Module org.bzdev.base
Package org.bzdev.util

Class SymmetricCipher

java.lang.Object
org.bzdev.util.SymmetricCipher
public class SymmetricCipher extends Object
Implementation of a symmetric cipher using passwords.

Data is encrypted using 128 bit AES/GCM without padding. The format for the encrypted data consists of an 8 byte field containing a "salt", followed by a 12 byte field containing an initial vector, followed by the AES/GCM encrypted data. For decryption, the salt is used to reconstruct a secret key from the password, and the initial vector is used to initialize the cipher used for decryption.

Use cases include storing private keys from a key pair locally in cases where any reasonable cipher is sufficient and where performance is not an issue. This class is not meant to be a replacement for the Java APIs. For example, it would not be appropriate for encrypting a large file because the whole file would have to be read into memory before the encryption started, requiring the allocation of large arrays.

  • Constructor Summary

    Constructors
    Constructor
    Description
    SymmetricCipher()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static byte[]
    decrypt(char[] password, byte[] data)
    Decrypt data given a password.
    static byte[]
    decrypt(String password, byte[] data)
    Decrypt data given a password provided as a String.
    static char[]
    decryptToChars(char[] password, byte[] data)
    Decrypt data representing an array of characters given a password.
    static char[]
    decryptToChars(String password, byte[] data)
    Decrypt data representing an array of characters given a password provided as a String.
    static String
    decryptToString(char[] password, byte[] data)
    Decrypt data representing a String given a password.
    static String
    decryptToString(String password, byte[] data)
    Decrypt data representing a String given a password provided as a String.
    static byte[]
    encrypt(char[] password, byte[] data)
    Encrypt data given a password.
    static byte[]
    encrypt(char[] password, char[] carray)
    Encrypt an array of characters given a password.
    static byte[]
    encrypt(char[] password, String string)
    Encrypt a String given a password.
    static byte[]
    encrypt(String password, byte[] data)
    Encrypt data given a password provided as a String.
    static byte[]
    encrypt(String password, char[] carray)
    Encrypt an array of characters given a password provided as a string.
    static byte[]
    encrypt(String password, String string)
    Encrypt a String given a password provided as a String.
    static SecretKey
    getKeyFromPW(char[] pw, byte[] salt)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SymmetricCipher

      public SymmetricCipher()

  • Method Details

    • getKeyFromPW

      public static SecretKey getKeyFromPW(char[] pw, byte[] salt) throws GeneralSecurityException
      Throws:
      GeneralSecurityException

    • encrypt

      public static byte[] encrypt(char[] password, byte[] data) throws GeneralSecurityException
      Encrypt data given a password.
      Parameters:
      password - the password
      data - the data to encrypt
      Returns:
      the encrypted data
      Throws:
      GeneralSecurityException - if an error occurred

    • encrypt

      public static byte[] encrypt(String password, byte[] data) throws GeneralSecurityException
      Encrypt data given a password provided as a String. Normally one should not provide a password as a string as the string may persist in memory. This method is provided for convenience when an application runs for a trivial amount of time or when used with a scripting language that cannot support char arrays.
      Parameters:
      password - the password
      data - the data to encrypt
      Returns:
      the encrypted data
      Throws:
      GeneralSecurityException - if an error occurred

    • encrypt

      public static byte[] encrypt(char[] password, String string) throws GeneralSecurityException
      Encrypt a String given a password.
      Parameters:
      password - the password
      string - the data to encrypt
      Returns:
      the encrypted data
      Throws:
      GeneralSecurityException - if a security error occurred

    • encrypt

      public static byte[] encrypt(char[] password, char[] carray) throws GeneralSecurityException
      Encrypt an array of characters given a password. The character data will be encoded using the UTF-8 charset.
      Parameters:
      password - the password
      carray - the data to encrypt
      Returns:
      the encrypted data
      Throws:
      GeneralSecurityException - if a security error occurred

    • encrypt

      public static byte[] encrypt(String password, char[] carray) throws GeneralSecurityException
      Encrypt an array of characters given a password provided as a string. The character data will be encoded using the UTF-8 charset.
      Parameters:
      password - the password
      carray - the data to encrypt
      Returns:
      the encrypted data
      Throws:
      GeneralSecurityException - if a security error occurred

    • encrypt

      public static byte[] encrypt(String password, String string) throws GeneralSecurityException
      Encrypt a String given a password provided as a String. Normally one should not provide a password as a string as the string may persist in memory. This method is provided for convenience when an application runs for a trivial amount of time or when used with a scripting language that cannot support char arrays. The string provided as an argument will be encoded using UTF-8 before being encrypted.
      Parameters:
      password - the password
      string - the data to encrypt
      Returns:
      the encrypted data
      Throws:
      GeneralSecurityException - if a security error occurred

    • decrypt

      public static byte[] decrypt(char[] password, byte[] data) throws GeneralSecurityException
      Decrypt data given a password.
      Parameters:
      password - the password
      data - encrypted data, encrypted by encrypt(char[],byte[])
      Returns:
      the decrypted data
      Throws:
      GeneralSecurityException - if a security error occurred

    • decrypt

      public static byte[] decrypt(String password, byte[] data) throws GeneralSecurityException
      Decrypt data given a password provided as a String. Normally one should not provide a password as a string as the string may persist in memory. This method is provided for convenience when an application runs for a trivial amount of time or when used with a scripting language that cannot support char arrays but does support byte arrays.
      Parameters:
      password - the password
      data - encrypted data, encrypted by encrypt(char[],byte[])
      Returns:
      the decrypted data
      Throws:
      GeneralSecurityException - if a security error occurred

    • decryptToString

      public static String decryptToString(char[] password, byte[] data) throws GeneralSecurityException
      Decrypt data representing a String given a password.
      Parameters:
      password - the password
      data - encrypted data, encrypted by encrypt(char[],byte[])
      Returns:
      the decrypted string
      Throws:
      GeneralSecurityException - if a security error occurred

    • decryptToString

      public static String decryptToString(String password, byte[] data) throws GeneralSecurityException
      Decrypt data representing a String given a password provided as a String. Normally one should not provide a password as a string as the string may persist in memory. This method is provided for convenience when an application runs for a trivial amount of time or when used with a scripting language that cannot support char arrays but does support byte arrays.
      Parameters:
      password - the password
      data - encrypted data, encrypted by encrypt(char[],byte[])
      Returns:
      the decrypted string
      Throws:
      GeneralSecurityException - if a security error occurred

    • decryptToChars

      public static char[] decryptToChars(char[] password, byte[] data) throws GeneralSecurityException
      Decrypt data representing an array of characters given a password.
      Parameters:
      password - the password
      data - encrypted data, encrypted by encrypt(char[],byte[])
      Returns:
      the decrypted character
      Throws:
      GeneralSecurityException - if a security error occurred

    • decryptToChars

      public static char[] decryptToChars(String password, byte[] data) throws GeneralSecurityException
      Decrypt data representing an array of characters given a password provided as a String. Normally one should not provide a password as a string as the string may persist in memory. This method is provided for convenience when an application runs for a trivial amount of time or when used with a scripting language that cannot support char arrays but does support byte arrays.
      Parameters:
      password - the password
      data - encrypted data, encrypted by encrypt(char[],byte[])
      Returns:
      the decrypted character array
      Throws:
      GeneralSecurityException - if a security error occurred