Package com.isode.dsapi.profile

Class CryptUtils

java.lang.Object
com.isode.dsapi.profile.CryptUtils
public class CryptUtils extends Object
Provides static methods to expose native encryption functionality implemented using OpenSSL. These methods are intended for use by the classes which load and store bind profile data, but may be used by other classes if required.

When encrypting data, it is possible to specify that a salt be used; without doing this, a given input string will always encrypt in the same way. When decrypting data, it's not necessary to know whether salt was used.

Author:
nh

  • Field Details

    • DEFAULT_ALG

      public static final String DEFAULT_ALG
      A default cipher algorithm. It is safe to use this string as a parameter to the encrypt and decrypt methods.
      See Also:

    • DEFAULT_MDALG

      public static final String DEFAULT_MDALG
      A default digest algorithm. It is safe to use this string as a parameter to the encrypt and decrypt methods.
      See Also:

  • Constructor Details

    • CryptUtils

      public CryptUtils()

  • Method Details

    • encrypt

      public static String encrypt(String data, String passphrase, String encryptionAlgorithm, String hashAlgorithm, int saltLength) throws EncryptionException, NullPointerException, NativeLibraryException
      Using a salt, encrypts data with the specified password and returns a base64 encoded string representation of the encrypted value.
      Parameters:
      data - the String to be encrypted. Must not be null.
      passphrase - the passphrase to use to encrypt data. Must not be null.
      encryptionAlgorithm - the encryption algorithm to use. Must not be null. DEFAULT_ALG may be used here.
      hashAlgorithm - the hash algorithm to use. Must not be null. DEFAULT_MDALG may be used here.
      saltLength - length of salt (must be 0-255), where 0 means don't use a salt at all.
      Returns:
      a base-64 representation of the encrypted data
      Throws:
      EncryptionException - if encryptionAlgorithm or hashAlgorithm are not recognized, or if saltLength is greater than 255, or if the library failed to encrypt data.
      NullPointerException - if any of the parameters is null. was detected by the native library
      NativeLibraryException - if an unrecoverable error was detected by the native library
      Since:
      14.6

    • encrypt

      public static String encrypt(String data, String passphrase, String encryptionAlgorithm, String hashAlgorithm) throws EncryptionException, NullPointerException, NativeLibraryException
      Encrypts data with the specified password and returns a base64 encoded string representation of the encrypted value.

      This method is equivalent to calling encrypt(String, String, String, String, int) and passing 0 as the saltLength parameter (i.e. no salt at all).

      Parameters:
      data - the String to be encrypted. Must not be null.
      passphrase - the passphrase to use to encrypt data. Must not be null.
      encryptionAlgorithm - the encryption algorithm to use. Must not be null. DEFAULT_ALG may be used here.
      hashAlgorithm - the hash algorithm to use. Must not be null. DEFAULT_MDALG may be used here.
      Returns:
      a base-64 representation of the encrypted data
      Throws:
      EncryptionException - if encryptionAlgorithm or hashAlgorithm are not recognized, or if the library failed to encrypt data.
      NullPointerException - if any of the parameters is null. was detected by the native library
      NativeLibraryException - if an unrecoverable error was detected by the native library

    • decrypt

      public static String decrypt(String data, String passphrase, String encryptionAlgorithm, String hashAlgorithm) throws EncryptionException, NullPointerException, NativeLibraryException
      Decrypts data previously encrypted using encrypt(String, String, String, String, int), provided the password is the same. Note that it is the caller's responsibility to validate the returned String; this method cannot detect that the password is incorrect (in this case, a String will probably still be returned, although it will not contain anything useful).

      Any space characters in the input string are treated as newlines (this helps with applications that are saving such string values in XML files, where the XML processor may replace newline with whitespace).

      Parameters:
      data - the String to be decrypted. Must not be null. Any spaces (" ") in data will be treated as newline characters.
      passphrase - the passphrase to use to decrypt data. Must not be null.
      encryptionAlgorithm - the encryption algorithm to use. Must not be null. DEFAULT_ALG may be used here.
      hashAlgorithm - the hash algorithm to use. Must not be null. DEFAULT_MDALG may be used here.
      Returns:
      the decrypted String
      Throws:
      EncryptionException - if encryptionAlgorithm or hashAlgorithm are not recognized, or if data is not a base64 encoded string, or if the library failed to decrypt data.
      NativeLibraryException - if an unrecoverable error was detected by the native library
      NullPointerException