/** * Sets the transformation string mode to be used for streaming operations only. The default value is * {@link OperationMode#CBC CBC} for reasons described in the class-level JavaDoc in the {@code Streaming} section. * * @param mode the transformation string mode to be used for streaming operations only */ public void setStreamingMode(OperationMode mode) { setStreamingModeName(mode.name()); }
public void setStreamingPaddingScheme(PaddingScheme scheme) { setStreamingPaddingSchemeName(scheme.getTransformationName()); }
protected SecureRandom ensureSecureRandom() { SecureRandom random = getSecureRandom(); if (random == null) { random = getDefaultSecureRandom(); } return random; }
public ByteSource nextBytes() { return nextBytes(getDefaultNextBytesSize()); }
ByteSource salt = new SecureRandomNumberGenerator().nextBytes(); new Sha512Hash(password, salt).toBase64();
private String buildTransformationString() { return buildTransformationString(getModeName(), getPaddingSchemeName(), getBlockSize()); }
public ByteSource encrypt(byte[] plaintext, byte[] key) { byte[] ivBytes = null; boolean generate = isGenerateInitializationVectors(false); if (generate) { ivBytes = generateInitializationVector(false); if (ivBytes == null || ivBytes.length == 0) { throw new IllegalStateException("Initialization vector generation is enabled - generated vector" + "cannot be null or empty."); } } return encrypt(plaintext, key, ivBytes, generate); }
/** * Overrides the parent implementation to ensure initialization vectors are always generated if streaming is * enabled (block ciphers <em>must</em> use initialization vectors if they are to be used as a stream cipher). If * not being used as a stream cipher, then the value is computed based on whether or not the currently configured * {@link #getModeName modeName} is compatible with initialization vectors as well as the result of the configured * {@link #setGenerateInitializationVectors(boolean) generateInitializationVectors} value. * * @param streaming whether or not streaming is being performed * @return {@code true} if streaming or a value computed based on if the currently configured mode is compatible * with initialization vectors. */ @Override protected boolean isGenerateInitializationVectors(boolean streaming) { return streaming || super.isGenerateInitializationVectors() && isModeInitializationVectorCompatible(getModeName()); }
private String buildStreamingTransformationString() { return buildTransformationString(getStreamingModeName(), getStreamingPaddingSchemeName(), 0); }
/** * Generates a new {@link java.security.Key Key} suitable for this CipherService's {@link #getAlgorithmName() algorithm} * by calling {@link #generateNewKey(int) generateNewKey(128)} (uses a 128 bit size by default). * * @return a new {@link java.security.Key Key}, 128 bits in length. */ public Key generateNewKey() { return generateNewKey(getKeySize()); }
public void decrypt(InputStream in, OutputStream out, byte[] key) throws CryptoException { decrypt(in, out, key, isGenerateInitializationVectors(true)); }
/** * Creates a new {@link DefaultBlockCipherService} using the specified block cipher {@code algorithmName}. Per this * class's JavaDoc, this constructor also sets the following defaults: * <ul> * <li>{@code streamingMode} = {@link OperationMode#CBC CBC}</li> * <li>{@code streamingPaddingScheme} = {@link PaddingScheme#NONE none}</li> * <li>{@code streamingBlockSize} = 8</li> * </ul> * All other attributes are null/unset, indicating the JCA Provider defaults will be used. * * @param algorithmName the block cipher algorithm to use when encrypting and decrypting */ public DefaultBlockCipherService(String algorithmName) { super(algorithmName); this.modeName = OperationMode.CBC.name(); this.paddingSchemeName = PaddingScheme.PKCS5.getTransformationName(); this.blockSize = DEFAULT_BLOCK_SIZE; //0 = use the JCA provider's default this.streamingModeName = OperationMode.CBC.name(); this.streamingPaddingSchemeName = PaddingScheme.PKCS5.getTransformationName(); this.streamingBlockSize = DEFAULT_STREAMING_BLOCK_SIZE; }
