Single Purpose Keys

The TruValidate Multifactor Authentication Service SDKs allow for the use of separate keys for encryption and signing. While this is an optional step, separate keys for encryption and signing is a hard requirement to comply with FIPS 140 standards in the event of working within a FIPS 140 compliant organization (more info here: AAL2 FIPS Compliance).

Configuring a Factory to Utilize Single Purpose Keys

In order to utilize single purpose keys within the SDKs, a factory may be instantiated with multiple keys, as shown below. While this is an optional step, separate keys for encryption and signing is a hard requirement to comply with FIPS 140 standards. You can read more about FIPS compliance here AAL2 FIPS Compliance.

import com.iovation.launchkey.sdk.FactoryFactory;
import com.iovation.launchkey.sdk.FactoryFactoryBuilder;
import com.iovation.launchkey.sdk.client.OrganizationFactory;
import com.iovation.launchkey.sdk.crypto.JCECrypto;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import java.security.Provider;
import java.security.interfaces.RSAPrivateKey;
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.IOException;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

...

private RSAPrivateKey getPrivateKey(Provider provider, String fileName) throws IOException {
    StringBuilder sb = new StringBuilder();

    BufferedReader reader = new BufferedReader(new FileReader(fileName));
    String line = reader.readLine();

    while (line != null) {
        sb.append(line);
        sb.append("\n");
        line = reader.readLine();
    }

    String privateKey = sb.toString();

    return jceCrypto.getRSAPrivateKeyFromPEM(provider, privateKey);
}

...

String organizationId = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"

Provider provider = new BouncyCastleProvider();
FactoryFactory factoryFactory = new FactoryFactoryBuilder()
    .setJCEProvider(provider)
    .setRequestExpiresSeconds(1)
    .build();

RSAPrivateKey encryptionKey = getPrivateKey(provider, "path_to_encryption_key.pem");
String encryptionKeyFingerprint = jceCrypto.getRsaPublicKeyFingerprint(provider, encryptionKey);

RSAPrivateKey signatureKey = getPrivateKey(provider, "path_to_signature_key.pem");
String signatureKeyFingerprint = jceCrypto.getRsaPublicKeyFingerprint(provider, signatureKey);

Map<String, RSAPrivateKey> keys = new ConcurrentHashMap<>();
keys.put(encryptionKeyFingerprint, encryptionKey);
keys.put(signatureKeyFingerprint, signatureKey);

organizationFactory = factoryFactory.makeOrganizationFactory(organizationId, keys, signatureKeyFingerprint);

User Contributed

TransUnion links to user contributed code as a resource to its community. TransUnion does not in any way guarantee or warrant the quality and security of these code bases. User contributed code is supported by the creators. If you do find a link from the site to user contributed code that is malicious or inappropriate in any way, please report that link to TransUnion immediately and we will investigate the claim. Submit any issue to TransUnion support at https://transunion.com/support. ×