/** * Creates an encryptor for queryable text strings that uses standard password-based * encryption. Uses a 16-byte all-zero initialization vector so encrypting the same * data results in the same encryption result. This is done to allow encrypted data to * be queried against. Encrypted text is hex-encoded. * * @param password the password used to generate the encryptor's secret key; should * not be shared * @param salt a hex-encoded, random, site-global salt value to use to generate the * secret key */ public static TextEncryptor queryableText(CharSequence password, CharSequence salt) { return new HexEncodingTextEncryptor(new AesBytesEncryptor(password.toString(), salt)); }
public byte[] decrypt(byte[] encryptedBytes) { synchronized (this.decryptor) { byte[] iv = iv(encryptedBytes); initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv)); return doFinal( this.decryptor, this.ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes, iv.length) : encryptedBytes); } }
@Test public void roundtripWhenUsingDefaultsThenEncryptsAndDecrypts() { CryptoAssumptions.assumeCBCJCE(); AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt); byte[] encryption = encryptor.encrypt(this.secret.getBytes()); byte[] decryption = encryptor.decrypt(encryption); assertThat(new String(decryption)).isEqualTo(this.secret); }
/** * Creates an encryptor for queryable text strings that uses standard password-based * encryption. Uses a 16-byte all-zero initialization vector so encrypting the same * data results in the same encryption result. This is done to allow encrypted data to * be queried against. Encrypted text is hex-encoded. * * @param password the password used to generate the encryptor's secret key; should * not be shared * @param salt a hex-encoded, random, site-global salt value to use to generate the * secret key */ public static TextEncryptor queryableText(CharSequence password, CharSequence salt) { return new HexEncodingTextEncryptor(new AesBytesEncryptor(password.toString(), salt)); }
public byte[] decrypt(byte[] encryptedBytes) { synchronized (this.decryptor) { byte[] iv = iv(encryptedBytes); initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv)); return doFinal( this.decryptor, this.ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes, iv.length) : encryptedBytes); } }
@Test public void roundtripWhenUsingDefaultCipherThenEncryptsAndDecrypts() { CryptoAssumptions.assumeCBCJCE(); AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt, this.generator); byte[] encryption = encryptor.encrypt(this.secret.getBytes()); assertThat(new String(Hex.encode(encryption))) .isEqualTo("4b0febebd439db7ca77153cb254520c3b7232ac29355d07869433f1ecf55fe94"); byte[] decryption = encryptor.decrypt(encryption); assertThat(new String(decryption)).isEqualTo(this.secret); }
/** * Creates a standard password-based bytes encryptor using 256 bit AES encryption. * Derives the secret key using PKCS #5's PBKDF2 (Password-Based Key Derivation * Function #2). Salts the password to prevent dictionary attacks against the key. The * provided salt is expected to be hex-encoded; it should be random and at least 8 * bytes in length. Also applies a random 16 byte initialization vector to ensure each * encrypted message will be unique. Requires Java 6. * * @param password the password used to generate the encryptor's secret key; should * not be shared * @param salt a hex-encoded, random, site-global salt value to use to generate the * key */ public static BytesEncryptor standard(CharSequence password, CharSequence salt) { return new AesBytesEncryptor(password.toString(), salt, KeyGenerators.secureRandom(16)); }
public byte[] decrypt(byte[] encryptedBytes) { synchronized (decryptor) { byte[] iv = iv(encryptedBytes); initCipher(decryptor, Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv)); return doFinal(decryptor, ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes, iv.length) : encryptedBytes); } }
@Test public void roundtripWhenUsingGcmThenEncryptsAndDecrypts() { CryptoAssumptions.assumeGCMJCE(); AesBytesEncryptor encryptor = new AesBytesEncryptor(this.password, this.hexSalt, this.generator, GCM); byte[] encryption = encryptor.encrypt(this.secret.getBytes()); assertThat(new String(Hex.encode(encryption))) .isEqualTo("4b0febebd439db7ca77153cb254520c3e4d61ae38207b4e42b820d311dc3d4e0e2f37ed5ee"); byte[] decryption = encryptor.decrypt(encryption); assertThat(new String(decryption)).isEqualTo(this.secret); }
/** * Creates a standard password-based bytes encryptor using 256 bit AES encryption with * Galois Counter Mode (GCM). Derives the secret key using PKCS #5's PBKDF2 * (Password-Based Key Derivation Function #2). Salts the password to prevent * dictionary attacks against the key. The provided salt is expected to be * hex-encoded; it should be random and at least 8 bytes in length. Also applies a * random 16 byte initialization vector to ensure each encrypted message will be * unique. Requires Java 6. * * @param password the password used to generate the encryptor's secret key; should * not be shared * @param salt a hex-encoded, random, site-global salt value to use to generate the * key * * @see #standard(CharSequence, CharSequence) which uses the slightly weaker CBC mode * (instead of GCM) */ public static BytesEncryptor stronger(CharSequence password, CharSequence salt) { return new AesBytesEncryptor(password.toString(), salt, KeyGenerators.secureRandom(16), CipherAlgorithm.GCM); }
