Package org.cryptacular.util
Class CipherUtil
java.lang.Object
org.cryptacular.util.CipherUtil
Utility class that performs encryption and decryption operations using a block cipher.
- Author:
- Middleware Services
-
Method Summary
Modifier and TypeMethodDescriptionstatic CiphertextHeader
decodeHeader
(byte[] data, Function<String, SecretKey> keyLookup) Decodes the ciphertext header at the start of the given byte array.static CiphertextHeader
decodeHeader
(InputStream in, Function<String, SecretKey> keyLookup) Decodes the ciphertext header at the start of the given input stream.static byte[]
Decrypts data using the given block cipher with PKCS5 padding.static void
decrypt
(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, InputStream input, OutputStream output) Decrypts data using the given block cipher with PKCS5 padding.static byte[]
Decrypts data using an AEAD cipher.static void
decrypt
(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, InputStream input, OutputStream output) Decrypts data using an AEAD cipher.static byte[]
Encrypts data using the given block cipher with PKCS5 padding.static void
encrypt
(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, Nonce nonce, InputStream input, OutputStream output) Encrypts data using the given block cipher with PKCS5 padding.static byte[]
encrypt
(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, Nonce nonce, byte[] data) Encrypts data using an AEAD cipher.static void
encrypt
(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, Nonce nonce, InputStream input, OutputStream output) Encrypts data using an AEAD cipher.
-
Method Details
-
encrypt
public static byte[] encrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, Nonce nonce, byte[] data) throws CryptoException Encrypts data using an AEAD cipher. ACiphertextHeaderV2
is prepended to the resulting ciphertext and used as AAD (Additional Authenticated Data) passed to the AEAD cipher.- Parameters:
cipher
- AEAD cipher.key
- Encryption key.nonce
- Nonce generator.data
- Plaintext data to be encrypted.- Returns:
- Concatenation of encoded
CiphertextHeaderV2
and encrypted data that completely fills the returned byte array. - Throws:
CryptoException
- on encryption errors.
-
encrypt
public static void encrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, Nonce nonce, InputStream input, OutputStream output) throws CryptoException, StreamException Encrypts data using an AEAD cipher. ACiphertextHeaderV2
is prepended to the resulting ciphertext and used as AAD (Additional Authenticated Data) passed to the AEAD cipher.- Parameters:
cipher
- AEAD cipher.key
- Encryption key.nonce
- Nonce generator.input
- Input stream containing plaintext data.output
- Output stream that receives aCiphertextHeaderV2
followed by ciphertext data produced by the AEAD cipher in encryption mode.- Throws:
CryptoException
- on encryption errors.StreamException
- on IO errors.
-
decrypt
public static byte[] decrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, byte[] data) throws CryptoException, EncodingException Decrypts data using an AEAD cipher.- Parameters:
cipher
- AEAD cipher.key
- Encryption key.data
- Ciphertext data containing a prependedCiphertextHeaderV2
. The header is treated as AAD input to the cipher that is verified during decryption.- Returns:
- Decrypted data that completely fills the returned byte array.
- Throws:
CryptoException
- on encryption errors.EncodingException
- on decoding cyphertext header.
-
decrypt
public static void decrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, InputStream input, OutputStream output) throws CryptoException, EncodingException, StreamException Decrypts data using an AEAD cipher.- Parameters:
cipher
- AEAD cipher.key
- Encryption key.input
- Input stream containing aCiphertextHeaderV2
followed by ciphertext data. The header is treated as AAD input to the cipher that is verified during decryption.output
- Output stream that receives plaintext produced by block cipher in decryption mode.- Throws:
CryptoException
- on encryption errors.EncodingException
- on decoding cyphertext header.StreamException
- on IO errors.
-
encrypt
public static byte[] encrypt(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, Nonce nonce, byte[] data) throws CryptoException Encrypts data using the given block cipher with PKCS5 padding. ACiphertextHeaderV2
is prepended to the resulting ciphertext.- Parameters:
cipher
- Block cipher.key
- Encryption key.nonce
- IV generator. Callers must take care to ensure that the length of generated IVs is equal to the cipher block size.data
- Plaintext data to be encrypted.- Returns:
- Concatenation of encoded
CiphertextHeaderV2
and encrypted data that completely fills the returned byte array. - Throws:
CryptoException
- on encryption errors.
-
encrypt
public static void encrypt(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, Nonce nonce, InputStream input, OutputStream output) throws CryptoException, StreamException Encrypts data using the given block cipher with PKCS5 padding. ACiphertextHeader
is prepended to the resulting ciphertext.- Parameters:
cipher
- Block cipher.key
- Encryption key.nonce
- IV generator. Callers must take care to ensure that the length of generated IVs is equal to the cipher block size.input
- Input stream containing plaintext data.output
- Output stream that receives ciphertext produced by block cipher in encryption mode.- Throws:
CryptoException
- on encryption errors.StreamException
- on IO errors.
-
decrypt
public static byte[] decrypt(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, byte[] data) throws CryptoException, EncodingException Decrypts data using the given block cipher with PKCS5 padding.- Parameters:
cipher
- Block cipher.key
- Encryption key.data
- Ciphertext data containing a prependedCiphertextHeader
.- Returns:
- Decrypted data that completely fills the returned byte array.
- Throws:
CryptoException
- on encryption errors.EncodingException
- on decoding cyphertext header.
-
decrypt
public static void decrypt(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, InputStream input, OutputStream output) throws CryptoException, EncodingException, StreamException Decrypts data using the given block cipher with PKCS5 padding.- Parameters:
cipher
- Block cipher.key
- Encryption key.input
- Input stream containing aCiphertextHeader
followed by ciphertext data.output
- Output stream that receives plaintext produced by block cipher in decryption mode.- Throws:
CryptoException
- on encryption errors.EncodingException
- on decoding cyphertext header.StreamException
- on IO errors.
-
decodeHeader
Decodes the ciphertext header at the start of the given byte array. Supports both original (deprecated) and v2 formats.- Parameters:
data
- Ciphertext data with prepended header.keyLookup
- Decryption key lookup function.- Returns:
- Ciphertext header instance.
-
decodeHeader
Decodes the ciphertext header at the start of the given input stream. Supports both original (deprecated) and v2 formats.- Parameters:
in
- Ciphertext stream that is positioned at the start of the ciphertext header.keyLookup
- Decryption key lookup function.- Returns:
- Ciphertext header instance.
-