Package org.springframework.security.crypto.encrypt

Class Encryptors

java.lang.Object

org.springframework.security.crypto.encrypt.Encryptors

public final class Encryptors
extends Object

Factory for commonly used encryptors. Defines the public API for constructing BytesEncryptor and TextEncryptor implementations.

Method Summary

Modifier and Type	Method	Description
static TextEncryptor	delux(CharSequence password, CharSequence salt)	Creates a text encryptor that uses "stronger" password-based encryption.
static TextEncryptor	noOpText()	Creates a text encryptor that performs no encryption.
static BytesEncryptor	standard(CharSequence password, CharSequence salt)	Creates a standard password-based bytes encryptor using 256 bit AES encryption.
static BytesEncryptor	stronger(CharSequence password, CharSequence salt)	Creates a standard password-based bytes encryptor using 256 bit AES encryption with Galois Counter Mode (GCM).
static TextEncryptor	text(CharSequence password, CharSequence salt)	Creates a text encryptor that uses "standard" password-based encryption.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

stronger

public static BytesEncryptor stronger(CharSequence password,
 CharSequence salt)

Creates a standard password-based bytes encryptor using 256 bit AES encryption with Galois Counter Mode (GCM). Derives the secret key using PKCS #5's PBKDF2 (Password-Based Key Derivation Function #2). Salts the password to prevent dictionary attacks against the key. The provided salt is expected to be hex-encoded; it should be random and at least 8 bytes in length. Also applies a random 16-byte initialization vector to ensure each encrypted message will be unique. Requires Java 6.

Parameters:

password - the password used to generate the encryptor's secret key; should not be shared

salt - a hex-encoded, random, site-global salt value to use to generate the key

standard

public static BytesEncryptor standard(CharSequence password,
 CharSequence salt)

Creates a standard password-based bytes encryptor using 256 bit AES encryption. Derives the secret key using PKCS #5's PBKDF2 (Password-Based Key Derivation Function #2). Salts the password to prevent dictionary attacks against the key. The provided salt is expected to be hex-encoded; it should be random and at least 8 bytes in length. Also applies a random 16-byte initialization vector to ensure each encrypted message will be unique. Requires Java 6. NOTE: This mode is not authenticated and does not provide any guarantees about the authenticity of the data. For a more secure alternative, users should prefer stronger(CharSequence, CharSequence).

Parameters:

password - the password used to generate the encryptor's secret key; should not be shared

salt - a hex-encoded, random, site-global salt value to use to generate the key

See Also:

• stronger(CharSequence, CharSequence)

delux

public static TextEncryptor delux(CharSequence password,
 CharSequence salt)

Creates a text encryptor that uses "stronger" password-based encryption. Encrypted text is hex-encoded.

Parameters:

password - the password used to generate the encryptor's secret key; should not be shared

See Also:

• stronger(CharSequence, CharSequence)

text

public static TextEncryptor text(CharSequence password,
 CharSequence salt)

Creates a text encryptor that uses "standard" password-based encryption. Encrypted text is hex-encoded.

Parameters:

password - the password used to generate the encryptor's secret key; should not be shared

See Also:

• standard(CharSequence, CharSequence)

noOpText

public static TextEncryptor noOpText()

Creates a text encryptor that performs no encryption. Useful for developer testing environments where working with plain text strings is desired for simplicity.