Fork me on GitHub

Java Cryptography Guide with Apache Shiro

Share |

Cryptography is the protecting of information from undesired access by hiding it or converting it into nonsense so that no one can read it.

Shiro is a major part of Shiro because we wanted to provide you with simplicity on what is typically a very complex topic. For example, the Java Cryptography Extension (JCE) already handles cryptography in a Java environment but is very difficult to learn and use. So we grabbed the concepts made available by the JCE API and make them available to us mortals. In addition, all of the calls in the JCE are procedural which doesn’t fit in Java’s Object Oriented paradigm. So in Shiro, our cryptography features are all object oriented.

Elements of Cryptography

cryptography has two core elements in Shiro– ciphers and hashes.

Ciphers Defined

Ciphers are algorightms that can either encrypt or decrypt based on public or private key pair. And there are two different types of ciphers:

Symmetric Cipher - encrypts and decrypts using the same key.
Asymmetric Cipher - uses different keys for encryption and decryption.

Both cipher type are support in Shiro.

Hashes Defined

A hash is a one-way irreversible conversion of an input source. In the JDK, a hash is referred to as a message digest. A cryptographic hash and a message digests are the same thing and both terms or correct.

Common uses for Hashes

Hashes are often used to transforms credentials like passwords or biometric data. It’s a one way transformation so you can never see what the original value was. This is a very safe way of storing passwords so that no one other than the user will ever know a password, even if your system is compromised.

In addition, Shiro’s hashes can be used with any type of data with an underlying byte array. Examples of this data include files, streams, byte arrays, strings, and character arrays.

Cipher Features

Shiro’s CipherService Interface

public interface CipherService {

   ByteSource encrypt( byte[] raw, byte[] key);

   void encrypt(InputStream in, OutputStream out, byte[] key);

   ByteSource decrypt( byte[] cipherText, byte[] key);

   void decrypt(InputStream in, OutputStream out, byte[] key);
}

Hash Features

Tip

Salts are important when hashing ...

Tip

Repeated hashes are important when hashing ...

Shiro’s Hash Interface

public interface Hash {
   byte[] getBytes();
   String toHex();
   String toBase64();
}

Examples of how to use Hashes in your code

//some examples: 
new Md5Hash(“foo”).toHex();

//File MD5 Hash value for checksum: 
new MD5Hash( aFile ).toHex();

//store a password, but not raw: 
new Sha256(aPassword, salt, 1024).toBase64();

Lend a hand with documentation

While we hope this documentation helps you with the work you're doing with Apache Shiro, the community is improving and expanding the documentation all the time. If you'd like to help the Shiro project, please consider correcting, expanding, or adding documentation where you see a need. Every little bit of help you provide expands the community and in turn improves Shiro.

The easiest way to contribute your documentation is to submit a pull-request by clicking on the Edit link below, send it to the User Forum or the User Mailing List.