public byte[] decrypt(byte[] encryptedBytes) { synchronized (this.decryptor) { byte[] iv = iv(encryptedBytes); initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv)); return doFinal( this.decryptor, this.ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes, iv.length) : encryptedBytes); } }
/** * Creates a standard password-based bytes encryptor using 256 bit AES encryption. * Derives the secret key using PKCS #5's PBKDF2 (Password-Based Key Derivation * Function #2). Salts the password to prevent dictionary attacks against the key. The * provided salt is expected to be hex-encoded; it should be random and at least 8 * bytes in length. Also applies a random 16 byte initialization vector to ensure each * encrypted message will be unique. Requires Java 6. * * @param password the password used to generate the encryptor's secret key; should * not be shared * @param salt a hex-encoded, random, site-global salt value to use to generate the * key */ public static BytesEncryptor standard(CharSequence password, CharSequence salt) { return new AesBytesEncryptor(password.toString(), salt, KeyGenerators.secureRandom(16)); }
public byte[] decrypt(byte[] encryptedBytes) { synchronized (this.decryptor) { byte[] iv = iv(encryptedBytes); initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv)); return doFinal( this.decryptor, this.ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes, iv.length) : encryptedBytes); } }
/** * Creates a standard password-based bytes encryptor using 256 bit AES encryption with * Galois Counter Mode (GCM). Derives the secret key using PKCS #5's PBKDF2 * (Password-Based Key Derivation Function #2). Salts the password to prevent * dictionary attacks against the key. The provided salt is expected to be * hex-encoded; it should be random and at least 8 bytes in length. Also applies a * random 16 byte initialization vector to ensure each encrypted message will be * unique. Requires Java 6. * * @param password the password used to generate the encryptor's secret key; should * not be shared * @param salt a hex-encoded, random, site-global salt value to use to generate the * key * * @see #standard(CharSequence, CharSequence) which uses the slightly weaker CBC mode * (instead of GCM) */ public static BytesEncryptor stronger(CharSequence password, CharSequence salt) { return new AesBytesEncryptor(password.toString(), salt, KeyGenerators.secureRandom(16), CipherAlgorithm.GCM); }
public byte[] decrypt(byte[] encryptedBytes) { synchronized (this.decryptor) { byte[] iv = iv(encryptedBytes); initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv)); return doFinal( this.decryptor, this.ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes, iv.length) : encryptedBytes); } }
@Test public void bouncyCastleAesCbcWithSecureIvCompatible() throws Exception { CryptoAssumptions.assumeCBCJCE(); BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt, KeyGenerators.secureRandom(16)); BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, KeyGenerators.secureRandom(16)); testCompatibility(bcEncryptor, jceEncryptor); }
@Test public void bouncyCastleAesGcmWithSecureIvCompatible() throws Exception { CryptoAssumptions.assumeGCMJCE(); BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt, KeyGenerators.secureRandom(16)); BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, KeyGenerators.secureRandom(16), CipherAlgorithm.GCM); testCompatibility(bcEncryptor, jceEncryptor); }
@Test public void bouncyCastleAesCbcWithPredictableIvEquvalent() throws Exception { CryptoAssumptions.assumeCBCJCE(); BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt, new PredictableRandomBytesKeyGenerator(16)); BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, new PredictableRandomBytesKeyGenerator(16)); testEquivalence(bcEncryptor, jceEncryptor); }
@Test public void bouncyCastleAesGcmWithPredictableIvEquvalent() throws Exception { CryptoAssumptions.assumeGCMJCE(); BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt, new PredictableRandomBytesKeyGenerator(16)); BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, new PredictableRandomBytesKeyGenerator(16), CipherAlgorithm.GCM); testEquivalence(bcEncryptor, jceEncryptor); }
/** * Creates an encryptor for queryable text strings that uses standard password-based encryption. * Uses a 16-byte all-zero initialization vector so encrypting the same data results in the same encryption result. * This is done to allow encrypted data to be queried against. * Encrypted text is hex-encoded. * * @param password the password used to generate the encryptor's secret key; should not be shared * @param salt a hex-encoded, random, site-global salt value to use to generate the secret key */ public static TextEncryptor queryableText(CharSequence password, CharSequence salt) { return new HexEncodingTextEncryptor(new AesBytesEncryptor(password.toString(), salt)); }