Adding new examples and example test runner#165
Conversation
mattsb42-aws
left a comment
There was a problem hiding this comment.
Notes on the file streaming example that will apply to all.
src/examples/java/com/amazonaws/crypto/examples/FileStreamingDefaults.java
Outdated
Show resolved
Hide resolved
src/examples/java/com/amazonaws/crypto/examples/FileStreamingDefaults.java
Outdated
Show resolved
Hide resolved
src/examples/java/com/amazonaws/crypto/examples/FileStreamingDefaults.java
Outdated
Show resolved
Hide resolved
src/examples/java/com/amazonaws/crypto/examples/FileStreamingDefaults.java
Outdated
Show resolved
Hide resolved
src/examples/java/com/amazonaws/crypto/examples/OneStepDefaults.java
Outdated
Show resolved
Hide resolved
src/examples/java/com/amazonaws/crypto/examples/InMemoryStreamingDefaults.java
Outdated
Show resolved
Hide resolved
mattsb42-aws
left a comment
There was a problem hiding this comment.
Comments on KMS and multi-keyring examples. Raw keyring comments coming soon.
.../java/com/amazonaws/crypto/examples/keyring/awskms/DiscoveryDecryptWithPreferredRegions.java
Outdated
Show resolved
Hide resolved
.../java/com/amazonaws/crypto/examples/keyring/awskms/DiscoveryDecryptWithPreferredRegions.java
Outdated
Show resolved
Hide resolved
src/examples/java/com/amazonaws/crypto/examples/keyring/awskms/MultipleRegions.java
Outdated
Show resolved
Hide resolved
| // Generate an RSA key pair to use with your keyring. | ||
| // In practice, you should get this key from a secure key management system such as an HSM. | ||
| final KeyPairGenerator kg = KeyPairGenerator.getInstance("RSA"); | ||
| kg.initialize(4096); // Escrow keys should be very strong |
There was a problem hiding this comment.
As a naive reader, what does that mean? How do I know that 4096 is strong?
I like actually mentioning the key size, but we should point to a reference for what key size we recommend and why.
There was a problem hiding this comment.
What if I just say “The National Institute of Standards and Technology (NIST) recommends a minimum of 2048-bit keys for RSA” and maybe link to https://www.nist.gov/publications/transitioning-use-cryptographic-algorithms-and-key-lengths or https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf
There was a problem hiding this comment.
There was a problem hiding this comment.
Actually https://www.nist.gov/publications/transitioning-use-cryptographic-algorithms-and-key-lengths is a more readable reference and links to 56Br2 anyway
mattsb42-aws
left a comment
There was a problem hiding this comment.
A few more minor changes. Otherwise LGTM.
Very happy that we'll be running these examples in our test suite! :D
src/examples/java/com/amazonaws/crypto/examples/keyring/rawaes/RawAes.java
Outdated
Show resolved
Hide resolved
| SecureRandom rnd = new SecureRandom(); | ||
| byte[] rawKey = new byte[16]; // 128 bits | ||
| rnd.nextBytes(rawKey); | ||
| SecretKey key = new SecretKeySpec(rawKey, "AES"); |
There was a problem hiding this comment.
Should we add a note that the mode defined here (if any) does not affect the behavior of the keyring?
There was a problem hiding this comment.
Actually it does have to be AES, the keyring fails if not
src/examples/java/com/amazonaws/crypto/examples/keyring/rawrsa/PublicPrivateKeySeparate.java
Outdated
Show resolved
Hide resolved
src/examples/java/com/amazonaws/crypto/examples/keyring/rawrsa/PublicPrivateKeySeparate.java
Outdated
Show resolved
Hide resolved
|
Oh, one other thing that I forgot: How different is the process for loading a RSA key/pair from PEM/DER? Does Java provide something for that in the standard JCE toolset? |
mattsb42-aws
left a comment
There was a problem hiding this comment.
I'd like to hold off on merging until @juneb signs off on aws/aws-encryption-sdk-python#221, but other than that, this LGTM. :)
This adds example code to match the format defined in
aws/aws-encryption-sdk-python#219. Legacy tests were reverted to how they are currently in the master branch and moved to the Legacy folder
All examples are tested using JUnit5 Dynamic tests.
Check any applicable:
Legacy example code was moved to the examples/legacy package