Asymmetric Encryption employs key pairs in order to exchange messages securely.
<crypt:asymmetricCipherer id="encrypter" key-ref="privateKey" algorithm="RSA"
provider="BC" mode="ENCRYPT" />
<crypt:asymmetricCipherer id="decrypter" key-ref="publicKey" algorithm="RSA"
provider="BC" mode="DECRYPT"/>
<crypt:publicKey id="publicKey" keystore-ref="keystore" alias="test"/>
<crypt:privateKey id="privateKey" keystore-ref="keystore" alias="test" password="password"/>
<crypt:keystore id="keystore" location="classpath:keystore.jks" password="password"/>
RSA is the default algorithm and can be omitted.
provider attribute is optional.
ENCRYPT or
DECRYPT, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT.
Here's an example implementation:
import com.springcryptoutils.core.cipher.asymmetric.Cipherer;
public class MyEncrypter {
@Autowired
@Qualifier("encrypter")
private Cipherer encrypter;
@Autowired
@Qualifier("decrypter")
private Cipherer decrypter;
public void encryptAndDecrypt(byte[] clearTextMessage) {
byte[] encryptedMessage = encrypter.encrypt(clearTextMessage);
byte[] theOriginalClearTextMessage = decrypter.encrypt(encryptedMessage);
}
}
Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there also is a base64 version of the cipherer.
<crypt:b64AsymmetricCipherer id="encrypter" key-ref="privateKey" algorithm="RSA"
provider="BC" mode="ENCRYPT" />
<crypt:b64AsymmetricCipherer id="decrypter" key-ref="publicKey" algorithm="RSA"
provider="BC" mode="DECRYPT"/>
<crypt:publicKey id="publicKey" keystore-ref="keystore" alias="test"/>
<crypt:privateKey id="privateKey" keystore-ref="keystore" alias="test" password="password"/>
<crypt:keystore id="keystore" location="classpath:keystore.jks" password="password"/>
RSA is the default algorithm and can be omitted.
provider attribute is optional.
ENCRYPT or
DECRYPT, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT.
Here's an example implementation:
import com.springcryptoutils.core.cipher.asymmetric.Base64EncodedCipherer;
public class MyBase64Encrypter {
@Autowired
@Qualifier("encrypter")
private Base64EncodedCipherer encrypter;
@Autowired
@Qualifier("decrypter")
private Base64EncodedCipherer decrypter;
public void encryptAndDecrypt() {
String b64encryptedMessage = encrypter.encrypt("a secret message");
String decryptedMessage = decrypter.encrypt(b64encryptedMessage);
}
}
If your encryption key is not static, you can configure a mapping by logical name in the xml configuration.
<crypt:asymmetricCiphererWithChooserByKeyId id="encrypter" keyMap-ref="keyMap"
algorithm="RSA" provider="BC" mode="ENCRYPT"/>
<crypt:asymmetricCiphererWithChooserByKeyId id="decrypter" keyMap-ref="keyMap"
algorithm="RSA" provider="BC" mode="DECRYPT"/>
<util:map id="keyMap">
<entry key="publicKeyId">
<crypt:publicKey keystore-ref="keystore" alias="test"/>
</entry>
<entry key="privateKeyId">
<crypt:privateKey keystore-ref="keystore" alias="test" password="password"/>
</entry>
</util:map>
<crypt:keystore id="keystore" location="classpath:keystore.jks" password="password"/>
RSA is the default algorithm and can be omitted.
provider attribute is optional.
ENCRYPT or
DECRYPT, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT.
Here's an example implementation:
import com.springcryptoutils.core.cipher.asymmetric.CiphererWithChooserByKeyId;
public class MyCiphererWithChooserByKeyId {
@Autowired
@Qualifier("encrypter")
private CiphererWithChooserByKeyId encrypter;
@Autowired
@Qualifier("decrypter")
private CiphererWithChooserByKeyId decrypter;
public void encryptAndDecrypt() {
final byte[] message = new byte[] {4, 8, 15, 16, 23, 42};
byte[] encryptedMessage = encrypter.encrypt("publicKeyId", message);
byte[] decryptedMessage = decrypter.encrypt("privateKeyId", encryptedMessage);
}
}
If your encryption key is not static and you need to work with base64 encoded data, you can configure a mapping by logical name in the xml configuration.
<crypt:b64AsymmetricCiphererWithChooserByKeyId id="encrypter" keyMap-ref="keyMap"
algorithm="RSA" provider="BC" mode="ENCRYPT"/>
<crypt:b64AsymmetricCiphererWithChooserByKeyId id="decrypter" keyMap-ref="keyMap"
algorithm="RSA" provider="BC" mode="DECRYPT"/>
<util:map id="keyMap">
<entry key="publicKeyId">
<crypt:publicKey keystore-ref="keystore" alias="test"/>
</entry>
<entry key="privateKeyId">
<crypt:privateKey keystore-ref="keystore" alias="test" password="password"/>
</entry>
</util:map>
<crypt:keystore id="keystore" location="classpath:keystore.jks" password="password"/>
RSA is the default algorithm and can be omitted.
provider attribute is optional.
ENCRYPT or
DECRYPT, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT.
Here's an example implementation:
import com.springcryptoutils.core.cipher.asymmetric.Base64EncodedCiphererWithChooserByKeyId;
public class MyBase64EncodedCiphererWithChooserByKeyId {
@Autowired
@Qualifier("encrypter")
private Base64EncodedCiphererWithChooserByKeyId encrypter;
@Autowired
@Qualifier("decrypter")
private Base64EncodedCiphererWithChooserByKeyId decrypter;
public void encryptAndDecrypt() {
final String message = "this is a top-secret message";
String b64encryptedMessage = encrypter.encrypt("publicKeyId", message);
String decryptedMessage = decrypter.encrypt("privateKeyId", b64encryptedMessage);
}
}