Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * =============================================================================
   * 
   *   Copyright (c) 2007, The JASYPT team (http://www.jasypt.org)
   * 
   *   Licensed under the Apache License, Version 2.0 (the "License");
   *   you may not use this file except in compliance with the License.
   *   You may obtain a copy of the License at
   * 
  *       http://www.apache.org/licenses/LICENSE-2.0
  * 
  *   Unless required by applicable law or agreed to in writing, software
  *   distributed under the License is distributed on an "AS IS" BASIS,
  *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *   See the License for the specific language governing permissions and
  *   limitations under the License.
  * 
  * =============================================================================
  */
 package org.jasypt.encryption.pbe;
 

Standard implementation of the PBEStringEncryptor interface. This class lets the user specify the algorithm to be used for encryption, the password to use, the number of hashing iterations and the salt generator that will be applied for obtaining the encryption key.

This class avoids byte-conversion problems related to the fact of different platforms having different default charsets, and returns encryption results in the form of BASE64-encoded ASCII Strings.

This class is thread-safe.


Configuration

The algorithm, password, key-obtention iterations and salt generator can take values in any of these ways:

  • Using its default values (except for password).
  • Setting a org.jasypt.encryption.pbe.config.PBEConfig object which provides new configuration values.
  • Calling the corresponding setAlgorithm(...), setPassword(...), setKeyObtentionIterations(...) or setSaltGenerator(...) methods.
And the actual values to be used for initialization will be established by applying the following priorities:
  1. First, the default values are considered (except for password).
  2. Then, if a org.jasypt.encryption.pbe.config.PBEConfig object has been set with setConfig(...), the non-null values returned by its getX() methods override the default values.
  3. Finally, if the corresponding setX(...) method has been called on the encryptor itself for any of the configuration parameters, the values set by these calls override all of the above.


Initialization

Before it is ready to encrypt, an object of this class has to be initialized. Initialization happens:

  • When initialize() is called.
  • When encrypt(...) or decrypt(...) are called for the first time, if initialize() has not been called before.
Once an encryptor has been initialized, trying to change its configuration will result in an AlreadyInitializedException being thrown.


Usage

An encryptor may be used for:

  • Encrypting messages, by calling the encrypt(...) method.
  • Decrypting messages, by calling the decrypt(...) method.
If a random salt generator is used, two encryption results for the same message will always be different (except in the case of random salt coincidence). This may enforce security by difficulting brute force attacks on sets of data at a time and forcing attackers to perform a brute force attack on each separate piece of encrypted data.

To learn more about the mechanisms involved in encryption, read PKCS #5: Password-Based Cryptography Standard.

Author(s):
Daniel Fernández Garrido
Since:
1.0
public final class StandardPBEStringEncryptor implements PBEStringEncryptor {

    

Charset to be used to obtain "encryptable" byte arrays from input Strings. Set to UTF-8.

This charset has to be fixed to some value so that we avoid problems with different platforms having different "default" charsets.

It is set to UTF-8 because it covers the whole spectrum of characters representable in Java (which internally uses UTF-16), and avoids the size penalty of UTF-16 (which will always use two bytes for representing each character, even if it is an ASCII one).

Setting it to UTF-8 does not mean that Strings that originally come, for example, from an ISO-8859-1 input, won't be correctly encoded, as we only need to use the same charset both when encoding and decoding. That way the same String will be reconstructed independently of the original encoding (for encrypting, we only need "a byte representation" of the string, not "a readable byte representation").

    private static final String MESSAGE_CHARSET = "UTF-8";
    
    

Charset to be used for encoding the encryption results. Set to US-ASCII.

The result of encrypting some bytes can be any other bytes, and so the result of encrypting, for example, some LATIN-1 valid String bytes, can be bytes that may not conform a "valid" LATIN-1 String.

