Documentation

Asymmetric Encryption

Asymmetric Encryption employs key pairs in order to exchange messages securely.

<crypt:asymmetricCipherer id="encrypter" key-ref="privateKey" algorithm="RSA"
    provider="BC" mode="ENCRYPT" />

<crypt:asymmetricCipherer id="decrypter" key-ref="publicKey" algorithm="RSA"
    provider="BC" mode="DECRYPT"/>

<crypt:publicKey id="publicKey" keystore-ref="keystore" alias="test"/>
<crypt:privateKey id="privateKey" keystore-ref="keystore" alias="test" password="password"/>
<crypt:keystore id="keystore" location="classpath:keystore.jks" password="password"/>

algorithm

RSA is the default algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

mode

This can be either ENCRYPT or DECRYPT, depending on whether you're encrypting or decrypting.

Decrypting a message is done using the same interface as for encrypting. The only difference is that the underlying mode of operation is set in configuration to DECRYPT.

Here's an example implementation:

import com.springcryptoutils.core.cipher.asymmetric.Cipherer;

public class MyEncrypter {

    @Autowired
    @Qualifier("encrypter")
    private Cipherer encrypter;

    @Autowired
    @Qualifier("decrypter")
    private Cipherer decrypter;

    public void encryptAndDecrypt(byte[] clearTextMessage) {
        byte[] encryptedMessage = encrypter.encrypt(clearTextMessage);
        byte[] theOriginalClearTextMessage = decrypter.encrypt(encryptedMessage);
    }
}

Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there also is a base64 version of the cipherer.

<crypt:b64AsymmetricCipherer id="encrypter" key-ref="privateKey" algorithm="RSA"
    provider="BC" mode="ENCRYPT" />

<crypt:b64AsymmetricCipherer id="decrypter" key-ref="publicKey" algorithm="RSA"
    provider="BC" mode="DECRYPT"/>

<crypt:publicKey id="publicKey" keystore-ref="keystore" alias="test"/>
<crypt:privateKey id="privateKey" keystore-ref="keystore" alias="test" password="password"/>
<crypt:keystore id="keystore" location="classpath:keystore.jks" password="password"/>

algorithm

RSA is the default algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

mode

This can be either ENCRYPT or DECRYPT, depending on whether you're encrypting or decrypting.

Decrypting a message is done using the same interface as for encrypting. The only difference is that the underlying mode of operation is set in configuration to DECRYPT.

Here's an example implementation:

import com.springcryptoutils.core.cipher.asymmetric.Base64EncodedCipherer;

public class MyBase64Encrypter {

    @Autowired
    @Qualifier("encrypter")
    private Base64EncodedCipherer encrypter;

    @Autowired
    @Qualifier("decrypter")
    private Base64EncodedCipherer decrypter;

    public void encryptAndDecrypt() {
        String b64encryptedMessage = encrypter.encrypt("a secret message");
        String decryptedMessage = decrypter.encrypt(b64encryptedMessage);
    }
}

If your encryption key is not static, you can configure a mapping by logical name in the xml configuration.

<crypt:asymmetricCiphererWithChooserByKeyId id="encrypter" keyMap-ref="keyMap"
    algorithm="RSA" provider="BC" mode="ENCRYPT"/>

<crypt:asymmetricCiphererWithChooserByKeyId id="decrypter" keyMap-ref="keyMap"
    algorithm="RSA" provider="BC" mode="DECRYPT"/>

<util:map id="keyMap">
    <entry key="publicKeyId">
        <crypt:publicKey keystore-ref="keystore" alias="test"/>
    </entry>
    <entry key="privateKeyId">
        <crypt:privateKey keystore-ref="keystore" alias="test" password="password"/>
    </entry>
</util:map>

<crypt:keystore id="keystore" location="classpath:keystore.jks" password="password"/>

algorithm

RSA is the default algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

mode

This can be either ENCRYPT or DECRYPT, depending on whether you're encrypting or decrypting.

Decrypting a message is done using the same interface as for encrypting. The only difference is that the underlying mode of operation is set in configuration to DECRYPT.

Here's an example implementation:

import com.springcryptoutils.core.cipher.asymmetric.CiphererWithChooserByKeyId;

public class MyCiphererWithChooserByKeyId {

    @Autowired
    @Qualifier("encrypter")
    private CiphererWithChooserByKeyId encrypter;

    @Autowired
    @Qualifier("decrypter")
    private CiphererWithChooserByKeyId decrypter;

    public void encryptAndDecrypt() {
        final byte[] message = new byte[] {4, 8, 15, 16, 23, 42};
        byte[] encryptedMessage = encrypter.encrypt("publicKeyId", message);
        byte[] decryptedMessage = decrypter.encrypt("privateKeyId", encryptedMessage);
    }
}

If your encryption key is not static and you need to work with base64 encoded data, you can configure a mapping by logical name in the xml configuration.

<crypt:b64AsymmetricCiphererWithChooserByKeyId id="encrypter" keyMap-ref="keyMap"
    algorithm="RSA" provider="BC" mode="ENCRYPT"/>

<crypt:b64AsymmetricCiphererWithChooserByKeyId id="decrypter" keyMap-ref="keyMap"
    algorithm="RSA" provider="BC" mode="DECRYPT"/>

<util:map id="keyMap">
    <entry key="publicKeyId">
        <crypt:publicKey keystore-ref="keystore" alias="test"/>
    </entry>
    <entry key="privateKeyId">
        <crypt:privateKey keystore-ref="keystore" alias="test" password="password"/>
    </entry>
</util:map>

<crypt:keystore id="keystore" location="classpath:keystore.jks" password="password"/>

algorithm

RSA is the default algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

mode

This can be either ENCRYPT or DECRYPT, depending on whether you're encrypting or decrypting.

Decrypting a message is done using the same interface as for encrypting. The only difference is that the underlying mode of operation is set in configuration to DECRYPT.

Here's an example implementation:

import com.springcryptoutils.core.cipher.asymmetric.Base64EncodedCiphererWithChooserByKeyId;

public class MyBase64EncodedCiphererWithChooserByKeyId {

    @Autowired
    @Qualifier("encrypter")
    private Base64EncodedCiphererWithChooserByKeyId encrypter;

    @Autowired
    @Qualifier("decrypter")
    private Base64EncodedCiphererWithChooserByKeyId decrypter;

    public void encryptAndDecrypt() {
        final String message = "this is a top-secret message";
        String b64encryptedMessage = encrypter.encrypt("publicKeyId", message);
        String decryptedMessage = decrypter.encrypt("privateKeyId", b64encryptedMessage);
    }
}