This class performs encryption and
decryption of byte arrays. Cipher is
provider-based, so to obtain a Cipher object, you
must call the static getInstance( )
factory method. The arguments to getInstance( ) are a string that
describes the type of encryption desired and, optionally, the name of
the provider whose implementation should be used. To specify the
desired type of encryption, you can simply specify the name of an
encryption algorithm, such as
"DES". In Java 5.0, the
"SunJCE" provider supports the
following algorithm names:
|
AES
|
DES
|
RSA
|
|
AESWrap
|
DESede
|
PBEWithMD5AndDES
|
|
ARCFOUR
|
DESedeWrap
|
PBEWithMD5AndTripleDES
|
|
Blowfish
|
RC2
|
PBEWithSHA1AndRC2_40
|
Advanced users may specify a three-part algorithm name that includes
the encryption algorithm, the algorithm operating mode, and the
padding scheme. These three parts are separated by slash characters,
as in "DES/CBC/PKCS5Padding".
Finally, if you are requesting a block cipher algorithm in a stream
mode, you can specify the number of bits to be processed at a time by
following the name of the feedback mode with a number of bits. For
example: "DES/CFB8/NoPadding".
Details of supported operating modes and padding schemes are beyond
the scope of this book. In Java 5.0, you can obtain details about the
services available through the SunJCE (or any other) provider through
the java.security.Provider.Services class.
Once
you have obtained a Cipher object for the desired
cryptographic algorithm, mode, and padding scheme, you must
initialize it by calling one of the init( )
methods. The first argument to init( ) is one of
the constants ENCRYPT_MODE or
DECRYPT_MODE. The second argument is a
java.security.Key object that performs the
encryption or decryption. If you use one of the symmetric (i.e.,
nonpublic key) encryption algorithms supported by the
"SunJCE" provider, this
Key object is a SecretKey
implementation. Note that some cryptographic providers restrict the
maximum allowed key length based on a jurisdiction policy file. In
Java 5.0 you can query the maximum
allowed key length for a named encryption algorithm with
getMaxAllowedKeyLength(
). You can optionally pass a
java.security.SecureRandom object to
init( ) to provide a source of randomness. If you
do not, the Cipher implementation provides its own
pseudorandom number generator.
Some cryptographic algorithms require
additional initialization parameters; these can be passed to
init( ) as a
java.security.AlgorithmParameters object or as a
java.security.spec.AlgorithmParameterSpec object.
When encrypting, you can omit these parameters, and the
Cipher implementation uses default values or
generates appropriate random parameters for you. In this case, you
should call getParameters( ) after performing
encryption to obtain the AlgorithmParameters used
to encrypt. These parameters are required in order to decrypt, and
must therefore be saved or transferred along with the encrypted data.
Of the algorithms supported by the
"SunJCE" provider, the block
ciphers "DES",
"DESede", and
"Blowfish" all require an
initialization vector when they are used in
"CBC",
"CFB",
"OFB", or
"PCBC" mode. You can represent an
initialization vector with a
javax.crypto.spec.IvParameterSpec object and
obtain the raw bytes of the initialization vector used by a
Cipher with the getIV( )
method. The "PBEWithMD5AndDES"
algorithm requires a salt and iteration count as parameters. These
can be specified with a
javax.crypto.spec.PBEParameterSpec object.
Once you
have obtained and initialized a Cipher object, you
are ready to use it for encryption or decryption. If you have only a
single array of bytes to encrypt or decrypt, pass that input array to
one of the doFinal( ) methods. Some versions of
this method return the encrypted or decrypted bytes as the return
value of the function. Other versions store the encrypted or
decrypted bytes to another byte array you specify. If you choose to
use one of these latter methods, you should first call
getOutputSize( ) to determine the required size of
the output array. If you want to encrypt or decrypt data from a
streaming source or have more than one array of data, pass the data
to one of the update( ) methods, calling it as
many times as necessary. Then pass the last array of data to one of
the doFinal( ) methods. If you are working with
streaming data, consider using the
CipherInputStream and
CipherOutputStream classes instead.
