Package org.apache.shiro.crypto
Class AesCipherService
- java.lang.Object
-
- org.apache.shiro.crypto.JcaCipherService
-
- org.apache.shiro.crypto.AbstractSymmetricCipherService
-
- org.apache.shiro.crypto.DefaultBlockCipherService
-
- org.apache.shiro.crypto.AesCipherService
-
- All Implemented Interfaces:
CipherService
public class AesCipherService extends DefaultBlockCipherService
CipherServiceusing theAEScipher algorithm for all encryption, decryption, and key operations. The AES algorithm can support key sizes of128,192and256bits*. This implementation defaults to 128 bits. Note that this class retains changes the parent class's defaultCBCmode toGCMof operation instead of the typical JDK default ofECB.ECBshould not be used in security-sensitive environments becauseECBdoes not allow for initialization vectors, which are considered necessary for strong encryption. See theparent class's JavaDoc and theJcaCipherServiceJavaDoc for more on why the JDK default should not be used and is not used in this implementation. * Generating and using AES key sizes greater than 128 require installation of the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files.- Since:
- 1.0
-
-
Constructor Summary
Constructors Constructor Description AesCipherService()Creates a newCipherServiceinstance using theAEScipher algorithm with the following important cipher default attributes: Attribute ValuekeySize128bitsblockSize128bits (required forAESmodeGCM*paddingSchemeNoPadding***initializationVectorSize128bitsgenerateInitializationVectorstrue**
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected AlgorithmParameterSpeccreateParameterSpec(byte[] iv, boolean streaming)-
Methods inherited from class org.apache.shiro.crypto.DefaultBlockCipherService
generateInitializationVector, getBlockSize, getModeName, getPaddingSchemeName, getStreamingBlockSize, getStreamingModeName, getStreamingPaddingSchemeName, getTransformationString, isGenerateInitializationVectors, setBlockSize, setMode, setModeName, setPaddingScheme, setPaddingSchemeName, setStreamingBlockSize, setStreamingMode, setStreamingModeName, setStreamingPaddingScheme, setStreamingPaddingSchemeName
-
Methods inherited from class org.apache.shiro.crypto.AbstractSymmetricCipherService
generateNewKey, generateNewKey
-
Methods inherited from class org.apache.shiro.crypto.JcaCipherService
decrypt, decrypt, encrypt, encrypt, ensureSecureRandom, getAlgorithmName, getDefaultSecureRandom, getInitializationVectorSize, getKeySize, getSecureRandom, getStreamingBufferSize, isGenerateInitializationVectors, setGenerateInitializationVectors, setInitializationVectorSize, setKeySize, setSecureRandom, setStreamingBufferSize
-
-
-
-
Constructor Detail
-
AesCipherService
public AesCipherService()
Creates a newCipherServiceinstance using theAEScipher algorithm with the following important cipher default attributes:
* TheAttribute Value keySize128bitsblockSize128bits (required forAESmodeGCM*paddingSchemeNoPadding***initializationVectorSize128bitsgenerateInitializationVectorstrue**GCMoperation mode is used instead of the JDK defaultECBto ensure strong encryption.ECBshould not be used in security-sensitive environments - see theDefaultBlockCipherServiceclass JavaDoc's "Operation Mode" section for more. **In conjunction with the defaultGCMoperation mode, initialization vectors are generated by default to ensure strong encryption. See theJcaCipherServiceclass JavaDoc for more. **SinceGCMis a stream cipher, padding is implemented in the operation mode and an external padding scheme cannot be used in conjunction withGCM. In fact,AES/GCM/PKCS5Paddingis just an alias in most JVM forAES/GCM/NoPadding.
-
-
Method Detail
-
createParameterSpec
protected AlgorithmParameterSpec createParameterSpec(byte[] iv, boolean streaming)
- Overrides:
createParameterSpecin classJcaCipherService
-
-