org.cryptacular.util

Class CipherUtil

java.lang.Object

org.cryptacular.util.CipherUtil

public final class CipherUtil
extends Object

Utility class that performs encryption and decryption operations using a block cipher.

Author:

Middleware Services

Method Summary

Modifier and Type	Method and Description
static CiphertextHeader	decodeHeader(byte[] data, Function<String,SecretKey> keyLookup) Decodes the ciphertext header at the start of the given byte array.
static CiphertextHeader	decodeHeader(InputStream in, Function<String,SecretKey> keyLookup) Decodes the ciphertext header at the start of the given input stream.
static byte[]	decrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, byte[] data) Decrypts data using an AEAD cipher.
static void	decrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, InputStream input, OutputStream output) Decrypts data using an AEAD cipher.
static byte[]	decrypt(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, byte[] data) Decrypts data using the given block cipher with PKCS5 padding.
static void	decrypt(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, InputStream input, OutputStream output) Decrypts data using the given block cipher with PKCS5 padding.
static byte[]	encrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, Nonce nonce, byte[] data) Encrypts data using an AEAD cipher.
static void	encrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, Nonce nonce, InputStream input, OutputStream output) Encrypts data using an AEAD cipher.
static byte[]	encrypt(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, Nonce nonce, byte[] data) Encrypts data using the given block cipher with PKCS5 padding.
static void	encrypt(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, Nonce nonce, InputStream input, OutputStream output) Encrypts data using the given block cipher with PKCS5 padding.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

encrypt

public static byte[] encrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher,
                             SecretKey key,
                             Nonce nonce,
                             byte[] data)
                      throws CryptoException

Encrypts data using an AEAD cipher. A CiphertextHeaderV2 is prepended to the resulting ciphertext and used as AAD (Additional Authenticated Data) passed to the AEAD cipher.

Parameters:

cipher - AEAD cipher.

key - Encryption key.

nonce - Nonce generator.

data - Plaintext data to be encrypted.

Returns:

Concatenation of encoded CiphertextHeaderV2 and encrypted data that completely fills the returned byte array.

Throws:

CryptoException - on encryption errors.

encrypt

public static void encrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher,
                           SecretKey key,
                           Nonce nonce,
                           InputStream input,
                           OutputStream output)
                    throws CryptoException,
                           StreamException

Encrypts data using an AEAD cipher. A CiphertextHeaderV2 is prepended to the resulting ciphertext and used as AAD (Additional Authenticated Data) passed to the AEAD cipher.

Parameters:

cipher - AEAD cipher.

key - Encryption key.

nonce - Nonce generator.

input - Input stream containing plaintext data.

output - Output stream that receives a CiphertextHeaderV2 followed by ciphertext data produced by the AEAD cipher in encryption mode.

Throws:

CryptoException - on encryption errors.

StreamException - on IO errors.

decrypt

public static byte[] decrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher,
                             SecretKey key,
                             byte[] data)
                      throws CryptoException,
                             EncodingException

Decrypts data using an AEAD cipher.

Parameters:

cipher - AEAD cipher.

key - Encryption key.

data - Ciphertext data containing a prepended CiphertextHeaderV2. The header is treated as AAD input to the cipher that is verified during decryption.

Returns:

Decrypted data that completely fills the returned byte array.

Throws:

CryptoException - on encryption errors.

EncodingException - on decoding cyphertext header.

decrypt

public static void decrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher,
                           SecretKey key,
                           InputStream input,
                           OutputStream output)
                    throws CryptoException,
                           EncodingException,
                           StreamException

Decrypts data using an AEAD cipher.

Parameters:

cipher - AEAD cipher.

key - Encryption key.

input - Input stream containing a CiphertextHeaderV2 followed by ciphertext data. The header is treated as AAD input to the cipher that is verified during decryption.

output - Output stream that receives plaintext produced by block cipher in decryption mode.

Throws:

CryptoException - on encryption errors.

EncodingException - on decoding cyphertext header.

StreamException - on IO errors.

encrypt

public static byte[] encrypt(org.bouncycastle.crypto.BlockCipher cipher,
                             SecretKey key,
                             Nonce nonce,
                             byte[] data)
                      throws CryptoException

Encrypts data using the given block cipher with PKCS5 padding. A CiphertextHeaderV2 is prepended to the resulting ciphertext.

Parameters:

cipher - Block cipher.

key - Encryption key.

nonce - IV generator. Callers must take care to ensure that the length of generated IVs is equal to the cipher block size.

data - Plaintext data to be encrypted.

Returns:

Concatenation of encoded CiphertextHeaderV2 and encrypted data that completely fills the returned byte array.

Throws:

CryptoException - on encryption errors.

encrypt

public static void encrypt(org.bouncycastle.crypto.BlockCipher cipher,
                           SecretKey key,
                           Nonce nonce,
                           InputStream input,
                           OutputStream output)
                    throws CryptoException,
                           StreamException

Encrypts data using the given block cipher with PKCS5 padding. A CiphertextHeader is prepended to the resulting ciphertext.

Parameters:

cipher - Block cipher.

key - Encryption key.

nonce - IV generator. Callers must take care to ensure that the length of generated IVs is equal to the cipher block size.

input - Input stream containing plaintext data.

output - Output stream that receives ciphertext produced by block cipher in encryption mode.

Throws:

CryptoException - on encryption errors.

StreamException - on IO errors.

decrypt

public static byte[] decrypt(org.bouncycastle.crypto.BlockCipher cipher,
                             SecretKey key,
                             byte[] data)
                      throws CryptoException,
                             EncodingException

Decrypts data using the given block cipher with PKCS5 padding.

Parameters:

cipher - Block cipher.

key - Encryption key.

data - Ciphertext data containing a prepended CiphertextHeader.

Returns:

Decrypted data that completely fills the returned byte array.

Throws:

CryptoException - on encryption errors.

EncodingException - on decoding cyphertext header.

decrypt

public static void decrypt(org.bouncycastle.crypto.BlockCipher cipher,
                           SecretKey key,
                           InputStream input,
                           OutputStream output)
                    throws CryptoException,
                           EncodingException,
                           StreamException

Decrypts data using the given block cipher with PKCS5 padding.

Parameters:

cipher - Block cipher.

key - Encryption key.

input - Input stream containing a CiphertextHeader followed by ciphertext data.

output - Output stream that receives plaintext produced by block cipher in decryption mode.

Throws:

CryptoException - on encryption errors.

EncodingException - on decoding cyphertext header.

StreamException - on IO errors.

decodeHeader

public static CiphertextHeader decodeHeader(byte[] data,
                                            Function<String,SecretKey> keyLookup)

Decodes the ciphertext header at the start of the given byte array. Supports both original (deprecated) and v2 formats.

Parameters:

data - Ciphertext data with prepended header.

keyLookup - Decryption key lookup function.

Returns:

Ciphertext header instance.

decodeHeader

public static CiphertextHeader decodeHeader(InputStream in,
                                            Function<String,SecretKey> keyLookup)

Decodes the ciphertext header at the start of the given input stream. Supports both original (deprecated) and v2 formats.

Parameters:

in - Ciphertext stream that is positioned at the start of the ciphertext header.

keyLookup - Decryption key lookup function.

Returns:

Ciphertext header instance.