Because of this, encryption results are always encoded in BASE64 after being created, and this ensures that the results will make perfectly representable, safe ASCII Strings. Because of this, the charset used to convert the encrypted bytes to the returned String is set to US-ASCII.

    private static final String ENCRYPTED_MESSAGE_CHARSET = "US-ASCII";
    
    // The StandardPBEByteEncryptor that will be internally used.
    private StandardPBEByteEncryptor byteEncryptor = null;
    
    // BASE64 encoder which will make sure the returned results are
    // valid US-ASCII strings.
    private Base64 base64 = null;

    
    
    
Creates a new instance of StandardPBEStringEncryptor.
    public StandardPBEStringEncryptor() {
        super();
        this. = new StandardPBEByteEncryptor();
        this. = new Base64();
    }
    
    
    

Sets a org.jasypt.encryption.pbe.config.PBEConfig object for the encryptor. If this config object is set, it will be asked values for:

  • Algorithm
  • Password
  • Hashing iterations for obtaining the encryption key
  • Salt generator

The non-null values it returns will override the default ones, and will be overriden by any values specified with a setX method.

Parameters:
config the PBEConfig object to be used as the source for configuration parameters.
    public void setConfig(PBEConfig config) {
        .setConfig(config);
    }

    
    

Sets the algorithm to be used for encryption, like PBEWithMD5AndDES.

This algorithm has to be supported by your Java Virtual Machine, and it must be one of the algorithms registered at org.jasypt.encryption.pbe.algorithms.PBEAlgorithms.

Parameters:
algorithm the name of the algorithm to be used.
See also:
org.jasypt.encryption.pbe.algorithms.PBEAlgorithms
    public void setAlgorithm(String algorithm) {
        .setAlgorithm(algorithm);
    }

    
    

Sets the password to be used.

There is no default value for password, so not setting this parameter either from a org.jasypt.encryption.pbe.config.PBEConfig object or from a call to setPassword will result in an EncryptionInitializationException being thrown during initialization.

Parameters:
password the password to be used.
    public void setPassword(String password) {
        .setPassword(password);
    }
    

    

Set the number of hashing iterations applied to obtain the encryption key.

This mechanism is explained in PKCS #5: Password-Based Cryptography Standard.

Parameters:
keyObtentionIterations the number of iterations
    public void setKeyObtentionIterations(int keyObtentionIterations) {
        .setKeyObtentionIterations(keyObtentionIterations);
    }

    
    

Sets the salt generator to be used. If no salt generator is specified, an instance of org.jasypt.salt.RandomSaltGenerator will be used.

Parameters:
saltGenerator the salt generator to be used.
    public void setSaltGenerator(SaltGenerator saltGenerator) {
        .setSaltGenerator(saltGenerator);
    }


    

Returns true if the encryptor has already been initialized, false if not.
Initialization happens:

  • When initialize is called.
  • When encrypt or decrypt are called for the first time, if initialize has not been called before.

Once an encryptor has been initialized, trying to change its configuration (algorithm, password, key obtention iterations or salt generator) will result in an AlreadyInitializedException being thrown.

Returns:
true if the encryptor has already been initialized, false if not.
    public boolean isInitialized() {
        return .isInitialized();
    }

    
    

Initialize the encryptor.

This operation will consist in determining the actual configuration values to be used, and then initializing the encryptor with them.
These values are decided by applying the following priorities:

  1. First, the default values are considered (except for password).
  2. Then, if a org.jasypt.encryption.pbe.config.PBEConfig object has been set with setConfig, the non-null values returned by its getX methods override the default values.
  3. Finally, if the corresponding setX method has been called on the encryptor itself for any of the configuration parameters, the values set by these calls override all of the above.

Once an encryptor has been initialized, trying to change its configuration (algorithm, password, key obtention iterations or salt generator) will result in an AlreadyInitializedException being thrown.

Throws:
org.jasypt.exceptions.EncryptionInitializationException if initialization could not be correctly done (for example, no password has been set).
    public void initialize() {
        .initialize();
    }
    
    
    

Encrypts a message using the specified configuration.

