Documentation

Symmetric Encryption

Symmetric Encryption employs a shared secret in order to exchange messages securely.

<crypt:symmetricKeyGenerator id="generator" algorithm="DESede" provider="BC"/>

algorithm

DESede is the default algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

A symmetric key can then be generated like this:

import com.springcryptoutils.core.cipher.symmetric.KeyGenerator;

public class MyKeyGenerator {

    @Autowired
    private KeyGenerator generator;

    public void generateANewKey() {
        byte[] key = generator.generate();
    }
}

Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there also is a base64 version of the key generator:

<crypt:b64SymmetricKeyGenerator id="generator" algorithm="DESede" provider="BC"/>

algorithm

DESede is the default algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

A symmetric key can then be generated like this:

import com.springcryptoutils.core.cipher.symmetric.Base64EncodedKeyGenerator;

public class MyBase64KeyGenerator {

    @Autowired
    private Base64EncodedKeyGenerator generator;

    public void generateANewKey() {
        String b64key = generator.generate();
    }
}
<crypt:symmetricCipherer id="encrypter" keyAlgorithm="DESede"
                         cipherAlgorithm="DESede/CBC/PKCS5Padding" provider="BC"
                         mode="ENCRYPT"/>
<crypt:symmetricCipherer id="decrypter" keyAlgorithm="DESede"
                         cipherAlgorithm="DESede/CBC/PKCS5Padding" provider="BC"
                         mode="DECRYPT"/>

keyAlgorithm

DESede is the default key algorithm and can be omitted.

cipherAlgorithm

DESede/CBC/PKCS5Padding (triple DES with cipher block chaining and PKCS#5 padding) is the default cipher algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

mode

This can be either ENCRYPT or DECRYPT, depending on whether you're encrypting or decrypting.

Decrypting a message is done using the same interface as for encrypting. The only difference is that the underlying mode of operation is set in configuration to DECRYPT.

import com.springcryptoutils.core.cipher.symmetric.Cipherer;

public class AnEncryptionExample {

    @Autowired
    @Qualifier("encrypter")
    private Cipherer encrypter;

    @Autowired
    @Qualifier("decrypter")
    private Cipherer decrypter;

    // initialization vector
    private static final byte[] iv = new byte[] {1, 2, 3, 4, 5, 6, 7, 8};
    // encryption key
    private static final byte[] key = new byte[] {...};

    public void encryptAndDecrypt(byte[] clearTextMessage) {
        byte[] encryptedMessage = encrypter.encrypt(key, iv, clearTextMessage);
        byte[] theOriginalClearTextMessage = decrypter.encrypt(key, iv, encryptedMessage);
    }
}

Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there also is a base64 version of the cipherer.

<crypt:b64SymmetricCipherer id="encrypter" keyAlgorithm="DESede"
                            cipherAlgorithm="DESede/CBC/PKCS5Padding" provider="BC"
                            mode="ENCRYPT"/>
<crypt:b64SymmetricCipherer id="decrypter" keyAlgorithm="DESede"
                            cipherAlgorithm="DESede/CBC/PKCS5Padding" provider="BC"
                            mode="DECRYPT"/>

keyAlgorithm

DESede is the default key algorithm and can be omitted.

cipherAlgorithm

DESede/CBC/PKCS5Padding (triple DES with cipher block chaining and PKCS#5 padding) is the default cipher algorithm and can be omitted.

provider since 1.3.0

The provider attribute is optional.

mode

This can be either ENCRYPT or DECRYPT, depending on whether you're encrypting or decrypting.

