Symmetric Encryption employs a shared secret in order to exchange messages securely.
<crypt:symmetricKeyGenerator id="generator" algorithm="DESede" provider="BC"/>
DESede
is the default algorithm and can be omitted.
provider
attribute is optional.
A symmetric key can then be generated like this:
import com.springcryptoutils.core.cipher.symmetric.KeyGenerator; public class MyKeyGenerator { @Autowired private KeyGenerator generator; public void generateANewKey() { byte[] key = generator.generate(); } }
Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there also is a base64 version of the key generator:
<crypt:b64SymmetricKeyGenerator id="generator" algorithm="DESede" provider="BC"/>
DESede
is the default algorithm and can be omitted.
provider
attribute is optional.
A symmetric key can then be generated like this:
import com.springcryptoutils.core.cipher.symmetric.Base64EncodedKeyGenerator; public class MyBase64KeyGenerator { @Autowired private Base64EncodedKeyGenerator generator; public void generateANewKey() { String b64key = generator.generate(); } }
<crypt:symmetricCipherer id="encrypter" keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding" provider="BC" mode="ENCRYPT"/> <crypt:symmetricCipherer id="decrypter" keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding" provider="BC" mode="DECRYPT"/>
DESede
is the default key algorithm and can be
omitted.
DESede/CBC/PKCS5Padding
(triple DES with cipher
block chaining and PKCS#5 padding) is the default cipher
algorithm and can be omitted.
provider
attribute is optional.
ENCRYPT
or
DECRYPT
, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT
.
import com.springcryptoutils.core.cipher.symmetric.Cipherer; public class AnEncryptionExample { @Autowired @Qualifier("encrypter") private Cipherer encrypter; @Autowired @Qualifier("decrypter") private Cipherer decrypter; // initialization vector private static final byte[] iv = new byte[] {1, 2, 3, 4, 5, 6, 7, 8}; // encryption key private static final byte[] key = new byte[] {...}; public void encryptAndDecrypt(byte[] clearTextMessage) { byte[] encryptedMessage = encrypter.encrypt(key, iv, clearTextMessage); byte[] theOriginalClearTextMessage = decrypter.encrypt(key, iv, encryptedMessage); } }
Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there also is a base64 version of the cipherer.
<crypt:b64SymmetricCipherer id="encrypter" keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding" provider="BC" mode="ENCRYPT"/> <crypt:b64SymmetricCipherer id="decrypter" keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding" provider="BC" mode="DECRYPT"/>
DESede
is the default key algorithm and can be
omitted.
DESede/CBC/PKCS5Padding
(triple DES with cipher
block chaining and PKCS#5 padding) is the default cipher
algorithm and can be omitted.
provider
attribute is optional.
ENCRYPT
or
DECRYPT
, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT
.
import com.springcryptoutils.core.cipher.symmetric.Base64EncodedCipherer; public class ABase64EncryptionExample { @Autowired @Qualifier("encrypter") private Base64EncodedCipherer encrypter; @Autowired @Qualifier("decrypter") private Base64EncodedCipherer decrypter; // base64 encoded initialization vector private static final String iv = "AQIDBAUGAQI="; // base64 encoded encryption key private static final String key = "Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/"; public void encryptAndDecrypt() { String b64encryptedMessage = encrypter.encrypt(key, iv, "a secret message"); String decryptedMessage = decrypter.encrypt(key, iv, b64encryptedMessage); } }
If the encryption key is static, you can configure it in the xml.
<crypt:symmetricCiphererWithStaticKey id="encrypter" keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding" key="Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/" initializationVector="AQIDBAUGAQI=" provider="BC" mode="ENCRYPT"/> <crypt:symmetricCiphererWithStaticKey id="decrypter" keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding" key="Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/" initializationVector="AQIDBAUGAQI=" provider="BC" mode="DECRYPT">
DESede
is the default key algorithm and can be
omitted.
DESede/CBC/PKCS5Padding
(triple DES with cipher
block chaining and PKCS#5 padding) is the default cipher
algorithm and can be omitted.
provider
attribute is optional.
ENCRYPT
or
DECRYPT
, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT
.
Here's an example implementation:
import com.springcryptoutils.core.cipher.symmetric.CiphererWithStaticKey; public class MyEncryptionWithAStaticKey { @Autowired @Qualifier("encrypter") private CiphererWithStaticKey encrypter; @Autowired @Qualifier("decrypter") private CiphererWithStaticKey decrypter; public void encryptAndDecrypt() { final byte[] message = new byte[] {4, 8, 15, 16, 23, 42}; byte[] encryptedMessage = encrypter.encrypt(message); byte[] decryptedMessage = decrypter.encrypt(encryptedMessage); } }
If the encryption key is static and you want to work with base64 encoded data, you can configure the xml like this.
<crypt:b64SymmetricCiphererWithStaticKey id="encrypter" keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding" key="Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/" initializationVector="AQIDBAUGAQI=" provider="BC" mode="ENCRYPT"/> <crypt:b64SymmetricCiphererWithStaticKey id="decrypter" keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding" key="Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/" initializationVector="AQIDBAUGAQI=" provider="BC" mode="DECRYPT">
DESede
is the default key algorithm and can be
omitted.
DESede/CBC/PKCS5Padding
(triple DES with cipher
block chaining and PKCS#5 padding) is the default cipher
algorithm and can be omitted.
provider
attribute is optional.
ENCRYPT
or
DECRYPT
, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT
.
Here's an example implementation:
import com.springcryptoutils.core.cipher.symmetric.Base64EncodedCiphererWithStaticKey; public class MyBase64EncryptionWithAStaticKey { @Autowired @Qualifier("encrypter") private Base64EncodedCiphererWithStaticKey encrypter; @Autowired @Qualifier("decrypter") private Base64EncodedCiphererWithStaticKey decrypter; public void encryptAndDecrypt() { final String message = "this is a top-secret message"; String b64encryptedMessage = encrypter.encrypt(message); String decryptedMessage = decrypter.encrypt(b64encryptedMessage); } }