Asymmetric Encryption employs key pairs in order to exchange messages securely.
<crypt:asymmetricCipherer id="encrypter" key-ref="privateKey" algorithm="RSA" provider="BC" mode="ENCRYPT" /> <crypt:asymmetricCipherer id="decrypter" key-ref="publicKey" algorithm="RSA" provider="BC" mode="DECRYPT"/> <crypt:publicKey id="publicKey" keystore-ref="keystore" alias="test"/> <crypt:privateKey id="privateKey" keystore-ref="keystore" alias="test" password="password"/> <crypt:keystore id="keystore" location="classpath:keystore.jks" password="password"/>
RSA
is the default algorithm and can be omitted.
provider
attribute is optional.
ENCRYPT
or
DECRYPT
, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT
.
Here's an example implementation:
import com.springcryptoutils.core.cipher.asymmetric.Cipherer; public class MyEncrypter { @Autowired @Qualifier("encrypter") private Cipherer encrypter; @Autowired @Qualifier("decrypter") private Cipherer decrypter; public void encryptAndDecrypt(byte[] clearTextMessage) { byte[] encryptedMessage = encrypter.encrypt(clearTextMessage); byte[] theOriginalClearTextMessage = decrypter.encrypt(encryptedMessage); } }
Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there also is a base64 version of the cipherer.
<crypt:b64AsymmetricCipherer id="encrypter" key-ref="privateKey" algorithm="RSA" provider="BC" mode="ENCRYPT" /> <crypt:b64AsymmetricCipherer id="decrypter" key-ref="publicKey" algorithm="RSA" provider="BC" mode="DECRYPT"/> <crypt:publicKey id="publicKey" keystore-ref="keystore" alias="test"/> <crypt:privateKey id="privateKey" keystore-ref="keystore" alias="test" password="password"/> <crypt:keystore id="keystore" location="classpath:keystore.jks" password="password"/>
RSA
is the default algorithm and can be omitted.
provider
attribute is optional.
ENCRYPT
or
DECRYPT
, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT
.
Here's an example implementation:
import com.springcryptoutils.core.cipher.asymmetric.Base64EncodedCipherer; public class MyBase64Encrypter { @Autowired @Qualifier("encrypter") private Base64EncodedCipherer encrypter; @Autowired @Qualifier("decrypter") private Base64EncodedCipherer decrypter; public void encryptAndDecrypt() { String b64encryptedMessage = encrypter.encrypt("a secret message"); String decryptedMessage = decrypter.encrypt(b64encryptedMessage); } }
If your encryption key is not static, you can configure a mapping by logical name in the xml configuration.
<crypt:asymmetricCiphererWithChooserByKeyId id="encrypter" keyMap-ref="keyMap" algorithm="RSA" provider="BC" mode="ENCRYPT"/> <crypt:asymmetricCiphererWithChooserByKeyId id="decrypter" keyMap-ref="keyMap" algorithm="RSA" provider="BC" mode="DECRYPT"/> <util:map id="keyMap"> <entry key="publicKeyId"> <crypt:publicKey keystore-ref="keystore" alias="test"/> </entry> <entry key="privateKeyId"> <crypt:privateKey keystore-ref="keystore" alias="test" password="password"/> </entry> </util:map> <crypt:keystore id="keystore" location="classpath:keystore.jks" password="password"/>
RSA
is the default algorithm and can be omitted.
provider
attribute is optional.
ENCRYPT
or
DECRYPT
, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT
.
Here's an example implementation:
import com.springcryptoutils.core.cipher.asymmetric.CiphererWithChooserByKeyId; public class MyCiphererWithChooserByKeyId { @Autowired @Qualifier("encrypter") private CiphererWithChooserByKeyId encrypter; @Autowired @Qualifier("decrypter") private CiphererWithChooserByKeyId decrypter; public void encryptAndDecrypt() { final byte[] message = new byte[] {4, 8, 15, 16, 23, 42}; byte[] encryptedMessage = encrypter.encrypt("publicKeyId", message); byte[] decryptedMessage = decrypter.encrypt("privateKeyId", encryptedMessage); } }
If your encryption key is not static and you need to work with base64 encoded data, you can configure a mapping by logical name in the xml configuration.
<crypt:b64AsymmetricCiphererWithChooserByKeyId id="encrypter" keyMap-ref="keyMap" algorithm="RSA" provider="BC" mode="ENCRYPT"/> <crypt:b64AsymmetricCiphererWithChooserByKeyId id="decrypter" keyMap-ref="keyMap" algorithm="RSA" provider="BC" mode="DECRYPT"/> <util:map id="keyMap"> <entry key="publicKeyId"> <crypt:publicKey keystore-ref="keystore" alias="test"/> </entry> <entry key="privateKeyId"> <crypt:privateKey keystore-ref="keystore" alias="test" password="password"/> </entry> </util:map> <crypt:keystore id="keystore" location="classpath:keystore.jks" password="password"/>
RSA
is the default algorithm and can be omitted.
provider
attribute is optional.
ENCRYPT
or
DECRYPT
, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT
.
Here's an example implementation:
import com.springcryptoutils.core.cipher.asymmetric.Base64EncodedCiphererWithChooserByKeyId; public class MyBase64EncodedCiphererWithChooserByKeyId { @Autowired @Qualifier("encrypter") private Base64EncodedCiphererWithChooserByKeyId encrypter; @Autowired @Qualifier("decrypter") private Base64EncodedCiphererWithChooserByKeyId decrypter; public void encryptAndDecrypt() { final String message = "this is a top-secret message"; String b64encryptedMessage = encrypter.encrypt("publicKeyId", message); String decryptedMessage = decrypter.encrypt("privateKeyId", b64encryptedMessage); } }