Package org.apache.shiro.crypto
Class AesCipherService
- java.lang.Object
-
- org.apache.shiro.crypto.JcaCipherService
-
- org.apache.shiro.crypto.AbstractSymmetricCipherService
-
- org.apache.shiro.crypto.DefaultBlockCipherService
-
- org.apache.shiro.crypto.AesCipherService
-
- All Implemented Interfaces:
CipherService
public class AesCipherService extends DefaultBlockCipherService
CipherService
using theAES
cipher algorithm for all encryption, decryption, and key operations. The AES algorithm can support key sizes of128
,192
and256
bits*. This implementation defaults to 128 bits. Note that this class retains changes the parent class's defaultCBC
mode toGCM
of operation instead of the typical JDK default ofECB
.ECB
should not be used in security-sensitive environments becauseECB
does not allow for initialization vectors, which are considered necessary for strong encryption. See theparent class
's JavaDoc and theJcaCipherService
JavaDoc for more on why the JDK default should not be used and is not used in this implementation. * Generating and using AES key sizes greater than 128 require installation of the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files.- Since:
- 1.0
-
-
Constructor Summary
Constructors Constructor Description AesCipherService()
Creates a newCipherService
instance using theAES
cipher algorithm with the following important cipher default attributes: Attribute ValuekeySize
128
bitsblockSize
128
bits (required forAES
mode
GCM
*paddingScheme
NoPadding
***initializationVectorSize
128
bitsgenerateInitializationVectors
true
**
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected AlgorithmParameterSpec
createParameterSpec(byte[] iv, boolean streaming)
-
Methods inherited from class org.apache.shiro.crypto.DefaultBlockCipherService
generateInitializationVector, getBlockSize, getModeName, getPaddingSchemeName, getStreamingBlockSize, getStreamingModeName, getStreamingPaddingSchemeName, getTransformationString, isGenerateInitializationVectors, setBlockSize, setMode, setModeName, setPaddingScheme, setPaddingSchemeName, setStreamingBlockSize, setStreamingMode, setStreamingModeName, setStreamingPaddingScheme, setStreamingPaddingSchemeName
-
Methods inherited from class org.apache.shiro.crypto.AbstractSymmetricCipherService
generateNewKey, generateNewKey
-
Methods inherited from class org.apache.shiro.crypto.JcaCipherService
decrypt, decrypt, encrypt, encrypt, ensureSecureRandom, getAlgorithmName, getDefaultSecureRandom, getInitializationVectorSize, getKeySize, getSecureRandom, getStreamingBufferSize, isGenerateInitializationVectors, setGenerateInitializationVectors, setInitializationVectorSize, setKeySize, setSecureRandom, setStreamingBufferSize
-
-
-
-
Constructor Detail
-
AesCipherService
public AesCipherService()
Creates a newCipherService
instance using theAES
cipher algorithm with the following important cipher default attributes:Attribute Value keySize
128
bitsblockSize
128
bits (required forAES
mode
GCM
*paddingScheme
NoPadding
***initializationVectorSize
128
bitsgenerateInitializationVectors
true
**GCM
operation mode is used instead of the JDK defaultECB
to ensure strong encryption.ECB
should not be used in security-sensitive environments - see theDefaultBlockCipherService
class JavaDoc's "Operation Mode" section for more. **In conjunction with the defaultGCM
operation mode, initialization vectors are generated by default to ensure strong encryption. See theJcaCipherService
class JavaDoc for more. **SinceGCM
is a stream cipher, padding is implemented in the operation mode and an external padding scheme cannot be used in conjunction withGCM
. In fact,AES/GCM/PKCS5Padding
is just an alias in most JVM forAES/GCM/NoPadding
.
-
-
Method Detail
-
createParameterSpec
protected AlgorithmParameterSpec createParameterSpec(byte[] iv, boolean streaming)
- Overrides:
createParameterSpec
in classJcaCipherService
-
-