Class Encryptors
- java.lang.Object
-
- org.springframework.security.crypto.encrypt.Encryptors
-
public class Encryptors extends java.lang.Object
Factory for commonly used encryptors. Defines the public API for constructingBytesEncryptor
andTextEncryptor
implementations.
-
-
Method Summary
All Methods Static Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static TextEncryptor
delux(java.lang.CharSequence password, java.lang.CharSequence salt)
Creates a text encryptor that uses "stronger" password-based encryption.static TextEncryptor
noOpText()
Creates a text encryptor that performs no encryption.static TextEncryptor
queryableText(java.lang.CharSequence password, java.lang.CharSequence salt)
Deprecated.This encryptor is not secure.static BytesEncryptor
standard(java.lang.CharSequence password, java.lang.CharSequence salt)
Creates a standard password-based bytes encryptor using 256 bit AES encryption.static BytesEncryptor
stronger(java.lang.CharSequence password, java.lang.CharSequence salt)
Creates a standard password-based bytes encryptor using 256 bit AES encryption with Galois Counter Mode (GCM).static TextEncryptor
text(java.lang.CharSequence password, java.lang.CharSequence salt)
Creates a text encryptor that uses "standard" password-based encryption.
-
-
-
Method Detail
-
stronger
public static BytesEncryptor stronger(java.lang.CharSequence password, java.lang.CharSequence salt)
Creates a standard password-based bytes encryptor using 256 bit AES encryption with Galois Counter Mode (GCM). Derives the secret key using PKCS #5's PBKDF2 (Password-Based Key Derivation Function #2). Salts the password to prevent dictionary attacks against the key. The provided salt is expected to be hex-encoded; it should be random and at least 8 bytes in length. Also applies a random 16-byte initialization vector to ensure each encrypted message will be unique. Requires Java 6.- Parameters:
password
- the password used to generate the encryptor's secret key; should not be sharedsalt
- a hex-encoded, random, site-global salt value to use to generate the key
-
standard
public static BytesEncryptor standard(java.lang.CharSequence password, java.lang.CharSequence salt)
Creates a standard password-based bytes encryptor using 256 bit AES encryption. Derives the secret key using PKCS #5's PBKDF2 (Password-Based Key Derivation Function #2). Salts the password to prevent dictionary attacks against the key. The provided salt is expected to be hex-encoded; it should be random and at least 8 bytes in length. Also applies a random 16-byte initialization vector to ensure each encrypted message will be unique. Requires Java 6. NOTE: This mode is not authenticated and does not provide any guarantees about the authenticity of the data. For a more secure alternative, users should preferstronger(CharSequence, CharSequence)
.- Parameters:
password
- the password used to generate the encryptor's secret key; should not be sharedsalt
- a hex-encoded, random, site-global salt value to use to generate the key
-
delux
public static TextEncryptor delux(java.lang.CharSequence password, java.lang.CharSequence salt)
Creates a text encryptor that uses "stronger" password-based encryption. Encrypted text is hex-encoded.- Parameters:
password
- the password used to generate the encryptor's secret key; should not be shared- See Also:
stronger(CharSequence, CharSequence)
-
text
public static TextEncryptor text(java.lang.CharSequence password, java.lang.CharSequence salt)
Creates a text encryptor that uses "standard" password-based encryption. Encrypted text is hex-encoded.- Parameters:
password
- the password used to generate the encryptor's secret key; should not be shared- See Also:
standard(CharSequence, CharSequence)
-
queryableText
@Deprecated public static TextEncryptor queryableText(java.lang.CharSequence password, java.lang.CharSequence salt)
Deprecated.This encryptor is not secure. Instead, look to your data store for a mechanism to query encrypted data.Creates an encryptor for queryable text strings that uses standard password-based encryption. Uses a 16-byte all-zero initialization vector so encrypting the same data results in the same encryption result. This is done to allow encrypted data to be queried against. Encrypted text is hex-encoded.- Parameters:
password
- the password used to generate the encryptor's secret key; should not be sharedsalt
- a hex-encoded, random, site-global salt value to use to generate the secret key
-
noOpText
public static TextEncryptor noOpText()
Creates a text encryptor that performs no encryption. Useful for developer testing environments where working with plain text strings is desired for simplicity.
-
-