org.springframework.security.crypto.encrypt

Class Encryptors

java.lang.Object

org.springframework.security.crypto.encrypt.Encryptors

public class Encryptors
extends java.lang.Object

Factory for commonly used encryptors. Defines the public API for constructing BytesEncryptor and TextEncryptor implementations.

Method Summary

Modifier and Type	Method and Description
static TextEncryptor	delux(java.lang.CharSequence password, java.lang.CharSequence salt) Creates a text encryptor that uses "stronger" password-based encryption.
static TextEncryptor	noOpText() Creates a text encryptor that performs no encryption.
static TextEncryptor	queryableText(java.lang.CharSequence password, java.lang.CharSequence salt) Deprecated. This encryptor is not secure. Instead, look to your data store for a mechanism to query encrypted data.
static BytesEncryptor	standard(java.lang.CharSequence password, java.lang.CharSequence salt) Creates a standard password-based bytes encryptor using 256 bit AES encryption.
static BytesEncryptor	stronger(java.lang.CharSequence password, java.lang.CharSequence salt) Creates a standard password-based bytes encryptor using 256 bit AES encryption with Galois Counter Mode (GCM).
static TextEncryptor	text(java.lang.CharSequence password, java.lang.CharSequence salt) Creates a text encryptor that uses "standard" password-based encryption.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

stronger

public static BytesEncryptor stronger(java.lang.CharSequence password,
                                      java.lang.CharSequence salt)

Creates a standard password-based bytes encryptor using 256 bit AES encryption with Galois Counter Mode (GCM). Derives the secret key using PKCS #5's PBKDF2 (Password-Based Key Derivation Function #2). Salts the password to prevent dictionary attacks against the key. The provided salt is expected to be hex-encoded; it should be random and at least 8 bytes in length. Also applies a random 16-byte initialization vector to ensure each encrypted message will be unique. Requires Java 6.

Parameters:

password - the password used to generate the encryptor's secret key; should not be shared

salt - a hex-encoded, random, site-global salt value to use to generate the key

standard

public static BytesEncryptor standard(java.lang.CharSequence password,
                                      java.lang.CharSequence salt)

Creates a standard password-based bytes encryptor using 256 bit AES encryption. Derives the secret key using PKCS #5's PBKDF2 (Password-Based Key Derivation Function #2). Salts the password to prevent dictionary attacks against the key. The provided salt is expected to be hex-encoded; it should be random and at least 8 bytes in length. Also applies a random 16-byte initialization vector to ensure each encrypted message will be unique. Requires Java 6. NOTE: This mode is not authenticated and does not provide any guarantees about the authenticity of the data. For a more secure alternative, users should prefer stronger(CharSequence, CharSequence).

Parameters:

password - the password used to generate the encryptor's secret key; should not be shared

salt - a hex-encoded, random, site-global salt value to use to generate the key

See Also:

#stronger(CharSequence, CharSequence), which uses the significatly more secure GCM (instead of CBC)

delux

public static TextEncryptor delux(java.lang.CharSequence password,
                                  java.lang.CharSequence salt)

Creates a text encryptor that uses "stronger" password-based encryption. Encrypted text is hex-encoded.

Parameters:

password - the password used to generate the encryptor's secret key; should not be shared

See Also:

stronger(CharSequence, CharSequence)

text

public static TextEncryptor text(java.lang.CharSequence password,
                                 java.lang.CharSequence salt)

Creates a text encryptor that uses "standard" password-based encryption. Encrypted text is hex-encoded.

Parameters:

password - the password used to generate the encryptor's secret key; should not be shared

See Also:

standard(CharSequence, CharSequence)

queryableText

@Deprecated
public static TextEncryptor queryableText(java.lang.CharSequence password,
                                                      java.lang.CharSequence salt)

Deprecated. This encryptor is not secure. Instead, look to your data store for a mechanism to query encrypted data.

Creates an encryptor for queryable text strings that uses standard password-based encryption. Uses a 16-byte all-zero initialization vector so encrypting the same data results in the same encryption result. This is done to allow encrypted data to be queried against. Encrypted text is hex-encoded.

Parameters:

password - the password used to generate the encryptor's secret key; should not be shared

salt - a hex-encoded, random, site-global salt value to use to generate the secret key

noOpText

public static TextEncryptor noOpText()

Creates a text encryptor that performs no encryption. Useful for developer testing environments where working with plain text strings is desired for simplicity.