Decrypting a message is done using the same interface as for encrypting. The only difference is that the underlying mode of operation is set in configuration to DECRYPT.

import com.springcryptoutils.core.cipher.symmetric.Base64EncodedCipherer;

public class ABase64EncryptionExample {

    @Autowired
    @Qualifier("encrypter")
    private Base64EncodedCipherer encrypter;

    @Autowired
    @Qualifier("decrypter")
    private Base64EncodedCipherer decrypter;

    // base64 encoded initialization vector
    private static final String iv = "AQIDBAUGAQI=";

    // base64 encoded encryption key
    private static final String key = "Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/";

    public void encryptAndDecrypt() {
        String b64encryptedMessage = encrypter.encrypt(key, iv, "a secret message");
        String decryptedMessage = decrypter.encrypt(key, iv, b64encryptedMessage);
    }
}

If the encryption key is static, you can configure it in the xml.

<crypt:symmetricCiphererWithStaticKey
    id="encrypter"
    keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding"
    key="Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/"
    initializationVector="AQIDBAUGAQI="
    provider="BC"
    mode="ENCRYPT"/>
<crypt:symmetricCiphererWithStaticKey
    id="decrypter"
    keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding"
    key="Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/"
    initializationVector="AQIDBAUGAQI="
    provider="BC"
    mode="DECRYPT">

keyAlgorithm

DESede is the default key algorithm and can be omitted.

cipherAlgorithm

DESede/CBC/PKCS5Padding (triple DES with cipher block chaining and PKCS#5 padding) is the default cipher algorithm and can be omitted.

key

The encryption key, base64 encoded.

initializationVector

The initialization vector, base64 encoded.

provider since 1.3.0

The provider attribute is optional.

mode

This can be either ENCRYPT or DECRYPT, depending on whether you're encrypting or decrypting.

Decrypting a message is done using the same interface as for encrypting. The only difference is that the underlying mode of operation is set in configuration to DECRYPT.

Here's an example implementation:

import com.springcryptoutils.core.cipher.symmetric.CiphererWithStaticKey;

public class MyEncryptionWithAStaticKey {

    @Autowired
    @Qualifier("encrypter")
    private CiphererWithStaticKey encrypter;

    @Autowired
    @Qualifier("decrypter")
    private CiphererWithStaticKey decrypter;

    public void encryptAndDecrypt() {
        final byte[] message = new byte[] {4, 8, 15, 16, 23, 42};
        byte[] encryptedMessage = encrypter.encrypt(message);
        byte[] decryptedMessage = decrypter.encrypt(encryptedMessage);
    }
}

If the encryption key is static and you want to work with base64 encoded data, you can configure the xml like this.

<crypt:b64SymmetricCiphererWithStaticKey
    id="encrypter"
    keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding"
    key="Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/"
    initializationVector="AQIDBAUGAQI="
    provider="BC"
    mode="ENCRYPT"/>
<crypt:b64SymmetricCiphererWithStaticKey
    id="decrypter"
    keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding"
    key="Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/"
    initializationVector="AQIDBAUGAQI="
    provider="BC"
    mode="DECRYPT">

keyAlgorithm

DESede is the default key algorithm and can be omitted.

cipherAlgorithm

DESede/CBC/PKCS5Padding (triple DES with cipher block chaining and PKCS#5 padding) is the default cipher algorithm and can be omitted.

key

The encryption key, base64 encoded.

initializationVector

The initialization vector, base64 encoded.

provider since 1.3.0

The provider attribute is optional.

mode

This can be either ENCRYPT or DECRYPT, depending on whether you're encrypting or decrypting.

Decrypting a message is done using the same interface as for encrypting. The only difference is that the underlying mode of operation is set in configuration to DECRYPT.

Here's an example implementation:

import com.springcryptoutils.core.cipher.symmetric.Base64EncodedCiphererWithStaticKey;

public class MyBase64EncryptionWithAStaticKey {

    @Autowired
    @Qualifier("encrypter")
    private Base64EncodedCiphererWithStaticKey encrypter;

    @Autowired
    @Qualifier("decrypter")
    private Base64EncodedCiphererWithStaticKey decrypter;

    public void encryptAndDecrypt() {
        final String message = "this is a top-secret message";
        String b64encryptedMessage = encrypter.encrypt(message);
        String decryptedMessage = decrypter.encrypt(b64encryptedMessage);
    }
}