public byte[] decrypt(byte[] encryptedBytes) { synchronized (this.decryptor) { byte[] iv = iv(encryptedBytes); initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv)); return doFinal( this.decryptor, this.ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes, iv.length) : encryptedBytes); } }
/** * Creates a text encryptor that uses "standard" password-based encryption. Encrypted * text is hex-encoded. * * @param password the password used to generate the encryptor's secret key; should * not be shared * @see Encryptors#standard(CharSequence, CharSequence) */ public static TextEncryptor text(CharSequence password, CharSequence salt) { return new HexEncodingTextEncryptor(standard(password, salt)); }
/** * Creates a text encryptor that uses "stronger" password-based encryption. Encrypted * text is hex-encoded. * * @param password the password used to generate the encryptor's secret key; should * not be shared * @see Encryptors#stronger(CharSequence, CharSequence) */ public static TextEncryptor delux(CharSequence password, CharSequence salt) { return new HexEncodingTextEncryptor(stronger(password, salt)); }
public byte[] encrypt(byte[] bytes) { synchronized (this.encryptor) { byte[] iv = this.ivGenerator.generateKey(); initCipher(this.encryptor, Cipher.ENCRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv)); byte[] encrypted = doFinal(this.encryptor, bytes); return this.ivGenerator != NULL_IV_GENERATOR ? concatenate(iv, encrypted) : encrypted; } }
/** * Creates an encryptor for queryable text strings that uses standard password-based * encryption. Uses a 16-byte all-zero initialization vector so encrypting the same * data results in the same encryption result. This is done to allow encrypted data to * be queried against. Encrypted text is hex-encoded. * * @param password the password used to generate the encryptor's secret key; should * not be shared * @param salt a hex-encoded, random, site-global salt value to use to generate the * secret key */ public static TextEncryptor queryableText(CharSequence password, CharSequence salt) { return new HexEncodingTextEncryptor(new AesBytesEncryptor(password.toString(), salt)); }
@Test public void bouncyCastleAesGcmWithPredictableIvEquvalent() throws Exception { CryptoAssumptions.assumeGCMJCE(); BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt, new PredictableRandomBytesKeyGenerator(16)); BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, new PredictableRandomBytesKeyGenerator(16), CipherAlgorithm.GCM); testEquivalence(bcEncryptor, jceEncryptor); }
@Test public void bouncyCastleAesGcmWithSecureIvCompatible() throws Exception { CryptoAssumptions.assumeGCMJCE(); BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt, KeyGenerators.secureRandom(16)); BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, KeyGenerators.secureRandom(16), CipherAlgorithm.GCM); testCompatibility(bcEncryptor, jceEncryptor); }
@Test public void bouncyCastleAesCbcWithPredictableIvEquvalent() throws Exception { CryptoAssumptions.assumeCBCJCE(); BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt, new PredictableRandomBytesKeyGenerator(16)); BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, new PredictableRandomBytesKeyGenerator(16)); testEquivalence(bcEncryptor, jceEncryptor); }
@Test public void bouncyCastleAesCbcWithSecureIvCompatible() throws Exception { CryptoAssumptions.assumeCBCJCE(); BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt, KeyGenerators.secureRandom(16)); BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt, KeyGenerators.secureRandom(16)); testCompatibility(bcEncryptor, jceEncryptor); }
/** * Initializes the Cipher for use. */ public static void initCipher(Cipher cipher, int mode, SecretKey secretKey) { initCipher(cipher, mode, secretKey, null); }
@Test public void bcGcmWithSecureIvGeneratesDifferentMessages() throws Exception { BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt); generatesDifferentCipherTexts(bcEncryptor); }
@Test public void bcCbcWithSecureIvGeneratesDifferentMessages() throws Exception { BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt); generatesDifferentCipherTexts(bcEncryptor); }
public static void assumeGCMJCE() { assumeAes256(CipherAlgorithm.GCM); }
public byte[] decrypt(byte[] encryptedBytes) { synchronized (this.decryptor) { byte[] iv = iv(encryptedBytes); initCipher(this.decryptor, Cipher.DECRYPT_MODE, this.secretKey, this.alg.getParameterSpec(iv)); return doFinal( this.decryptor, this.ivGenerator != NULL_IV_GENERATOR ? encrypted(encryptedBytes, iv.length) : encryptedBytes); } }
/** * Creates a text encryptor that uses "standard" password-based encryption. Encrypted * text is hex-encoded. * * @param password the password used to generate the encryptor's secret key; should * not be shared * @see Encryptors#standard(CharSequence, CharSequence) */ public static TextEncryptor text(CharSequence password, CharSequence salt) { return new HexEncodingTextEncryptor(standard(password, salt)); }
/** * Creates a text encryptor that uses "stronger" password-based encryption. Encrypted * text is hex-encoded. * * @param password the password used to generate the encryptor's secret key; should * not be shared * @see Encryptors#stronger(CharSequence, CharSequence) */ public static TextEncryptor delux(CharSequence password, CharSequence salt) { return new HexEncodingTextEncryptor(stronger(password, salt)); }
/** * Initializes the Cipher for use. */ public static void initCipher(Cipher cipher, int mode, SecretKey secretKey) { initCipher(cipher, mode, secretKey, null); }
public static void assumeCBCJCE() { assumeAes256(CipherAlgorithm.CBC); }