Package org.springframework.security.crypto.encrypt

Class Encryptors

  • public final class Encryptors
extends java.lang.Object
    Factory for commonly used encryptors. Defines the public API for constructing BytesEncryptor and TextEncryptor implementations.

    • Method Summary

      All Methods Static Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      static TextEncryptor delux​(java.lang.CharSequence password, java.lang.CharSequence salt)
      Creates a text encryptor that uses "stronger" password-based encryption.
      static TextEncryptor noOpText()
      Creates a text encryptor that performs no encryption.
      static TextEncryptor queryableText​(java.lang.CharSequence password, java.lang.CharSequence salt)
      Deprecated.
      This encryptor is not secure.
      static BytesEncryptor standard​(java.lang.CharSequence password, java.lang.CharSequence salt)
      Creates a standard password-based bytes encryptor using 256 bit AES encryption.
      static BytesEncryptor stronger​(java.lang.CharSequence password, java.lang.CharSequence salt)
      Creates a standard password-based bytes encryptor using 256 bit AES encryption with Galois Counter Mode (GCM).
      static TextEncryptor text​(java.lang.CharSequence password, java.lang.CharSequence salt)
      Creates a text encryptor that uses "standard" password-based encryption.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • stronger

        public static BytesEncryptor stronger​(java.lang.CharSequence password,
                                      java.lang.CharSequence salt)
        Creates a standard password-based bytes encryptor using 256 bit AES encryption with Galois Counter Mode (GCM). Derives the secret key using PKCS #5's PBKDF2 (Password-Based Key Derivation Function #2). Salts the password to prevent dictionary attacks against the key. The provided salt is expected to be hex-encoded; it should be random and at least 8 bytes in length. Also applies a random 16-byte initialization vector to ensure each encrypted message will be unique. Requires Java 6.
        Parameters:
        password - the password used to generate the encryptor's secret key; should not be shared
        salt - a hex-encoded, random, site-global salt value to use to generate the key

      • standard

        public static BytesEncryptor standard​(java.lang.CharSequence password,
                                      java.lang.CharSequence salt)
        Creates a standard password-based bytes encryptor using 256 bit AES encryption. Derives the secret key using PKCS #5's PBKDF2 (Password-Based Key Derivation Function #2). Salts the password to prevent dictionary attacks against the key. The provided salt is expected to be hex-encoded; it should be random and at least 8 bytes in length. Also applies a random 16-byte initialization vector to ensure each encrypted message will be unique. Requires Java 6. NOTE: This mode is not authenticated and does not provide any guarantees about the authenticity of the data. For a more secure alternative, users should prefer stronger(CharSequence, CharSequence).
        Parameters:
        password - the password used to generate the encryptor's secret key; should not be shared
        salt - a hex-encoded, random, site-global salt value to use to generate the key
        See Also:
        stronger(CharSequence, CharSequence)

      • delux

        public static TextEncryptor delux​(java.lang.CharSequence password,
                                  java.lang.CharSequence salt)
        Creates a text encryptor that uses "stronger" password-based encryption. Encrypted text is hex-encoded.
        Parameters:
        password - the password used to generate the encryptor's secret key; should not be shared
        See Also:
        stronger(CharSequence, CharSequence)

      • text

        public static TextEncryptor text​(java.lang.CharSequence password,
                                 java.lang.CharSequence salt)
        Creates a text encryptor that uses "standard" password-based encryption. Encrypted text is hex-encoded.
        Parameters:
        password - the password used to generate the encryptor's secret key; should not be shared
        See Also:
        standard(CharSequence, CharSequence)

      • queryableText

        @Deprecated
public static TextEncryptor queryableText​(java.lang.CharSequence password,
                                          java.lang.CharSequence salt)
        Deprecated.
        This encryptor is not secure. Instead, look to your data store for a mechanism to query encrypted data.
        Creates an encryptor for queryable text strings that uses standard password-based encryption. Uses a 16-byte all-zero initialization vector so encrypting the same data results in the same encryption result. This is done to allow encrypted data to be queried against. Encrypted text is hex-encoded.
        Parameters:
        password - the password used to generate the encryptor's secret key; should not be shared
        salt - a hex-encoded, random, site-global salt value to use to generate the secret key

      • noOpText

        public static TextEncryptor noOpText()
        Creates a text encryptor that performs no encryption. Useful for developer testing environments where working with plain text strings is desired for simplicity.