Class CipherUtil

java.lang.Object
org.cryptacular.util.CipherUtil

public final class CipherUtil extends Object
Utility class that performs encryption and decryption operations using a block cipher.
Author:
Middleware Services
  • Method Details

    • encrypt

      public static byte[] encrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, Nonce nonce, byte[] data) throws CryptoException
      Encrypts data using an AEAD cipher. A CiphertextHeaderV2 is prepended to the resulting ciphertext and used as AAD (Additional Authenticated Data) passed to the AEAD cipher.
      Parameters:
      cipher - AEAD cipher.
      key - Encryption key.
      nonce - Nonce generator.
      data - Plaintext data to be encrypted.
      Returns:
      Concatenation of encoded CiphertextHeaderV2 and encrypted data that completely fills the returned byte array.
      Throws:
      CryptoException - on encryption errors.
    • encrypt

      public static void encrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, Nonce nonce, InputStream input, OutputStream output) throws CryptoException, StreamException
      Encrypts data using an AEAD cipher. A CiphertextHeaderV2 is prepended to the resulting ciphertext and used as AAD (Additional Authenticated Data) passed to the AEAD cipher.
      Parameters:
      cipher - AEAD cipher.
      key - Encryption key.
      nonce - Nonce generator.
      input - Input stream containing plaintext data.
      output - Output stream that receives a CiphertextHeaderV2 followed by ciphertext data produced by the AEAD cipher in encryption mode.
      Throws:
      CryptoException - on encryption errors.
      StreamException - on IO errors.
    • decrypt

      public static byte[] decrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, byte[] data) throws CryptoException, EncodingException
      Decrypts data using an AEAD cipher.
      Parameters:
      cipher - AEAD cipher.
      key - Encryption key.
      data - Ciphertext data containing a prepended CiphertextHeaderV2. The header is treated as AAD input to the cipher that is verified during decryption.
      Returns:
      Decrypted data that completely fills the returned byte array.
      Throws:
      CryptoException - on encryption errors.
      EncodingException - on decoding cyphertext header.
    • decrypt

      public static void decrypt(org.bouncycastle.crypto.modes.AEADBlockCipher cipher, SecretKey key, InputStream input, OutputStream output) throws CryptoException, EncodingException, StreamException
      Decrypts data using an AEAD cipher.
      Parameters:
      cipher - AEAD cipher.
      key - Encryption key.
      input - Input stream containing a CiphertextHeaderV2 followed by ciphertext data. The header is treated as AAD input to the cipher that is verified during decryption.
      output - Output stream that receives plaintext produced by block cipher in decryption mode.
      Throws:
      CryptoException - on encryption errors.
      EncodingException - on decoding cyphertext header.
      StreamException - on IO errors.
    • encrypt

      public static byte[] encrypt(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, Nonce nonce, byte[] data) throws CryptoException
      Encrypts data using the given block cipher with PKCS5 padding. A CiphertextHeaderV2 is prepended to the resulting ciphertext.
      Parameters:
      cipher - Block cipher.
      key - Encryption key.
      nonce - IV generator. Callers must take care to ensure that the length of generated IVs is equal to the cipher block size.
      data - Plaintext data to be encrypted.
      Returns:
      Concatenation of encoded CiphertextHeaderV2 and encrypted data that completely fills the returned byte array.
      Throws:
      CryptoException - on encryption errors.
    • encrypt

      public static void encrypt(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, Nonce nonce, InputStream input, OutputStream output) throws CryptoException, StreamException
      Encrypts data using the given block cipher with PKCS5 padding. A CiphertextHeader is prepended to the resulting ciphertext.
      Parameters:
      cipher - Block cipher.
      key - Encryption key.
      nonce - IV generator. Callers must take care to ensure that the length of generated IVs is equal to the cipher block size.
      input - Input stream containing plaintext data.
      output - Output stream that receives ciphertext produced by block cipher in encryption mode.
      Throws:
      CryptoException - on encryption errors.
      StreamException - on IO errors.
    • decrypt

      public static byte[] decrypt(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, byte[] data) throws CryptoException, EncodingException
      Decrypts data using the given block cipher with PKCS5 padding.
      Parameters:
      cipher - Block cipher.
      key - Encryption key.
      data - Ciphertext data containing a prepended CiphertextHeader.
      Returns:
      Decrypted data that completely fills the returned byte array.
      Throws:
      CryptoException - on encryption errors.
      EncodingException - on decoding cyphertext header.
    • decrypt

      public static void decrypt(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key, InputStream input, OutputStream output) throws CryptoException, EncodingException, StreamException
      Decrypts data using the given block cipher with PKCS5 padding.
      Parameters:
      cipher - Block cipher.
      key - Encryption key.
      input - Input stream containing a CiphertextHeader followed by ciphertext data.
      output - Output stream that receives plaintext produced by block cipher in decryption mode.
      Throws:
      CryptoException - on encryption errors.
      EncodingException - on decoding cyphertext header.
      StreamException - on IO errors.
    • decodeHeader

      public static CiphertextHeader decodeHeader(byte[] data, Function<String,SecretKey> keyLookup)
      Decodes the ciphertext header at the start of the given byte array. Supports both original (deprecated) and v2 formats.
      Parameters:
      data - Ciphertext data with prepended header.
      keyLookup - Decryption key lookup function.
      Returns:
      Ciphertext header instance.
    • decodeHeader

      public static CiphertextHeader decodeHeader(InputStream in, Function<String,SecretKey> keyLookup)
      Decodes the ciphertext header at the start of the given input stream. Supports both original (deprecated) and v2 formats.
      Parameters:
      in - Ciphertext stream that is positioned at the start of the ciphertext header.
      keyLookup - Decryption key lookup function.
      Returns:
      Ciphertext header instance.