public static boolean isKeyedCipher(String algorithm) { EncryptionMethod em = EncryptionMethod.forAlgorithm(algorithm); return em != null && em.isKeyedCipher(); }
public static boolean isPBECipher(String algorithm) { EncryptionMethod em = EncryptionMethod.forAlgorithm(algorithm); return em != null && em.isPBECipher(); }
private byte[] decryptKeyed(byte[] cipherBytes) { KeyedCipherProvider keyedcp = (KeyedCipherProvider) cipherProvider; // Generate cipher try { int ivLength = 16; byte[] iv = new byte[ivLength]; System.arraycopy(cipherBytes, 0, iv, 0, ivLength); byte[] actualCipherBytes = Arrays.copyOfRange(cipherBytes, ivLength, cipherBytes.length); Cipher cipher = keyedcp.getCipher(EncryptionMethod.forAlgorithm(algorithm), key, iv, false); // Encrypt the plaintext return cipher.doFinal(actualCipherBytes); } catch (Exception e) { throw new EncryptionException("Could not decrypt sensitive value", e); } }
private byte[] encryptKeyed(String plaintext) { KeyedCipherProvider keyedcp = (KeyedCipherProvider) cipherProvider; // Generate cipher try { SecureRandom sr = new SecureRandom(); byte[] iv = new byte[16]; sr.nextBytes(iv); Cipher cipher = keyedcp.getCipher(EncryptionMethod.forAlgorithm(algorithm), key, iv, true); // Encrypt the plaintext byte[] cipherBytes = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8)); // Combine the output return CryptoUtils.concatByteArrays(iv, cipherBytes); } catch (Exception e) { throw new EncryptionException("Could not encrypt sensitive value", e); } }
private byte[] decryptPBE(byte[] cipherBytes) { PBECipherProvider pbecp = (PBECipherProvider) cipherProvider; final EncryptionMethod encryptionMethod = EncryptionMethod.forAlgorithm(algorithm); // Extract salt int saltLength = CipherUtility.getSaltLengthForAlgorithm(algorithm); byte[] salt = new byte[saltLength]; System.arraycopy(cipherBytes, 0, salt, 0, saltLength); byte[] actualCipherBytes = Arrays.copyOfRange(cipherBytes, saltLength, cipherBytes.length); // Determine necessary key length int keyLength = CipherUtility.parseKeyLengthFromAlgorithm(algorithm); // Generate cipher try { Cipher cipher = pbecp.getCipher(encryptionMethod, new String(password.getPassword()), salt, keyLength, false); // Write IV if necessary (allows for future use of PBKDF2, Bcrypt, or Scrypt) // byte[] iv = new byte[0]; // if (cipherProvider instanceof RandomIVPBECipherProvider) { // iv = cipher.getIV(); // } // Decrypt the plaintext return cipher.doFinal(actualCipherBytes); } catch (Exception e) { throw new EncryptionException("Could not decrypt sensitive value", e); } }
private byte[] encryptPBE(String plaintext) { PBECipherProvider pbecp = (PBECipherProvider) cipherProvider; final EncryptionMethod encryptionMethod = EncryptionMethod.forAlgorithm(algorithm); // Generate salt byte[] salt; // NiFi legacy code determined the salt length based on the cipher block size if (pbecp instanceof org.apache.nifi.security.util.crypto.NiFiLegacyCipherProvider) { salt = ((org.apache.nifi.security.util.crypto.NiFiLegacyCipherProvider) pbecp).generateSalt(encryptionMethod); } else { salt = pbecp.generateSalt(); } // Determine necessary key length int keyLength = CipherUtility.parseKeyLengthFromAlgorithm(algorithm); // Generate cipher try { Cipher cipher = pbecp.getCipher(encryptionMethod, new String(password.getPassword()), salt, keyLength, true); // Write IV if necessary (allows for future use of PBKDF2, Bcrypt, or Scrypt) // byte[] iv = new byte[0]; // if (cipherProvider instanceof RandomIVPBECipherProvider) { // iv = cipher.getIV(); // } // Encrypt the plaintext byte[] cipherBytes = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8)); // Combine the output // byte[] rawBytes = CryptoUtils.concatByteArrays(salt, iv, cipherBytes); return CryptoUtils.concatByteArrays(salt, cipherBytes); } catch (Exception e) { throw new EncryptionException("Could not encrypt sensitive value", e); } }
try { logger.debug("Decrypting provenance record " + recordId + " with key ID " + metadata.keyId); EncryptionMethod method = EncryptionMethod.forAlgorithm(metadata.algorithm); Cipher cipher = initCipher(method, Cipher.DECRYPT_MODE, keyProvider.getKey(metadata.keyId), metadata.ivBytes);
public static boolean isPBECipher(String algorithm) { EncryptionMethod em = EncryptionMethod.forAlgorithm(algorithm); return em != null && em.isPBECipher(); }
public static boolean isKeyedCipher(String algorithm) { EncryptionMethod em = EncryptionMethod.forAlgorithm(algorithm); return em != null && em.isKeyedCipher(); }
try { logger.debug("Decrypting provenance record " + recordId + " with key ID " + metadata.keyId); EncryptionMethod method = EncryptionMethod.forAlgorithm(metadata.algorithm); Cipher cipher = initCipher(method, Cipher.DECRYPT_MODE, keyProvider.getKey(metadata.keyId), metadata.ivBytes);