Symmetric Encryption employs a shared secret in order to exchange messages securely.
<crypt:symmetricKeyGenerator id="generator" algorithm="DESede" provider="BC"/>
DESede is the default algorithm and can be omitted.
provider attribute is optional.
A symmetric key can then be generated like this:
import com.springcryptoutils.core.cipher.symmetric.KeyGenerator;
public class MyKeyGenerator {
@Autowired
private KeyGenerator generator;
public void generateANewKey() {
byte[] key = generator.generate();
}
}
Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there also is a base64 version of the key generator:
<crypt:b64SymmetricKeyGenerator id="generator" algorithm="DESede" provider="BC"/>
DESede is the default algorithm and can be omitted.
provider attribute is optional.
A symmetric key can then be generated like this:
import com.springcryptoutils.core.cipher.symmetric.Base64EncodedKeyGenerator;
public class MyBase64KeyGenerator {
@Autowired
private Base64EncodedKeyGenerator generator;
public void generateANewKey() {
String b64key = generator.generate();
}
}
<crypt:symmetricCipherer id="encrypter" keyAlgorithm="DESede"
cipherAlgorithm="DESede/CBC/PKCS5Padding" provider="BC"
mode="ENCRYPT"/>
<crypt:symmetricCipherer id="decrypter" keyAlgorithm="DESede"
cipherAlgorithm="DESede/CBC/PKCS5Padding" provider="BC"
mode="DECRYPT"/>
DESede is the default key algorithm and can be
omitted.
DESede/CBC/PKCS5Padding (triple DES with cipher
block chaining and PKCS#5 padding) is the default cipher
algorithm and can be omitted.
provider attribute is optional.
ENCRYPT or
DECRYPT, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT.
import com.springcryptoutils.core.cipher.symmetric.Cipherer;
public class AnEncryptionExample {
@Autowired
@Qualifier("encrypter")
private Cipherer encrypter;
@Autowired
@Qualifier("decrypter")
private Cipherer decrypter;
// initialization vector
private static final byte[] iv = new byte[] {1, 2, 3, 4, 5, 6, 7, 8};
// encryption key
private static final byte[] key = new byte[] {...};
public void encryptAndDecrypt(byte[] clearTextMessage) {
byte[] encryptedMessage = encrypter.encrypt(key, iv, clearTextMessage);
byte[] theOriginalClearTextMessage = decrypter.encrypt(key, iv, encryptedMessage);
}
}
Because you don't usually work directly with byte arrays, but rather with a base64 encoded version of such data, there also is a base64 version of the cipherer.
<crypt:b64SymmetricCipherer id="encrypter" keyAlgorithm="DESede"
cipherAlgorithm="DESede/CBC/PKCS5Padding" provider="BC"
mode="ENCRYPT"/>
<crypt:b64SymmetricCipherer id="decrypter" keyAlgorithm="DESede"
cipherAlgorithm="DESede/CBC/PKCS5Padding" provider="BC"
mode="DECRYPT"/>
DESede is the default key algorithm and can be
omitted.
DESede/CBC/PKCS5Padding (triple DES with cipher
block chaining and PKCS#5 padding) is the default cipher
algorithm and can be omitted.
provider attribute is optional.
ENCRYPT or
DECRYPT, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT.
import com.springcryptoutils.core.cipher.symmetric.Base64EncodedCipherer;
public class ABase64EncryptionExample {
@Autowired
@Qualifier("encrypter")
private Base64EncodedCipherer encrypter;
@Autowired
@Qualifier("decrypter")
private Base64EncodedCipherer decrypter;
// base64 encoded initialization vector
private static final String iv = "AQIDBAUGAQI=";
// base64 encoded encryption key
private static final String key = "Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/";
public void encryptAndDecrypt() {
String b64encryptedMessage = encrypter.encrypt(key, iv, "a secret message");
String decryptedMessage = decrypter.encrypt(key, iv, b64encryptedMessage);
}
}
If the encryption key is static, you can configure it in the xml.
<crypt:symmetricCiphererWithStaticKey
id="encrypter"
keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding"
key="Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/"
initializationVector="AQIDBAUGAQI="
provider="BC"
mode="ENCRYPT"/>
<crypt:symmetricCiphererWithStaticKey
id="decrypter"
keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding"
key="Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/"
initializationVector="AQIDBAUGAQI="
provider="BC"
mode="DECRYPT">
DESede is the default key algorithm and can be
omitted.
DESede/CBC/PKCS5Padding (triple DES with cipher
block chaining and PKCS#5 padding) is the default cipher
algorithm and can be omitted.
provider attribute is optional.
ENCRYPT or
DECRYPT, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT.
Here's an example implementation:
import com.springcryptoutils.core.cipher.symmetric.CiphererWithStaticKey;
public class MyEncryptionWithAStaticKey {
@Autowired
@Qualifier("encrypter")
private CiphererWithStaticKey encrypter;
@Autowired
@Qualifier("decrypter")
private CiphererWithStaticKey decrypter;
public void encryptAndDecrypt() {
final byte[] message = new byte[] {4, 8, 15, 16, 23, 42};
byte[] encryptedMessage = encrypter.encrypt(message);
byte[] decryptedMessage = decrypter.encrypt(encryptedMessage);
}
}
If the encryption key is static and you want to work with base64 encoded data, you can configure the xml like this.
<crypt:b64SymmetricCiphererWithStaticKey
id="encrypter"
keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding"
key="Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/"
initializationVector="AQIDBAUGAQI="
provider="BC"
mode="ENCRYPT"/>
<crypt:b64SymmetricCiphererWithStaticKey
id="decrypter"
keyAlgorithm="DESede" cipherAlgorithm="DESede/CBC/PKCS5Padding"
key="Rs3xEA16I52XJpsWwkw4GrB8l6FiVGK/"
initializationVector="AQIDBAUGAQI="
provider="BC"
mode="DECRYPT">
DESede is the default key algorithm and can be
omitted.
DESede/CBC/PKCS5Padding (triple DES with cipher
block chaining and PKCS#5 padding) is the default cipher
algorithm and can be omitted.
provider attribute is optional.
ENCRYPT or
DECRYPT, depending on whether you're encrypting
or decrypting.
Decrypting a message is done using the same interface as for
encrypting. The only difference is that the underlying mode
of operation is set in configuration to
DECRYPT.
Here's an example implementation:
import com.springcryptoutils.core.cipher.symmetric.Base64EncodedCiphererWithStaticKey;
public class MyBase64EncryptionWithAStaticKey {
@Autowired
@Qualifier("encrypter")
private Base64EncodedCiphererWithStaticKey encrypter;
@Autowired
@Qualifier("decrypter")
private Base64EncodedCiphererWithStaticKey decrypter;
public void encryptAndDecrypt() {
final String message = "this is a top-secret message";
String b64encryptedMessage = encrypter.encrypt(message);
String decryptedMessage = decrypter.encrypt(b64encryptedMessage);
}
}