public final class PooledPBEBigIntegerEncryptor extends Object implements PBEBigIntegerCleanablePasswordEncryptor
Pooled implementation of PBEBigIntegerEncryptor
that in fact contains
an array of StandardPBEBigIntegerEncryptor
objects which are used
to attend encrypt and decrypt requests in round-robin. This should
result in higher performance in multiprocessor systems.
Configuration of this class is equivalent to that of
StandardPBEBigIntegerEncryptor
.
This class is thread-safe.
Constructor and Description |
---|
PooledPBEBigIntegerEncryptor()
Creates a new instance of PooledStandardPBEBigIntegerEncryptor.
|
Modifier and Type | Method and Description |
---|---|
BigInteger |
decrypt(BigInteger encryptedMessage)
Decrypts a message using the specified configuration.
|
BigInteger |
encrypt(BigInteger message)
Encrypts a message using the specified configuration.
|
void |
initialize()
Initialize the encryptor.
|
boolean |
isInitialized()
Returns true if the encryptor has already been initialized, false if
not.
Initialization happens: |
void |
setAlgorithm(String algorithm)
Sets the algorithm to be used for encryption, like
PBEWithMD5AndDES.
|
void |
setConfig(PBEConfig config)
Sets a
PBEConfig object
for the encryptor. |
void |
setKeyObtentionIterations(int keyObtentionIterations)
Set the number of hashing iterations applied to obtain the
encryption key.
|
void |
setPassword(String password)
Sets the password to be used.
|
void |
setPasswordCharArray(char[] password)
Sets the password to be used, as a char[].
|
void |
setPoolSize(int poolSize)
Sets the size of the pool of digesters to be created.
|
void |
setProvider(Provider provider)
Sets the security provider to be asked for the encryption algorithm.
|
void |
setProviderName(String providerName)
Sets the name of the security provider to be asked for the
encryption algorithm.
|
void |
setSaltGenerator(SaltGenerator saltGenerator)
Sets the salt generator to be used.
|
public PooledPBEBigIntegerEncryptor()
public void setConfig(PBEConfig config)
Sets a PBEConfig
object
for the encryptor. If this config
object is set, it will be asked values for:
The non-null values it returns will override the default ones, and will be overriden by any values specified with a setX method.
config
- the PBEConfig object to be used as the
source for configuration parameters.public void setAlgorithm(String algorithm)
Sets the algorithm to be used for encryption, like PBEWithMD5AndDES.
This algorithm has to be supported by your JCE provider (if you specify one, or the default JVM provider if you don't) and, if it is supported, you can also specify mode and padding for it, like ALGORITHM/MODE/PADDING.
algorithm
- the name of the algorithm to be used.public void setPassword(String password)
Sets the password to be used.
There is no default value for password, so not setting
this parameter either from a
PBEConfig
object or from
a call to setPassword will result in an
EncryptionInitializationException being thrown during initialization.
setPassword
in interface PasswordBased
password
- the password to be used.public void setPasswordCharArray(char[] password)
Sets the password to be used, as a char[].
This allows the password to be specified as a cleanable char[] instead of a String, in extreme security conscious environments in which no copy of the password as an immutable String should be kept in memory.
Important: the array specified as a parameter WILL BE COPIED in order to be stored as encryptor configuration. The caller of this method will therefore be responsible for its cleaning (jasypt will only clean the internally stored copy).
There is no default value for password, so not setting
this parameter either from a
PBEConfig
object or from
a call to setPassword will result in an
EncryptionInitializationException being thrown during initialization.
setPasswordCharArray
in interface CleanablePasswordBased
password
- the password to be used.public void setKeyObtentionIterations(int keyObtentionIterations)
Set the number of hashing iterations applied to obtain the encryption key.