Java 5.0 adds versions of the update( ) and
doFinal( ) that work with
ByteBuffer objects, which facilitates the use of
encryption and decryption with the New I/O API of
java.nio.
public class Cipher {
// Protected Constructors
protected Cipher(CipherSpi cipherSpi, java.security.Provider provider,
String transformation);
// Public Constants
public static final int DECRYPT_MODE; =2
public static final int ENCRYPT_MODE; =1
public static final int PRIVATE_KEY; =2
public static final int PUBLIC_KEY; =1
public static final int SECRET_KEY; =3
public static final int UNWRAP_MODE; =4
public static final int WRAP_MODE; =3
// Public Class Methods
public static final Cipher getInstance(String transformation)
throws java.security.NoSuchAlgorithmException, NoSuchPaddingException;
public static final Cipher getInstance(String transformation, String provider)
throws java.security.NoSuchAlgorithmException,
java.security.NoSuchProviderException, NoSuchPaddingException;
public static final Cipher getInstance(String transformation,
java.security.Provider provider) throws java.security.NoSuchAlgorithmException,
NoSuchPaddingException;
5.0 public static final int getMaxAllowedKeyLength(String transformation)
throws java.security.NoSuchAlgorithmException;
5.0 public static final java.security.spec.AlgorithmParameterSpec
getMaxAllowedParameterSpec(String transformation)
throws java.security.NoSuchAlgorithmException;
// Public Instance Methods
public final byte[ ] doFinal( ) throws IllegalBlockSizeException, BadPaddingException;
public final byte[ ] doFinal(byte[ ] input)
throws IllegalBlockSizeException, BadPaddingException;
public final int doFinal(byte[ ] output, int outputOffset)
throws IllegalBlockSizeException, ShortBufferException, BadPaddingException;
5.0 public final int doFinal(java.nio.ByteBuffer input, java.nio.ByteBuffer output)
throws ShortBufferException, IllegalBlockSizeException, BadPaddingException;
public final byte[ ] doFinal(byte[ ] input, int inputOffset, int inputLen)
throws IllegalBlockSizeException, BadPaddingException;
public final int doFinal(byte[ ] input, int inputOffset, int inputLen, byte[ ] output)
throws ShortBufferException, IllegalBlockSizeException, BadPaddingException;
public final int doFinal(byte[ ] input, int inputOffset, int inputLen,
byte[ ] output, int outputOffset)
throws ShortBufferException, IllegalBlockSizeException, BadPaddingException;
public final String getAlgorithm( );
public final int getBlockSize( );
public final ExemptionMechanism getExemptionMechanism( );
public final byte[ ] getIV( );
public final int getOutputSize(int inputLen);
public final java.security.AlgorithmParameters getParameters( );
public final java.security.Provider getProvider( );
public final void init(int opmode, java.security.cert.Certificate certificate)
throws java.security.InvalidKeyException;
public final void init(int opmode, java.security.Key key)
throws java.security.InvalidKeyException;
public final void init(int opmode, java.security.Key key,
java.security.AlgorithmParameters params)
throws java.security.InvalidKeyException,
java.security.InvalidAlgorithmParameterException;
public final void init(int opmode, java.security.cert.Certificate certificate,
java.security.SecureRandom random)
throws java.security.InvalidKeyException;
public final void init(int opmode, java.security.Key key,
java.security.SecureRandom random)
throws java.security.InvalidKeyException;
public final void init(int opmode, java.security.Key key,
java.security.spec.AlgorithmParameterSpec params)
throws java.security.InvalidKeyException,
java.security.InvalidAlgorithmParameterException;
public final void init(int opmode, java.security.Key key,
java.security.spec.AlgorithmParameterSpec params,
java.security.SecureRandom random)
throws java.security.InvalidKeyException,
java.security.InvalidAlgorithmParameterException;
public final void init(int opmode, java.security.Key key,
java.security.AlgorithmParameters params,
java.security.SecureRandom random)
throws java.security.InvalidKeyException,
java.security.InvalidAlgorithmParameterException;
public final java.security.Key unwrap(byte[ ] wrappedKey, String wrappedKeyAlgorithm,
int wrappedKeyType) throws java.security.InvalidKeyException,
java.security.NoSuchAlgorithmException;
public final byte[ ] update(byte[ ] input);
5.0 public final int update(java.nio.ByteBuffer input, java.nio.ByteBuffer output)
throws ShortBufferException;
public final byte[ ] update(byte[ ] input, int inputOffset, int inputLen);
public final int update(byte[ ] input, int inputOffset, int inputLen, byte[ ] output)
throws ShortBufferException;
public final int update(byte[ ] input, int inputOffset, int inputLen, byte[ ] output,
int outputOffset) throws ShortBufferException;
public final byte[ ] wrap(java.security.Key key) throws IllegalBlockSizeException,
java.security.InvalidKeyException;
}