The Strings returned by this method are BASE64-encoded ASCII Strings.

The mechanisms applied to perform the encryption operation are described in PKCS #5: Password-Based Cryptography Standard.

This encryptor uses a salt for each encryption operation. The size of the salt depends on the algorithm being used. This salt is used for creating the encryption key and, if generated by a random generator, it is also appended unencrypted at the beginning of the results so that a decryption operation can be performed.

If a random salt generator is used, two encryption results for the same message will always be different (except in the case of random salt coincidence). This may enforce security by difficulting brute force attacks on sets of data at a time and forcing attackers to perform a brute force attack on each separate piece of encrypted data.

Parameters:
message the String message to be encrypted
Returns:
the result of encryption
Throws:
org.jasypt.exceptions.EncryptionOperationNotPossibleException if the encryption operation fails, ommitting any further information about the cause for security reasons.
org.jasypt.exceptions.EncryptionInitializationException if initialization could not be correctly done (for example, no password has been set).
    public String encrypt(String message) {
        
        if (message == null) {
            return null;
        }
        
        try {
            // The input String is converted into bytes using MESSAGE_CHARSET
            // as a fixed charset to avoid problems with different platforms
            // having different default charsets (see MESSAGE_CHARSET doc).
            byte[] messageBytes = message.getBytes();
            
            // The StandardPBEByteEncryptor does its job.
            byte[] encryptedMessage = .encrypt(messageBytes);
            
            // We encode the result in BASE64 so that we obtain the safest
            // result String possible.
            synchronized () {
                encryptedMessage = .encode(encryptedMessage);
            }
            
            // Finally, the result String is encoded in US-ASCII
            return new String(encryptedMessage
                    );
        
        } catch (EncryptionInitializationException e) {
            throw e;
        } catch (EncryptionOperationNotPossibleException e) {
            throw e;
        } catch (Exception e) {
            // If encryption fails, it is more secure not to return any 
            // information about the cause in nested exceptions. Simply fail.
            throw new EncryptionOperationNotPossibleException();
        }
        
    }

    
    

Decrypts a message using the specified configuration.

This method expects to receive a BASE64-encoded ASCII String.

The mechanisms applied to perform the decryption operation are described in PKCS #5: Password-Based Cryptography Standard.

If a random salt generator is used, this decryption operation will expect to find an unencrypted salt at the beginning of the encrypted input, so that the decryption operation can be correctly performed (there is no other way of knowing it).

Parameters:
encryptedMessage the String message to be decrypted
Returns:
the result of decryption
Throws:
org.jasypt.exceptions.EncryptionOperationNotPossibleException if the decryption operation fails, ommitting any further information about the cause for security reasons.
org.jasypt.exceptions.EncryptionInitializationException if initialization could not be correctly done (for example, no password has been set).
    public String decrypt(String encryptedMessage) {
        
        if (encryptedMessage == null) {
            return null;
        }
        
        try {
            
            // Get the byte array corresponding to the ASCII input.
            byte[] encryptedMessageBytes = 
                encryptedMessage.getBytes();
            
            // Convert the BASE64-encoded input back into an unencoded byte 
            // array.
            synchronized () {
                encryptedMessageBytes = .decode(encryptedMessageBytes);
            }
            // Let the byte encyptor decrypt
            byte[] message = .decrypt(encryptedMessageBytes);
            
            // Return the resulting decrypted String, using MESSAGE_CHARSET
            // as charset to maintain between encryption and decyption
            // processes.
            return new String(message);
        
        } catch (EncryptionInitializationException e) {
            throw e;
        } catch (EncryptionOperationNotPossibleException e) {
            throw e;
        } catch (Exception e) {
            // If decryption fails, it is more secure not to return any 
            // information about the cause in nested exceptions. Simply fail.
            throw new EncryptionOperationNotPossibleException();
        }
    }
    
New to GrepCode? Check out our FAQ X