/** * Sets the cipher operation mode of operation to be used when constructing the * {@link javax.crypto.Cipher Cipher} transformation string. A {@code null} value indicates that the JCA Provider * default mode for the specified {@link #getAlgorithmName() algorithm} should be used. * <p/> * This attribute is used <em>only</em> when constructing the transformation string for block (byte array) * operations ({@link #encrypt(byte[], byte[])} and {@link #decrypt(byte[], byte[])}). The * {@link #setStreamingMode streamingMode} attribute is used when the block cipher is used for * streaming operations. * <p/> * If the {@link OperationMode} enum cannot represent your desired mode, you can set the name explicitly * via the {@link #setModeName modeName} attribute directly. However, because {@link OperationMode} represents all * standard JDK mode names already, ensure that your underlying JCA Provider supports the non-standard name first. * * @param mode the cipher operation mode to be used when constructing * {@link javax.crypto.Cipher Cipher} transformation string, or {@code null} if the JCA Provider * default mode for the specified {@link #getAlgorithmName() algorithm} should be used. */ public void setMode(OperationMode mode) { setModeName(mode.name()); }
private void encrypt(InputStream in, OutputStream out, byte[] key, byte[] iv, boolean prependIv) throws CryptoException { if (prependIv && iv != null && iv.length > 0) { try { //first write the IV: out.write(iv); } catch (IOException e) { throw new CryptoException(e); } } crypt(in, out, key, iv, javax.crypto.Cipher.ENCRYPT_MODE); }
/** * Sets the padding scheme to be used when constructing the * {@link javax.crypto.Cipher Cipher} transformation string. A {@code null} value indicates that the JCA Provider * default padding scheme for the specified {@link #getAlgorithmName() algorithm} should be used. * <p/> * This attribute is used <em>only</em> when constructing the transformation string for block (byte array) * operations ({@link #encrypt(byte[], byte[])} and {@link #decrypt(byte[], byte[])}). The * {@link #setStreamingPaddingScheme streamingPaddingScheme} attribute is used when the block cipher is used for * streaming operations. * <p/> * If the {@link PaddingScheme PaddingScheme} enum does represent your desired scheme, you can set the name explicitly * via the {@link #setPaddingSchemeName paddingSchemeName} attribute directly. However, because * {@code PaddingScheme} represents all standard JDK scheme names already, ensure that your underlying JCA Provider * supports the non-standard name first. * * @param paddingScheme the padding scheme to be used when constructing * {@link javax.crypto.Cipher Cipher} transformation string, or {@code null} if the JCA Provider * default padding scheme for the specified {@link #getAlgorithmName() algorithm} should be used. */ public void setPaddingScheme(PaddingScheme paddingScheme) { setPaddingSchemeName(paddingScheme.getTransformationName()); }
/** * Returns the transformation string to use with the {@link javax.crypto.Cipher#getInstance} invocation when * creating a new {@code Cipher} instance. This default implementation always returns * {@link #getAlgorithmName() getAlgorithmName()}. Block cipher implementations will want to override this method * to support appending cipher operation modes and padding schemes. * * @param streaming if the transformation string is going to be used for a Cipher for stream-based encryption or not. * @return the transformation string to use with the {@link javax.crypto.Cipher#getInstance} invocation when * creating a new {@code Cipher} instance. */ protected String getTransformationString(boolean streaming) { return getAlgorithmName(); }
protected boolean isGenerateInitializationVectors(boolean streaming) { return isGenerateInitializationVectors(); }
private void decrypt(InputStream in, OutputStream out, byte[] decryptionKey, byte[] iv) throws CryptoException { crypt(in, out, decryptionKey, iv, javax.crypto.Cipher.DECRYPT_MODE); }
public void encrypt(InputStream in, OutputStream out, byte[] key) throws CryptoException { byte[] iv = null; boolean generate = isGenerateInitializationVectors(true); if (generate) { iv = generateInitializationVector(true); if (iv == null || iv.length == 0) { throw new IllegalStateException("Initialization vector generation is enabled - generated vector" + "cannot be null or empty."); } } encrypt(in, out, key, iv, generate); }