This mechanism is explained in PKCS #5: Password-Based Cryptography Standard.
keyObtentionIterations
- the number of iterationspublic void setSaltGenerator(SaltGenerator saltGenerator)
Sets the salt generator to be used. If no salt generator is specified,
an instance of RandomSaltGenerator
will be used.
saltGenerator
- the salt generator to be used.public void setProviderName(String providerName)
Sets the name of the security provider to be asked for the encryption algorithm. This security provider has to be registered beforehand at the JVM security framework.
The provider can also be set with the setProvider(Provider)
method, in which case it will not be necessary neither registering
the provider beforehand,
nor calling this setProviderName(String)
method to specify
a provider name.
Note that a call to setProvider(Provider)
overrides any value
set by this method.
If no provider name / provider is explicitly set, the default JVM provider will be used.
providerName
- the name of the security provider to be asked
for the encryption algorithm.public void setProvider(Provider provider)
Sets the security provider to be asked for the encryption algorithm. The provider does not have to be registered at the security infrastructure beforehand, and its being used here will not result in its being registered.
If this method is called, calling setProviderName(String)
becomes unnecessary.
If no provider name / provider is explicitly set, the default JVM provider will be used.
provider
- the provider to be asked for the chosen algorithmpublic void setPoolSize(int poolSize)
Sets the size of the pool of digesters to be created.
This parameter is required.
poolSize
- size of the poolpublic boolean isInitialized()
Returns true if the encryptor has already been initialized, false if
not.
Initialization happens:
Once an encryptor has been initialized, trying to change its configuration will result in an AlreadyInitializedException being thrown.
public void initialize()
Initialize the encryptor.
This operation will consist in determining the actual configuration
values to be used, and then initializing the encryptor with them.
These values are decided by applying the following priorities:
PBEConfig
object has been set with
setConfig, the non-null values returned by its
getX methods override the default values.Once an encryptor has been initialized, trying to change its configuration will result in an AlreadyInitializedException being thrown.
EncryptionInitializationException
- if initialization could not
be correctly done (for example, no password has been set).public BigInteger encrypt(BigInteger message)
Encrypts a message using the specified configuration.
Important: The size of the result of encrypting a number, depending on the algorithm, may be much bigger (in bytes) than the size of the encrypted number itself. For example, encrypting a 4-byte integer can result in an encrypted 16-byte number. This can lead the user into problems if the encrypted values are to be stored and not enough room has been provided.
The mechanisms applied to perform the encryption operation are described in PKCS #5: Password-Based Cryptography Standard.
This encryptor uses a salt for each encryption operation. The size of the salt depends on the algorithm being used. This salt is used for creating the encryption key and, if generated by a random generator, it is also appended unencrypted at the beginning of the results so that a decryption operation can be performed.
If a random salt generator is used, two encryption results for the same message will always be different (except in the case of random salt coincidence). This may enforce security by difficulting brute force attacks on sets of data at a time and forcing attackers to perform a brute force attack on each separate piece of encrypted data.
encrypt
in interface BigIntegerEncryptor
message
- the BigInteger message to be encryptedEncryptionOperationNotPossibleException
- if the encryption
operation fails, ommitting any further information about the
cause for security reasons.EncryptionInitializationException
- if initialization could not
be correctly done (for example, no password has been set).public BigInteger decrypt(BigInteger encryptedMessage)
Decrypts a message using the specified configuration.
The mechanisms applied to perform the decryption operation are described in PKCS #5: Password-Based Cryptography Standard.
If a random salt generator is used, this decryption operation will expect to find an unencrypted salt at the beginning of the encrypted input, so that the decryption operation can be correctly performed (there is no other way of knowing it).
decrypt
in interface BigIntegerEncryptor
encryptedMessage
- the BigInteger message to be decryptedEncryptionOperationNotPossibleException
- if the decryption
operation fails, ommitting any further information about the
cause for security reasons.EncryptionInitializationException
- if initialization could not
be correctly done (for example, no password has been set).Copyright © 2019 JBoss by Red Hat. All rights reserved.