org.tentackle.common

Class Cryptor

java.lang.Object

org.tentackle.common.Cryptor

All Implemented Interfaces:

Function<String,String>

public class Cryptor
extends Object
implements Function<String,String>

A simple en- and decryptor.
Each application should provide a concrete instance with a confidential salt and passphase and a no-arg constructor. If provided, it is used to encrypt passwords in memory, transmission during client/server login, or decrypt passwords stored in backend.properties for database connections.
Example:

    @Service(Cryptor.class)
    public class MyCryptor extends Cryptor {

      public MyCryptor() {
        ...
      }
    }
 

Cryptor also implements a Function<String,String> to encrypt strings like passwords to base64 and thus can directly be used by the tentackle-maven-plugin to generate properties for filtered resources.

IMPORTANT: at least the passphrase should *NOT* be part of the application! If an attacker gets access to the jars, it's a no-brainer to write a small java program that happily decrypts all your data. Instead, provide the passphrase via some external media, a mounted USB-stick, manual input, PGP keyring, whatever.
For a secure client/server communication, it's better to use TLS/SSL anyway.

Constructor Summary

Constructors

Constructor and Description
Cryptor(byte[] salt, char[] passphrase) Creates a cryptor with 1024 iterations and a key strength of 256. Notice that salt and passphrase will be scratched for security reasons.
Cryptor(byte[] salt, char[] passphrase, int iterations, int keyStrength) Creates a cryptor. Notice that salt and passphrase will be scratched for security reasons.
Cryptor(String salt, String passphrase) Creates a cryptor with 1024 iterations and a key strength of 256. This is just a convenience method.

Method Summary

Modifier and Type	Method and Description
String	apply(String s) Encrypts a string. Provided for the tentackle-maven-plugin.
protected SecretKeySpec	createSecretKeySpec(byte[] key) Creates the key spec. The default implementation returns an AES spec.
byte[]	decrypt(byte[] encryptedData) Decrypts the data.
String	decrypt64(String encryptedText) Decrypts a base64 encoded string.
byte[]	decrypt64ToBytes(String encryptedText) Decrypts a base64 encoded string.
char[]	decrypt64ToChars(String encryptedText) Decrypts a base64 encoded string. The method clears all traces in memory.
byte[]	encrypt(byte[] data) Encrypts the data.
byte[]	encrypt(byte[] data, int offset, int length) Encrypts the data.
String	encrypt64(byte[] data) Encrypts data to base64 encoding.
String	encrypt64(char[] chars) Encrypts a char array to base64 encoding. The method clears all traces in memory, including the passed char array.
String	encrypt64(String text) Encrypts a string to base64 encoding.
protected Cipher	getCipher() Gets the cipher instance. The default implementation returns an AES cipher.
static Cryptor	getInstance() Gets the optional application specific cryptor singleton.
protected SecretKeyFactory	getSecretKeyFactory() Gets the key factory. The default implementation returns an instance of PBKDF2WithHmacSHA1.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface java.util.function.Function

andThen, compose, identity

Constructor Detail

Cryptor

public Cryptor(byte[] salt,
               char[] passphrase,
               int iterations,
               int keyStrength)

Creates a cryptor.
Notice that salt and passphrase will be scratched for security reasons.

Parameters:

salt - the salt

passphrase - the passphrase

iterations - number of iterations for key generation

keyStrength - the key strength

Cryptor

public Cryptor(byte[] salt,
               char[] passphrase)

Creates a cryptor with 1024 iterations and a key strength of 256.
Notice that salt and passphrase will be scratched for security reasons.

Parameters:

salt - the salt

passphrase - the passphrase

Cryptor

public Cryptor(String salt,
               String passphrase)

Creates a cryptor with 1024 iterations and a key strength of 256.
This is just a convenience method. Consider using Cryptor(byte[], char[]) instead.

Parameters:

salt - the salt

passphrase - the passphrase

Method Detail

getInstance

public static Cryptor getInstance()

Gets the optional application specific cryptor singleton.

Returns:

the cryptor, null if no @Service(Cryptor.class) configured

encrypt

public byte[] encrypt(byte[] data)

Encrypts the data.

Parameters:

data - the byte array to encrypt

Returns:

the encrypted byte array

encrypt

public byte[] encrypt(byte[] data,
                      int offset,
                      int length)

Encrypts the data.

Parameters:

data - the byte array to encrypt

offset - the offset in data

length - the number of bytes

Returns:

the encrypted byte array

decrypt

public byte[] decrypt(byte[] encryptedData)

Decrypts the data.

Parameters:

encryptedData - the encrypted byte array

Returns:

the decrypted data

encrypt64

public String encrypt64(byte[] data)

Encrypts data to base64 encoding.

Parameters:

data - the byte array to encrypt

Returns:

the encrypted string in base64 encoding

encrypt64

public String encrypt64(char[] chars)

Encrypts a char array to base64 encoding.
The method clears all traces in memory, including the passed char array.

Parameters:

chars - the char array to encrypt

Returns:

the encrypted string in base64 encoding

encrypt64

public String encrypt64(String text)

Encrypts a string to base64 encoding.

Parameters:

text - the text to encrypt

Returns:

the encrypted string in base64 encoding

decrypt64ToBytes

public byte[] decrypt64ToBytes(String encryptedText)

Decrypts a base64 encoded string.

Parameters:

encryptedText - the encrypted text in base64 encoding

Returns:

the decrypted data

decrypt64ToChars

public char[] decrypt64ToChars(String encryptedText)

Decrypts a base64 encoded string.
The method clears all traces in memory.

Parameters:

encryptedText - the encrypted text in base64 encoding

Returns:

the decrypted data

decrypt64

public String decrypt64(String encryptedText)

Decrypts a base64 encoded string.

Parameters:

encryptedText - the encrypted text in base64 encoding

Returns:

the decrypted text

apply

public String apply(String s)

Encrypts a string.
Provided for the tentackle-maven-plugin.

Specified by:

apply in interface Function<String,String>

Parameters:

s - the string

Returns:

the encrypted string in base64 encoding

getSecretKeyFactory

protected SecretKeyFactory getSecretKeyFactory()

Gets the key factory.
The default implementation returns an instance of PBKDF2WithHmacSHA1.

Returns:

the factory

createSecretKeySpec

protected SecretKeySpec createSecretKeySpec(byte[] key)

Creates the key spec.
The default implementation returns an AES spec.

Parameters:

key - the key

Returns:

the spec

getCipher

protected Cipher getCipher()

Gets the cipher instance.
The default implementation returns an AES cipher.

Returns:

the cipher